TSA Didn't Break The Law... But Bent It Pretty Good | Aero-News Network
Aero-News Network
RSS icon RSS feed
podcast icon MP3 podcast
Subscribe Aero-News e-mail Newsletter Subscribe

Airborne Unlimited -- Most Recent Daily Episodes

Episode Date

Airborne-Monday

Airborne-Tuesday

Airborne-Wednesday Airborne-Thursday

Airborne-Friday

Airborne On YouTube

Airborne-Unlimited-12.09.24

Airborne-NextGen-12.10.24

Airborne-Unlimited-12.11.24

Airborne Flt Training-12.05.24

Airborne-Unlimited-12.06.24

Sun, Feb 22, 2004

TSA Didn't Break The Law... But Bent It Pretty Good

Homeland Security Officials Release Findings In Self-Investigation

The TSA didn't break the letter of the law when it asked JetBlue for access to passenger records. DHS wanted to turn them over to a contractor working on the development of the Base Security Enhancement program, designed to assess the terror risk to military facilities worldwide. But the Department of Homeland Security says the TSA pushed the edge of the envelope when it asked for the records and didn't notify the public.

The investigation centered on a company called Torch Concepts, based in Huntsville (AL). Executives there sent a proposal to the Defense Department, suggesting the use of personal data to profile those seeking access to military bases. It wanted to use passenger information for developing and testing the concept.

If that sounds suspiciously like CAPPS II, DHS says it's very much the same concept. In fact, CAPPS II, the controversial project to profile passengers and assign them color-coded risk labels, was being developed at the same time, shortly after the 9/11 attacks. But DHS says TSA wanted to keep the two projects separate.

The DHS investigation report says, on July 30, 2002, a "relatively new" employee at TSA sent a letter to JetBlue, asking for archived passenger records. The airline ended up turning over more than five million individual passenger records based on the request. That, DHS suspected when it began the investigation, might have violated the Privacy Act of 1974, which requires public notice whenever a new records system is created.

But Wired News, which broke the JetBlue story five months ago, reports DHS Chief Privacy Officer Nuala O'Conner decided the request wasn't illegal. Why? While she says the TSA worker "acted without appropriate regard for individual privacy interests or the spirit of the Privacy Act" and "arguably misused" the TSA's oversight authority over JetBlue to encourage data sharing, the Torch Concepts project wasn't directly related to TSA's mandate and didn't directly involve CAPPS II.

"No Privacy Act violation by TSA employees occurred in connection with this incident," said the DHS finding. "There is no evidence that any data were provided directly to TSA or its parent agency at the time, DOT. On the contrary, the evidence demonstrates that passenger data were transferred directly by jetBlue’s contractor, Acxiom, to Torch Concepts. As a result, the Privacy Act of 1974, which regulates the Federal Government’s collection and maintenance of personally identifiable data on citizens and legal permanent residents, does not appear to have been violated by TSA actions. Because TSA did not receive passenger data, no new system of records under the Privacy Act was established within TSA, nor was any individual’s personal data used or disclosed by TSA, its employees or contractors, in violation of the Privacy Act."

That's not to say that the Defense Department in general and the Army in particular didn't violate the Privacy Act. The DHS strongly implies the Army did indeed violate that law.

"The TSA employees involved acted without appropriate regard for individual privacy interests or the spirit of the Privacy Act of 1974. In doing so, it appears that their actions were outside normal processes to facilitate a data transfer, with the primary purpose of the transfer being other than transportation security. Such sharing exceeds the principle of the Privacy Act which limits data collection by an agency to such information as is necessary for a federal agency to carry out its own mission. While these actions may have been well intentioned and without malice, the employees arguably misused the oversight capacity of the TSA to encourage this data sharing."

"The department must seek to strike the right balance between security and privacy interests," said Senator Sue Collins (R-ME). "In this case, the TSA employees involved compromised the privacy interests of individuals without adequate justification."

The Army is now conducting its own investigation. But what about the TSA "new guy" who apparently skirted the Privacy Act by obtaining JetBlue records for DoD? It would appear that employee will receive a relatively minor slap on the wrist.

"The TSA employees involved, must, at a minimum, attend substantial Privacy Act and privacy policy training and must certify such training to the satisfaction of the DHS Privacy Office," according to the report.

FMI: www.dhs.gov/interweb/assetlibrary/PrivacyOffice_jetBlueFINAL.pdf

Advertisement

More News

Aero-News: Quote of the Day (12.10.24)

“We’re watching the very nature of warfare change. The speed of technology is absolutely meteoric.” Source: Maj. Gen. Clair Gill, commanding general of the Fort N>[...]

ANN's Daily Aero-Term (12.10.24): Handoff

Handoff An action taken to transfer the radar identification of an aircraft from one controller to another if the aircraft will enter the receiving controller's airspace and radio >[...]

ANN's Daily Aero-Linx (12.10.24)

Aero Linx: European Association of Aviation Training and Education Organizations – EATEO EATEO aspires to be the European voice for driving the best aviation training and edu>[...]

Aero-News: Quote of the Day (12.11.24)

“Think spacious modules with large windows to view Earth, our blue origin, while experiencing the thrill of weightlessness in complete comfort. Distinct quarters will be desi>[...]

ANN's Daily Aero-Term (12.11.24): Altitude Restriction

Altitude Restriction An altitude or altitudes, stated in the order flown, which are to be maintained until reaching a specific point or time. Altitude restrictions may be issued by>[...]

blog comments powered by Disqus



Advertisement

Advertisement

Podcasts

Advertisement

© 2007 - 2024 Web Development & Design by Pauli Systems, LC