Senators Probe Airline-Passenger Privacy BreachesSenators Probe Airline-Passenger Privacy Breaches

A testy U.S. Senate committee has asked the Transportation Security Administration exactly which airlines it has approached for customer information. The request follows an admission by American Airlines last week that one of its vendors gave 1.2 million passenger records to third-party contractors vying for contracts with the TSA.

The Senate Governmental Affairs Committee said Wednesday it wants full disclosure on the matter from TSA, which is part of the Department of Homeland Security. Meanwhile, Homeland Security privacy chief Nuala O'Connor Kelly says she plans to launch an investigation into TSA's data-gathering activities.

Committee chairwoman Susan Collins, R-Maine, and ranking member Joseph Lieberman, D-Conn., sent a letter to Asa Hutchinson, undersecretary for border and transportation security, expressing concern that TSA had misled Congress by claiming that delays in testing the controversial Computer-Assisted Passenger Prescreening System were because of a lack of real passenger data, when in fact it appears TSA may have had abundant data.

"We are concerned by potential Privacy Act and other implications of this reported incident," the senators wrote.

TSA already has come under fire for strong-arming JetBlue Airways into giving passenger data to a contractor, Torch Concepts, for a Defense Department data-mining experiment. Additionally, Northwest Airlines earlier this year said it had shared passenger data with NASA for a research project. Now there are concerns that TSA may have approached more airlines that have not yet been identified.

"We are conducting a thorough review of the use of passenger name record by TSA as highlighted by the American Airlines announcement Friday," Kelly says. "We are going to ensure that the questions we ask in this investigation are broad enough to bring to light any other instances of data sharing."

Kelly says she's uncertain whether there's a direct relationship between TSA's passenger data requests and the ongoing testing and development of CAPPS II but that the investigation will seek to unearth any connections.

Meanwhile, TSA faces some hard questions from Collins and Lieberman, who want to know:

• Whether TSA officials asked American Airlines directly for passenger data

• How TSA and/or its contractors used the data

• Which of the vendors in question have become TSA contractors, and for what purpose

• Whether TSA or any of the vendors created a "system of records" as defined by the Privacy Act of 1974, a development that would require public notice so individuals could access information pertaining to them

When asked about the letter, Kelly said: "This office shares many of the same concerns."