On Good Friday evening, after everyone, including its own spokespeople, had gone home, American Airlines quietly admitted that in 2002, it secretly transferred passenger data to government contractors. Specifically, the airline provided 1.2 million passenger records to contractors developing prototypes for the Transportation Security Administration's (TSA) controversial CAPPS II air passenger-profiling system. These records contain detailed personal information, such your name, address, phone number, travel itinerary -- even your credit card data.
American admitted to the transfer only after several months of official denials by TSA, which repeatedly claimed that it never used real passenger data for CAPPS II testing.
Our conclusion: Either TSA has been lying to us about CAPPS II, or its officers are incompetent.
We'll be charitable to the officers and assume that TSA lied.
~ The Tip-off: JetBlue Passes the Torch Data
The first clue was dropped in September of 2003, when Edward Hasbrouck discovered that JetBlue had secretly supplied over five million passenger records to Torch Concepts, a U.S. Department of Defense contractor. Torch was engaged in data-mining research (PDF) -- specifically, developing techniques for flagging air passengers as potential terrorists.
Sounds suspiciously like CAPPS II, doesn't it? And then the situation got more suspicious -- it was revealed that TSA not only knew about but also facilitated the JetBlue/Torch data hand-off. Yet TSA somehow managed to keep its hands clean: because neither TSA nor its contractors actually possessed the data in question, it violated the spirit rather than the letter of federal privacy laws.
~ The Pattern: A Second "Data Valdez"
Only months after the JetBlue scandal broke, Northwest Airlines admitted to handing over to NASA three months' worth of passenger records -- once more for data-mining research (PDF).
Again, TSA's hands were technically clean. And again, the denials kept coming: even after Northwest, TSA flatly denied possessing real passenger data or using it to test CAPPS II (well, not quite -- it did admit to using the passenger records of 32 TSA employees who'd freely consented to be guinea pigs).
TSA made these denials to the press; to its bosses at the Department of Homeland Security (DHS) when the department was investigating the JetBlue scandal (PDF); to the General Accounting Office (GAO) when it was investigating CAPPS II (PDF). It even told Congress directly that it never used real passenger records for CAPPS II testing.
Yet now we can draw no other conclusion than that TSA lied.
~ Fool Me Thrice
Despite all of this, we are expected to trust TSA with a comprehensive database of all our personal travel details -- just as we are expected to trust 1.) a Justice Department handed an un-PATRIOT-ic amount of surveillance power in the weeks after 9/11, 2.) an FBI seeking to implement a surveillance state on the Internet, and 3.) government programs working to enable total information awareness of everything we say or do.
We're not buying it, and we don't think you should, either.
Please: stand up for your rights as a U.S. citizen and demand that Congress put an end to the lies by fully and publicly investigating TSA and CAPPS II. We deserve to know the truth. There are already a few Senators asking the right questions, but your voice --right now -- could make a real difference.
Finally, if you aren't one already, please consider becoming a member of EFF -- because that would make a real difference, too. Having more members gives us significantly more muscle with lawmakers, the press and the public at large. Each and every membership -- even yours -- counts.