More airlines than thought shared sensitive passenger data

Firms working on a passenger-screening system obtained sensitive data from more airlines than previously reported, the top official for the Transportation Security Administration told Congress on Wednesday.

David Stone, currently serving as the acting TSA administrator, said America West Airlines, Continental, Delta Air Lines and Frontier Airlines gave passenger data to four companies working on the risk-assessment program known as the Computer-Assisted Passenger Pre-screening System. Previously, it was revealed that American Airlines and JetBlue Airways provided such data.

Stone also said passengers who booked airline tickets through Galileo International, and possibly Apollo, also had their information collected for testing. Stone notified the Senate Governmental Affairs Committee of the actions by the airline and registration companies in written responses to questions about his pending nomination.

According to TSA, the agency entered into "cooperative agreements" with four companies -- Ascent Technology, HNC Software, Infoglide Software and Lockheed Martin -- to prove the feasibility of the computerized system to screen passengers. The companies "independently obtained" the sensitive data, and TSA has not accessed any passenger records, Stone said.

But the companies violated the Privacy Act by not notifying the public about its record system. The law requires government contractors to publicly describe the type of information obtained and how people can gain access to their information.

"These revelations cause concern because the information was obtained without any public notice or clear guidelines for protecting the passengers' privacy," Governmental Affairs Chairwoman Susan Collins, R-Maine, said on Wednesday.

Members of Congress concerned about privacy implications and testing delays have criticized CAPPS II. House and Senate appropriators significantly reduced funding for the program next year because of privacy concerns about using passenger data to test the system.

"Neither domestic air carriers nor the European Union have been willing to share passenger record data for a variety of reasons, including significant privacy concerns," a House Appropriations Committee report said. "[U]ntil these issues are resolved, it is premature to fund the testing of this system when data cannot be accessed."

The Senate Appropriations panel said delayed testing has postponed obligating funds for the program. "The amount recommended by the committee ... will be sufficient to meet fiscal year 2005 program funding requirements," that panel's report said.

The House bill, approved last week, includes $40 million for CAPPS II -- $20 million less than President Bush requested and $5 million more than the Senate's version. Both the House and Senate bills would prohibit TSA from using funding to test or deploy the system until it meets certain privacy requirements.

Stone on Wednesday reiterated previous statements from Homeland Security officials that the department would not access the passenger data to begin testing CAPPS II until "security systems to ensure protection of the data are fully in place."