Shostack + Friends Blog Archive


Uncle Sam's Privacy Polices (TSA, SSA)

Daniel Solove has posts on “If It’s Against Your Privacy Policy, Just Change It” (Social Security Administration):

This feeds distrust about the government’s law enforcement activities as well as makes people unsure that they are ever being given the complete story about what the government is doing with their personal data. And what good is a privacy policy if it is conveniently rewritten the minute an agency wants to do something different? I am not opining on whether or not the records ultimately should have been shared with the FBI, but the way it was done – secretly, without judicial supervision, and then kept quiet until now — strikes me as very problematic.

and “TSA’s Broken Promise About Secure Flight,” which has also been covered by Ryan Singel, “TSA: Said It Wouldn’t, Did,” but the best analysis comes from Lee Tien of the EFF, posting to Farber’s IP list:

Remarkably, I think the AP story understates the extent of the
privacy violations by TSA and its contractor.

They took 42,000 of those names and for each “created up to twenty
variations of a person’s first and last names” — then submitted
both the 42,000 real names and an extra 240,000 new names to three
commercial data brokers (Acxiom, InsightAmerica, and Qsent).

TSA didn’t say how many of these 282,000 names yielded commercial
dossiers. But it’s clear that personal information about many tens
of thousands of people who didn’t even fly in June 2004 must have
been turned over.

Not a single terrorist has been arrested after all this. The government needs to stop wasting money and invading (what little remains of) our privacy, and focus energy on undercover operations.