Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Privatized Registered Traveler On Track
TSA Picks Privacy Player
Ticket? Check. I.D.? Nope, but Not a Problem
Hacks And Bloggers's Epics on Gilmore Epic
The Epic of Gilmore
Making a List or Checking It Twice
TSA Changes
Irish Gray
All I need is a badge and a cell phone
TSA "Refreshes" Website, Removes Critical Report
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
Airline Security Measures Archives Main
April 21, 2006 | Privatized Registered Traveler On Track

Passengers willing to undergo perpetual government background checks in exchange for the promise of shorter screening lines at the airport will be able to register as soon as late summer in a corporate-run Registered Traveler program set to debut in ten to twenty airports.

The Transportation Security Administration announced the latest timetable and specifications Thursday. While each airport could be run by a different company, which will have to pay for its own security lanes, screeners and registration process, a traveler registered with one company will be able to use the lanes at other airports.

But the press release is vague on what the benefits for travelers will be:

In order to enter the RT program, applicants must provide biographic information, which will be verified and authenticated to safeguard against the use of a false or stolen identity. All applicants must undergo a TSA Security Threat Assessment that includes perpetual vetting. When traveling, an RT participant must confirm his or her identity at an RT station using biometrics (fingerprints or iris). RT participants will still be required to pass through the metal detector, have their carry-on and checked luggage screened, and will be subject to secondary screening by TSA if they trigger an alarm. Consistent with TSA policies, an element of randomness will also be integrated into Registered Traveler to ensure unpredictability and disrupt potential efforts by terrorists to thwart the system.

The release also alludes to benefits: "While the combination of benefits and security measures available at each participating airport may vary, all RT travelers should receive an expedited and more convenient checkpoint experience." However if participants still have to have their luggage checked and could get secondary screening randomly, I don't see what the benefits are? Shorter lines? Snappier dressed security personnel? Free Starbucks while waiting in line? The feeling that while we are all in this together, some of us are more all in this than others?

Posted by Ryan Singel at 11:19 AM | TrackBack

April 17, 2006 | TSA Picks Privacy Player

The Transportation Security Administration picked Peter Pietra as their top choice in this year's National Privacy League draft. Pietra will be playing QB (a position TSA bureaucrats call "Director of Privacy Policy and Compliance") for the beleaguered TSA, which has struggled in the National Privacy League after repeated fumbles caused by poorly configured watch lists and unsanctioned use of personal information on American citizens.

The TSA has also been unable to score any touchdowns with a computerized passenger-screening system known as CAPPS II or Secure Flight. Congress and its investigative arm, the Government Accountability Office, have repeatedly forced the TSA to punt.

TSA hopes Pietra, who will be working with halfback/Privacy Officer Lisa Dean, will help the TSA overtake the FBI and NSA in the NPL's Federal Agency Conference, according to today's announcement.

"The devotion of increased resources and expertise to TSA privacy programs is expected to make the agency a leader in privacy efforts within DHS and the Federal government as a whole. With the anticipated launch of several programs, including TWIC, Registered Traveler and Secure Flight, it's critical the agency is poised to meet the workload and improve communication with stakeholders and the traveling public."

Pietra says he's just happy to get a shot at the bigs.

"We gotta play privacy impact assessments one day at a time. I'm just happy to be here. Hope I can help the agency," Pietra said. "I just want to give it my best shot, and the good Lord willing, things will work out."

Posted by Ryan Singel at 02:41 PM | TrackBack

March 24, 2006 | Ticket? Check. I.D.? Nope, but Not a Problem

It's now official.

You don't need identification to travel on an airplane.

Now, the signs in the airport still tell you that you must have identification.

The TSA's website itself states, "Each adult traveler needs to keep available his/her airline boarding pass and government-issued photo ID until exiting the security checkpoint."

Neither those signs nor the TSA's website are true.

Who says?

The TSA.

"Passengers are allowed to enter screening area without identification," TSA spokeswoman Amy Kudwa told this humble reporter today.

I got an off-the-record reason for the untruthful statements in the nation's airports and on the website created with your tax dollars.

The on-the-record answer: "Customers should present government-issued I.D."

As far as I know, this is the first public acknowledgment that the government's official policy is to let people on planes without identification, that is attributed to a TSA employee (the fantastic Sarah Lai Stirland had an unattributed version here.)

The TSA has told the Ninth Circuit in two separate cases (John Gilmore & Daniel Kuualoha Aukai) that airport policy was to let people enter security areas without identification.

Gilmore's Identity Project has been asking for volunteers to see if that was true in ye olde meatspace.

Results, currently mixed. Dog-ate-my homework excuse with contrition gets you less hassle than a flat-out refusal seems to be the pattern, according to folks at the I.D. Project.

So, if you want to fly without identification without telling any white lies, I recommend taking a hearty amount of fortitude and a copy of at least one of the rulings from the Ninth Circuit.

You are likely in for a battle when the security personnel point to the sign and you try to tell them that your government is not actually telling the truth. And that it knows it isn't telling the truth. Good luck with that.


Technorati Tags: , , , , , , ,

Posted by Ryan Singel at 03:42 PM | TrackBack

December 11, 2005 | Hacks And Bloggers's Epics on Gilmore Epic

Kevin Drum at the Washington Monthly picked up on the Gilmore Epic, and has prompted me to post this post-mortem media round-up on Gilmore's hearing on Thursday.

My take, published on Thursday in Wired News:

A three-judge panel of the 9th U.S. Circuit Court of Appeals heard arguments Thursday on tech entrepreneur and internet freedom fighter John Gilmore's challenge to a secret government order forcing airline passengers to show identification or submit to a pat-down search.

The hearing pitted a matter-of-fact government attorney against Gilmore's impassioned, podium-banging lawyer, James Harrison, in a closely watched legal battle over government secrecy and antiterrorism measures that has federal officials defending a rule whose existence they will not admit in open court.

Gilmore contends that the policy violates his right to travel and that the additional search of those who don't show ID is a form of punishment.

"When a cop asks you for your ID on the street, you are free to walk away. There is no penalty," Gilmore said outside the courthouse. "If you refuse to show ID at an airport, you can't fly."

In court, Justice Department attorney Joshua Waldman countered that the identification requirement, if it existed, was a minimal intrusion and enhanced airline security.

"The requirement promotes the right to travel by protecting everyone's safety," Waldman said.

The arguments Thursday focused on three issues: whether the identification or search requirement violates the Fourth Amendment, whether the government has to show the public and the courts the text of rules that affect the public, and which court has jurisdiction over constitutional challenges to such rules.

[...]

Appellate Judge Steven Trott repeatedly questioned Harrison about whether asking for identification really implicated the Fourth Amendment's ban on unreasonable searches and seizures, calling it Harrison's "weakest argument."

But Trott also questioned the government's case, asking Waldman why the United States was "playing cat and mouse" with the courts by alternatively referring to the identification-or-search requirement as a policy, a rule and a law-enforcement technique.

The presiding judge, Richard A. Paez, probed Waldman about the government's defense of a rule it refuses, in Waldman's words, "to confirm or deny the existence of."

"Doesn’t that strike you as a bit odd?" Paez asked.

Judge Thomas G. Nelson also questioned the government's secrecy.

"How do we know this is an order?" Nelson asked.

Full story.

Paul Elias, an Associated Press reporter who forgot his driver's license at home and talked his way into the courthouse with a business card and an ATM card with his picture on it, led with this:

A wealthy Libertarian who is fighting a requirement that airline passengers show identification before traveling asked a federal appeals court Thursday to broaden the scope of his battle to cover other forms of commercial transportation.

and noted:

Gilmore arrived in court Thursday wearing Birkenstock sandals and a small pin on his lapel that read "Suspected Terrorist."

That same pin prompted a British Airways pilot to kick Gilmore off a London-bound flight in 2003.

Full story.

Oakland Tribune's premier hack (that's not pejorative) Sean Holstege filed this:

Millionaire John Gilmore didn't show photo identification to walk into a federal courthouse Thursday, where his attorney tried to persuade a panel of appellate judges that nobody should need ID to board an airplane.

Sacramento attorney James Harrison made special arrangements to get his client past the checkpoint, where every other member of the public was asked to show ID. But no such arrangements were possible when Gilmore tried to board a Southwest Airlines flight at Oakland International Airport on July 4, 2002.

Full story

News.com's Declan McCullagh piped in with his usual fine prose style.

A federal appeals court wrestled Thursday with what seems to be a straightforward question: Can Americans be required to show ID on a commercial airline flight?

John Gilmore, an early employee of Sun Microsystems and co-founder of the Electronic Frontier Foundation, says the answer should be "no." The libertarian millionaire sued the Bush administration, which claims that the ID requirement is necessary for security but has refused to identify any actual regulation requiring it

Full story.

My friend Justin Scheck of The Recorder, a West Coast law paper, filed this feature, with some fine coloring:

Bespectacled, bearded and Birkenstocked (with Dr. Seuss socks), John Gilmore cut an appropriately iconoclastic profile Thursday as the centerpiece of a notebook-wielding gaggle in front of the 9th U.S. Circuit Court of Appeals.

Gilmore, a tech-boom multimillionaire who can't fly on airplanes due to his refusal to show identification at airports, is a star -- and major funder -- of the electronic privacy movement.

He's been at the center of an increasingly strange piece of litigation for the past three years since he sued the government, claiming that the requirement to show ID before boarding a plane is unconstitutional.

Complicating matters -- and nourishing conspiracy theories -- is the government's ongoing refusal to disclose what, if any, such requirement is on the books.

(Note to Harrison, telling a legal reporter that the judges you just tried to persuade were "a terrible panel" might not be a great idea.)

Full story.

Tim Cavanaugh of Reason filed this factually-challenged bit for Reason's blog.

Most of today's arguments turned on various points tangential to the central argument. In particular, there's a jurisdictional question about whether the Ninth Circuit should be hearing the case. Both sides argued that the case should be remanded to a "lower court" (presumably the Northern District of California, which dismissed the case last year), though Department of Justice lawyer Joshua Waldman held out the option of the Ninth Circuit's deciding the case on the merits. The interesting part is that the jurisdiction brouhaha arises from the question of who is actually ordering the ID check. The Transportation Security Administration claims it gave an order to demand IDs to the airlines on the authority of Congress, but Congress has not actually issued any law requiring ID checks. Gilmore's lawyer, James P. Harrison, argues that requirement hasn't been made public and is effectively a secret law. Waldman counters that there are many cases where we accept a "legal fiction" that something is in the U.S. Code, that ID requirements are prominently posted at airports, on the TSA website, etc., and that everybody in the courtroom (except Gilmore, who was signed in by his lawyer) had to show ID to enter the building.

[long section on the shortcomings of Gilmore's lawyer removed for space considerations]

On the courthouse steps after the hearing, one of the pro-Gilmore cranks (whose number I would estimate at about a score) spelled out the distinction Gilmore's attorney did not: That the Hiibel decision made a distinction between having to identify yourself verbally and having to produce a piece of identification, which constitutes a search. (I don't vouch for the details of any of this stuff, just that he seemed to have an argument.)

(Just so you know the jurisdiction fight has nothing to do about who is ordering the ID check, it's about a law that allows challenges to administrative orders to only go to an appeals court. Gilmore wants the case sent back down to a district court for a full trial, but contrary to Cavanaugh's assertion, the government does not want that at all. They want the Ninth to dismiss the case, but if the Ninth does think Gilmore has a case, they want the Ninth to decide it. They don't want a full trial -- they think the law explicitly says that can't happen. Waldman's point about the "legal fiction" was an ironic point since courts assume that every one should know a rule if it is in the federal code, even though its ridiculous to assume most citizens read the federal code. The irony here is that everyone knows you have to show i.d. at the airport, even though its not in the federal code, so Gilmore can't say he didn't know about the rule. And finally, the pro-Gilmore 'crank' Cavanaugh mentions is none other than Edward Hasbrouck, who knows more about the minutiae of airline travel laws and airline databases than just about anyone on this big, big planet.)

Full post.

Here's an excerpt from Hasbrouck's wordy, but perceptive and accurate, take on Gilmore's hearing:

The good news, as I read the tea leaves of the argument, is that it appears that John Gilmore and the cause he has taken up will eventually get their day in court, and may get it somewhat sooner rather than later: the 3 judges seemed inclined, if they rule that the case should first have been filed with them instead of with the district court, to order it transferred to their jurisdiction, rather than ordering it dismissed and making Mr. Gilmore start over from scratch in the circuit court.

[...]

I don't know if Mr. Gilmore was verbally asked, or stated, his name -- so far as I can tell, the record is silent on that point. But by presenting himself for transportation, and presenting those tickets as entitling him to passage, he was implicitly making a legally binding self-declaration as to his name and identity.

This case is not, therefore, about anonymous travel, an interesting but irrelevant side issue that was raised in this morning's argument. It's not about whether Mr. Gilmore could be asked for ID (he was, in effect, when he was asked to present a name-identified non-transferable ticket) or whether Mr. Gilmore could be sanctioned for failing to identify himself (he did identify himself).

The issue in this case is specifically about the legality of the search embodied in the demand for tangible evidence of identity, and the lack of due process embodied in the secrecy of the "rule" requiring production of ID credentials (whose existence, even today, government counsel would "neither confirm nor deny") and the lack of any publicly-disclosed criteria as to what evidence of identity is sufficient, or how its sufficiency is to be determined.

Full post.

By the by, this decision is looking to be very interesting.

The panel seems not very happy with the secret nature of the rule, but simultaneously doesn't seem persuaded by the argument that the rule is unconstitutional.

But their animosity for the former may move them for a more full constitutional challenge. I highly suspect the panel will take on this case and ask for more briefings or send it in front of the full panel of the Ninth. This stuff is way too interesting for these judges to give it back to a district court.

The other interesting angle is that if Gilmore gets the court to decide that the search part of the identification -or-search policy is an unconstitutional administrative punishment, then he also brings down the no-fly and selectee lists as unconstitutional administrative punishments..

Posted by Ryan Singel at 11:00 PM | TrackBack

December 08, 2005 | The Epic of Gilmore

John GilmoreLongtime Internet civil liberties activist and Electronic Frontier Foundation co-founder, John Gilmore, will have his day in court Thursday to argue against the constitutionality of a secret rule compelling airline passengers to show identification before boarding an airplane.

From my Wired News story from Wednesday:

Although John Gilmore lives just five blocks from San Francisco's Department of Motor Vehicles, his driver's license is expired. On purpose.

The outspoken, techno-hippie, wealthy civil libertarian doesn't want to give his Social Security number to the DMV.

Neither will he show his driver's license at airports, or submit to routine security searches. This refusal to obey the rules led him to file suit against the Bush administration (Gilmore v. Gonzales) after being rebuffed at two different airports on July 4, 2002, when he tried to fly without showing identification. One airline offered to let Gilmore fly without showing ID, but only if he underwent more intensive security screening, which he declined.

On Thursday, Gilmore and his lawyers will get 20 minutes in front of the 9th U.S. Circuit Court of Appeals to make their argument against identification requirements and government secrecy, in a case that time and shifting public opinion has transformed from a quirky millionaire's indignant protest into a closely watched test of the limitations of executive branch power.

"The nexus of the case has always been the right to travel," Gilmore said. "Can the government prevent Americans from moving around in their own country by slapping any silly rules on them -- you have to show ID, you have to submit to searches, you have to wear a yarmulke?"

Gilmore has sunk thousands of dollars into fighting identification requirements, but he also personally committed to not traveling in the United States if he has to show identification.

So Gilmore has not taken a train, an intercity bus or a domestic flight since July 4, 2002. He still flies internationally.

Gilmore describes himself as being under "regional arrest," and said he would love to drive and fly again.

"I'm a millionaire," Gilmore said. "I can do whatever the fuck I want, right? Why should I run around without an ID? Because no one else was paying attention to that and letting our liberties slip down the drain. I figured it was worth some amount of money and some amount of personal sacrifice to keep a free society."

Regardless of your take on the necessity or usefulness of showing identification, the questions Gilmore's case is raising about government secrecy are intriguing.

Here's what Abraham Sofaer of the Hoover Institution has to say on his nascent SofaerBlog.

I hope Sofaer will excuse me for quoting him at length:

Those of you who follow privacy issues obsessively will probably have seen John Gilmore’s website, a standard boilerplate PANIC NOW privacy advocate website. What interests me is DOJ’s argument here claiming that 49 U.S.C. 114(s)(1)(C), which prohibits disclosing information “developed or obtained in carrying out security” together with 49 CFR 1520.9(a)(1), enable TSA to enact a secret rule requiring ID to be shown when boarding an aircraft simply by issuing such a rule and then declaring that rule’s existence to be sensitive information.

The judge denied the DOJ motion to file its brief in camera and ex parte (ed. note. in camera means in the judges chambers and ex parte means without Gilmore's la, and so DOJ filed a brief in the case that assumed that ID requirements do exist, rather than provide documentation on whether that is the case. Here is a choice quote from that brief: “First, there is an administrative record, namely, the TSA security directive alleged by plaintiff.” (emphasis mine) Lawyers can say things like that with a straight face. The brief argues in part that the ID requirement is a law enforcement technique, not a law in itself, and therefore it does not need to be published in a codified form.

The interesting part of the whole thing to me is how insistent TSA is about not releasing official text of the ID-or-search rule. It’s not clear how such a rule could be a secret in any meaningful sense of the word. The argument put forward by DOJ is that it is analogous to catching drug traffickers, where the investigator properly does not wish to reveal his criteria for where to focus investigative attention. Since the ID requirement is (alleged and assumed to be) uniform, I can’t see how that applies. It seems to me that TSA wants blanket authority to make secret and globally-applicable regulations, with review to be done only by appellate courts, and only under seal.

On December 8th we will find out whether congress has given them that authority.

Posted by Ryan Singel at 12:11 AM | Comments (1) | TrackBack

December 07, 2005 | Making a List or Checking It Twice

I saw this correction coming a frequent-flier mile away.

The ever vigilant Richard M. Smith sent this News.com story by Anne Broache to Dave Farber's Interesting People list this morning.

Tens of thousands mistakenly put on terrorist watch lists

WASHINGTON--Nearly 30,000 airline passengers discovered in the past year that they were mistakenly placed on federal "terrorist" watch lists, a transportation security official said Tuesday.

Jim Kennedy, director of the Transportation Security Administration's redress office, revealed the errors at a quarterly meeting convened here by the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee.

Actually, that's not quite what Kennedy said according to reports I heard about the meeting.

And I'm pretty sure the TSA press office gave Broache a call to say they were very unhappy about the story.

Here's the corrected lede and hed:


Tens of thousands mistakenly matched to terrorist watch lists
WASHINGTON--About 30,000 airline passengers have discovered since last November that their names were mistakenly matched with those appearing on federal watch lists, a transportation security official said Tuesday.

Full story here.

Kennedy works in the redress office.

Even the correction doesn't really get the story right.

What he said, according to my sources, is that 30,000 people had gone through the non-trivial process of submitting forms and identification and had received letters that would help them get through security faster.

These 30,000 are people whose names match or come close to matching names on the no-fly or selectee lists.

This is a *very* touchy subject for the TSA.

I got a call from TSA after I ran the story about Sister Glenn Anee McPhee matching on the list, because they were mad about something I quoted her saying (something to the effect of how happy she was she got off the list).

It didn't matter that I made sure in my story not to make clear the difference between being on the list, and matching an entry on the list. I still got an earful.

But, back to the real story. The redress office has been very busy to issue 30,000 letters in a year. The TSA likely ran background and FBI checks on each of them. That's not an inexpensive or automated endeavor.

Kennedy also said that 60 people who wrote in weren't able to be helped. That means that 60 of them were or were deemed likely to be the person on one of these lists.

Posted by Ryan Singel at 08:30 PM | Comments (2) | TrackBack

December 03, 2005 | TSA Changes

The TSA is changing its rules to allow passengers to carry small scissors and some pocketknifes onto planes, but will add some random secondary screenings and increase screeners' focus on finding explosives.

The change was announced formally on Friday, and there's more here in Leslie Miller's AP story.

Stewardesses and some members of Congress, including Ed Markey, think this is poor security, but it seems like a smart move.

Unfortunately, transportation security officers (née screeners) will still have to look for and confiscate lighters, thanks to a href="http://www.secondaryscreening.net/static/archives/2004/12/dorgan_wydens_b.html#000076">Senator Byron Dorgan's cameo in .

In other TSA news, Justin Oberman, who has been heading the Secure Flight program at the TSA, is leaving for greener pastures.

Oberman is taking a job with a venture capital firm called Crestview Capital Funds where he will work as -- insert predictable drum roll here -- "the senior analyst focused on homeland security, transportation and other related industries." Link to press release.

When last screened around these parts, Oberman was dodging and dissembling about his violation of the Privacy Act. Both the Inspector General and the Privacy Office at Homeland Security were ostensibly investigating the little matter of creating a secret database on American citizens, but neither the press release from the venture capital fund nor the one from the TSA mentions any investigation.

Secure Flight remains in a holding pattern and is unlikely to be rolled out this year. The new head is Stephanie Rowe, a former Accenture executive who has experience consulting with the TSA.

Crestview is lucky to have Oberman, who by all accounts knows how to do "due diligence."

Posted by Ryan Singel at 02:53 PM | TrackBack

November 28, 2005 | Irish Gray

An Irish-born pilot who was labeled a security threat by the Transportation Security Administration when he attempted to learn to fly a larger plane is hoping to settle the matter out of court, according to Eric Gershon of the Cape Cod Times.

Cape Air pilot Robert Gray, 35, sued the feds in July after they denied his flight school application and alleges he was subsequently was placed on the "no-fly" list as punishment. If true, he would be the first person, outside of a few (but not all) high level Al Qaeda and some Guantanamo detainee, known to actually be on the list.

Many, including Senator Edward Kennedy and Sister Glenn Anne McPhee, have matched against the list due to name similarities.

If Gray is on the list, he would be the only person likely to have standing to challenge the legality of the no-fly list. The challenge would be interesting since the no-fly list is an odd bird. Bruce Schneier calls it a list of people too dangerous to fly, but not dangerous enough to arrest. I'm more interested in the challenge since the list is an extra-legal administrative punishment that sits in a very gray legal area. And until now no one seemed to have a way to challenge.

The government has long argued that the no-fly list and Secure Flight do not implicate the right to travel (generally understood as deriving in part from the First Amendment) since there are other ways people can travel. The suit by several Alaskans who can only get to the Alaskan capital and their jobs by plane would have mooted that argument, but that lawsuit is currently on hold.

As for one of the weirdnesses of a no-fly list, consider that Gray is Irish. If Gray is on the no-fly list, how would he get back to Ireland if he wanted to?

Link: Eric Gershon's Cape Cod Times story

Posted by Ryan Singel at 09:41 AM | Comments (1) | TrackBack

November 13, 2005 | All I need is a badge and a cell phone

I almost hesitate to mention this, after what Daniel Solove did the last time I mentioned a TSA toy, but an outfit called Water Cooler Games has released a game for Nokia cell phones called Airport Insecurity.

The developers call the game "a mobile game about inconvenience and the tradeoffs between security and rights in American airports. Players are encouraged to try their current travel itinerary while in line at security."

It's unclear exactly what you have to do, but it looks like its a game about being good at standing in line at 138 airports. It has three play modes: Arcade, Practice, and Endless Queue.

It costs $3.99.

Sky Posse PinIf prefer hardware to software, for $10, you can buy a badge that identifies you as a flier who would fight back against airline hijackers, just as the passengers of Flight 93 did, possibly sparing the Capitol or the White House from destruction.

The group is called Sky Posse, which says the badges are a "means of demonstrating a visible symbol that you are one American who will fight back."

Now, I appreciate the sentiment, but I wonder if it might not be better for citizen air marshals (and hopefully we've all learned that lesson) not to advertise their intentions?

(Tip of the badge to Bruce Schneier).

I have no idea if wearing such a badge while playing Airline Insecurity will help or hurt your score, but you should find out.

Posted by Ryan Singel at 09:34 PM | Comments (3) | TrackBack

November 11, 2005 | TSA "Refreshes" Website, Removes Critical Report

The Transportation Security Administration has removed a link from its website to an internal report highly critical of its newest airline passenger screening proposal, while simultaneously adding rebuttals to it.

The scathing report was written by a group of privacy experts and technologists appointed to the Secure Flight Working Group, which was tasked by the TSA with evaluating the effectiveness and privacy risks of its proposed upgrade to the current passenger watchlist system, now dubbed "Secure Flight."

Frustrated by incomplete briefings, the group recommended that Congress ban live testing of the program until the Department of Homeland Security clarifies how it will work.

When asked about the delinking of the report, TSA spokesman Nico Melendez said by email the delinking was part of a "'scrub' of our website."

"Several items have been refreshed to ensure appropriate information for public consumption is available," Melendez said.

The report was posted in full to the TSA's website in mid-September to the surprise of several group members who did not expect the critical report would be allowed to be made public.

"Based on the limited test results presented to us, we cannot assess whether even the general goal of evaluating passengers for the risk they represent to aviation security is a realistic or feasible one or how TSA proposes to achieve it," the report said. "We do not know how much or what kind of personal information the system will collect or how data from various sources will flow through the system. Until TSA answers these questions, it is impossible to evaluate the potential privacy or security impact of the program..."

The group's membership included security expert Bruce Schneier, noted technologist Ed Felten, corporate privacy lawyer Martin Abrams, and Steve Lilienthal of the conservative Free Congress Foundation.

The TSA has since delinked the report, replacing it with an executive summary of the report (.doc) that simply summarizes the nature of the working group and the Secure Flight program. It contains none of the report's findings.

The revision seems to have been done by a TSA employee named Jose Carrao on October 12.

Oddly, the full report (.pdf) remains on the TSA's servers, though there are no links to it. A saved copy can also be found here.

The TSA also added two rebuttals from aviation groups (Word docs here and here) and one clarification (.pdf) from the Terrorist Screening Center, which is responsible for creating the centralized terrorist watchlist.

One of rebuttals itself has been revised to remove original comments about the size of the TSA watchlists, saying that information "has been determined by TSA/DHS to be Sensitive Security Information (SSI)." SSI is not classified information, but the TSA uses the designation to withhold information from the public, such as airport security plans and the fact it requires airlines to ask for identification from passengers. One federal judge has already ruled that the TSA uses SSI designation frivolously.

The working group's report discusses the watchlist's composition and length, relying on information provided to it by a TSA employee and other information found in a Justice Department report on the watchlist(.pdf).

In part, the working group wrote that "As of spring 2005, there were about 270,000 entries in the TSDB [Terrorist Screening Database], many of them aliases of the same individual. Of these, about 30,000-40,000 were on the No-Fly list, and 30,000-40,000 were on the Selectee list, for a combined total of about 70,000. As the TSDB and TSA lists are further scrubbed, TSA officials predict that the number of No-Flys might be reduced to as few as 20,000. However, the number of Selectees was expected to increase substantially, so that the total of the No-Fly and Selectee lists might be about 160,000 persons."

Melendez did not reply to a follow-up email asking if the report contained sensitive information inappropriate for public consumption.

If the document does contain information that is too sensitive for the public to know about, it is unclear why the TSA simply delinked the document without removing it from their servers, since the report is easily available through search engines.

Melendez also declined to say why the TSA uses the word "refresh" to refer to the removal of information from its website.

Posted by Ryan Singel at 10:25 AM | TrackBack

October 03, 2005 | Secure Flight News

Last week, Congress opted to keep language that prohibits the government from using commercial data in order to screen airline passengers and keeps the government from keeping people off planes unless their names match against a watchlist. That puts a one year stake in the heart of a recently suggested plan of using commercial data to identify potential sleeper terrorists before they board planes.

The AP's Leslie Miller jumped on the story on Friday.

The TSA has said it plans to begin implementing Secure Flight by the end of the year.

"The bill does not delay implementation," said spokeswoman Amy von Walter. "TSA will continue working closely with GAO and Congress to meet the criteria outlined for the Secure Flight program."

However, the agency's estimates of when the program would begin have consistently been wrong ever since former chief James Loy said in July 2003 that he hoped it could be implemented in July 2004.

Privacy advocates have long denounced Secure Flight as a program to spy on Americans. More recently they've questioned whether the project could ever even work, as it has sputtered along for years and cost tens of millions of dollars with few tangible results.

"This program is turning into the supercolliding superconductor of Homeland Security," said American Civil Liberties Union lawyer Tim Sparapani, referring to the costly government project that was ultimately killed. "It's a boondoggle and a black hole."

A Justice Department inspector general report released in July pointed out, for example, that the TSA failed to plan for changes in the terrorist watch lists.

For those who want a nice primer on Secure Flight and its ongoing travails, try this piece from Tony Kontzer at InformationWeek.

The Transportation Security Administration's Secure Flight program is under question again, and it's unclear when, or even if, the controversial passenger-screening system will be given clearance for takeoff. Privacy issues are a sticking point, but the problems may run deeper. Project managers are vague about Secure Flight's technology architecture, and critics are asking whether the management team is up to the task.

Posted by Ryan Singel at 12:53 PM | TrackBack

September 26, 2005 | No Flying Nun

Sister Glenn Anne McPhee, the Church's leading official for education in America, spent 9 months being caught by the No Fly list, until her boss wrote Karl Rove.

Sister Glenn Anne McPhee with Secretary of Education Margaret Spellings
Sister Glenn Anne McPhee (C) and Reverend Robert J. McManus at the Congressional Advocacy Days conference of the U.S. Conference of Catholic Bishops meeting with Secretary of Education Margaret Spellings.

And she's none too happy about it.

Sister McPhee's chronicle of frustration began in mid-October 2003, after she was stopped at Baltimore Washington International airport on her way to Providence, Rhode Island.

Unable to check in using the airline's kiosks, McPhee handed her driver's license and reservation to an airline employee, who keyed her name into the computer system and then disappeared with her license into an internal door.

When he returned an hour later, he was accompanied by two police officers.

The officers flanked the 62-year-old Dominican nun, one standing with his hand on his gun, the other using a cell phone to run a security check.

Three hours later, having missed two planes, Sister McPhee was cleared to enter the security line, where she was wanded from head to toe with a magnometer.

"This was the beginning of nine months of hell," McPhee said.

Before flying back to Washington, D.C., McPhee called a family connection who works at an airline and who had access to the watch lists provided by the government to the airlines.

Sister McPhee was being stopped because the list said that an Afghani man was using the last name McPhee as an alias. The list had no first name for him, and the intensive checks would continue until she cleared her name with the ombudsman at the Transportation Security Administration, according to this family connection.

Full story here.

There's lots of other TSA/Secure Flight news and commentary floating around, mostly about the report I mentioned here on Friday.

Noah's great wrap-up is a fine place to start.

The esteemed security guru Bruce Schneier, a member of that panel, has some words here.

Dan Solove, a smart professor with a good blawg, chimes in here.

And for those who prefer their media paid, rather than volunteer, check out Sara Kehaulani Goo's article in the Washington Post or Leslie Miller's take for the Associated Press.


Posted by Ryan Singel at 09:59 AM | TrackBack

September 23, 2005 | Advisory Panel Report Made Public

The Secure Flight Working Group, a set of security and privacy experts that was tasked in January with evaluating Secure Flight for the Transportation Security Administration's Aviation Security Advisory Committee, has released its report, which questions whether recommends that Congress stop any live testing until the TSA has adequately developed a plan for a new system to screen the nation's air travelers.

The TSA published the report -- perhaps inadvertently -- to their website this morning.

Despite having security clearances and signing NDAs, the group was left with more questions than answers and recommended that major changes happen before any operational testing, such as that proposed by the TSA to start in October.


The group consisted of

  • Jim Dempsey, Center for Democracy & Technology/Markle Foundation

  • Bruce Schneier, Counterpane Internet Security

  • Steve Lilienthal, Free Congress Foundation

  • Martin Abrams, Hunton & Williams

  • Daniel Gallington, Potomac Institute

  • Edward Felten, Princeton University

  • Linda Ackerman, Privacy Activism

  • Anna Slomovic, SRA International

  • Lauren Gelman, Stanford University

They wrote:

II. Questions

The SFWG found that TSA has failed to answer certain key questions about Secure Flight: First and foremost, TSA has not articulated what the specific goals of Secure Flight are. Based on the limited test results presented to us, we cannot assess whether even the general goal of evaluating passengers for the risk they represent to aviation security is a realistic or feasible one or how TSA proposes to achieve it. We do not know how much or what kind of personal information the system will collect or how data from various sources will flow through the system.

Until TSA answers these questions, it is impossible to evaluate the potential privacy or security impact of the program, including:
􀂃 Minimizing false positives and dealing with them when they occur.
􀂃 Misuse of information in the system.
􀂃 Inappropriate or illegal access by persons with and without permissions.
􀂃 Preventing use of the system and information processed through it for purposes other than airline passenger screening.

The following broadly defined questions represent the critical issues we believe TSA must address before we or any other advisory body can effectively evaluate the privacy and security impact of Secure Flight on the public.

1. What is the goal or goals of Secure Flight? The TSA is under a Congressional mandate to match domestic airline passenger lists against the consolidated terrorist watch list. TSA has failed to specify with consistency whether watch list matching is the only goal of Secure Flight at this stage. The Secure Flight Capabilities and Testing Overview, dated February 9, 2005 (a non-public document given to the SFWG), states in the Appendix that the program is not looking for unknown terrorists and has no intention of doing so. On June 29, 2005, Justin Oberman (Assistant Administrator, Secure Flight/Registered Traveler) testified to a Congressional committee that “Another goal proposed for Secure Flight is its use to establish “Mechanisms for … violent criminal data vetting.”2 Finally, TSA has never been forthcoming about whether it has an additional, implicit goal - the tracking of terrorism suspects (whose presence on the terrorist watch list does not necessarily signify intention to commit violence on a flight).
While the problem of failing to establish clear goals for Secure Flight at a given point in time may arise from not recognizing the difference between program definition and program evolution, it is clearly an issue the TSA must address if Secure Flight is to proceed.

2. What is the architecture of the Secure Flight system? The Working Group received limited information about the technical architecture of Secure Flight and none about how software and hardware choices were made. We know very little about how data will be collected, transferred, analyzed, stored or deleted. Although we are charged with evaluating the privacy and security of the system, we saw no statements of privacy policies and procedures other than Privacy Act notices published in the Federal Register for Secure Flight testing. No data management plan either for the test phase or the program as implemented was provided or discussed.

3. Will Secure Flight be linked to other TSA applications? Linkage with other screening programs (such as Registered Traveler, Transportation Worker Identification and Credentialing (TWIC), and Customs and Border Patrol systems like U.S.-VISIT) that may operate on the same platform as Secure Flight is another aspect of the architecture and security question. Unanswered questions remain about how Secure Flight will interact with other vetting programs operating on the same platform; how it will ensure that its policies on data collection, use and retention will be implemented and enforced on a platform that also operates programs with significantly different policies in these areas; and how it will interact with the vetting of passengers on international flights?

4. How will commercial data sources be used? One of the most controversial elements of Secure Flight has been the possible uses of commercial data. TSA has never clearly defined two threshold issues: what it means by “commercial data;” and how it might use commercial data sources in the implementation of Secure Flight. TSA has never clearly distinguished among various possible uses of commercial data, which all have different implications.

Possible uses of commercial data sometimes described by TSA include: (1) identity verification or authentication; (2) reducing false positives by augmenting passenger records indicating a possible match with data that could help distinguish an innocent passenger from someone on a watch list; (3) reducing false negatives by augmenting all passenger records with data that could suggest a match that would otherwise have been missed; (4) identifying sleepers, which itself includes: (a) identifying false identities; and (b) identifying behaviors indicative of terrorist activity. A fifth possibility has not been discussed by TSA: using commercial data to augment watch list entries to improve their fidelity. Assuming that identity verification is part of Secure Flight, what are the consequences if an identity cannot be verified with a certain level of assurance?

It is important to note that TSA never presented the SFWG with the results of its commercial data tests. Until these test results are available and have been independently analyzed, commercial data should not be utilized in the Secure Flight program.

5W5. Which matching algorithms work best? TSA never presented the SFWG with test results showing the effectiveness of algorithms used to match passenger names to a watch list. One goal of bringing watch list matching inside the government was to ensure that the best available matching technology was used uniformly. The SFWG saw no evidence that TSA compared different products and competing solutions. As a threshold matter, TSA did not describe to the SFWG its criteria for determining how the optimal matching solution would be determined. There are obvious and probably not-so-obvious tradeoffs between false positives and false negatives, but TSA did not explain how it reconciled these concerns.

6. What is the oversight structure and policy for Secure Flight? TSA has not produced a comprehensive policy document for Secure Flight that defines oversight or governance responsibilities.

Their conclusion?

We, the SFWG were not provided adequate information about the proposed program for Secure Flight. Therefore, we are unable to make any substantive recommendations at this time. We do, however, suggest the following actions:

Congress should prohibit live testing of Secure Flight until it receives the following from the Secretary of the Department of Homeland Security.

First, a written statement of the goals of Secure Flight signed by the Secretary of DHS that only can be changed on the Secretary’s order. Accompanying documentation should include: (1) a description of the technology, policy and processes in place to ensure that the system is only used to achieve the stated goals; (2) a schematic that describes exactly what data is collected, from what entities, and how it flows through the system; (3) rules that describe who has access to the data and under what circumstances; and (4) specific procedures for destruction of the data. There should also be an assurance that someone has been appointed with sufficient independence and power to ensure that the system development and subsequent use follow the documented procedures.

Full report can be found here on the TSA web site (pdf), or here on this site.

(Thanks to Edward Hasbrouck of the Practical Nomad for the tip. See also his comprehensive rundown of recent Secure Flight news here.)

Posted by Ryan Singel at 09:58 AM | TrackBack

September 23, 2005 | Advisory Panel: Delay Secure Flight

A panel of security and privacy experts tasked by TSA to review the newest proposed upgrade to the nation's airline passenger screening system has recommended that the system not be tested in the nation's airports until more details are revealed, according to National Journal Technology Daily's Sarah Lai Stirland.

The panel of nine security and privacy experts, which included Princeton University computer science professor Edward Felten and Bruce Schneier, founder of the Internet security firm Counterpane, said in the report that DHS Secretary Michael Chertoff should provide Congress with a signed, written statement on the goals of the project - goals that could only be changed on Chertoff's orders.

The department also should provide information on the technologies used in the Secure Flight program, how it works to achieve the stated goals, and what policies are in place to make sure that the stated goals are achieved. The panelists said they also want DHS to provide specifics on what information it collects about people, where the information comes from, how "it flows through the system," who has access to the information, and what the procedures are for its destruction.

"We believe live testing of Secure Flight should not commence until there has been adequate time to review, comment, and conduct a public debate on the additional documentation outlined above," said the report, a portion of which was obtained in advance by Technology Daily.

Full story here.

Stirland, a fine reporter who I recently met, also notes that the group's report is supposed to be published on Monday.

That surprises me as the folks I've talked with who are on the panel believed that the report would not be made public.

They also expressed frustration with the TSA, which, they say, did not provide them with briefings that would allow them to adequately judge the program's efficacy or privacy implications. Instead, they said, they got much the same information that was provided to the public, despite signing strict non-disclosure agreements.

My guess is that Monday will be a very interesting day for TSA and Secure Flight news.

Posted by Ryan Singel at 07:48 AM | TrackBack

September 22, 2005 | TSA Chief Nixes Commercial Databases

The new head of the Transportation Security Administration, Kip Hawley, is shelving long held plans to use commercial databases as part of a new airline passenger screening system, according to the Wall Street Journal's Laura Meckler.

The TSA has been considering using commercial data for Secure Flight, but came under intense criticism from privacy advocates, the Government Accountability Office and others. In response, the agency has decided to launch the program without using commercial data, said TSA chief Kip Hawley. "There's no question it would be helpful, but it brings with it a lot of privacy concerns," Mr. Hawley said.

Secure Flight is now expected to launch by early next year, according to one person interested in the program who was briefed by a top TSA official. According to this account, regulations governing it will be issued in the next few weeks, with the program set to begin with at least a handful of airlines as early as November -- or if it can't get off the ground before Thanksgiving, then in early 2006.

The idea is that Secure Flight will do a better job of identifying would-be terrorists than the existing system does. Since the Sept. 11, 2001, terrorist attacks and the stepped-up security that followed, many innocent travelers have been wrongly flagged as flight risks. Getting one's name off the watch list has proved difficult.
Under Secure Flight, the airlines would collect passengers' names and birth dates and turn them over to the TSA, which would run the names against the terrorist watch list. If someone shows up on the "no fly" list, that person would be barred from boarding the plane; other suspicious names would be flagged for extra screening.

Collecting full names and birth dates will reduce false matches by 60%, Justin Oberman, who runs the program, told Congress this summer. But to further increase accuracy, the TSA considered the commercial data, which could include information culled from marriage and birth certificates, credit-card records, court filings, newspaper clippings and other sources.

The TSA secretly tested this procedure without informing the public -- hiring a contractor that collected 100 million records -- which brought sharp rebukes from the GAO and privacy advocates. The agency apologized and reissued its privacy statement.

But it remains unclear what commercial data would be used for. Mr. Oberman suggested to a congressional committee that the data could be used to find people who aren't on the watch list -- members of "sleeper cells" that the FBI doesn't know about -- as well as to better match travelers to known names. "If we just rise and fall on the watch list, it's not adequate," he said in July.

Full story here.

This isn't too much of a surprise, given that the GAO found that TSA violated the Privacy Act when it collected data on 100,000 Americans without giving them notice and that Congress is still debating (in conference) whether or not to prohibit TSA from using commercial data.

Without the data, the question that has to be answered is whether the system can accurately match passengers against the watch list without having some outside source to verify a passenger's age.

That information is supposed to be self-reported by passengers in the future when they make a reservation, according to the TSA. However, TSA needs to figure out how to get that data from the first round of passengers or do without and possibly risk have a huge number of false hits on a 120,000 name-long watch list.


Posted by Ryan Singel at 03:05 PM | TrackBack

September 22, 2005 | Toys for All the Boys and Girls

I've never been one to beg for presents, but if any of my readers are feeling in the giving mood, I want one of these:
TSA Screeners Play Kit

Yes, there is no time like the present to train your child in the art and science of screening and being screened.

Yes, this is real. It's part of the PlayMobil USA airport series.

Here's the photo of all the included parts:

Screener Toy Parts

Note the loose gun.

Now is that for the passenger to put in his luggage or for the screener?

Actually, I want to order not just this setting, but most of the figurines and sets PlayMobil sells.

I mean, who doesn't want the prison set with the removable bars so the criminal can break out?

More importantly, I want to be able to find out what happens when Warrior with Wolf steps up to the x-ray machine. Will the TSA screener be brave enough to tell this man he can't bring his wolf or his sword on the plane?

Posted by Ryan Singel at 12:52 PM | Comments (1) | TrackBack

August 19, 2005 | Screening TSA Traffic

It was a rather busy summer news week for the Transportation Security Administration.


Posted by Ryan Singel at 12:10 PM | TrackBack

August 18, 2005 | IED IDing Update

As noted here a couple of days ago, the Transportation Security Administration caught a 24-year-old Oklahoma man trying to sneak an improvised bomb onto a plane.

Charles A. Dreyling Jr.says he forgot about the bomb, which was made using gunpowder and a used CO2 canister, and that it was just a thing he and his buddies liked to explode for fun.

Dreyling is now out on $10,000 bail, according to this USA Today story, and is free to return to classes at Oklahoma University.

What does a student who ,at best, forgot about a IED in his backpack before boarding a plane major in?

Yeah, you saw this coming.

Aviation Management.

Something tells me that in the age of background checks, Dreyling ought to change his major.

If he changes his tune about his intentions, he could even maybe transfer to UC Santa Cruz's History of Consciousness Program and study with Angela Davis.

Posted by Ryan Singel at 08:47 AM | TrackBack

August 11, 2005 | Screeners ID IED

In what seems to be a post-9/11 first, Transportation Security Administration screeners stopped a man from boarding a plane with a homemade bomb.

A Norman, Okla., man with an explosive device hidden in his carry-on baggage was caught by Transportation Security Administration screeners as he tried to enter Will Rogers World Airport in Oklahoma City on Wednesday morning.

Bryon Okada's story in the Fort Worth Star-Telegram is here (reg. required, try bugmenot).

The FBI arrested Charles Dreyling Jr., 24, but do not think he is associated with a terrorist group, according to Okado.

Kudos to the screeners for catching the IED.

Posted by Ryan Singel at 11:17 AM | TrackBack

August 10, 2005 | Fear Not, Report Not

Homeland Security chief Michael Chertoff says Americans should not worry having to give their date of birth when buying an airline ticket as part of a new proposed airline screening system, according to a Thomas Frank USA Today story.

Chertoff said there is too much worry over a plan by the Transportation Security Administration to collect passengers' full names and birth dates before they board.

"The average American gives information up to get a CVS (drugstore discount) card that is far more in-depth than TSA's going to be looking at," Chertoff told reporters and editors at USA TODAY's headquarters in McLean, Va. "But I actually make that case that giving up a little bit more information protects privacy."

"Would you rather give up your address and date of birth to a secure database and not be pulled aside and questioned," he said, "or would you rather not give it up and have an increased likelihood that you're going to be called out of line and someone's going to do a secondary search of your bag and they're going to ask you a lot of personal questions in the full view of everybody else?"

Chertoff vowed to implement Secure Flight, a plan by the federal government to screen out potential terrorists by scrutinizing the backgrounds of passengers. Under the plan, passengers will be encouraged - but not required - to give their full names and birth dates when reserving a seat. The TSA hoped to begin testing Secure Flight this month but that timetable is in doubt.

I'm dumbstruck by Thomas Frank's absurdly lousy reporting.

He gets a chance to interview the head of Homeland Security and then writes up this press release?

First, the government hasn't yet even announced that airlines would have to start collecting dates of birth, but Frank allows Chertoff to pretend that its the main issue about Secure Flight.

Yes, the requirement been talked about for a while and is widely acknowledged by those familiar with the program to be a necessity if watchlist checking is going to be done in D.C. and not by airlines (How else would a government agent tell the difference between the senior senator Ted Kennedy from a watchlist entry Ted Kennedy, age 25?)

But the travel industry, not Americans concerned about privacy, are the strongest opponents of the birthdate requirement, since they will, at their own expense, have to revamp the second largest computer network in the world to accommodate this request.

If Frank hasn't been paying attention as he is paid to, the main issues with Secure Flight are:

  • How good are the watchlists?
  • How do people accidentally snagged by the lists get off the list?
  • How much will Secure Flight cost?
  • Will it be effective without being overly intrusive?
  • Should commercial databases be used and if so, for what purpose? To verify identity? To do background checks?

Frank didn't include anything in his story about these questions, and instead let Chertoff set the agenda.

Furthermore, Frank let Chertoff chide the American public about privacy concerns about Secure Flight, without even mentioning that the program just got caught violating the Privacy Act in its latest round of testing.

That was done by an agency that has already been involved in 14 separate secret transfers of sensitive travel records, totaling more than 2 million reservations.

The TSA has also been busted by Homeland Security's own Inspector General for making false statements to Congress under oath and misleading the media and the American people about what it was doing with their personal data(.pdf).

Meanwhile, there is a behind-the-scenes fight in Congress over prohibiting Secure Flight from relying on commercial data brokers such as Choicepoint.

But Frank doesn't even ask Chertoff what he thinks about Secure Flight employees intentionally making an end run around the Privacy Act, let alone get Chertoff on record about his thoughts on previous TSA privacy scandals or the fight in Congress?

What a joke.

Chertoff might have had something interesting to say, but one would be hard pressed to find it anywhere near Frank's pathetic effort.

Posted by Ryan Singel at 10:23 AM | TrackBack

August 03, 2005 | JetBlue Lawsuit Dismissed

I haven't kept up with the lawsuits filed against JetBlue et. al. for violations of their privacy policies even though I broke the initial secret data transfer story, but I did notice today that a New York City judge dismissed a class action lawsuit against the airline.

(I should note part of my laziness in following that news stems from a lack of conviction that automatic damages and huge lawsuits are always an appropriate remedy to privacy policy violations or security lapses.)

Some details of that can be found here in a vaguely accurate story by Martin H. Bosworth in ConsumerAffairs.com. (I think Bruce Schneier should have told more people he changed his name to Bill)

The saga of JetBlue secretly turning over its records to the government for an anti-terrorism data-mining study is mired in plot twists (such as the participation of the commercial data giant Acxiom) and acronyms, but everyone involved admits that JetBlue massively violated its stated privacy policy when it handed over its entire passenger database to a minor, Alabama-based defense contractor called Torch Technologies (née Torch Concepts) that was looking to cash in on post-9/11 anti-terrorism money.

So if class-action lawsuits can't go forward against a company that violated privacy promises made to 1.5 million people unless the plaintiffs can prove they were harmed, how should we enforce privacy policies?

The Federal Trade Commission?

Just today the FTC announced it had settled a case with Advertising.com, which the government caught secretly installed spyware on the computers of people who thought they were installing an anti-spyware application.

The company, which tried to scare users into installing its SpyBlast software through ads blaring that a customer's computer was broadcasting an IP address (the online equivalent of saying you are naked under your clothes), was not fined.

Instead, the FTC got Advertising.com, a company acquired by AOL for nearly a half a billion dollars, to agree to show future customers an end-user license agreement -- you know the other long legalese thing no one ever reads on their computer.

That's the same FTC that never made a move on JetBlue, perhaps because the company apologized and announced it had hired a big name accounting firm to audit its privacy practices.

The same FTC that didn't find out that JetBlue had also violated its privacy policies two other times by turning over passenger records to the government and its contractors.

That had to come out from sworn Senate testimony by Transportation Security