As Donna says, this just confirms things that we all sort of figured were going on, but this is quite an official acknowledgment. I wonder if there will be any followup action on the part of the US government.Donna Wentworth @ EFF: Deep LinksIt's Official: TSA Lied
Two government reports confirm what EFF and other privacy advocacy organizations have long known: the Transportation Security Administration (TSA) lied about its role in using airline passengers as guinea pigs for testing "Secure Flight" - the latest version of a fundamentally flawed passenger-profiling system for screening terrorists. And not only did TSA lie, it lied repeatedly, to everyone.
A DHS report [PDF], released this past Friday, reveals that TSA misled individuals, the press, and Congress in 2003 and 2004. A GAO report [PDF], released Monday, also shows that Secure Flight has failed to meet 9 out 10 conditions the GAO set for giving the program the go-ahead. These conditions include providing adequate protection for passengers' privacy and ensuring the accuracy of the data it would use to classify people as terrorist risks.
Passenger records contain detailed personal information, such as your name, address, phone number, travel itinerary -- even your credit card number. Yet the DHS report says TSA shared passenger information with outside contractors while neglecting to "inquire whether the data used by the vendors had been returned or destroyed."
"This is worse than ChoicePoint," says EFF Senior Privacy Attorney Lee Tien. "It reflects an attitude toward the privacy of Americans that falls well below what people are up in arms about in the commercial data industry. These people have a public trust and they're abusing it."
The US doesn't have a monopoly on this stuff of course. I've been fighting very hard for privacy in Japan. What we ended up with was a privacy bill that allows the government to strictly enforce privacy rules for businesses, but leaves the government quite free and exempt from similar oversight, focusing more on the "ethics of civil servants." Of course there is also a carve out for "the media" so they don't scream about it too much. Unfortunately, in the case of the Japanese privacy bill, "the media" includes only TV and newspapers and not magazines and of course not bloggers. Although I agree that privacy violations by businesses is a problem and a threat, I'm still much more concerned about abuse by governments, particularly when there isn't a good oversight process. The US is lucky it has the GAO.