The Navigator: The TSA's Secure Flight initiative may be making your privacy less secure

"It renders meaningless any restrictions on which of this data is retained, or for how long, by the government itself," Hasbrouck added.

I checked with several federal agencies, including the Department of Transportation and the Federal Trade Commission, that might have jurisdiction over data included in airline reservations.

The Transportation Department allows air carriers to articulate their own data privacy policies in their contract of carriage, which is the legal agreement with passengers. It can fine the airlines for violating those self-imposed rules. A spokesman for the Federal Trade Commission told me his agency has no authority over airlines.

Larry Ponemon, whose Traverse City, Mich., institute conducts independent research on privacy, data protection and information security policy, said the airlines are already collecting the information the government is requesting. Secure Flight merely requires that such information "be given to TSA for the purpose of screening passenger manifests against terror watch lists," he said.

Could it be that the information we give airlines doesn't belong to anyone or, worse, isn't regulated by anyone?

No, said Thom VanHorn, a vice president for Application Security, a New York database security firm. Even if you discount the TSA regulations, airlines must still follow federal compliance mandates under the Federal Information Security Management Act, the Privacy Act and other statues. These are broad regulations that don't specifically apply to airlines, he said, but they would prohibit an airline from, say, releasing the credit card information or Social Security numbers of its customers to a third party.

The TSA also allows air travelers to refuse to provide the information, VanHorn said. "However, they may be subject to additional screening or denied boarding," he said.

When I contacted Southwest to say thank you for my birthday card and to find out where the airline had gotten my information, spokesman Chris Mainz said that indeed, the data came from my Rapid Rewards frequent-flier program profile and had "nothing to do with Secure Flight."

When I searched my e-mail files, I found that Southwest had in fact required me to update my Rapid Rewards information, adding my birth date and other data, and cited the need to satisfy the TSA for Secure Flight when it did. So technically, I gave the data to Southwest, and it passed the information to the TSA.

"We protect [Secure Flight] information the same as we would protect credit card information and only use it for the information that is required by the TSA," Mainz said.

I find the airline's explanation both reassuring and problematic. I'd like to see this issue addressed in airline privacy policies, to reassure customers that the information isn't being passed along to a third party.

But in a world where privacy is fast becoming obsolete, does anyone really care?

Elliott is National Geographic Traveler magazine's reader advocate. E-mail him at celliott@ngs.org.