TSA May Order Airlines to Share Data


Transportation Security Administration Chief Administrator James Loy said Friday if no airlines voluntarily provide data for a 180-day testing period of the Computer Assisted Passenger Prescreening System (CAPPS II) scheduled for later this year, he will issue a security directive mandating the airlines provide the information.


Delta Airlines had originally agreed to participate in the program but withdrew following a firestorm of criticism over passenger privacy violations. JetBlue Airways was sucked into the controversy earlier this month when it was revealed it had provided passenger data to a defense contractor.


Under the TSA’s original CAPPS II proposal, airline passengers would have been required to provide their full name plus address, phone number and date of birth when making reservations. Once that information was entered, the airline computer reservation system would automatically link to the TSA for a computer background check on the traveler that could include a credit, banking history and criminal background check.


In late July, the Department of Homeland Security issued new guidelines for the program aimed at defusing the controversy. Passengers will still be required to provide the airlines with their name, address, telephone number and date of birth, as well as some information about the passenger’s itinerary. According to the DHS, the parent agency of the TSA, there will be no credit check and, “No additional information beyond this data is required to be collected from passengers for the operation of CAPPS II.”


Nevertheless, following the experiences of Delta and JetBlue, airlines are reluctant to participate in the program. When Delta was revealed as the initial airline to volunteer data for CAPPS II, a national boycott of the airline followed.


JetBlue is facing a complaint filed by the Electronic Privacy Information Center (EPIC) with the Federal Trade Commission (FTC) claiming the airline violated the FTC Act when it provided personal passenger data to Torch Concepts, a data mining company based in Little Rock, Ark. EPIC alleges JetBlue’s actions were in violation of its own privacy policies.


JetBlue does not deny the allegations but says it provided the information at the request of the Department of Defense. The airline also says Torch is a defense contractor working on a project concerning military base security and that JetBlue is not involved in the CAPPS II program.


In an official company statement, JetBlue said, “It will not be a test airline nor has it ever shared customer information for the TSA’s CAPPS II program and will not do so unless required by law.”


Loy said Friday it may come to that. Given Delta’s and JetBlue’s experiences, Loy said the agency no longer plans to single out an airline, but, instead hopes to work out an agreement with the Air Transport Association, the powerful lobbying arm of the airline industry.


A spokesman for the lobby said Friday no such deal has been reached.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web