Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« Backpacks that Go Bloom(berg) | Main | Your Phone is Smarter than You Are »
July 22, 2005 | TSA Broke The Law, GAO Finds

TSA employees did indeed violate federal law when it secretly expanded the nature and extent of testing of a new passenger screening system, according to congressional investigators.

The head of the Secure Flight program, Justin Olberman, has tried to downplay the extent of the program's violations of privacy law in briefings to the press by leaving out crucial infromation and describing the violations as "technical."

Transportation Security Administration's chief spokesman Mark Hatfield went further by lying to this reporter about whether the TSA ever received data from private data companies.

Today's letter from the Government Accountablity Office to Congress makes clear that the TSA's actions were more than just "technical" violations of the nation's privacy laws.

In fact, the letter shows this is just the latest in a string of privacy scandals at the TSA that have involved millions of passenger records and repeated false statements to Congress and the media.

During the course of our ongoing review of the Secure Flight program, we found that TSA did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act. In particular, the public was not made fully aware of, nor had the opportunity to comment on, TSA’s use of personal information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the Federal Register that included descriptions of how such information would be used.

However, these notices did not fully inform the public before testing began about the procedures that TSA and its contractors would follow for collecting, using, and storing commercial data. In addition, the scope of the data used during commercial data testing was not fully disclosed in the notices. Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data
records containing personal information such as name, date of birth, and telephone number without informing the public. As a result of TSA’s actions, the public did not receive the full protections of the Privacy Act.

That's not the most damning prose, but its pretty clear the GAO, who was *supposed* to be keeping a close eye on the TSA, feels like they got misled.

In fact, no other program in the government is supposed to be as closely monitored by the GAO as Secure Flight.

It's unclear whether anyone at TSA will actually get prosecuted for this violation of the law or not, though Homeland Security's chief privacy officer is investigating.

Whole 16 page report is here. (.pdf)

UPDATE: Senators Susan Collins (R-Maine) and Joe Lieberman (D-Conn), the heads of the Government Affairs Committee, had this to say in a letter to DHS head Michael Chertoff:

[T]he Privacy Act, which is based on internationally recognized fair information practices, is intended to allow citizens “to learn how their personal information is collected, maintained, used and disseminated by the federal government.” We understand that, in response to GAO’s assertions, TSA took corrective actions to inform the public of its actual test protocols through updated Privacy Notices. However, that action does not excuse TSA’s failure to meet basic Privacy Act requirements in carrying out this program.


Given fundamental concerns surrounding the government’s use of personal information and the unfortunate history of TSA’s passenger prescreening program, careless missteps such as this jeopardize the public trust and DHS’ ability to deploy a much-needed, new system.


Posted by Ryan Singel at July 22, 2005 01:09 PM

 Trackback Pings

TrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/214
Powered by
Movable Type 3.2