Sensitive Passenger Data from at Least 8 Airlines and Reservation Services Provided to Companies Working With TSA

WASHINGTON, DC — Sensitive passenger data from at least eight airlines and airline reservation services were given to contractors working on a computerized screening program, according to new information provided in response to written questions posed to Admiral David Stone, who has been nominated to be the administrator of the Transportation Security Administration (TSA). Chairman Susan Collins (R-ME) and Ranking Member Joe Lieberman (D-CT) had posed the questions regarding TSA’s role in requesting passenger data and whether that data were subsequently handled in accordance with the federal Privacy Act.

In response to those questions, Admiral Stone said that four companies working to “prove the feasibility of performing a risk assessment for passengers” acquired data about passengers who had reserved tickets on Delta Air Lines, Continental, America West Airlines, and Frontier Airlines or who had booked through Galileo International, and possibly Apollo. Previously, the Committee had only been aware of data requests to JetBlue and American Airlines.

Government contractors who operate systems of records on behalf of federal agencies must comply with the Privacy Act, which includes provisions requiring a public notice describing what information a system of records will contain and how an individual can gain access to any information pertaining to him. No such public notice was filed.

According to TSA, the agency entered into “cooperative agreements” with four companies — HNC Software, Infoglide Software, Ascent Technology, and Lockheed Martin — to perform “proof of concept” testing on passenger data, and the companies “independently obtained” data on passengers who flew on specific airlines.

As part of his response to the pre-hearing questionnaire, Admiral Stone explained that TSA itself did not access any of the passenger records, although TSA officials did view presentations by companies that included PNR data.

“These revelations cause concern because the information was obtained without any public notice or clear guidelines for protecting the passengers’ privacy,” said Senator Collins. “Implementation of the new Computer Assisted Passenger Pre-Screening System (CAPPS II) will require similar data from airlines in order for TSA to begin testing. If TSA is to move ahead with this new system, it must ensure that data are obtained in a way that protects privacy and ensures public trust in the process.”

“We need to continue to improve airline security, but as we do, we also have to work hard to avoid infringing on our citizens’ privacy,” said Senator Lieberman. “The Administration and transportation experts agree we can meet both objectives. But for the past six months, Chairman Collins and I have been concerned that personal information about airline passengers might have been used by TSA and other agencies in violation of the Privacy Act. I am disturbed to learn of these new disclosures that suggest TSA may have violated the Privacy Act in the handling of passenger records from four additional airlines. It is essential that agencies comply with all applicable privacy laws to maintain public confidence in systems the government is developing to protect the nation.”

Admiral Stone’s answers to the Senators’ request are available online.

# # #