Despite rules, TSA bought data on airline travelers

WASHINGTON (AP) — The federal agency in charge of aviation security collected extensive personal information about airline passengers even though Congress forbade it and officials said they wouldn't do it, according to documents obtained Monday by The Associated Press.

The Transportation Security Administration bought and is storing details about U.S. citizens who flew on commercial airlines in June 2004 as part of a test of a terrorist screening program called Secure Flight, the documents indicate.

"TSA is losing the public's trust," said Tim Sparapani, a privacy lawyer with the American Civil Liberties Union. "They have a repeated, consistent problem with doing one thing and then saying they did another."

Secure Flight and its predecessor, CAPPS II, have been criticized for secretly obtaining personal information about airline passengers and failing to do enough to protect it.

The TSA and several airlines were embarrassed last year when it was revealed that airlines gave personal information on 12 million passengers to the government without the travelers' permission or knowledge. An inspector general's report found TSA misled the public about its role in acquiring the data.

Class-action lawsuits have been brought against airlines and government contractors for sharing their passengers' information. As a result, airlines agreed to turn over passenger data for testing only after they were ordered to do so by the government in November.

According to the documents, which will be published in the Federal Register this week, the TSA gave the data, known as passenger name records, to its contractor, Virginia-based EagleForce Associates. Passenger name records can include a variety of information, including name, address, phone number and credit card information.

EagleForce then compared the passenger name records with commercial data from three contractors that included first, last and middle names, home address and phone number, birth date, name suffix, second surname, spouse first name, gender, second address, third address, ZIP code and latitude and longitude of address. The reason for the comparison was to find out if the passenger name record data was accurate, according to the TSA.

EagleForce then produced CD-ROMs containing the information — except for latitude and longitude and spouse's first name — "and provided those CD-ROMs to TSA for use in watch list match testing," the documents said. TSA now stores that data.

According to previous official notices, TSA had said it would not store commercial data about airline passengers.