Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« Secondary Snowstorm | Main | The L Word »
March 26, 2005 | For the Record: Data Transfers, Misleadings and the Inspector General

The Department of Homeland Security's acting Inspector General released its report on the TSA's role in data transfers between airlines, the agency and its contractors.

Homeland Security officials failed to keep millions of airline passenger records secure and repeatedly made false denials of their involvement in data transfers to the media and Congress, but they did not violate federal law, according to a report released Friday.

The report (.pdf) by acting Department of Homeland Security Inspector General Richard Skinner found that the Transportation Security Administration was involved in 14 different data transfers totaling more than 20 million records in 2002 and 2003.

The report describes an array of data dumps from airlines to TSA contractors and paints a picture of an agency unable to keep track of its own operations, leading to false denials of data transfers to the media and inaccurate sworn testimony to the Senate.

However, the department did not violate the Privacy Act, which prohibits secret databases on Americans, since the agency used the records in bulk and did not look up individuals by name, according to the report.

Delta Air Lines, JetBlue Airways and American, Frontier, Continental and America West airlines -- along with three airline record processing firms, all secretly turned over data directly to the TSA and government contractors.

The data included names, addresses, dates of birth, itineraries and credit card numbers.

The data dumps first came to light after Wired News reported in September 2003 that JetBlue had violated its privacy policy by turning over 5 million records to an Army subcontractor.

Those records were augmented with personal records from Acxiom, one of the country's largest data-aggregation companies.

That information included incomes, occupations, vehicle ownership information and Social Security numbers.

Friday's report shows that JetBlue and Acxiom's participation did not stop there.

Acxiom provided, in violation of JetBlue's privacy policy, 2.75 million JetBlue records directly to HNC Software, a company hired by the TSA to build a prototype of an airline passenger-screening system.

Acxiom also separately provided HNC with sensitive personal information from its databases on more than 1 million American Airlines passengers.

The goal of almost all the data transfers was to test a system called CAPPS II, which intended to use computer algorithms to detect terrorist threats to airplanes by comparing itineraries to government watch lists and commercial data.

My full Wired News story here.

There's a lot more to this story than I have time for here but three things:

1) The report is oddly redacted so that all names are removed, including the names of high level government officials, such as Admiral James Loy, who is the one who provided at least two false answers under oath to Congress. He corrected one of them.

2)The Inspector General's office is now being led by Richard Skinner, a lawyer who worked under former Inspector General Clark Kent Ervin before Ervin was ousted by the White House and Maine Republican Senator Susan Collins. Skinner has now reportedly made it department policy that the media not be informed about when reports are released. That's extremely odd -- part of the power of the inspector general's office is that its reports are widely reported on, which increases pressure on the Department to implement any recommendations.

3) The self-serving item. The report talks about misleading the media. Specifically, they are talking about stories I wrote after exposing the JetBlue transfers.

Prior to that event, I had been trying to run down rumors and hunches that the TSA contractors had gotten passenger data secretly. Two separate TSA spokesmen told me untruthfully that those transfers had never happened. In fact, they both acted extremely annoyed that I had the gumption to ask such a question. Later events would prove my hunches to be right.

Those stories here and here and here.

The report had this to say "The responses that the TSA spokesmen provided to Wired News were not accurate. CAPPS II prototypes and components were tested using authentic passenger data on eleven occasions. Moreover, eight of the cases involved the CAPPS II program's [Risk Assessment Engine] prototype vendors."

Those were the companies I asked about: Lockheed Martin, HNC Software (now Fair Isaac), Ascent Technology, and Infoglide Software.

(Oddly enough, Infoglide's president and CEO Michael Shultz lied to me in an interview prior to the stories about the data transfers, when he told me that one could tattoo the Ben Franklin motto "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety" on his forehead and that his company would never try to work on the Total Information Awareness project. I guess he never thought that anyone would dig up his company's rejection letter from Admiral John Poindexter. But EPIC did (872 KB.pdf).)

And finally, for the record, when I broke the story about the JetBlue data transfer to an defense contractor called Torch Concepts, TSA spokesman Brian Turmail threatened to cut off my access if I wrote that the transfer had anything to do with the TSA or CAPPS II. In fact, according to the IG report,

The former CAPPS II program manager said that, following the initial meeting with Torch Concepts, the CAPPS II’s executive sponsor instructed him to assist Torch Concepts. In our interview with the former CAPPS II executive sponsor, he could not recall having given such an instruction, but said that it was possible that he did so. We could find no documentary evidence that would settle the matter.

Posted by Ryan Singel at March 26, 2005 04:09 PM

 Trackback Pings

TrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/142

Listed below are links to weblogs that reference For the Record: Data Transfers, Misleadings and the Inspector General:

» Auditors question TSA use of airline reservations from The Practical Nomad
Two reports by different sets of internal USA government auditors have questioned the appropriateness and legality, and revealed more details, about past, present, and proposed uses by the USA Transportation Security Administration (TSA) of airline res... [Read More]

Tracked on March 29, 2005 04:31 PM

» Auditors question TSA use of airline reservations. [The Practical Nomad] from Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)
Auditors question TSA use of airline reservations . [Read More]

Tracked on March 29, 2005 10:34 PM
Powered by
Movable Type 3.2