Feeds

American Airlines data used to test passenger snoop system

TSA to inaugurate frequent liar club?

  • alert
  • submit to reddit

Security for virtualized datacentres

A third US airline, American, has admitted handing over passenger data to the Transport Security Administration, and this time it has emerged that the TSA promptly shared the information with four private contractors. American had previously denied passing records on, while the TSA had previously told Wired that it hadn't provided records to its contractors, nor had it used passenger records for testing CAPPS II.

So straight zeroes for knowing which way is up. CAPPS II is the US system being developed with the goal of identifying security risks on US flights, and will require large amounts of raw data, quantities of which cannot currently be used without breaching the US Privacy Act. Presumably the TSA must be aware that privacy legislation will require some adjusting prior to CAPPS II going live, and that the use of data in testing prior to this is therefore questionable, but apparently not. The US has actually been using European passenger data for testing of CAPPS II for some time, although we accept that as this doesn't cover US citizens it doesn't count under US privacy legislation.

US negotiators were sufficiently concerned about support for CAPPS II that provision was made for this testing in the deal struck by the European Commission last year, and the Commission itself has committed to "rapid negotiations" over the live version of the system. So currently data from Europe, where legislation is allegedly tougher, is being used in the US in circumstances which would be illegal under US law, and the Commission describes the safeguards over its use as adequate. According to the Commission the agreement prohibits the US from passing this data on to third parties, so the the Commission may now wish to ask the TSA, given that it was unaware that it was passing on American Airlines passenger data to third party CAPPS II contractors, whether it was similarly unaware that it was doing so with EU passenger data.

Given the difficulties inherent in being an independent CAPPS contractor without access to large quantities of test data, one does rather suspect.

Amusingly, the American Airlines press release confessing that it had "recently learned" that it had been handing out the data comes with a legal disclaimer popup which tells us that "information contained in the release may have changed. If you plan to use the information contained herein for any purpose, verification of its continued accuracy is your responsibility." So if we understand that correctly, information contained in the release may not now actually be information at all, and although the statement may have been a statement at time of stating, any it may not be now. Whenever "now" is. We'd have called them up and asked them if it still worked, but then they'd probably have said it was only guaranteed to work at the precise moment they were talking to us. So you're all just going to have to call them yourselves. ®

Related links

The wrong stuff: what it takes to be a TSA terror suspect
EFF CAPPS II information
EPIC
Data on 10m Northwest fliers handed to NASA for 'testing'
US using EU airline data to 'test' CAPPS II snoop system

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.