Two senators on Wednesday asked the Transportation Security Administration whether the agency violated federal rules by helping its contractors acquire passenger data, and why the agency told government investigators it didn't have such data. Senate Governmental Affairs Committee chairwoman Susan Collins (R-Maine) and ranking member Joe Lieberman (D-Connecticut) asked the questions in a letter sent to Undersecretary for Border and Transportation Security Asa Hutchinson. The senators also pressed the TSA for an explanation of why it hadn't revealed the transfer of millions of passenger records to government contractors. Senate members had asked TSA officials directly whether they had done so, but the answer was no. Two TSA agency spokesmen also denied to Wired News that any data transfer had taken place, saying that the project did not need data at the time.
But this week, American Airlines became the third airline to reveal that it turned over millions of passenger records to the government without informing the passengers. JetBlue and Northwest Airlines had earlier revealed that they too had transferred passenger records to government contractors. For the past eight months, TSA officials and spokesmen have repeatedly denied that any data transfer occurred. "We are concerned by potential Privacy Act and other implications of this reported incident," the senators wrote. "Moreover, TSA told the press, the General Accounting Office and Congress that it had not used any real-world data to test CAPPS II. American Airlines has now indicated that it provided over 1 million passenger itineraries at TSA's request, which raises the question of why agency officials told GAO that it did not have access to such data."
TSA officials were unavailable for comment on the letter.
I should think they would be unavailable to comment to the press, yes. Having directly lied to the press on more than one occasion about this information, the questioning would be decidedly unpleasant. Although probably not as unpleasant as what the senators may have in mind.
Frantz added that the transfer didn't violate American's privacy policy in 2002, but that its current policy says the company "won't share data with the government unless explicitly ordered to do so." American said the contractors destroyed the data, but that could not be confirmed. A Lockheed Martin spokeswoman did not respond to a request for comment.
The Department of Homeland Security's chief privacy officer, Nuala O'Connor Kelly, is looking into whether TSA officials violated federal privacy laws or internal regulations in asking for the data. Two months ago, O'Connor Kelly issued a report about JetBlue's data transfer. At the time she was writing the report, she was not told about the American Airlines transfer, which happened at the same time, she said. Barry Steinhardt, who heads the ACLU's Technology and Liberty Program, said he suspects more airlines will reveal that they, too, shared data. "We are on the verge of seeing a clean sweep of all the major airlines," he said on Tuesday.
You just wonder why TSA has decided that "deny, deny, deny" is their watchword on this issue. It's especially puzzling because there are so many out there who can say, "Yo! Over here! We gave our data to you just a few months ago! We got receipts and everything!" Seeing that they're not taking a business hit on this, the airlines have nothing to lose by coming clean; the TSA has decided to deceive, inveigle and obfuscate, and in so doing, is hanging itself out there in the wind, twisting gently in the breeze caused by the press' importunate questioning.
It's just terribly impressive to watch this agency hamstring itself. Whether or not people believe that TSA needs stricter oversight, it's certainly going to get it, and it will be all their own fault.
Posted by iain at April 15, 2004 04:47 PM
