Senators Criticize TSA For Violating Privacy Laws

The Senators expressed concern that the TSA violated the laws while testing the prescreening system aimed at identifying terrorists.


Washington, DC - Senators Susan Collins (R-ME) and Joseph Lieberman (D-CT) today criticized the Transportation Security Administration (TSA) for failing to meet basic Privacy Act requirements in carrying out testing of the Secure Flight program, which is an airline passenger prescreening system aimed at identifying known or suspected terrorists. The Senators wrote a letter to Department of Homeland Security (DHS) Secretary Michael Chertoff to express their concern about the way TSA has administered the program to date, and urged that he pay careful attention to the program as it goes forward. TSA is the agency under DHS that is responsible for creating a prescreening system to check airline passengers' names against terrorist watch lists. Senator Collins is the Chairman and Senator Lieberman is the Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, which has oversight of DHS.

The Government Accountability Office (GAO) today released findings that during TSA's testing of the Secure Flight program, it violated passengers' privacy rights when it ''collected and stored commercial data records even though TSA stated in its privacy notices that it would not do so.''

''We understand that, in response to GAO's assertions, TSA took corrective actions to inform the public of its actual test protocols through updated Privacy Notices. However, that action does not excuse TSA's failure to meet basic Privacy Act requirements in carrying out this program,'' wrote Senators Collins and Lieberman. ''Given fundamental concerns surrounding the government's use of personal information and the unfortunate history of TSA's passenger prescreening program, careless missteps such as this jeopardize the public trust and DHS' ability to deploy a much-needed, new system.''

The following is the full text of the letter:

Dear Secretary Chertoff:

Today, the Government Accountability Office (GAO) released its findings on the Transportation Security Administration's (TSA) Secure Flight Test Records privacy notices. We are writing to express our concerns over these findings and our continued interest in deployment of a more effective passenger prescreening system that incorporates privacy principles.

In a letter to Congressional requesters, GAO stated that TSA failed to comply fully with the Privacy Act when it ''collected and stored commercial data records even though TSA stated in its privacy notices that it would not do so.'' The GAO further described how a TSA contractor obtained more than 100 million records from commercial data aggregators, and supplemented passenger name records (PNR) obtained from airlines with personal information contained in the commercial data, though TSA ''did not identify in its privacy notices its plans to supplement PNR data with commercial data.'' The GAO also noted that TSA's initial privacy notices ''did not fully inform the public of: (1) the subjects of data collection, (2) the types of personal data to be collected, (3) the full purpose of collecting the data, (4) policies and practices regarding storage and maintenance of the data, and (5) how those subject to having data collected could access and amend their data.''

As the GAO explains in its letter report, the Privacy Act, which is based on internationally recognized fair information practices, is intended to allow citizens ''to learn how their personal information is collected, maintained, used and disseminated by the federal government.'' We understand that, in response to GAO's assertions, TSA took corrective actions to inform the public of its actual test protocols through updated Privacy Notices. However, that action does not excuse TSA's failure to meet basic Privacy Act requirements in carrying out this program.

We urge your continued attention to this important program, and we commend GAO for its efforts. Given fundamental concerns surrounding the government's use of personal information and the unfortunate history of TSA's passenger prescreening program, careless missteps such as this jeopardize the public trust and DHS' ability to deploy a much-needed, new system.

We Recommend