Scoop’s Views

Danny O’Brien posted an interesting comment about Michael Chertoff’s plans for the Transportation Security Administration’s (TSA) planned rollout of Secure Flight in 2008, a program that will force air passengers to surrender personal privacy in exchange for a high-cost flight.

O’Brien, who was at the Terra Incognita: the annual conference of Data Protection and Privacy Commissioners, in Montreal, said the audience had Chertoff, secretary for the Dept. Homeland Security, on the defense. But, as O’Brien points out, most were European data protection registrars, the group of officials who protested the DHS’ recent agreement with the EU, but the very group of EU government officials who will now be charged with handing over the passenger name records (PNRs) of passengers on flights headed to the United States from their respective countries with seemingly little oversight.

O’Brien said Chertoff talked about the U.S. defending values, "including privacy" of those whose names will be stored in the massive Secure Flight database. This is laughable, as the agency cannot even come up with new ideas for the program, instead, is rehashing old ideas, trying to force its approval in Congress.

Given the number of "lost" government laptops, not to mention (too much, anyway), the issue of domestic spying, as well as various other spy programs, such as the formerly code-named Echelon and Carnivore — Internet packet sniffers, it seems nothing about DHS is about privacy.

The Electronic Frontier Foundation (EFF) filed comments about plans for TSA’s Secure Flight program, especially focusing in on the TSA’s intent to exempt key data collection from the protections of the Privacy Act in its Secure Flight program.

Under Secure Flight, DHS, working through the TSA, will be allowed to collect the passenger records of all flights into, over, and from the U.S., and will then be obliged to hand over to airlines — and from airlines — the same information, allowing them to connect that personal data with other government databases, within the DHS and elsewhere.

Secure Flight has had a long and ignoble history, with frequent protests from both Congress and privacy groups, leading to its postponement in 2006.

Under the new plans for Secure Flight, designed by DHS and TSA, DHS still seeks to keep Secure Flight information exempt from the protections of US privacy law. That exemption will prevent individuals — you, me, and anyone else — from discovering what data is kept is maintained on them, as well as a lacking method of correct erroneous data, and, more importantly, there is no right to judicial review to force DHS or TSA to correct the data, especially if DHS refuses to correct anything that is known to be wrong. Yeah, this is a great system and really secure, right?

O’Brien said that in the EFF’s filing, challenging the DHS’ new incarnation of Secure Flight, the organization argued:

When it enacted the Privacy Act in 1974, Congress sought to restrict the amount of personal information that federal agencies could collect and, significantly, required agencies to be transparent in their information practices. The Privacy Act is intended "to promote accountability, responsibility, legislative oversight, and open government with respect to the use of computer technology in the personal information systems and data banks of the Federal Government[.]" Adherence to these requirements is critical for a system like Secure Flight.

When flying, no, when simply living in the United States, a nation of liberty and freedom, the rights of the people must be protected. In fact, it’s the rights of the people that make this nation, not the secrecy of governmental programs. The government is supposed to work transparently for the good of the people, not attempt to be the sly fox sneaking into the hen house at night.

Read Danny O’Brien’s posting, Secure Flight Returns, Lacking Privacy Protections, on the Electronic Frontier Foundation (EFF) site.