The Transportation Security Administration (TSA) has continued to deny it used real-world passenger data to test CAPPS II, the airline passenger profiling system being developed by the TSA in an attempt to pinpoint terrorists before they actually board a plane. The denials, however, directly contradict the disclosures by three separate airlines that each has shared real passenger data with the TSA and its contractors working on the CAPPS II program — all at the behest of the TSA.
American Airlines admitted this month that it had shared 1.2 million passenger itineraries with the TSA and its contractors in June of 2002. This follows the admission by Northwest Airlines in January 2004 that it shared passenger records covering October through December of 2001. The snowball began, of course, when JetBlue admitted in September 2003 that it had shared 5 million passenger records with the TSA and its contractors.
The US Senate's Governmental Affairs Committee asked the TSA about these disclosures just last week and, despite three separate airlines coming forward in the last eight months to admit they had indeed shared the data, the TSA continued to deny that any real passenger data had been used.
When interviewed by Wired News, two TSA spokespersons denied any data sharing took place.
It's natural to immediately blame the airlines for sharing the data in the first place. The truth is that both JetBlue and Northwest violated their own privacy policies by sharing the data (American's privacy policy did not forbid data sharing at the time they cooperated with the TSA). But it's important to understand that these companies are now coming forward with the news while the TSA continues to deny it ever happened.
Of course the airlines will be met with lawsuits claiming breach of privacy, breach of contract (in the cases where the data sharing violated existing privacy policies) and any other charges which can be brought against them (some lawsuits are already in motion).
In my mind, there are two much larger concerns.
This fist relates to the TSA and its possible violations of the Privacy Act (which requires prior public disclosure when a federal entity creates a system of records for tracking American citizens). Denials aside, we have irrefutable proof from the companies involved that the TSA did indeed utilize real data on American citizens for testing the CAPPS II system. The question is whether this actually violates the Privacy Act since the system was in testing and was not being used to track passengers.
If it doesn't violate the Privacy Act, I think the law needs to be changed so that any such disclosures in the future will indeed be considered illegal.
The second concern is why the TSA, even in the face of three public disclosures by the airlines, continues to deny that any data sharing took place. Understand that the TSA has told the American public and the investigating members of Congress that they never had any such data and therefore never shared any such data with their contractors.
Both statements are blatant lies.
One could claim ignorance with the JetBlue affair. It was the first disclosure and may have caught the TSA unawares. I'm not saying they didn't know about the disclosure, but I am saying the people talking on behalf of the TSA may not have known at the time.
Then here comes Northwest with their disclosure and — surprise! — the TSA denies it ever happened.
At this point I'm thinking the TSA is being managed by mindless gits who haven't a clue about what's happening within their organization.
But now we have American admitting another disclosure with the TSA and, yet again, the TSA denies any such disclosure took place.
Even if I were to give the TSA the benefit of the doubt to a degree heretofore unseen on Earth, I cannot reconcile the continuing deception and lies with the reality of what I know.
Our government is lying to us. Hell, our government is lying to itself since the TSA has told Congress on multiple occasions that it was never in possession of live passenger records.
Thus far the Department of Homeland Security (under which the TSA falls) has failed to comment on the disclosure fiasco. I can only assume they are scrambling to determine the best method of damage control.
And all the while they allow the TSA to continue to dig a hole under its own feet.
Although I already have concerns about the CAPPS II program, I'll save those for another post. For this writing, my primary focus is the TSA's continuing denials in the face of unquestionable evidence.
I believe it's imperative for Congress to begin an immediate investigation into the disclosures and to implement much closer oversight of the CAPPS II program. In addition to Congress' responsibilities in this area, my hope is that criminal charges are brought against the airlines and TSA where possible (certainly for any violations of the Privacy Act, for those airlines which violated their own privacy policies with the disclosures, and for the TSA's continuing deception to both Congress and the American people).
Even more important than these steps is my desire to see those in charge of the TSA removed from office immediately. This would send a clear message that such deception on the part of government officials is not only unacceptable but loathsome and actionable.