Here's the memo(.pdf).

Acxiom released the information in September 2002, then later sold Torch more information about passengers (including the size of their family, income levels and social security numbers).

When proof of the transfer came to light a year later, the TSA flatly denied that it was involved, and one employee screamed at me that if I printed such a thing, it would (paraphrase) "put into question my ability to report fairly and accurately." Those were code words for having my access cut off.

Here's the proof that not only was the TSA involved, the authorization came straight from the CAPPS II office. The author's name is redacted. I assume this is because, as O'Connor Kelly's report said, the employee was not high-level. But I seriously doubt that this employee went off the farm on his own.

Two, Just before O'Connor Kelly's report became public, then-acting head of TSA Admiral David Stone sent an Sunday email to twelve top TSA officials, asking that TSA Deputy Administrator Stephen McHale complete a report by the following Wednesday. The report was supposed to include an "explanation why TSA did this (if in fact we did) and why TSA has not previously disclosed this communication to the Congress (if in fact we have not)."

Stone took over the job from fellow Coast Guard alum, Admiral James Loy around December 2003, long after the original transfer and just months after the JetBlue story broke.

Guessing by the timing of the email (February 15), Stone had just read a copy of O'Connor Kelly's report (released publicly Feb. 20), and he seems pretty determined to get the whole story, without intimating that people's heads will roll, but not making promises that people would not get a severe dressing down.

Stone sailed through his confirmation hearings later that spring, though in the process, he did reveal that CAPPS II contractors got data from Delta, Continental, America West, JetBlue and Frontier Airlines, along with travel reservation giants Galileo International and Sabre.

That email is here (.pdf).

Note that one of the names on the list is Ben Bell, who headed the Office of National Risk Assessment (ONRA). That office was responsible for developing CAPPS II, and my sources indicate that it was his office that most pushed CAPPS II to be secretive and all-encompasssing. Former intelligence agent Bell "retired" in the spring and has since set up his own profiling/data mining company off-shore.

Three, there is a document from Barbara Huie, who worked as the Privacy Officer for ONRA (the group developing CAPPS II).

To understand this document, you have to know the history of how the story broke. On September 16, 2003 I wrote a story revealing that JetBlue had decided to help with CAPPS II in the future by providing passenger data. That story, which came about due to a briefing by TSA officials to conservative privacy activists, is here.

That story inspired others to look closely at JetBlue, and I soon learned (through the work of Edward Hasbrouck) that JetBlue had provided data to Torch Concepts a year earlier, upon the prodding of the TSA. That story is here.

Though some had a hard time keeping the two separate, it is important to know that through the summer of 2003, before any stories about JetBlue broke, the TSA was working with JetBlue to secretly get data to test CAPPS II.

JetBlue was interested because their passengers are inordinately selected for secondary-screening, mainly because JetBlue's reservation center treats every leg of a trip as a one-way ticket, tripping the current passenger screening algorithm.

TSA was interested because when Delta got involved earlier, Bill Scannell launched a high-profile boycott which led to Delta pulling out.

This memo(.pdf) from Huie talks about the TSA's efforts to get JetBlue to loosen its privacy policy. Huie "suggested that they modify their policy to add at least a clause to include sharing data with the government. We told them that the change would need to be posted before we could accept any test data from them."

How serious did the TSA take the problem of having the transfer become public?

Huie wrote: "I also offered at the time that we could work with them on crisis management contingency planning if there were any scenarios they might be particularly concerned about (e.g. the boycott Delta campaign)."

So in short, a key TSA privacy official was working to get an airline to relax its privacy policy retroactively in order to secretly get data from the company, because they knew if it were public it would be embarrassing (at the very least).

Additioinally, Huie makes no mention of the Privacy Act, which prohibits secret databases on Americans and requires a bevy of notices in the Federal Register. This law was likely broken by the earlier transfers and probably would also have been broken if the future JetBlue transfers had not been cancelled.

What does it all mean in the meantime?

I don't know.

But this issue is not going away as there is at least one report coming out soon that will further complicate the debate over how to keep terrorists off airplanes.