DHS admits it did not follow privacy laws
The Department of Homeland Security has admitted it did not follow the Privacy Act two years ago in obtaining more commercial data about U.S. airline passengers than it had announced it would.
Seventeen months ago, the Government Accountability Office, Congress’ auditing arm, reached the same conclusion: The department’s Transportation Security Administration “did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act.”
Even so, in a report last week on the testing of TSA’s Secure Flight domestic air passenger screening program, the DHS privacy office acknowledged TSA didn’t comply with the law. But the privacy office still couldn’t bring itself to use the word “violate,” The Associated Press reports.
Instead, the privacy office said, “TSA announced one testing program, but conducted an entirely different one.” In a 40-word, separate sentence, the report noted that federal programs that collect personal data that can identify Americans “are required to be announced in Privacy Act system notices and privacy impact assessments.”
TSA spokesman Christopher White noted the GAO’s earlier conclusions and said, “TSA has already implemented or is in the process of implementing each of the DHS privacy office recommendations.”
Congress has been unhappy with TSA’s domestic airline screening program for years — since it was called CAPPS II before it was tweaked and renamed Secure Flight. Federal law now bars TSA from implementing a domestic screening system until the GAO is satisfied it can meet 10 standards of privacy protection, accuracy and security.
Secure Flight has never passed all those tests, and White said there is no target date for implementing it. “We are more concerned with getting it right,” White told The AP.
Characterizing the Secure Flight problems as “largely unintentional,” Homeland Security’s privacy office attributed them to TSA’s failure to revise the public announcement after the test changed. The privacy office said TSA announced in fall 2004 it would acquire passenger name records of people who flew domestically in June 2004. Airline passenger name records include the flyer’s name, address, itinerary, form of payment, history of one-way travel, contact phone number, seating location and even requests for special meals.