CONSUMER NEWS RECALLS COMPLAINT FORM SCAM ALERTS

Small Claims Guide \| Class Actions \| Lemon Law \| FAQ \| Resources \| Newsletters \| Spanish
Automotive Education Electronics Family Finance Health Homeowners Shopping Travel

TSA's Privacy Law Violations May Lead to More Abuses

By Martin H. Bosworth
ConsumerAffairs.com

July 28, 2005

Airport Security
• TSA's Air Cargo Plans Questioned
• TSA Stops ShoeScanner In Its Tracks
• New Controversy Dogs TSA Chief
• TSA Worries About Terrorist 'Rehearsals'
• "Registered Traveler" Expands to More Airports
• Lighters, Breast Milk Get TSA's OK
• JFK Airport Plot Renews Calls for Worker Screening
• Future Security Could Feature Facial Photos
• Bush May Veto Airport Screening Machines
• Competition Comes to Registered Traveler Services
• TSA Dragnet Aims to Block Potential Threats
• Screening the Screeners Isn't Enough to Ensure Airport Security
• Naked City Comes to Life in Phoenix Airport
• TSA Adds Security Checks for Airport Employees

The news that the Transportation Security Administration violated the Privacy Act by collecting data on 250,000 Americans as part of a "study" for its new "Secure Flight" program is the latest in a string of incidents detailing how government agencies are using commercial data brokers to sidestep privacy laws, setting the stage for more problems in the future.

The Government Accountability Office (GAO) issued a report to Congress stating that "a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth, and telephone number without informing the public."

Although the contractor is not identified in the GAO report or the TSA's admission that it collected the data after promising not to do so, the scandal bears a striking resemblance to the JetBlue incident, wherein the data clearinghouse Acxiom sold thousands of its data records to another TSA contractor in order to test the reliability of "CAPPS II," the predecessor to the "Secure Flight" screening system.

Several laws mandating the creation of nationwide requirements for issuing state driver's licenses may require the usage of commercial data brokers such as ChoicePoint and LexisNexis to effectively implement.

This has aroused concerns among privacy advocates and opponents of the "Real ID" Act who believe that entrusting such a complex enterprise to companies that have already proven incapable of protecting the data they collect may lead to even more instances of identity theft.

The "Real ID" Act was passed in May 2005, attached to a bill authorizing funding for U.S. forces in Iraq. The act requires state governments to establish "minimum security standards" for issuing or re-issuing driver's licenses, including verification of Social Security Numbers and birth certificates.

The law is an "unfunded mandate," meaning that states will have to come up with the money to implement the new procedures themselves, which may lead to private data screening agencies offering technology and information databases to aid in the law's enforcement.

The Senate passed the Transportation Security Improvement Act as part of an extensive highway spending bill, on May 17th. The bill includes language authorizing the TSA to mandate that state motor vehicle authorities conduct background checks as "stringent" as Federal background checks for commercial driver's licenses. The bill is currently being reconciled in joint Congressional committee.

Opponents of these provisions maintain that additional security requirements are not only burdensome to implement and unnecessarily invasive, but offer a dangerous opportunity for "information broker" companies to hoard even more data.

Timothy Sparapani, associate legal counsel for the American Civil Liberties Union ), told The Washington Post that he "worried about the government expanding their use of background checks."

Although none of the major commercial data brokers have publicly admitted to lobbying for these laws, they also have been embroiled in recent scandals and may be actively looking for more government business.

ChoicePoint's loss of over 100,000 individual records to identity thieves in February 2005 opened the door to a flood of reports of identity theft and data loss. LexisNexis lost 32,000 data records to thieves in March 2005.

Acxiom itself was ahead of the identity-theft curve, as its servers were hacked by employees not once, but twice -— first in March 2003 and again in July 2004. Both times, millions of aggregated data records were stolen and put up for sale on the "gray market" of identity theft rings.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

July 4 2008

Print, mail, etc.

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

Knowledge is free.
Knowledge is power.

Back to the top |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.