CAMBRIDGE, Mass. (AP) -- The Department of Homeland Security's top privacy official said Wednesday that she is investigating whether the agency's airline passenger screening program has violated federal privacy laws by failing to properly disclose its mission.
The privacy officer, Nuala O'Connor Kelly, said the review will focus on whether the program's use of commercial databases and other details were properly disclosed to the public.
Under the 1974 Privacy Act, no governmental record-keeping system can be kept secret.
She said she also was concerned about the security of the system, known as Secure Flight, given that commercial data vendors have suffered widely publicized breaches. Kelly said she was not opposed to the government's use of commercial databases but said ''we have to be thoughtful.''
''We need to give a hard look at any program that collects information on Americans,'' she said in an interview on the sidelines of a public hearing by Homeland Security's data-privacy advisory committee at Harvard Law School. ''The scrutiny is appropriate.''
Kelly said it was unclear how long the investigation would take or what the ramifications might be.
On Nov. 15, the Transportation Security Agency announced in the Federal Register that its testing of commercial data for Secure Flight ''will be governed by stringent data security and privacy protections, including ... strict firewalls between the government and commercial data providers ... and strict rules prohibiting the access or use of commercially held personal data by TSA.''
But at Wednesday's hearing, the TSA official in charge of Secure Flight, Justin Oberman, said his group is working to update and clarify the project's use of commercially available data. The system has been in a testing phase and is expected to go live later this year.
The goal of Secure Flight is to prevent terrorists from getting on airline flights, but enacting such a system hasn't been easy. Previous attempts were scrapped amid concerns the government would obtain too much personal information without enough safeguards to keep it private.
Oberman said the system will need to mine commercial databases to confirm information that passengers will give about themselves, including their birthdates.
With that more precise data, far fewer travelers will wrongly come up as possibly being on government watch lists _ an experience that now confronts about 1 percent of the 1.8 mllion people who take commercial flights on an average day, he said.
During the test phase of Secure Flight, the program is getting data from Acxiom Corp. and InsightAmerica Inc., according to Oberman. He said the data include name, address, birthdates and gender but no financial records.
But he said that once the system is running, information from private databases would not be fed into a central repository; instead it would be deleted from Homeland Security records within a day or two.
