The Department of Homeland Security's privacy office has launched a review of the government's testing of a new passenger screening program to determine whether it violated privacy rules in the handling of millions of airline reservation records.
Chief Privacy Officer Nuala O'Connor Kelly said her office is concerned that the Transportation Security Administration did not fully disclose to the public the way it was conducting the tests. She declined to cite specifics. "We've certainly zoned in on this issue," Kelly said. "We are supportive of limited uses of commercial data. We just want to make sure that the rules that are in place are closely followed."
The Government Accountability Office yesterday said it has also raised concerns with agency officials about TSA's testing of the program, but it declined to cite specifics.
U.S. airlines turned over millions of records last year to the TSA so that it could begin testing a smarter airport security system that seeks to know more about travelers before they arrive at the airport. The tests include comparing reservation records against commercial databases used by banking, home mortgage and credit card companies. The goal of the program, called Secure Flight, is to verify passengers' identities and reduce the number of false matches with the government's "no fly" list.
In a public notice issued last fall, the TSA said that commercial data would be used to correct inaccurate passenger information in the airline database, and that its tests "will be governed by strict privacy and data security protections."
Richard Ziller of EagleForce Associates Inc., a McLean company that is conducting tests for the TSA, said, "We did not work with anything like Social Security numbers or financial information that anyone would have any inkling would be sensitive."
Some privacy groups said that the use of the commercial data went beyond identifying inaccurate passenger information.
"This is not within the scope of the original testing," said Lee Tien, senior staff attorney at the Electronic Frontier Foundation. He said the TSA briefed privacy groups recently but did not mention how it was conducting the testing.
Justin Oberman, assistant administrator of transportation vetting and credentialing at the TSA, stressed that the agency has met with Congress, privacy groups and the GAO to outline the program.
"We've been incredibly transparent with what we've done," Oberman said.