Just on FOX news:
In it's efforts to keep the skies safe, the TSA apparently went too far and violated the privacy rights of commercial airlines passengers. The GAO says the TSA did not fully disclose to the public its use of personal information in the fall of 2004. The GAO sent a letter to Congress saying that data collection violated the 1974 privacy act.
Maybe FOX is starting to get it?
Not so fast!
More......
Their unnamed "experts" analysis that followed went something like this:
"This is the real bottom line. If we have another, far more devastating attack in this country, you can bet one of the things that's going to happen is we're going to see a lot more infringement of civil liberties. To prevent that from happening, sensible things, like trying to assure that commercially available data is properly utilized, with notice, but properly utilized by law enforcement authorities. It seems to me to not be a terribly great infringement on civil liberties."
So let me see.....if I give up some of my civil liberties now, I won't have to worry so much about them taking away ALL of my civil liberties later?
They ended with, "A spokesman for the TSA said that the administration is committed to protecting personal privacy, and is using "security safeguards" to protect the data they collect."
BULLSHIT!
From the AP -
Congress Report: TSA Broke Privacy Laws
WASHINGTON - The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday.
ADVERTISEMENT
The
Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge.
The information was collected as the agency tested a program, now called Secure Flight, to conduct computerized checks of airline passengers against terrorist watch lists.
TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists.
The GAO reported that about 100 million records were collected.
The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it's gathering information about, what kinds of information, why it's being collected and how the information is stored.
And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected.
Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004.
Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names -- who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names.
Justin Oberman, the TSA official in charge of Secure Flight, said that was a highly instructive test.
"When you cannot distinguish one John Smith from another, you're going to get records from John Smiths who aren't boarding flights on an order of magnitude we can't handle," Oberman said.
He said the testing is designed to find out what kind of data airlines will need to get -- such as passengers' birthdates -- so they can turn it over to the government to check against watch lists.
The GAO letter said that the TSA also said originally that it wouldn't use and store commercial data about airline passengers. It not only did that, it collected and stored information about the people with similar names.
"As a result, an unknown number of individuals whose personal information was collected were not notified as to how they might access or amend their personal data," the letter said.
It was only after meeting with the GAO, which is overseeing the program, that the TSA published a second notice indicating that it would do the things it had earlier said it wouldn't do.
Oberman said it's not unusual to revise such notices.
"We are conducting a test," he said. "I didn't know what the permutations would be."
Oberman also said that the test has no impact on anyone who travels and that the data will be destroyed when the test is over.
Friday's GAO letter shed new light on how the TSA expanded the testing of Secure Flight well beyond its original scope and why it had to publish the second notice.
The letter drew a sharp rebuke from Senate
Homeland Security Committee chairman Susan Collins, R-Maine, and the ranking Democrat,
Joe Lieberman of Connecticut, in a letter to Homeland Security Secretary
Michael Chertoff dated Friday.
"Careless missteps such as this jeopardize the public trust and DHS' ability to deploy a much-needed, new system," the letter said, citing the project's "unfortunate history."
For the full report go here
And for a really good, non MSM take on all the ins and out of this, try 'The Practical Nomad' - Ed Hasbrouk's (who works in the travel industry) blog:
The report reveals that these disclosures to the TSA (almost all of which violated European Union laws and the EU Code of Conduct for Computerized Reservation Systems, if not necessarily in all cases laws of the USA) were more extensive than has even previously been confirmed by any agency or official of the government of the USA, and puts the lie to a series of denials by TSA spokespeople and officials to reports of these disclosures, especially the reports by, and denials to, members of Congress, myself, and Ryan Singel of Wired News.
.......
A PNR is, in industry lingo, "built" by a series of entries, often over a considerable period of time, in which different bits of data (much of which the prospective passenger(s) never see), originating with different parties, are entered through different intermediaries. At Airtreks.com where I work with complex around-the-world itineraries, the audit trail or "history" for a single PNR routinely contains more than 100 distinct entries, each identified uniquely with its source. As I've discussed previously, "Most PNR data is provided to airlines by a chain of between two and four intermediaries: (1) the travelling companion who makes the travel arrangements for the typical travel party of more than one person, (2) the travel agency they deal with (online or offline), (3) the CRS used by that travel agency, and (4) the CRS that hosts the airline's PNR database." Their role (and the necessity for them to obtain and document consent for onward personal data transmission) remains unacknowledged by the TSA.
The GAO report describes a "Secure Flight" process in which the TSA would obtain all PNR's containing reservations for each flight (it's silent on whether this would include only confirmed reservations, all confirmed or waitlisted reservations, or all reservations including cancelled ones) 72 hours before scheduled departure. At this point, or any point prior to "wheels up" (and then only if the TSA limited itself to PNR's of those who actually boarded), names in PNR's correspond not to "passengers" but to a vastly larger class of what might more accurately be called "prospective passengers". In many cases, a prospective passenger has made reservations not just for themselves but for their travelling companion(s), who may not even know they have done so, and from whom no consent to anything can be inferred.
A large percentage of reservations are cancelled, or expire unticketed. Airlines can't always tell which reservations have been ticketed, and don't necessarily cancel them, so there are always some confirmed reservations for prospective passengers who fail to "materialize", as we say in the industry, and present themselves for boarding. That's why airlines overbook. There are no-shows on every flight, and for every no-show there is PNR data on a non-passenger in a confirmed, possibly even ticketed, PNR. And that's at departure time: 72 hours in advance, there are even more live, confirmed PNR's for prospective passengers who won't actually become "passengers".
Aside from all that, every PNR -- as the FBI found out -- contains a unique "agent sine" for the travel agent or airline staff person who made each manual entry. This is clearly "personally identifiable information" that can't be described as "passenger" information.
So really, if you, or even one of your friends, start making "fantasy" reservations on Travelocity using your name, you will start building your own PNR profile - you don't even have to go anywhere to be considered to have been travelling to "red flag" countries.
What a world!