TSA Finds Data On Air Passengers Lacked Protection

R.A. Hettinga rah at shipwright.com
Fri Mar 25 18:25:42 EST 2005 

<http://online.wsj.com/article_print/0,,SB111172077661889592,00.html>

The Wall Street Journal


 March 25, 2005

 U.S. BUSINESS NEWS


TSA Finds Data
 On Air Passengers
 Lacked Protection

By AMY SCHATZ
Staff Reporter of THE WALL STREET JOURNAL
March 25, 2005; Page A4


A new government report says officials in the Department of Homeland
Security didn't do enough to keep airline-passenger data secure when using
it to test a traveler-screening program.

In a report to be released today, the Department of Homeland Security's
inspector general says the Transportation Security Administration gathered
12 million passenger records from February 2002 to June 2003 and used most
of them to test the Computer Assisted Passenger Prescreening System, or
CAPPS 2, which was designed to check passenger names against government
watch lists. Passengers weren't told their information was being used for
testing.

"Although we have found no evidence of harm to individual privacy, TSA
could have taken more steps to protect privacy," investigators concluded.

TSA officials shelved CAPPS 2 last year amid complaints it was an invasion
of passenger privacy. The agency has replaced it with a similar system,
called Secure Flight, which is being tested and is expected to debut in
August.

The report raises concerns because Secure Flight ultimately will gather
private information, such as names, addresses, travel itineraries and
credit-card information, on anyone who takes a domestic flight. That effort
could be slowed by a Government Accountability Office study due Monday
which is expected to be critical of TSA's efforts to develop
passenger-privacy protections.

The report said TSA "did not ensure that privacy protections were in place
for all of the passenger data transfers" and noted that "early TSA and
[CAPPS 2] efforts were pursued in an environment of controlled chaos and
crisis mode after the Sept. 11 attacks."

Investigators also found TSA provided inaccurate information to the media
about the agency's use of real passenger records for CAPPS 2 testing and
wasn't "fully forthcoming" to the agency's own internal privacy officer
during an investigation into the matter. "Although we found no evidence of
deliberate deception, the evidence of faulty processes is substantial,"
investigators said.

TSA agreed with the investigator's recommendations for improving privacy
protections. A TSA spokeswoman said: "TSA's core mission is to preserve our
freedom and that means doing the utmost to protect everyone's privacy."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list