|
Support AlterNet
Do you value the information you're getting from AlterNet? Please show your support with a tax-deductible donation.
Feedback
Tell us how we're doing.
Secrets and Lies in the 'Friendly Skies'
Share and save this post:
Corporate Accountability and WorkPlace:
Why McCain and the GOP Are So Afraid of Discussing the Economy
Frances Moore Lappe
Democracy and Elections:
Seven Ways Your Vote Might Not Count This November
Steven Rosenfeld
DrugReporter:
Obama's Biden Pick Signals 'More of the Same' Stupid Drug Policies
Paul Armentano
Election 2008:
McCain's Palin Gambit: Are Americans Weary of the Culture Wars?
Sanho Tree
Environment:
Boatloads of Trouble: How We Are Importing Our Way to Destruction
Stan Cox
ForeignPolicy:
The Bush Administration Checkmated in Georgia
Michael T. Klare
Health and Wellness:
Hospitals' Lessons From Hurricane Gustav
Sheri Fink
Hurricane Katrina:
From the Bayou to Baghdad: Mission Not Accomplished
Amy Goodman
Immigration:
Leader of Anti-Immigration Movement Calls Issue a "Skirmish in a Wider War"
Eric Ward
Media and Technology:
Only in America Could a Two-Faced Creature Like McCain Attain Such Media Status
Rory O'Connor
Movie Mix:
Does "Working Girls" Still Work?
Ariel Dougherty
Reproductive Justice and Gender:
Five Women Buried Alive -- and the Media Ignore It
Riane Eisler
Rights and Liberties:
On Top of Jail Time, Prisoners Now Face Fees and Surcharges
Emily Jane Goodman
Sex and Relationships:
What Republicans Can Learn from "Gossip Girl"
Sarah Seltzer
War on Iraq:
One Fifth of Iraq Funding Goes to Private Contractors
Willam Fisher
Water:
Is California on the Brink of Environmental Collapse?
Rachel Olivieri
Last Friday, the GAO issued a new report [PDF link] on Secure Flight. It's couched in friendly language, but it's not good:
During the course of our ongoing review of the Secure Flight program, we found that TSA did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act. In particular, the public was not made fully aware of, nor had the opportunity to comment on, TSA's use of personal information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the Federal Register that included descriptions of how such information would be used. However, these notices did not fully inform the public before testing began about the procedures that TSA and its contractors would follow for collecting, using, and storing commercial data. In addition, the scope of the data used during commercial data testing was not fully disclosed in the notices. Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth, and telephone number without informing the public. As a result of TSA's actions, the public did not receive the full protections of the Privacy Act.
Get that? The TSA violated federal law when it secretly expanded Secure Flight's use of commercial data about passengers. It also lied to Congress and the public about it.
Much of this isn't new. Last month we learned that "the federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers -- even though officials said they wouldn't do it and Congress told them not to."
Secure Flight is a disaster in every way. The TSA has been operating with complete disregard for the law or Congress. It has lied to pretty much everyone. And it is turning Secure Flight from a simple program to match airline passengers against terrorist watch lists into a complex program that compiles dossiers on passengers in order to give them some kind of score indicating the likelihood that they are a terrorist.
Which is exactly what it was not supposed to do in the first place.
Let's review:
For those who have not been following along, Secure Flight is the follow-on to CAPPS-I. (CAPPS stands for Computer Assisted Passenger Pre-Screening.) CAPPS-I has been in place since 1997, and is a simple system to match airplane passengers to a terrorist watch list. A follow-on system, CAPPS-II, was proposed last year. That complicated system would have given every traveler a risk score based on information in government and commercial databases. There was a huge public outcry over the invasiveness of the system, and it was cancelled over the summer. Secure Flight is the new follow-on system to CAPPS-I.
EPIC has more background information.
Back in January, Secure Flight was intended to just be a more efficient system of matching airline passengers with terrorist watch lists.
I am on a working group that is looking at the security and privacy implications of Secure Flight. Before joining the group I signed an NDA agreeing not to disclose any information learned within the group, and to not talk about deliberations within the group. But there's no reason to believe that the TSA is lying to us any less than they're lying to Congress, and there's nothing I learned within the working group that I wish I could talk about. Everything I say here comes from public documents.
In January, I gave some general conclusions about Secure Flight. These have not changed.
One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement -- in almost every way -- over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)
Security technologist and expert Bruce Schneier is the founder and CTO of Counterpane Internet Security, Inc.
Liked this story? Get top stories in your inbox each week from AlterNet! Sign up now »
EMAIL
PRINT
4 COMMENTS
