Feeds

American Airlines data used to test passenger snoop system

TSA to inaugurate frequent liar club?

  • alert
  • submit to reddit

High performance access to file storage

A third US airline, American, has admitted handing over passenger data to the Transport Security Administration, and this time it has emerged that the TSA promptly shared the information with four private contractors. American had previously denied passing records on, while the TSA had previously told Wired that it hadn't provided records to its contractors, nor had it used passenger records for testing CAPPS II.

So straight zeroes for knowing which way is up. CAPPS II is the US system being developed with the goal of identifying security risks on US flights, and will require large amounts of raw data, quantities of which cannot currently be used without breaching the US Privacy Act. Presumably the TSA must be aware that privacy legislation will require some adjusting prior to CAPPS II going live, and that the use of data in testing prior to this is therefore questionable, but apparently not. The US has actually been using European passenger data for testing of CAPPS II for some time, although we accept that as this doesn't cover US citizens it doesn't count under US privacy legislation.

US negotiators were sufficiently concerned about support for CAPPS II that provision was made for this testing in the deal struck by the European Commission last year, and the Commission itself has committed to "rapid negotiations" over the live version of the system. So currently data from Europe, where legislation is allegedly tougher, is being used in the US in circumstances which would be illegal under US law, and the Commission describes the safeguards over its use as adequate. According to the Commission the agreement prohibits the US from passing this data on to third parties, so the the Commission may now wish to ask the TSA, given that it was unaware that it was passing on American Airlines passenger data to third party CAPPS II contractors, whether it was similarly unaware that it was doing so with EU passenger data.

Given the difficulties inherent in being an independent CAPPS contractor without access to large quantities of test data, one does rather suspect.

Amusingly, the American Airlines press release confessing that it had "recently learned" that it had been handing out the data comes with a legal disclaimer popup which tells us that "information contained in the release may have changed. If you plan to use the information contained herein for any purpose, verification of its continued accuracy is your responsibility." So if we understand that correctly, information contained in the release may not now actually be information at all, and although the statement may have been a statement at time of stating, any it may not be now. Whenever "now" is. We'd have called them up and asked them if it still worked, but then they'd probably have said it was only guaranteed to work at the precise moment they were talking to us. So you're all just going to have to call them yourselves. ®

Related links

The wrong stuff: what it takes to be a TSA terror suspect
EFF CAPPS II information
EPIC
Data on 10m Northwest fliers handed to NASA for 'testing'
US using EU airline data to 'test' CAPPS II snoop system

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.