Secure Flight Privacy Report
The Department of Homeland Security’s own Privacy Office released a report on privacy issues with Secure Flight, the new airline passenger matching program. It’s not good, which is why the government tried to bury it by releasing it to the public the Friday before Christmas. And that’s why I’m waiting until after New Year’s Day before posting this.
The Department of Homeland Security (DHS) Privacy Office conducted a review of the Transportation Security Administration’s (TSA) collection and use of commercial data during initial testing for the Secure Flight program that occurred in the fall 2004 through spring 2005. The Privacy Office review was undertaken following notice by the TSA Privacy Officer of preliminary concerns raised by the Government Accountability Office (GAO) that, contrary to published privacy notices and public statements, TSA may have accessed and stored personally identifying data from commercial sources as part of its efforts to fashion a passenger prescreening program.
These new concerns followed much earlier public complaints that TSA collected passenger name record data from airlines to test the developmental passenger prescreening program without giving adequate notice to the public. Thus, the Privacy Office’s review of the Secure Flight commercial data testing also sought to determine whether the data collection from air carriers and commercial data brokers about U.S. persons was consistent with published privacy documents.
The Privacy Office appreciates the cooperation in this review by TSA management, staff, and contractors involved in the commercial data testing. The Privacy Office wishes to recognize that, with the best intentions, TSA undertook considerable efforts to address information privacy and security in the development of the Secure Flight Program. Notwithstanding these efforts, we are concerned that shortcomings identified in this report reflect what appear to be largely unintentional, yet significant privacy missteps that merit the careful attention and privacy leadership that TSA Administrator Kip Hawley is giving to the development of the Secure Flight program and, in support of which, the DHS Acting Chief Privacy Officer has committed to provide Privacy Office staff resources and privacy guidance.
I’ve written about Secure Flight many times. I suppose this is a good summary post. This is a post about the Secure Flight Privacy/IT Working Group, which I was a member of, and its final report. That link also includes links to my other posts on the program.