DHS Privacy Office Says Secure Flight Violated Privacy Act - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:57 PM

DHS Privacy Office Says Secure Flight Violated Privacy Act

Reportedly, authorities failed to publicize changes to the program, which included the collection of commercial data in 2004 and 2005.

The Department of Homeland Security's privacy office concluded that the Transportation Security Administration violated the Privacy Act of 1974 by collecting commercial data on passengers without proper notification for Secure Flight.

The department released a report Friday stating that authorities failed to publicize changes to the program, which included the collection of commercial data in 2004 and 2005. The privacy office report (pdf) said contractors failed to live up to DHS statements promising a firewall and collected information from data brokers on people who were not traveling by air. Its criticisms reflect those in a Government Accountability Office report released last year.

Congress stopped the TSA from continuing Secure Flight because of questions about security and privacy. The news comes as Homeland Security is under fire for the Automated Targeting System, another traveler-screening program for assigning risks to all travelers entering and leaving the country by land, sea, or air.

The report said that TSA made securing data a high priority, prohibited commercial entities involved from using the information for other purposes, and instituted real-time auditing for access to the data. However, it added that disparities between publicly released information about the program and the actual practices used could have been due to deadline and resource constraints, but "the end result was that TSA announced one testing program, but conducted an entirely different one."

"Whatever the causes, however, the disparity between what TSA proposed to do and what it actually did in the testing program resulted in significant privacy concerns being raised about the information collected to support the commercial data test as well as about the Secure Flight program," the report stated. "Privacy missteps such as these undercut an agency's effort to implement a program effectively, even one that promises to improve security."

The report included several recommendations and said they could serve as guidelines for any Homeland Security program involving the collection, use, and maintenance of personally identifiable information.

It advocated privacy controls before designing and implementing a program and the creation of a detailed data flow map for the information system's life cycle, which would help ensure compliance with the Privacy Act of 1974.

It also recommended effective communication and collaboration between operation personal, policy, privacy, and legal advisers to make sure all documents explaining information programs are accurate, fully descriptive, and transparent. It said that privacy notices should be written and published only after a program has been decided on by authorized officials and revised when plans change or new phases are scheduled for launch.

"Programs that use personal information succeed best if the public believes that information to be collected is for a necessary purpose, will be used appropriately, will be kept secure and will be accessible for them to review," the report stated.

Several members of Congress and European Union leaders are demanding answers about the latest publicized traveler-screening program, ATS, which would not allow people information about their risk assessments. Critics also complain that the government has not fully described the program or provided people with a means of disputing or correcting inaccurate information.

Homeland Security published a notice about that program in recent weeks, saying it would create profiles on all people traveling in and out of the country, assign risks, and store that information for years. Then, Homeland Security Secretary Michael Chertoff acknowledged that the screening had already been under way.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll