When the story first broke on December 23rd, it was no surprise to many that the Transportation Security Act (TSA) is continuing to violate the Privacy Act with its collection of information on travellers in the Nation's air systems.
In a story released by the Associated Press on December 24th, the TSA Privacy Office admitted that its own Provacy notice on the collection of passenger data in June 2004, actually collected far more information than allowed or announced. Its contractor, EagleForce, contracted out additional information collection to several other firms, and then passed the augmented data back to TSA. The information totaled approximately 191 million records. Months ago, the GAO called the data collection excessive. Now, the spokesman for the TSA Privacy Office admitted the same, in saying, "TSA announced one testing program, but conducted an entirely different one."
The Chicago Tribune noted that, even in the face of the report, TSA still refused to admit that it violated the law, calling the huge data collection, an 'inadvertant' and 'unintentional' failure of TSA to amend the Privacy Act data collection notice once the data collection process had changed.
This failure is part of the continuing attempt by DHS to get its data collection correct in implementing a system called SecureFlight, which has been plagued by problems, and Congress has refused to authorize its implementation until the GAO gives it a clean bill of health--that includes resolving information security and privacy issues, according to an article in CNET.
Whatever the failure, TSA and its parent, the DHS still continue to think they are above the law, and steadfastly continue their illegal data collections. One has to wonder if that will continue under the scrutiny of the new Congress.