TSA and CAPPS II -- Anatomy of a Cover Up
On Good Friday evening, after everyone, including its own spokespeople, had gone home, American Airlines quietly admitted that in 2002, it secretly transferred passenger data to government contractors. Specifically, the airline provided 1.2 million passenger records to contractors developing prototypes for the Transportation Security Administration's (TSA) controversial CAPPS II air passenger-profiling system. These records contain detailed personal information, such your name, address, phone number, travel itinerary -- even your credit card data.
American admitted to the transfer only after several months of official denials by TSA, which repeatedly claimed that it never used real passenger data for CAPPS II testing.
Our conclusion: Either TSA has been lying to us about CAPPS II, or its officers are incompetent.
We'll be charitable to the officers and assume that TSA lied.
~ The Tip-off: JetBlue Passes the Torch Data
The first clue was dropped in September of 2003, when Edward Hasbrouck discovered that JetBlue had secretly supplied over five million passenger records to Torch Concepts, a U.S. Department of Defense contractor. Torch was engaged in data-mining research (PDF) -- specifically, developing techniques for flagging air passengers as potential terrorists.
Sounds suspiciously like CAPPS II, doesn't it? And then the situation got more suspicious -- it was revealed that TSA not only knew about but also facilitated the JetBlue/Torch data hand-off. Yet TSA somehow managed to keep its hands clean: because neither TSA nor its contractors actually possessed the data in question, it violated the spirit rather than the letter of federal privacy laws.
~ The Pattern: A Second "Data Valdez"
Again, TSA's hands were technically clean. And again, the denials kept coming: even after Northwest, TSA flatly denied possessing real passenger data or using it to test CAPPS II (well, not quite -- it did admit to using the passenger records of 32 TSA employees who'd freely consented to be guinea pigs).
TSA made these denials to the press; to its bosses at the Department of Homeland Security (DHS) when the department was investigating the JetBlue scandal (PDF); to the General Accounting Office (GAO) when it was investigating CAPPS II (PDF). It even told Congress directly that it never used real passenger records for CAPPS II testing.
Yet now we can draw no other conclusion than that TSA lied.
~ Fool Me Thrice
Despite all of this, we are expected to trust TSA with a comprehensive database of all our personal travel details -- just as we are expected to trust 1.) a Justice Department handed an un-PATRIOT-ic amount of surveillance power in the weeks after 9/11, 2.) an FBI seeking to implement a surveillance state on the Internet, and 3.) government programs working to enable total information awareness of everything we say or do.
We're not buying it, and we don't think you should, either.
Please: stand up for your rights as a U.S. citizen and demand that Congress put an end to the lies by fully and publicly investigating TSA and CAPPS II. We deserve to know the truth. There are already a few Senators > elease_id=706&Month=4&Year=2004&Affiliation=R">asking the right questions, but your voice --right now -- could make a real difference.
Finally, if you aren't one already, please consider becoming a member of EFF -- because that would make a real difference, too. Having more members gives us significantly more muscle with lawmakers, the press and the public at large. Each and every membership -- even yours -- counts.
Recent DeepLinks Posts
May 22, 2015
May 22, 2015
May 21, 2015
May 21, 2015
May 21, 2015
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games