Homeland Security Admits Privacy Errors in Anti-Terror Effort

The Department of Homeland Security and Travel Security Agency say they inadvertently pooled sensitive information on U.S. air travelers that they had previously promised not to share.

The Department of Homeland Security conceded a potentially serious privacy issue that existed as part of an anti-terrorism program that combined personal information of air travelers in the United States with consumer database profiles, and compared those records with lists of suspected terrorists.

In a report posted on the agencys Web site, the DHS Privacy Office admits that it inadvertently forwarded detailed personal profiles of U.S. airline passengers to the federal governments Travel Security Administration despite promising not to do so when the program, dubbed Secure Flight, was introduced in September 2004.

At the time the effort was launched, as a replacement for the DHS Computer Assisted Passenger Prescreening System, the TSA vowed to steer clear of the records involved in Secure Flight in recognition of potential civil liberties conflicts that could arise from such information-sharing. A range of privacy rights groups had aired public concerns over the programs potential impact on U.S. citizens freedom to travel.

The individual files created for Secure Flight are considered particularly sensitive because they contain not only the personal information of all fliers traveling domestically during the month of June 2004, gathered from airline passenger screening systems, but also data aggregated about those same individuals from three major U.S. consumer database companies–Acxiom, Insight America and Qsent.

Secure Flight was eventually shut down in February 2006 as a result of related privacy concerns, including a report from federal auditors that found some 82 security vulnerabilities in the software system being used to store and protect the data.

In the new report, the DHS admitted that it mistakenly included some of the Secure Flight passenger records in its updates on the program sent to the TSA. The individual profiles, estimated at roughly 42,000, included travelers names, addresses and birth dates, and an unspecified number of records also included Social Security numbers.

The latest report marks the second time Secure Flight has been singled out for potential privacy problems. In June 2005, as part of its routine oversight of the program, the federal governments Government Accountability Office reported a separate set of concerns it had over the handling of records sent to the TSA. Based on those findings, the Homeland Security Department agreed to alter its public statements about the work being done under Secure Flight to offer more details to the public about its overall privacy implications.

Under the revised parameters of Secure Flight, DHS first reported publicly that the contractor hired to aggregate the consumer records, EagleForce, based in McLean, Va., had purchased and held the data on the 2004 travelers, along with the information of other individuals whose names were variations on the actual passengers, for analytical purposes. The agency also admitted that data from the airlines and the consumer profiles was being combined into single files, dubbed PNRs, or passenger name records.

In the report, the DHS largely attributes the privacy issues to inadvertent oversight, such as having its contractor buy some sets of consumer records that came bundled with Social Security numbers, and the relative immaturity of the program itself.

The analysis specifically rebukes the agency for ignoring its initial promise to erect "strict firewalls" between the parties involved in the various aspects of the project to protect personally identifiable data, and singles out the so-called privacy notices sent to the TSA, which included the sensitive information, as the most significant source of concern.

/zimages/4/195160.gifTo read more about data theft, click here.

"The inconsistency between the descriptions in the 2004 notices and what occurred in the actual test was clearly not intentional, but appears to be the result of either a misunderstanding of the test protocols or a change in circumstances between what was intended to be tested," the DHS report said.

In a second report, the DHS admitted privacy problems in another national security program, the Multistate Anti-Terrorism Information Exchange, or Matrix, which was shut down in April 2005 after coming under fire for privacy rights concerns from interest groups including the American Civil Liberties Union. Matrix, launched in 2003, involved information-sharing between some 13 U.S. states in the name of screening for activity by suspected terrorists but was widely criticized for having no stated privacy policy.

The Homeland Security Departments Matrix report cites the lack of such controls from either a national or state-by-state level as the programs primary downfall. The files collected under the project included detailed personal and financial data on individuals suspected of being involved with terrorist groups, but very few cases ever produced criminal charges, according to the summary.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.