U.S. airlines have been selling passenger data to Customs and Border Protection via their data clearinghouse. The government’s contract for the data prevents them from admitting where they got the data.
The Airlines Reporting Corporation, which is owned by large carriers such as Delta, American, United, Southwest, JetBlue, Alaska, Lufthansa, and Air France, serves as a major travel data hub, settling ticket sales across more than 240 airlines. ARC sells access to its “Travel Intelligence Program” which tracks daily flight bookings and historical and future itineraries across the U.S. and its territories.
CBP pays for access to this data to “support federal, state, and local law enforcement agencies to identify persons of interest’s U.S. domestic air travel” patterns. This data includes:
- Passenger names
- Full domestic flight itineraries
- Payment details (e.g., credit card used)
It’s updated daily and stretches across approximately 39 months of travel history and upcoming bookings—one billion records searchable by name, credit card, or airline.
However, TIP doesn’t fully cover tickets purchased directly through an airline—it only captures bookings made through ARC-affiliated travel agencies, like Expedia, brick-and-mortar agencies, and corporate booking tools end up in ARC’s Travel Intelligence Program database. According to the DHS privacy assessment,
ARC contains data from ARC-accredited travel agencies … not flights booked directly with an airline. If the passenger buys a ticket directly from the airline, then the search … will not show up in an ARC report.
Senator Ron Wyden (D-OR) slammed the practice as “revealing where [Americans] fly and the credit card they used,” and are pressing airlines to explain why they’re allowing ARC to resell this information.
CBP claims the data is used only during open investigations—such as cases involving suspected misconduct—and asserts that it adheres to strong privacy policies. But they are collecting data on everyone, without particularized suspicion or judicial safeguards.
Now, TSA already gets some information on domestic passengers. Secure Flight data includes full name (as on ID), date of birth, gender, redress/known-traveler numbers, flight number, date, and departure/arrival airports. Most records are retained for 7 days after travel (watch list matches are kept up to 8 years).
ARC is brokering full PNR data, so includes things like payment details, travel agency history, seat assignments, meal requests, contact information, and prior and future trips. Secure Flight covers only the single, upcoming flight you’re about to take versus 39 months of past travel plus future bookings across many airlines.
Through this contract the government is surveilling all Americans without a warrant. And we know this is not necessary to track criminal subjects, because the government actually gets warrants to track reservations from the Sabre computer reservation system. It’s possible to focus on actual criminals and subjects of investigation, and to do so with judicial oversight, because the government does this all the time. They just prefer a workaround.
Surprised? When power exists it gets used.
@drrichard correct. And this isn’t the only example of government using private data collection to circumvent the Constitution.
Increasingly you will become the product. Just wait until AI fully blossoms. Whether selling (manipulating) to your ego/desires or selling (also manipulating) to your fears it will become a marketer’s wet dream. Just like COVID.
There can be reasonable sharing of essential information for security and safety, but this goes way beyond that. Like, the government doesn’t need to know what special meal you picked on your flight. At a certain point, it becomes overly intrusive.
So, where are those ‘Gadsden flags’ now? What happened to ‘Don’t Tread on Me,’ fellas? Regardless of ideological preferences, we should all care about privacy and liberty. Folks seem to have traded their ‘principles’ for greed, power grabs, and more corruption.
Supreme Court precedents for the last 100 years have destroyed any chance of government protecting the rights of individuals, so it shouldn’t surprise anyone that those in power (elected, appointed, and employed) abuse that power with complete impunity.
Its NOT just the US government. Canada, UK, and other nations also subscribe to this.
why is anyone surprised. Private companies sell all sorts of personal data on most everyone. And it is legal – I’m sure if anyone actually read the terms and conditions we all click on without reviewing, we’d see explicit (but well hidden) agreement to share our data.
We should all be able to view our individual collected data on request . Mistakes happen and being able to dispute information is vital. If you are not part of an active investigation, why not?
Ok, so if ‘lack of privacy’ is our ‘reality,’ would it make us ‘feel better’ if Gunnery Sergeant Hartman yelled it to us: “Here you are all equally worthless!” …5 foot 9? I didn’t know they stacked * that high.
@1990:
But Gunny Hartman knows that some of us are more equally worthless than others. That’s why he gets right in the face of us Texas boys and screams:
Texas? You’re from Texas?
The only things from Texas are steers and queers. Which one are you?
At the end of the day, Gunny’s yelling and screaming did good things for those of us who made it through bootcamp. Taught us that yeah, until we accomplish something of merit or worth, we all really are worthless and that we’re not the only person on this earth.
A lesson that sorely needs to be taught nowadays; maybe shut up all the snowflakes who can’t follow the rules (Jesus Jetbridgers and folks who can’t fly without their fake ‘service animals’) or complain about every little thing (all those wingeing about airline ‘loyalty’ and upgrades).
Since they know anyway maybe they’ll stop asking me where I’ve been when I reapply for Global Entry.
No, the Government can track where you travel? Really?
@Gentleman Jack Darby — FMJ is indeed a great film. Incredible realistic acting by R. Lee Ermey, who was an actual US Marine drill instructor in 1965-67. In an interview in 1987, he analogized that drill sergeants are ‘acting,’ and while verbal and physical abuse is not condoned in the military (or otherwise), there are those that ‘go over the speed limit,’ like his portrayal of the fictional Gunny Hartman. Such ‘harshness’ may be more appropriate to prepare new recruits for a vicious war, but that won’t work everywhere. For instance, if airlines treat their ‘customers’ that way, they’ll probably lose a lot of business. Bah!
@ 1990. I had a “don’t tread on me flag” up in my dorm room in 1967 & I believe that I, and everyone else, owns their own data.
@Jack the Ladd — On this, we agree.
The DMV in many states have been selling your data for years
@ 1990. Privacy … that ship has sailed a long, long time ago. I’ve had “security” confirmation questions that asked about topics such as cars, schools and real estate that I was associated with years, and I’m talking like 40-50 years, ago. Some of these questions are so off-the-wall that it both amazes and concerns me.