This week brought yet another privacy scandal for the Transportation Security Administration's (TSA) fundamentally flawed "Secure Flight" passenger surveillance program. The Department of Homeland Security's (DHS) chief privacy officer, Nuala O' Connor-Kelly, is launching an investigation to find out whether the program broke federal privacy law by hiding from the public the extent to which it has been digging through commercial databases for the private information of innocent Americans.
Secure Flight plans to force airlines and reservations services to hand over your personal travel information in order to match it against the names on secret government "watch lists" to decide whether you're allowed to fly.
Not only does this threaten our freedom to travel, there's no reason to believe the plan will work. In March, the Government Accountability Office (GAO) found [PDF] that "the effectiveness of Secure Flight in identifying passengers who should undergo additional security scrutiny has not yet been determined." Last week, another government watchdog group stated [PDF] that the Terrorist Screening Center, which runs the government's central watch list, "could not ensure that the information in that database was complete and accurate."
That puts you and every other passenger at risk of being grounded or made subject to repeated security checks due to information that is false, old, or incomplete.
But that's hardly the worst of it. Airport personnel could squander valuable time and resources on you and other "false positives" instead of focusing on measures that would lower the risk that terrorists could board a plane with weapons or explosives. Trusting "what the computer says" might even lead security officials to overlook danger signs as they wave people through the gate -- decreasing, not increasing, passenger safety.
Unfortunately, TSA has not only persisted in pushing for Secure Flight, it's added insult to injury by repeatedly lying about its use of passengers' private information for testing the program. As we reported in March, a DHS report revealed that TSA misled individuals, the press, and Congress in 2003 and 2004. In addition, in the report we quote above, the GAO determined that Secure Flight failed to meet 9 out of 10 conditions the Office set for giving the program the go-ahead. These conditions included providing adequate protection for passengers' privacy and ensuring the accuracy of the data it would use to classify people as terrorist threats.
Now it appears that TSA may not even have shared the whole story in its federally mandated Privacy Act notices. It's now proposing retroactively changing them, with program director Justin Oberman reportedly describing the revisions as "unsurprising" and "technical."
"At this point, there's no reason whatsoever for the American public or anyone else -- including the Department of Homeland Security's own privacy officer -- to trust TSA or put faith in Secure Flight," said Lee Tien, EFF's senior privacy attorney. "The idea behind Secure Flight is to spend millions of dollars waiting for bad guys to come to the airport. Meanwhile, all Americans must give up their privacy and civil liberties -- not to mention time -- in order to fly. Maybe the government should spend those Secure Flight dollars on actually looking for the people on the 'no-fly' list."
For additional information, see: