The Transportation Security Administration misled the public about its role in obtaining personal information about 12 million airline passengers to test a new computerized system that screens for terrorists, according to a government investigation.
The report, released yesterday by Homeland Security Department acting Inspector General Richard L. Skinner, said the agency deceived people, the press and Congress in 2003 and 2004. It stopped short of saying that the TSA lied.
"TSA officials made inaccurate statements regarding these transfers that undermined public trust in the agency," the report said. "These misstatements were apparently not meant to mischaracterize known facts. Instead, they were premised on an incomplete understanding of the underlying facts."
Sen. Joseph I. Lieberman (D-Conn.) said the agency took months to disclose its role in getting the data.
"The American public must know their personal information is well protected, or they will distrust the new systems we need to keep our nation safe," Lieberman said in a statement.
The report comes at a sensitive time for the TSA. The agency is using airline passenger data -- which can include credit card information, phone numbers and addresses -- to test a computerized system for screening passengers called Secure Flight.
Congress has said that the TSA can't proceed with Secure Flight unless the Government Accountability Office reports that the technology ensures privacy and that the data are protected. That report is due Monday.
The report concluded that the TSA was inconsistent in protecting passengers' privacy as it developed a prescreening system. It did acknowledge that the agency's environment for privacy has improved substantially.
TSA spokesman Mark O. Hatfield Jr. said the agency is committed to privacy of personal information.
"The core of our mission is preserving our freedoms, and that means doing the utmost to protect every American's privacy," Hatfield said.
The report cites several occasions TSA officials made inaccurate statements about passenger data:
In September 2003, the agency's Freedom of Information Act staff received hundreds of requests from JetBlue Airways Corp. passengers asking if the TSA had their records. After a cursory search, the FOIA staff posted a notice on the TSA Web site that it had no JetBlue passenger data. Though the FOIA staff found JetBlue passenger records in TSA's possession in May, the notice stayed on the Web site for more than a year.
In November 2003, TSA chief James M. Loy incorrectly told the Governmental Affairs Committee that certain kinds of passenger data were not being used to test passenger prescreening.
In September 2003, a technology magazine reporter asked a TSA spokesman whether real data were used to test the passenger prescreening system. The spokesman said only fake data were used; the responses "were not accurate," the report said.
The report also disclosed that the TSA had a much broader role in getting and using passenger data than had been previously disclosed.
Between February 2002 and June 2003, the TSA had a role in 14 transfers of data involving at least 12 million records obtained without passengers' knowledge or permission from America West Holdings Corp., AMR Corp.'s American Airlines, Continental Airlines Inc., Delta Air Lines Inc., Frontier Airlines Inc. and JetBlue.
However, the report concluded, in only one case was a passenger's data inappropriately revealed to the public.