TSA data collection attacked, fliers urged to request records

Summary:Last week, four Alaskans filed suit against the Transportation Security Administration (TSA) to stop the agency from destroying records collected during a test of Secure Flight in June 2004. Today, the Electronic Frontier Foundation is encouraging people to file their own records requests to further slow the destruction of records.

Last week, four Alaskans filed suit against the Transportation Security Administration (TSA) to stop the agency from destroying records collected during a test of Secure Flight in June 2004. Today, the Electronic Frontier Foundation is encouraging people to file their own records requests to further slow the destruction of records. Under the Privacy Act of 1974, federal agencies must allow citizen access to records about them so they can correct any errors.

The TSA collected 100 million records - including names, addresses and phone numbers - from airlines about 43,000 people who flew in June 2004 and 200,000 people with similar names. In May, attorney Jim Harrison, on behalf of the four, sued for access to the records, but TSA said they couldn't find any. TSA told Wired it destroyed 3 million records in April and would eventually destroy all the files.

Last month, the Government Accountability Office issued a memo (PDF) taking TSA to task for privacy violations.

TSA did not fully disclose to the public its use of personal information in its fall 2004  privacy notices as required by the Privacy Act. In particular, the public was not made  fully aware of, nor had the opportunity to comment on, TSA’s use of personal  information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the  Federal Register 3 that included descriptions of how such information would be used.  However, these notices did not fully inform the public before testing began about the  procedures that TSA and its contractors would follow for collecting, using, and  storing commercial data. In addition, the scope of the data used during commercial  data testing was not fully disclosed in the notices. Specifically, a TSA contractor,  acting on behalf of the agency, collected more than 100 million commercial data  records containing personal information such as name, date of birth, and telephone  number without informing the public. As a result of TSA’s actions, the public did not  receive the full protections of the Privacy Act.

 The Dept. of Homeland Security responded that the Federal Register notice was compliant as far as the plan had been created, that TSA has taken steps to secure personal information, and is committed to protecting privacy.

Topics: Privacy, Travel Tech

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.