Friday, March 25, 2005

TSA Failed to Protect Passenger Data

A Wall Street Journal article reports that the TSA was insufficiently careful with passenger screening data.

"A new government report says officials in the Department of Homeland Security didn't do enough to keep airline-passenger data secure when using it to test a traveler-screening program. In a report to be released today, the Department of Homeland Security's inspector general says the Transportation Security Administration gathered 12 million passenger records from February 2002 to June 2003 and used most of them to test the Computer Assisted Passenger Prescreening System, or CAPPS 2, which was designed to check passenger names against government watch lists. Passengers weren't told their information was being used for testing."

"'Although we have found no evidence of harm to individual privacy, TSA could have taken more steps to protect privacy,' investigators concluded. TSA officials shelved CAPPS 2 last year amid complaints it was an invasion of passenger privacy. The agency has replaced it with a similar system, called Secure Flight, which is being tested and is expected to debut in August."

"The report raises concerns because Secure Flight ultimately will gather private information, such as names, addresses, travel itineraries and credit-card information, on anyone who takes a domestic flight. That effort could be slowed by a Government Accountability Office study due Monday which is expected to be critical of TSA's efforts to develop passenger-privacy protections... Investigators also found TSA provided inaccurate information to the media about the agency's use of real passenger records for CAPPS 2 testing and wasn't 'fully forthcoming' to the agency's own internal privacy officer during an investigation into the matter."

Labels: , ,


Comment by Blogger Jim Horning:

Bruce Schneier has posted a more extended analysis of the Inspector General's report.

7:46 PM  
Comment by Blogger Jim Horning:

The Register has weighed in with a report in its signature style.

"The US Transportation Security Administration (TSA) has done a bit of institutional soul searching, and concludes that it did nothing wrong in demanding, and later disseminating, passenger data from JetBlue, Delta, and numerous other airlines, or in misleading the public and Congress about the extent of its data-mining activities and snafus."

12:57 PM  

Post a Comment