Language Selection

English French German Italian Portuguese Spanish

TSA Broke Privacy Laws

Filed under
Security

The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday.

The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge.

The information was collected as the agency tested a program, now called Secure Flight, to conduct computerized checks of airline passengers against terrorist watch lists.

TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists.

The GAO reported that about 100 million records were collected.

The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it's gathering information about, what kinds of information, why it's being collected and how the information is stored.

And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected.

Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004.

Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names -- who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names.

Justin Oberman, the TSA official in charge of Secure Flight, said that was a highly instructive test.

"When you cannot distinguish one John Smith from another, you're going to get records from John Smiths who aren't boarding flights on an order of magnitude we can't handle," Oberman said.

He said the testing is designed to find out what kind of data airlines will need to get -- such as passengers' birthdates --so they can turn it over to the government to check against watch lists.

The GAO letter said that the TSA also said originally that it wouldn't use and store commercial data about airline passengers. It not only did that, it collected and stored information about the people with similar names.

"As a result, an unknown number of individuals whose personal information was collected were not notified as to how they might access or amend their personal data," the letter said.

It was only after meeting with the GAO, which is overseeing the program, that the TSA published a second notice indicating that it would do the things it had earlier said it wouldn't do.
Oberman said it's not unusual to revise such notices.

"We are conducting a test," he said. "I didn't know what the permutations would be."

Oberman also said that the test has no impact on anyone who travels and that the data will be destroyed when the test is over.

Friday's GAO letter shed new light on how the TSA expanded the testing of Secure Flight well beyond its original scope and why it had to publish the second notice.

The letter drew a sharp rebuke from Senate Homeland Security Committee chairman Susan Collins (R-Maine) and the ranking Democrat, Joe Lieberman of Connecticut, in a letter to Homeland Security Secretary Michael Chertoff dated Friday.

"Careless missteps such as this jeopardize the public trust and DHS' ability to deploy a much-needed, new system," the letter said, citing the project's "unfortunate history."

Associated Press

More in Tux Machines

Leftovers: Gaming

Leftovers: Software

  • Hyper Is a Terminal Emulator Built Using Web Technologies
    A lot of us use the terminal on Ubuntu, typically from an app like GNOME Terminal, Xterm or an app like Guake. But did you know that there’s an JS/HTML/CSS Terminal? It’s called Hyper (formerly/also known as HyperTerm, though it has no relation to the Windows terminal of the same/similar name) and, usefulness aside, it’s certainl a novel proof-of-concept. “The goal of the project,” according to the official website, “is to create a beautiful and extensible experience for command-line interface users, built on open web standards.”
  • Little Kids Having Fun With “Terminal Train” In Ubuntu Linux
    Linux is often stereotyped as the operating system for tech savvy users and developers. However, there are some fun Linux commands that one can use in spare time. A small utility named sl can be installed in Linux to play with the Terminal Train.
  • This Cool 8-Bit Desktop Wallpaper Changes Throughout The Day
    Do you want a dynamic desktop wallpaper that changes throughout the day and looks like the sort of environment you’d be able to catchPokemon in? If so, check out Bit Day wallpapers. Created by Redditor user ~BloodyMarvelous, Bit Day is a collection of 12 high-resolution pixel art wallpapers.
  • This Script Sets Wallpapers from Imgur As Your Desktop Background
    Pyckground is a simple python script that can fetch a new desktop background on the Cinnamon desktop from any Imgur gallery you want. I came across it while doing a bit of background on the Bit Day wallpaper pack, and though it was nifty enough to be of use to some of you. So how does it work?
  • Productivity++
    In keeping with tradition of LTS aftermaths, the upcoming Plasma 5.9 release – the next feature release after our first Long Term Support Edition – will be packed with lots of goodies to help you get even more productive with Plasma!
  • Core Apps Hackfest 2016: report
    I spent last weekend at the Core Apps Hackfest in Berlin. The agenda was to work on GNOME’s core applications: Documents, Files, Music, Photos, Videos, Usage, etc.; to raise their overall standard and to make them push beyond the limits of the framework. There were 19 of us and among us we covered a wide range of modules and areas of expertise. I spent most of my time on the plumbing necessary for Documents and Photos to use GtkFlowBox and GtkListBox. The innards of Photos had already been overhauled to reduce its dependency on GtkTreeModel. Going into the hackfest we were sorely lacking a widget that had all the bells and whistles we need — the idiomatic GNOME 3 selection mode, and seamlessly switching between a list and grid view. So, this is where I decided to focus my energy. As a result, we now have a work-in-progress GdMainBox widget in libgd to replace the old GtkIconView/GtkTreeView-based GdMainView.

Leftovers: OSS and Sharing

  • Did Amazon Just Kill Open Source?
    Back in the days, we used to focus on creating modular architectures. We had standard wire protocols like NFS, RPC, etc. and standard API layers like BSD, POSIX, etc. Those were fun days. You could buy products from different vendors, they actually worked well together and were interchangeable. There were always open source implementations of the standard, but people could also build commercial variations to extend functionality or durability. The most successful open source project is Linux. We tend to forget it has very strict APIs and layers. New kernel implementations must often be backed by official standards (USB, SCSI…). Open source and commercial implementations live happily side by side in Linux. If we contrast Linux with the state of open source today, we see so many implementations which overlap. Take the big data eco-systems as an example: in most cases there are no standard APIs, or layers, not to mention standard wire protocols. Projects are not interchangeable, causing a much worse lock-in than when using commercial products which conform to a common standard.
  • Firebird 3 by default in LibreOffice 5.4 (Base)
    Lots of missing features & big bugs were fixed recently . All of the blockers that were initially mentioned on tracking bug are now fixed.
  • Linux & Open Source News Of The Week — Comma.ai, Patches For Firefox and Tor, And OSS-Fuzz
  • Open Source Malaria helps students with proof of concept toxoplasmosis pill
    A team of Australian student researchers at Sydney Grammar School has managed to recreate the formula for Daraprim, the drug made (in)famous by the actions of Turing Pharmaceuticals last year when it increased the price substantially per pill. According to Futurism, the undertaking was helped along by an, “online research-sharing platform called Open Source Malaria [OSM], which aims to use publicly available drugs and medical techniques to treat malaria.” The students’ pill passed a battery of tests for purity, and ultimately cost $2 using different, more readily available components. It shows the potential of the platform, which has said elsewhere there is, “enormous potential to crowdsource new potential medicines efficiently.” Although Daraprim is already around, that it could be synthesized relatively easily without the same materials as usual is a good sign for OSM.
  • Growing the Duke University eNable chapter
    We started the Duke University eNable chapter with the simple mission of providing amputees in the Durham area of North Carolina with alternative prostheses, free of cost. Our chapter is a completely student-run organization that aims to connect amputees with 3D printed prosthetic devices. We are partnered with the Enable Community Foundation (ECF), a non-profit prosthetics organization that works with prosthetists to design and fit 3D printed prosthetic devices on amputees who are in underserved communities. As an official ECF University Chapter, we represent the organization in recipient outreach, and utilize their open sourced designs for prosthetic devices.

today's howtos