Report: Privacy lax in Secure Flight program
TSA committed "significant privacy missteps" in its crafting of its Secure Flight prescreening program for airline passengers, a new report said.
The Transportation Security Administration committed "significant privacy missteps" in its crafting of its Secure Flight prescreening program for airline passengers, the Homeland Security Department's privacy office concluded in a new report.
TSA introduced Secure Flight in fall 2004 to check passenger names against terrorist watch lists after two earlier prescreening efforts were scrapped. The program's goal is to prevent passengers identified as suspected terrorists from boarding domestic flights.
In response to privacy and management concerns raised by the Government Accountability Office and other organizations, TSA suspended development of the Secure Flight system earlier this year and has been reassessing the initiative.
The TSA published privacy notices identifying what commercial data it would include in the testing of Secure Flight. But the TSA notices did not identify all the commercial personal data used in the Secure Flight testing, the new privacy office report said.
"The commercial data test, as described in those notices, did not match the commercial data test that was actually conducted," the privacy office said. The discrepancy was "unintentional," the privacy office added.
What's more, TSA did not have an effective firewall to ensure privacy was protected in handling the commercial data and did not provide privacy notices to all individuals whose commercial data was accessed, the privacy office wrote.