US airlines have been clandestinely selling passenger data to Customs and Border Protection (CPB) via a corporation owned by several larger carriers that process passenger data. Alarmingly, the contract for the data prevents CBP from admitting where they got the data.
Leaked Contract Shows US Airlines Secretly Shared Travel Data With Border Patrol
As flagged by View From The Wing, the Airlines Reporting Corporation (ARC) is a data clearinghouse owned by nine large carriers, including:
- Air Canada
- Air France
- Alaska Airlines
- American Airlines
- Delta Air Lines
- JetBlue Airways
- Lufthansa
- Southwest Airlines
- United Airlines
(Hundreds of carriers from around the world rely on ARC for ticket settlement services)
A 404 Media investigation has revealed that ARC is selling CPB passenger information on bookings made via online travel agencies like Expedia and Orbitz, including:
- passenger names
- full domestic flight itineraries
- payment details
- frequent flyer details
- special requests like meals or wheelchairs
CPB buys this information “to support federal, state, and local law enforcement agencies to identify persons of interest’s U.S. domestic air travel” as part of its Travel Intelligence Program (TIP). TIP data is “updated daily with the previous day’s ticket sales, and contains more than one billion records spanning 39 months of past and future travel.”
The ARC contract specifies that government agencies cannot reveal the source of its flight data (CBP may “not publicly identify vendor, or its employees, individually or collectively, as the source of the Reports unless the Customer is compelled to do so by a valid court order or subpoena and gives ARC immediate notice of same.”)
How much did CPB pay for this data? Shockingly, only $11,025.
My Thoughts
US Senator Ron Wyden (D – OR) has condemned this news as “shady,” explaining:
“The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans’ sensitive information, revealing where they fly and the credit card they used.”
While I don’t really expect any of my purchases or internet activity to be private, I find it interesting that ARC specifically asked CBP to shield the source of its information. It’s rather revealing that ARC, at the very least, knows that sharing this personal information to the federal government will not be popular with consumers.
I’m wholly against the “if you have nothing to hide, you don’t have anything to worry about” mindset and strongly believe in safeguards regulating data privacy, especially in the current political climate, but going back to the 2001 USA PATRIOT Act, I just am not surprised by anything concerning data security.
CONCLUSION
US airlines are selling data to the US government via a shell company called ARC on domestic travel patterns. While this may not be illegal, ARC has strongly pushed CBP to hide the source of its information, suggesting a certain unease with this data sharing.
Are you surprised by this news?
image: CBP
Even the spy movies from the 1970’s had people travel with fake IDs and fake passports. The credit bureaus also could tabulate this info, too.
With AI, there could be information on where Matthew will likely be flying on June 12, 2037!
File this under things people shouldn’t care about.
We all know there are ways that CBP obtains information about arriving passengers, as it should. How it gets to them is of no concern to me. The additional information about, for instance, flights within the US are helpful to corroborate information provided during immigration interviews. Many lie in these interviews.
And to apprehend the bad actors , which will be good for the innocent citizens .
It depends on who gets to determine who is a ‘bad actor’
Some current supporters of this strategy may change their tune when President AOC is coming for them.
This is all very sinister in an AI powered world
The * bad actors* are TACO and his sycophants along with the line of criminals buying pardons.
All that guy did was defraud his employees and the government for millions. He deserved a pardon! It’s not like he took space available seats on domestic Spirit Airlines flights. That’s what earns you hard time
We are moving into an era similar to McCarthyism. While not communism, this gathering of data can serve as accusation of loyalty/disloyalty to the current administration where actual facts are unimportant. Data can be manipulated.
Anyone expecting to have any privacy in 2025 is living in a parallel reality. Basically, everything you do is being recorded, filmed, noted, shared, sold, etc…. in some way or another. Unless you live under a rock in the middle of nowhere without access to internet, phone, etc… you have no privacy. Everywhere you go you see cameras, phone calls are always recorded, a simple search online can show your full name, your home address, how much you paid for your home, etc…. Thus, in my case, I couldn’t care less. Different than Matthew, since I have nothing to hide, I pay my taxes, I follow the law, I do everything “by the book” so whatever. I personally think I have way more important things to worry about than anyone looking at my name, address, etc…
So what are you suggesting that Matthew is hiding?
Not at all. All I am saying that anyone that thinks their personal information is not fully available already is naive.
“Different than Matthew, since I have nothing to hide,”
You literally alluded to it.
He’s not hiding, or smuggling anything, unlike the bone smugglers here. Especially the one who came back after throwing a fit and disappearing for months.
I think you’re gay. I mean seriously. You have a weird obsession with it all.
Oh he is something all right.
Let’s first start with using the correct acronym, CBP, for Customs and Border Protection. This is the parent agency of multiple entities.
Next, let’s make sure we educate your readers on the functions of CBP. The Office of Field Operations (OFO), who wear blue, and most of your readers have encountered at air and sea ports, is responsible for 300+ legal ports of entry. OFO takes in a diverse amount of information via the National Targeting Center, established after 9/11, given the intelligence failings of that attack. (https://en.m.wikipedia.org/wiki/National_Targeting_Center). DHS has been fairly transparent about the data they collect (https://www.dhs.gov/publication/automated-targeting-system-ats-update). This type of contract is not unusual, although the clause of non disclosure may be unusual, in fairness. ARC did agree to it, however. One can debate or wonder if there was pressure on that.
Then there is US Border Patrol, who wears green. They are responsible for people who illegally cross BETWEEN the ports of entry. They are generally not law enforcement your readership would encounter, nor are they the ones likely ingesting the information you refer to.
For completeness, CBP also had an Office of Trade and Air and marine operations, both not relevant to this post.
This is your blog, and I appreciate your post about politics some months ago. But if you are going to dive into operations of government agencies, please do so with accuracy, research and transparency. There is a valid argument to explore the balance of border security, national security, and privacy issues. I found them oddly absent the previous administration despite things like: PIA #003(c) – ACE Truck Manifest Modernization (2023 update) And Border Searches of Electronic Devices PIA (#008, 2024 update) which involve collections of phone information one might consider concerning if one is privacy focused as you are now with the new administration.
You sound like a govt shill. You are the problem. Trying to justify the fascist behavior and think just because it is legally right it isn’t morally reprehensible . New administration blah blah. Detestable you are.
I’m surprised to see Lufthansa on that list considering that Germany actually has laws protecting privacy. It seems that profiting off of a clandestine agreement with the US government to sell passenger data would certainly run afoul of German law.
There is no free anonymous world anymore. They know everything about you.
Get Over It!! There is no privacy anymore….in part due to our own stupidity!!
Every time you swipe your debit/credit card, you leave behind a footprint.
When you carry your cell phone, you put a tracer in your pocket.
Every time you use a phone app, you create a record.
Even your DNA is on file if you were stupid enough to spit into a tube for 23&me which is in bankruptcy and will sell its DNA data to payoff debts…your love child awaits confirmation.