Feeds

American Airlines data used to test passenger snoop system

TSA to inaugurate frequent liar club?

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

A third US airline, American, has admitted handing over passenger data to the Transport Security Administration, and this time it has emerged that the TSA promptly shared the information with four private contractors. American had previously denied passing records on, while the TSA had previously told Wired that it hadn't provided records to its contractors, nor had it used passenger records for testing CAPPS II.

So straight zeroes for knowing which way is up. CAPPS II is the US system being developed with the goal of identifying security risks on US flights, and will require large amounts of raw data, quantities of which cannot currently be used without breaching the US Privacy Act. Presumably the TSA must be aware that privacy legislation will require some adjusting prior to CAPPS II going live, and that the use of data in testing prior to this is therefore questionable, but apparently not. The US has actually been using European passenger data for testing of CAPPS II for some time, although we accept that as this doesn't cover US citizens it doesn't count under US privacy legislation.

US negotiators were sufficiently concerned about support for CAPPS II that provision was made for this testing in the deal struck by the European Commission last year, and the Commission itself has committed to "rapid negotiations" over the live version of the system. So currently data from Europe, where legislation is allegedly tougher, is being used in the US in circumstances which would be illegal under US law, and the Commission describes the safeguards over its use as adequate. According to the Commission the agreement prohibits the US from passing this data on to third parties, so the the Commission may now wish to ask the TSA, given that it was unaware that it was passing on American Airlines passenger data to third party CAPPS II contractors, whether it was similarly unaware that it was doing so with EU passenger data.

Given the difficulties inherent in being an independent CAPPS contractor without access to large quantities of test data, one does rather suspect.

Amusingly, the American Airlines press release confessing that it had "recently learned" that it had been handing out the data comes with a legal disclaimer popup which tells us that "information contained in the release may have changed. If you plan to use the information contained herein for any purpose, verification of its continued accuracy is your responsibility." So if we understand that correctly, information contained in the release may not now actually be information at all, and although the statement may have been a statement at time of stating, any it may not be now. Whenever "now" is. We'd have called them up and asked them if it still worked, but then they'd probably have said it was only guaranteed to work at the precise moment they were talking to us. So you're all just going to have to call them yourselves. ®

Related links

The wrong stuff: what it takes to be a TSA terror suspect
EFF CAPPS II information
EPIC
Data on 10m Northwest fliers handed to NASA for 'testing'
US using EU airline data to 'test' CAPPS II snoop system

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.