« Alaskans Sue For Release of Secure Flight Records | Main | Questions About TSA Records Requests »

August 19, 2005

Demand Your Data! Exercise The Right To Your Travel Records Held By The TSA

By Ann Harrison
ah@well.com

Are you curious what kind of information the U.S. government has collected about you to test their Secure Flight passenger screening system? Want to find out whether the system works? Did you fly in the U.S. during June 2004? Four Alaskans sued the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) yesterday to find out what happened to their travel data.

In direct violation of the Privacy Act, TSA has collected over 100 million records from commercial data providers to test Secure Flight. If your records are contained in this database, you have a right to obtain them. What would happen if thousands of people requested their TSA travel records every day?

You can request your travel and commercial records under the Privacy Act, but you better do it before TSA destroys the information. TSA spokeswoman Deirdre O’Sullivan told Wired News that the TSA has only destroyed some passenger name records (PNR) from airlines and travel agents, but not information TSA gathered from commercial data bases. You can request both your PNR and commercial data with a Privacy Act request.

According to Wired News, TSA has received only three requests for flight records, including the Alaskans. TSA should hear from more people concerned about what kind of data profiling they’re being subjected to each time they fly. Go ahead, see what the government's got on you. Find out how accurate it is.

Below is a sample Privacy Act request to the TSA based on a letter sent by the Alaskan plaintiffs requesting their PNR and commercial data under the Act. You can use it as a model for your own letter. While Privacy Requests are made to the FOIA division, this letter makes it clear that this is a Privacy Act, not a FOIA request. Do not allow TSA to attempt to confuse the two as they have been known to do.


Transportation Security Administration
TSA-20, West Tower, FOIA Division
601 South 12th Street
Arlington, VA 22202-4220


Dear Transportation Security Administration,

This letter constitutes a request under the 5 U.S.C. §552a. I request copies of all information relating to myself contained in the system of records established to test the Secure Flight Program. My request is for all information contained in each and every category of records in the system as listed in the notice to establish the system of records [Docket No. TSA-2004-19160]. These categories include information obtained by U.S. aircraft operators, other Federal agencies, including Federal law enforcement and intelligence agencies, and commercial data providers. Should TSA provide less than a complete copy of all records relating to myself contained in this system of records, I request a detailed explanation as to the reason for denying or not fully complying with my request.

My full name is:

My current address is:

My date of birth is:

My place of birth is:

I promise to pay reasonable fees incurred in the copying of these documents up to the amount of $25. If the estimated fees will be greater than that amount, please contact me before such expenses are incurred.

If you deny all or any part of this request, please cite each specific exemption that forms the basis of your refusal to release the information and notify me of the appeal procedures available under the law.

Pursuant to 28 USCS §1726 and in compliance with 6 CFR 5.21(d), I declare (certify, verify, or state) under penalty of perjury that the foregoing is true and correct.


Executed on this date:


Signature:

Posted by ann at August 19, 2005 01:23 AM

Comments

Ann, Have you requested your records? What did it say?

My guess is that the information collected is probably very vague, underwhelming and consists of a one line computer printout. For example your name, address and an esoteric status code, which relates to how much scrutiny you get. Obviously the exact meaning of the code or how it was calculated is classified.

Posted by: Scott at August 19, 2005 11:44 PM

So what does one do if the information they have on you is incorrect?

Posted by: Robb at August 20, 2005 12:32 AM

Great stuff. These (TSA) freaks are out of control, and unless they get this kind of feedback that some people are not going to stand for this Stalinist behavior, and we think it sucks.

Posted by: Pete at August 20, 2005 07:06 AM

Great letter. I've filled it out and printed a copy... envelope is addressed and stamped. Thing is, I'm a little afraid to send it out. Dammit.

Posted by: Bubba at August 20, 2005 11:59 AM

I just filled out a copy of this letter, signed it, and mailed it. I fly frequently and have recently flown and I am annoyed at this agency's violations of laws and am interested as to what they may have on me.

Posted by: Domingo Galdos at August 20, 2005 03:40 PM

Come on. Stalinist? This man murdered what, 30 Million people? Twice as many as Hitler? Something like that.

This is a friggen DATABASE. It's probably no more detailed then your CREDIT REPORT.

Whatever. Privacy is important. I agree. When you give up rights you never get them back. We have to fight.

But being melodramatic to the point of absurdity doesn't help any cause.

Posted by: I don't wanna say at August 20, 2005 08:01 PM

Can you give a similar example of how one can obtain information using the Freedom of Information Act the government may have an individual?

Posted by: Henry Almond at August 21, 2005 02:18 AM

Should I put in a request even if I did not fly in June 2004?

Posted by: Neil at August 21, 2005 03:04 AM

In your last sentence: "and in complaince with 6 CFR"

complaince is misspelled, should be compliance

Posted by: fred at August 21, 2005 06:15 AM

Hi Ann, this is great!

One question. You write: "information obtained by U.S. aircraft operators, other Federal agencies, including Federal law enforcement and intelligence agencies, and commercial data providers." Should that say (1) US or foriegn aircraft operators, (2) "Federal or State law enforcement," and (3) "commercial data providers, computerized reservation systems (CRS) or other entities who may have participated?"

Just noting the extent to which TSA seems to enjoy wordsmithing, and the need to control that.

Posted by: Adam S at August 21, 2005 09:39 AM

I'm sending one off right now.

-- Asheesh.

Posted by: Asheesh Laroia at August 21, 2005 03:09 PM

I just sent my letter off --- certified return receipt --- will try to remember to post any results to this thread.

Posted by: CB at August 22, 2005 12:57 AM

Ok, so far for information collected during the June 2004 "trial". What about all the information collected still. Is there a way to find out about the data the TSA has on file for me today?

Posted by: Dick at August 22, 2005 05:50 AM

"Did you fly in the U.S. during June 2004?" So information was only collected during that month? I've flown a lot these past two years, but I'm not positive I had any flights in June.

Posted by: kim at August 22, 2005 11:01 AM

It's been a while since I looked at any of the charter documents, but as I recall all of them exempted TSA and DHS from the Privacy Act. It certainly may be that that was not a legal action, but it was certified by our Congress critters and it'll take an action from SCOTUS to correct it.

Posted by: The Captain at August 23, 2005 05:52 PM

Dear Transportation Security Administration,

This letter constitutes a request under the 5 U.S.C. §552a. I request copies of all information relating to myself contained in the system of records established to test the Secure Flight Program. My request is for all information contained in each and every category of records in the system as listed in the notice to establish the system of records [Docket No. TSA-2004-19160]. These categories include information obtained by U.S. aircraft operators, other Federal agencies, including Federal law enforcement and intelligence agencies, and commercial data providers. Should TSA provide less than a complete copy of all records relating to myself contained in this system of records, I request a detailed explanation as to the reason for denying or not fully complying with my request.

My full name is:

My current address is:

My date of birth is:

My place of birth is:

I promise to pay reasonable fees incurred in the copying of these documents up to the amount of $25. If the estimated fees will be greater than that amount, please contact me before such expenses are incurred.

If you deny all or any part of this request, please cite each specific exemption that forms the basis of your refusal to release the information and notify me of the appeal procedures available under the law.

Pursuant to 28 USCS §1726 and in compliance with 6 CFR 5.21(d), I declare (certify, verify, or state) under penalty of perjury that the foregoing is true and correct.


Executed on this date:


Signature:

Paul R. Porter

Posted by: Paul R. Porter at September 3, 2005 11:15 AM

Yes, privacy IS important, but the data is being collected because you're about to use a form of PUBLIC transportation, not because you're about to do something in your bedroom. And this particular form of public transportation was used in 2001 to kill about 3,000 people. Remember that? Those were the events that spawned the TSA. And if they weren't out there trying to protect us, some of you would be condemning them for that. There always seems to be a knee-jerk reaction when anyone mentions privacy. The fact is, no one has a right to COMPLETE privacy, nor should they. There is information out there on all of us. Some of it is trivial and innocuous, and some can be very personal. Some of us have criminal records or have done things they are ashamed of. Guess what? TSA has no interest in selling any of that to the National Enquirer. They have been tasked with a very tough job, and they're trying to collect some information in the hopes of identifying terrorists before they pull off another 9/11. Personally, I think a very secure national ID card would be a great idea. It would help to prevent illegal immigration, terrorism, and a host of other things. You already have to show your driver's license when boarding a plane or even cashing a check, so what's the harm in a (repeat: VERY secure) national ID card? I've got nothing to hide.

Or does all that of make me a Stalinist?

Posted by: John G. at September 3, 2005 08:32 PM

I've flown twice this year first time with my wife and two girls (2 and 4) and pulled out of line and inspected by TSA then again in August with my just my wife, I'm a white american, employeed by the Gov't was this just a coincidence or do they have something on me that is flagging me?

Posted by: Ken at September 14, 2005 09:28 AM

Hurray for the comments by Paul R. Porter. I totally agree with him. If you have nothing better to do than worry about the privacy act, come to New Orleans and volunteer your time.

Posted by: Stuart Brittaney at September 19, 2005 09:20 AM

I just received a reply from TSA to my request. They are now asking me to identify the air carrier I flew and the dates of travel, the contact phone number I may have used to make reservation, and more. And I have 10 days to reply, or they will administratively close my request. The letter is dated september 9, the post office stamp is date september 13. That's how they are avoiding to do their job.

I will send some of the information I have anyhow and keep you posted.

Posted by: Georges Z. at September 19, 2005 02:17 PM

I got the same canned response as Georges. In effect the letter said that they cannot search in one place for all the information, so they won't do it. Seems to me their lack of organization is exactly the opposite of the stated purpose of the Secure Flight program. I also got request for information on any/all flights/carriers I took/used during the request period. The letter did state that I had 10 days from reciept of letter to provide the extra information. Likes Georges, it was dated Sept. 9, Postmarked Sept. 14.

Posted by: Rob Bruce at September 23, 2005 07:32 AM

We've requested information for myself, my wife and my daughter and have exchanged several letters with the Associate Director for Freedom of Information Act and Privacy Act Division. We reveived the same request for carrier and contact information and responded to it. I'll post the correspondence when I get a chance. But the latest is. "Futher, because the program is in the development process, there are no threat analysis records or other similar records regarding any individual passenger. Thus the records protentially responsive to your request will contain the data provided by the air carrier, which varie by air carrier but generally only includes your name, contact phone number, address and flight itinerary. Finally with respect to the commercial data referenced in the system records notice, TSA must outsource that search to the contractor that originally performed the data test. TSA does not have possession of those records." I'll post scans of the letters in a bit, but it's worth noting that I never mentioned a threat assessment.

Paul, in reference to the secure national ID card preventing terrorism, illegal immigration etc. How exactly would it accomplish that? I'm all for security. In fact I just finished writing a book on Radio Frequency Identification (RFID Essentials). And I don't see much benefit to a national ID card. It just makes identity theft that much easier, adding the word "secure" doesn't make it so. Did you have a specific method of securing the card in mind? Remember that the biggest weakness is the kind of identification allowed in applying for the card, not the particular technology used to make the card itself.

I agree with you that we have very little privacy now. If I can't have privacy, I will settle for transparency. For this reason, I like to know who requests my information and for what purpose. If a government agency gathered your banking, credit, health or other personal information and used a private contractor to do it you would be concerned right? What if that private contractor outsourced to India for data entry? What if a worker there sold that information to the highest bidder?

http://uk.biz.yahoo.com/050622/323/flt1q.html

I'm not a knee-jerk anti-establishmentarian, but I understand how these systems can go wrong and don't want to see old mistakes made again. Lets spend our money where it does some good.

Posted by: Bill Glover at September 26, 2005 09:13 AM

Paul R. Porter and Ken are unfortunately blindingly willing to give in to the US government. Would you really trust them with your private information given their track record? Check the URL I've attached.

Anyway, like Stuart Brittaney, I received an identical reply requesting the carrier, specific dates, and so on. As Stuart said, they demanded this information within 10 days or they will close the matter. This is definitely highly suspect.

Posted by: Takeshi at September 27, 2005 12:34 PM

See related information (including suggested responses to TSA's stock response) at the Electronic Frontier Foundation:

https://secure.eff.org/site/SPageServer?pagename=ADV_secureflight

Posted by: Phil Mocek at October 14, 2005 03:32 PM

Post a comment




Remember Me?

I'm trying to fight the comment spam bots. Type "human" here: