More False Information From TSA By Ryan Singel
08:55 AM Jun. 23, 2004 PT
A top homeland security official told Congress that five major domestic airlines turned over sensitive passenger data to the agency or its contractors in 2002 and 2003, contradicting numerous statements by airline and government officials and confirming some of the worst fears of privacy advocates.
Delta, Continental, America West, JetBlue and Frontier Airlines secretly turned over sensitive passenger data to Transportation Security Administration contractors in the spring and summer of 2002, according to the sworn statement of acting TSA chief David Stone. In addition, two of the four largest airline reservation centers, Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.
This is the third time in the past nine month that knowledge of the scope of secret information disclosures by airlines has expanded, and now six of the 10 largest airlines are known to have given data to the government secretly. Stone's disclosure also raises questions about whether TSA officials intentionally withheld information from previous inquiries by the Government Accounting Office, members of Congress and the Department of Homeland Security's chief privacy officer, Nuala O'Connor Kelly.
In addition, the TSA or its contractors may have violated the Privacy Act, which prohibits the government from compiling secret databases on Americans. Officials could face civil and criminal penalties.
The TSA and its contractors sought the data because they were working on an airline passenger screening system known as CAPPS II. They needed the data to test whether their computer programs could detect terrorists out of the million and half people who fly daily.
Under CAPPS II, the government would check passenger's airline reservation information against commercial databases, a terrorist watch list and a criminal warrant database to ferret out terrorists and criminals.
Critics say the system is not only invasive but probably ineffective. The TSA is also being sued by several Alaskans who say the system will prevent them from traveling in their remote state.
In his statement, Stone said the agency's officials didn't believe the transfers violated the Privacy Act, since the contractors did not look up passengers by name. But O'Connor Kelly has made clear in her statements and investigations that she considers transfers of data themselves serious violations of privacy.
"Existing Privacy Act processes require government contractors to abide by Privacy Act rules," she wrote in a report (PDF) that criticized TSA officials for violating the spirit of the Privacy Act in helping the Army get passenger data.
The revelation will also likely widen the scope of an ongoing investigation into TSA data transfers by the Department of Homeland Security's Inspector General's office, which has the authority to fire negligent employees.
Airlines and reservation companies may also face class-action lawsuits if the disclosures violated their privacy policies.
Stone, who is facing his confirmation hearing in the Senate Wednesday, disclosed the transfers as part of his sworn written testimony submitted to the Senate Governmental Affairs committee. That committee has oversight over both the Privacy Act and the Department of Homeland Security, and must approve any political appointees to the department.
Over the past eight months, chairwoman Sen. Susan Collins (R-Maine) and ranking member Joe Lieberman (D-Connecticut) have aggressively pushed for the Army and TSA to clarify their roles in receiving passenger data.
However, the TSA did not tell the senators about the extent of the transfers and the Army has yet to make the results of its investigation public.
In November 2003, the senators also asked Stone's predecessor, retired Adm. James Loy, whether "any contractors working on CAPPS II used any real-world data for testing purposes." Loy led the TSA from July 2002 until he was promoted to the second-highest position in the Department of Homeland Security in October 2003.
Loy's sworn written response was, "No. TSA has not used any (passenger) data to test any of the functions of CAPPS II."
Two TSA spokesmen also made false statements to Wired News about the extent of the transfers.
After the JetBlue transfer was brought to public attention in September 2003, TSA spokesman Brian Turmail told Wired News that the TSA had never used passenger records for testing CAPPS II, nor had it provided records to its contractors. In September 2003, Wired News asked TSA spokesman Nico Melendez whether the TSA's four contractors had used real passenger records to test and develop their systems. Melendez denied it, saying, "We have only used dummy data to this point."
"Our agency was only five months old at the time" when these four companies were developing their systems, Melendez said. "We did not need the data at that time."
The TSA has also not released any information about the JetBlue contractors to Freedom of Information act requesters, even though it granted requests expedited status in the fall.
The data transfer revelations started in the spring of 2003, when privacy activist Bill Scannell launched a boycott of Delta for its role in helping test CAPPS II. But the first real proof of extensive data sharing came in September 2003, when Wired News reported that JetBlue had turned over its entire passenger database to a defense contractor studying passenger profiling algorithms.
JetBlue apologized for the violation of its privacy policy, describing it as a one-time mistake. But it wasn't a one-time event. The upstart airline transferred passenger data not one but three times, according to Stone's statement.
JetBlue also gave records in the spring of 2003 directly to the TSA, which used the data to tweak the current passenger profiling system, Stone revealed. JetBlue also gave records to at least one of the proof-of-concept CAPPS II contractors.
JetBlue's data transfers were facilitated by Acxiom, a database marketing company in Arkansas that handles JetBlue reservations and has since landed a CAPPS II subcontract.
The TSA's prototype contractors are HNC Software (now Fair Isaac), Infoglide Software, Ascent Technology and defense contractor Lockheed Martin. Each received between $225,000 and $550,000 from the TSA in 2002 to test computer algorithms they hoped would be able to pinpoint terrorists' travel plans, according to a 2002 Washington Post story. The details of the Post story were later confirmed by a TSA spokesman.
In 2003, Lockheed won the TSA contract to build out CAPPS II and was paid for $12.8 million in the first year of its five year CAPPS II contract.
Stone's statement, however, refrains from calling the companies contractors, referring to them as "cooperative agreement recipients," and makes no mention of the payments to the companies.
The TSA also apparently failed to inform the General Accounting Office, Congress' investigative arm, about soliciting airline data for its contractors. The GAO released a report in February about the program. According to the report, the TSA told the GAO that CAPPS II has only been tested with 32 itineraries provided by agency employees. Stone did not indicate how many passenger records were turned over by the companies and the TSA, but said all records had been destroyed or returned.
Congress has already stepped in to register it concerns about CAPPS II and has banned it from being deployed until the GAO certifies it meets eight privacy and effectiveness criteria. The GAO certified the program met only one of these criteria in its February report.