WASHINGTON – The Homeland Security Department admitted Friday it violated the Privacy Act two years ago by obtaining more commercial data about U.S. airline passengers than it had announced it would.
Seventeen months ago, the Government Accountability Office, Congress' auditing arm, reached the same conclusion: The department's Transportation Security Administration "did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act."
Even so, in a report Friday on the testing of TSA's Secure Flight domestic air passenger screening program, Homeland Security department's privacy office acknowledged TSA didn't comply with the law. But the privacy office still couldn't bring itself to use the word "violate."
Instead, the privacy office said, "TSA announced one testing program, but conducted an entirely different one." In a 40-word, separate sentence, the report noted that federal programs that collect personal data that can identify Americans "are required to be announced in Privacy Act system notices and privacy impact assessments."
TSA spokesman Christopher White noted the GAO's earlier conclusions and said, "TSA has already implemented or is in the process of implementing each of the DHS privacy office recommendations."
Congress has been unhappy with TSA's domestic airline screening program for years — since it was called CAPPS II before it was tweaked and renamed Secure Flight. Federal law now bars TSA from implementing a domestic screening system until the GAO is satisfied it can meet 10 standards of privacy protection, accuracy and security.
Secure Flight has never passed all those tests, and White said there is no target date for implementing it. "We are more concerned with getting it right," White said.
Friday's report reinforced concerns on Capitol Hill.
"This further documents the cavalier way the Bush administration treats Americans' privacy," said Sen. Patrick Leahy, D-Vt., who is set to become Senate Judiciary Committee chairman in January. "With this database program, first they ignored the Privacy Act, and now, two years later, they still have a hard time admitting it."
Leahy promised the new Congress will try to learn more about how the administration uses such databases. "Data mining technology has great potential," Leahy said, "but history shows that without adequate checks and balances and oversight, misuse and abuse of the public's personal information will be inevitable."
Characterizing the Secure Flight problems as "largely unintentional," Homeland Security's privacy office attributed them to TSA's failure to revise the public announcement after the test changed.
The privacy office said TSA announced in fall 2004 it would acquire passenger name records of people who flew domestically in June 2004. Airline passenger name records include the flyer's name, address, itinerary, form of payment, history of one-way travel, contact phone number, seating location and even requests for special meals.
The public notices said TSA would try to match the passenger names with names on watch lists of terrorists and criminals.
But they also said the passenger records would be compared with unspecified commercial data about Americans in an effort to see if the passenger data was accurate. It assured the public that TSA would not receive commercial data used by contractors to conduct that part of the tests.
But the contractor, EagleForce, used data obtained from commercial data collection companies Acxiom, Insight American and Qsent to fill in missing information in the passenger records and then sent the enhanced records back to TSA on CDs for comparison with watch lists.
This was "contrary to the express statements in the fall privacy notices about the Secure Flight program," Homeland Security's privacy office concluded. "EagleForce's access to the commercial data amounted to access of the data by TSA."
Another procedure originally thought to enhance privacy backfired. EagleForce augmented the 42,000 passenger name records with similar variations of the spelling of each first and last name so it asked for commercial data on 240,000 names. Many of these variations were the actual names of real people whose records were then put into the test without any public notice, the report said. Eventually, the three companies supplied EagleForce with 191 million records, though many were duplicates.