Feds: Homeland Security project didn't protect privacy

A now-defunct Transportation Security Agency project to create dossiers on American air travelers misled the public about privacy, report says.

Declan McCullagh
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
4 min read
A Department of Homeland Security program that linked details on millions of air travelers with profiles drawn from commercial databases was plagued by "privacy missteps" that misled the public, a new government report concludes.

The Transportation Security Agency, operating under the auspices of Homeland Security, had publicly pledged two years ago--in official notices describing the Secure Flight program--that it "will not receive" or have access to dossiers on American travelers compiled by a Beltway contractor.

That promise turned out to be untrue, according to a report published Friday by DHS' privacy office. The commercial data "made its way directly to TSA, contrary to the express statements in the fall privacy notices about the Secure Flight program," the report says. (Click on "Secure Flight Report" to view a PDF version.)

The report, and a second one critiquing a government database called Matrix, was released on the last business day before Christmas, a tactic that federal agencies and publicly traded companies sometimes use to avoid drawing attention to critical findings. Neither report appears on the DHS.gov or TSA.gov home pages, or even on the home page of the DHS privacy office, but rather was linked to from a subpage on the DHS privacy site.

Jim Harper, a policy analyst with the free-market Cato Institute who serves on a Homeland Security advisory panel, said the reports show that the department needs to pay far more attention to privacy. "They didn't think ahead. They didn't study. They didn't pay attention to the privacy issues," Harper said. "It may need to be hammered home many more times."

Secure Flight was born in September 2004 when DHS ordered airlines to hand over the complete records of all passengers who traveled on a domestic flight in the month of June--which were in turn linked with information on those passengers drawn from commercial databases. (Secure Flight, which was put on hold in February in large part because of privacy concerns, was the successor to DHS' Computer Assisted Passenger Prescreening System.)

The agency's Secure Flight contractor, a McLean, Va.-based company called EagleForce, bought databases with personal information on Americans from three data-mining firms: Acxiom, Insight America and Qsent. The data included U.S. citizens' names, gender, spouse's names, address, date of birth, and in some cases Social Security numbers.

The report from the Homeland Security privacy office takes pains to say that the privacy compromises over Secure Flight were "not intentional," and includes a list of seven recommendations to avoid similar mishaps in the future. Those include explaining to the public exactly what's going on and creating a "data flow map" to ensure information is handled in compliance with the 1974 Privacy Act.

This isn't the first report to take issue with Secure Flight. Last year, auditors at the U.S. Government Accountability Office reported that the program violated the Privacy Act.

In an interview with CNET News.com earlier this year, Peter Pietra, TSA's director of privacy policy, downplayed those concerns. Pietra said the agency disagrees with GAO's interpretation of the law.

A Matrix post-mortem
The second report released Friday represents a postmortem of a defunct project called the Matrix, or the Multistate Anti-Terrorism Information Exchange. Matrix ended in April 2005. (Click on "Matrix Report" for a PDF version.)

DHS provided most of the funding for Matrix, $8 million in 2003, with the Department of Justice tossing in $4 million. Operated by Seisint, which is now part of LexisNexis, the pilot project involved information sharing between state government, federal government, and commercial databases. At least 13 states participated, including California, Texas and New York.

Matrix quickly became controversial for a long list of reasons: It launched in July 2003 with no privacy policy in place. Few participating states ever conducted a self-audit to make sure abuse didn't happen. Neither the Justice Department nor DHS ever did. Privacy specialists weren't consulted until nearly three years after planning began. Even though Matrix was supposedly created as an antiterrorism network, only 2.6 percent of the cases investigated turned out to be terrorism-related.

Also raising questions was the unwillingness of LexisNexis and the participating governments to give a complete list of information accessible through Matrix. But a page captured by Archive.org from the former Matrix-at.org Web site lists records from criminal histories, driver's licenses and motor vehicle registrations, court documents, property ownership, professional licenses, and commercial databases including telephone directories. Other reports have said Social Security numbers, speeding tickets, and family members also are included.

The ACLU had been one of Matrix's most vocal critics. It charged that Matrix was "dangerous and Orwellian" and represented an intrusive data-mining program on innocent Americans.

DHS' privacy office said Friday that Matrix "was undermined, and ultimately halted, in large part because it did not have a comprehensive privacy policy from the outset to provide transparency about the project's purpose and practices and protect against mission creep or abuse."