<http://online.wsj.com/article_print/0,,SB111172077661889592,00.html>
The Wall Street Journal March 25, 2005 U.S. BUSINESS NEWS TSA Finds Data On Air Passengers Lacked Protection By AMY SCHATZ Staff Reporter of THE WALL STREET JOURNAL March 25, 2005; Page A4 A new government report says officials in the Department of Homeland Security didn't do enough to keep airline-passenger data secure when using it to test a traveler-screening program. In a report to be released today, the Department of Homeland Security's inspector general says the Transportation Security Administration gathered 12 million passenger records from February 2002 to June 2003 and used most of them to test the Computer Assisted Passenger Prescreening System, or CAPPS 2, which was designed to check passenger names against government watch lists. Passengers weren't told their information was being used for testing. "Although we have found no evidence of harm to individual privacy, TSA could have taken more steps to protect privacy," investigators concluded. TSA officials shelved CAPPS 2 last year amid complaints it was an invasion of passenger privacy. The agency has replaced it with a similar system, called Secure Flight, which is being tested and is expected to debut in August. The report raises concerns because Secure Flight ultimately will gather private information, such as names, addresses, travel itineraries and credit-card information, on anyone who takes a domestic flight. That effort could be slowed by a Government Accountability Office study due Monday which is expected to be critical of TSA's efforts to develop passenger-privacy protections. The report said TSA "did not ensure that privacy protections were in place for all of the passenger data transfers" and noted that "early TSA and [CAPPS 2] efforts were pursued in an environment of controlled chaos and crisis mode after the Sept. 11 attacks." Investigators also found TSA provided inaccurate information to the media about the agency's use of real passenger records for CAPPS 2 testing and wasn't "fully forthcoming" to the agency's own internal privacy officer during an investigation into the matter. "Although we found no evidence of deliberate deception, the evidence of faulty processes is substantial," investigators said. TSA agreed with the investigator's recommendations for improving privacy protections. A TSA spokeswoman said: "TSA's core mission is to preserve our freedom and that means doing the utmost to protect everyone's privacy." -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]