Remember a few years after 9/11 when the airlines started requiring you to use your full name as it appears on a government issued ID, date of birth and gender when you buy a plane ticket?
That’s so the TSA can check you against the Federal No-Fly List.
But there is more than meets the eye
In 2012, TSA rolled out “PreCheck” (or “Pre✓®”).
Exempt from Federal privacy laws, the PreCheck database contains detailed personal information, including name, birthdate, biometric information, physical characteristics, Social Security Number and financial information.
TSA now plans to release applicant’s data to federal, state, tribal, local, foreign governments and debt collectors
Last year, while Congress was gone for the holidays, TSA quietly published its intent to hire private-sector data companies
, to solicit applicants for PreCheck enrollment, but also mine your grocery receipts, your credit card purchases, Facebook and Twitter posts to “determine if you are a terrorist risk” – not just once but on an ongoing basis.
|A traveler is fingerprinted while enrolling at a TSA PreCheck application center at New York’s LaGuardia Airport. GETTY IMAGES
We fail to see how compiling big data on the shopping habits of American citizens can be used for national security.
The push for TSA funds was urgent after Congress cut funding for the Department of Homeland Security this year by $336 million, with most of the reductions coming from TSA.
Its private partner, CLEAR
, roundly applauded the move to outsource government citizen data.
CLEAR was the company that, back in 2008, had a widely-publicized incident
in which an employee misplaced a laptop computer which had personal information from over 30,000 CLEAR members stored on it at San Francisco International Airport.
Despite this, TSA believes private sector companies are better at using commercial data and computerized algorithms to examine a passenger’s background and predict who is a terrorist risk.
In September 2007, the Inspector General of the Justice Department reported that the Terrorist Screening Center (the FBI-administered organization that consolidates terrorist watch list information in the US) had over 700,000 names in its database as of April 2007 – and that the list was growing by an average of over 20,000 records per month.
By those numbers, the list now has over one million names on it.
TSA also maintains a PreCheck disqualification list – tracking people accused of violating security regulations, including disputes with checkpoint or airline staff members.
Changes In The Air
Airlines are also starting to learn to use their wealth of customer data.
InFlight Wi-Fi: Keep in mind that browsing the web on a plane is far more public than it is in most other respects.
Gogo, which cornered the market for in-flight Internet and digital entertainment to a number of different national and international airlines, has deals
with U.S. law enforcement and the NSA to assist in tracking users when so ordered.
However, earlier this year, it was revealed that Gogo partnered with government officials that went beyond those outlined under federal law and added spyware into their service.
Earlier this month reports confirmed
that Gogo Inflight Internet had intentionally issued fake SSL certificates, effectively performing man-in-the-middle
attacks on its own users.
In-air surveillance is not new. Back in the early 1990s NBC News reported that French intelligence agencies were using Air France as a base for in-flight surveillance of U.S. businesspeople and government officials.
More recently, the UK Telegraph reported that the EU has been funding and testing surveillance systems on planes involving “a combination of cameras, microphones, explosive sniffers and a sophisticated computer system” to monitor passengers.
Meanwhile, Gogo’s major competitor for in-flight Wi-Fi service is ViaSat, a defense contractor that specializes, in part, in surveillance.
Airport Beacon Misuse
Unregulated and coming to an airport near you are tracking beacons – little wireless sensors that pings your mobile phone via its embedded Wi-Fi and Bluetooth signals.
Touted as a benefit
to passengers with personalized up-to-the-minute information about airport parking availability, wait times at security and passport control, baggage tracking, gate changes, flight status and retail offers, but the technology is moving faster than the agencies that regulate them.
Airport passenger-tracking technology exists in a legal grey area with no standards on how location data can be used, collected and stored and if consumers should be notified that data collection is taking place.
Beacons collect the phone’s unique identifier, a 12-digit code that knows where the passenger moves around in the airport, what stores they visit and more.
Some European airports notify travelers that the technology is in use, while most US airport officials don’t, saying the system poses no privacy issues.