Data Dumped in Secure Flight Test By Kim Zetter Story location: http://www.wired.com/news/privacy/0,1848,68515,00.html
02:00 AM Aug. 15, 2005 PT The federal government has destroyed 3 million of the 15 million records it collected on individuals last year to test its new airline passenger-screening program. The deletions occurred April 19, two months before the agency disclosed in an online notice (.pdf) that it was deleting records collected to test its new Secure Flight program. A California attorney seeking some of the records on behalf of four clients says this means that people who want to see what the government collected about them may not be able to do so now. Jim Harrison said the deletions violate the federal Privacy Act, which requires government agencies to give people access to records about them that are held in government databases. But the Transportation Security Administration, which destroyed the records, says it simply deleted records it no longer needed for testing Secure Flight, and that the records contained only historic flight-reservation information about individuals, which could be obtained from the airlines. A TSA spokeswoman said that many records, including commercial data collected on individuals, are still available if people want to request them, although the remaining data will be destroyed as soon as testing on Secure Flight is completed. The TSA has no time line for that yet, according to Secure Flight program director Justin Oberman, but the program is set to be operational at two undisclosed airlines in September. Civil liberties activist Bill Scannell says it's difficult to know whether TSA's decision to destroy records so swiftly is a housecleaning effort or something else. "Is the TSA just such an incredibly efficient organization that they're getting rid of things that are no longer needed?" Scannell said. "Or is this a matter of the destruction of evidence?" Scannell says it's a fair question to ask in light of revelations that the TSA already violated the Privacy Act last year when it failed to fully disclose the scope of its testing for Secure Flight and its collection of commercial data on individuals. Secure Flight is supposed to help the government target airline passengers that warrant extra screening and reduce the number of people falsely identified for increased scrutiny. Currently, airlines screen passengers by checking passenger names against government watch lists. Under Secure Flight, the government would assume that task and compare passenger names against a new, centralized terrorist watch list. Last November, to test Secure Flight, TSA ordered the nation's airlines to hand over passenger name records, or PNRs, for domestic flights completed in June 2004. According to a Government Accountability Office report, 66 air carriers complied with about 15 million records. The kind of data collected in PNRs varies among airlines but generally includes a passenger's full name, phone number, mailing address and travel itinerary. It can also include the name of the travel agent or agency that made the reservation, the form of payment and the passenger's seat number. In addition to name records, TSA collected commercial data on passengers to see if it could help authorities better identify and match passengers to the watch list. To do this, the TSA gave a private contractor, EagleForce Associates, a sample of about 42,000 passenger names from eight airlines, which EagleForce enhanced with commercial data from three data aggregators and returned to TSA. The use of commercial data for screening has been controversial because the data is prone to error, and the TSA hasn't always been forthright about data it collected on individuals. For example, a recent GAO report (.pdf) revealed that data aggregators gave EagleForce the Social Security numbers of passengers, even though the government says it never requested the numbers. And TSA allowed EagleForce to expand its list of 42,000 passenger names to about 240,000 by creating thousands of variations on the names to include people who may not have flown during June 2004. Then it collected about 100 million commercial records on those names -- a violation of the Privacy Act, since the TSA never disclosed that it would use more names than collected from airlines. For this reason, activists have been keen to get records to determine the precise nature and scope of the collected data. Under the Privacy Act of 1974, the government has to disclose what kind of information it's collecting on the public and how the data will be used. It also has to provide individuals with a method of redress to correct errors in data. In September 2004, TSA published a Privacy Impact Assessment (.pdf), or PIA, describing how Secure Flight tests would work and stating that individuals could obtain records by writing TSA with their full name, current address and date and place of birth. Then in June, the TSA announced that it already had destroyed some PNRs collected from airlines but didn't say when they were destroyed. The TSA also said it would destroy all remaining PNRs and commercial data when testing finished -- without providing a deadline for requesting remaining records before they're gone. The news concerned Harrison, who filed a request in May under the Privacy Act seeking passenger and commercial records collected on four Alaska residents. On June 22, TSA told Harrison that it found no records for his clients, even though two of them flew multiple times on Alaska Airlines and other carriers in June 2004. That same day, the TSA posted notice that it was already destroying records. The TSA noted that its action was in line with a government rule for disposing of records created for testing purposes. Under that rule, agencies can destroy records they no longer need, as long as the records aren't involved in a request dispute. "That struck me hard considering I'm trying to get copies of the records," Harrison said. "That's a violation of the Privacy Act. If a request has been made for records, they have to maintain the records." Secure Flight's Oberman said it's possible that the TSA never collected records for Harrison's clients since typically airlines process about 60 million flight records a month and his agency received only 15 million for June 2004. Harrison has appealed the TSA's claim that no records exist for his clients and warned the agency against destroying documents before the issue is resolved. The TSA has requested more information from him about the airlines and dates his clients flew, which Harrison has provided. TSA spokeswoman Deirdre O'Sullivan said the TSA destroyed only original PNR records provided by the airlines and hadn't yet destroyed any commercial data collected for testing purposes. She noted that the TSA had received only three requests so far, including Harrison's, for individual records related to the Secure Flight tests. Oberman said TSA was trying to balance the Privacy Act requirements with privacy considerations by making records available to individuals but not storing them longer than needed. Once Secure Flight becomes operational, TSA will receive records from airlines about 72 hours before a flight and keep records only "a couple of days" after a flight before deleting them. End of story You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
