Government Admits Privacy Errors

DHS says it inadvertently shared passenger data with TSA.

The Department of Homeland Security has conceded a potentially serious privacy issue that existed as part of an anti-terrorism program that combined personal information of air travelers in the United States with consumer database profiles and compared those records with lists of suspected terrorists.

In a report posted on the agencys Web site the week of Dec. 18, the DHS Privacy Office admitted it inadvertently forwarded detailed personal profiles of U.S. airline passengers to the federal governments Transportation Security Administration despite promising not to do so when the program, called Secure Flight, was introduced in September 2004.

When the effort was launched as a replacement for the DHS Computer-Assisted Passenger Prescreening System, the TSA vowed to steer clear of the records involved in Secure Flight, recognizing the potential civil-liberties conflicts that could arise from sharing such information. A range of privacy rights groups had concerns over the programs potential impact on U.S. citizens freedom to travel.

The individual files created for Secure Flight are considered particularly sensitive because they contain not only the personal information of all fliers traveling domestically during the month of June 2004 (gathered from airline passenger screening systems) but also data aggregated about those people from three major U.S. consumer database companies—Acxiom, InsightAmerica and Qsent.

Secure Flight was eventually shut down in February 2006 due to privacy concerns, including a report from federal auditors that month that found some 82 security vulnerabilities in the software being used to store and protect the data.

In the Dec. 18 report, the DHS admitted that it mistakenly included some of the Secure Flight passenger records in its updates on the program sent to the TSA. The roughly 42,000 individual profiles included travelers names, addresses and birth dates, as well as an unspecified number of records, including Social Security numbers.

The latest report marks the second time Secure Flight has been singled out for potential privacy problems. In June 2005, as part of its routine oversight, the Government Accountability Office reported a separate set of concerns it had over the handling of records sent to the TSA. Based on those findings, DHS officials agreed to offer more details about the overall privacy implications of Secure Flight.

Under the revised parameters of Secure Flight, the DHS first reported publicly that the contractor hired to aggregate the consumer records, EagleForce Associates, had bought and held the data on the 2004 travelers, along with the information of other individuals whose names were variations of the actual passengers, for analytical purposes. The agency also admitted that data from the airlines and consumer profiles was being combined into single files, called PNRs (passenger name records).

The analysis specifically rebukes the agency for ignoring its initial promise to erect "strict firewalls" between the parties involved in the various aspects of the project to protect personally identifiable data, and it singles out the so-called privacy notices sent to the TSA, which included the sensitive information, as the most significant source of concern.

"The inconsistency between the descriptions in the 2004 notices and what occurred in the actual test was clearly not intentional, but appears to be the result of either a misunderstanding of the test protocols or a change in circumstances between what was intended to be tested," the DHS report said.