Last month I told you about Secure Flight, the successor program to CAPPS II being implemented by the Transporation Security Administration for airline passenger screening. I also told you that the program violated the federal Privacy Act of 1974. This month, a Government Accountability Office report proves it (PDF).
The TSA collected over 100 million records on members of the public from commercial data providers for the Secure Flight program without disclosing the data collection or usage in its Privacy Act notices. Once it was caught, the agency then attempted to retroactively change the notices.
But TSA’s deception and privacy-invasive practices don’t stop there. According to an AP story, the TSA plans to test whether commercial data could help find terrorist “sleeper cells.” “We are trying to use commercial data to verify the identities of people who fly because we are not going to rely on the watch list,” said Justin Oberman, who’s in charge of Secure Flight. “If we just rise and fall on the watch list, it’s not adequate.” — Electronic Frontier Foundation
Bruce Schneier, author of Beyond Fear, who is on a working group overseeing Secure Flight, commented, “Secure Flight is a disaster in every way. The TSA has been operating with complete disregard for the law or Congress. It has lied to pretty much everyone. And it is turning Secure Flight from a simple program to match airline passengers against terrorist watch lists into a complex program that compiles dossiers on passengers in order to give them some kind of score indicating the likelihood that they are a terrorist.”
Unfortunately, unlike CAPPS II, we can’t just have them not go forward with the program. The Intelligence Reform and Terrorism Prevention Act of 2004 requires the TSA to implement a passenger screening program. The best we can do, aside from repealing the act, is to ensure that the program doesn’t go out of control before it even gets off the ground.