Last week, the Government Accountability Office (GAO) reaffirmed [PDF] in a letter to Congress that the Transportation Security Administration (TSA) violated the Privacy Act, lying to the public about collecting and using private data in testing Secure Flight. The letter also reveals that the TSA collected over 100 million records from commercial data providers.
But TSA's deception and privacy-invasive practices don't stop there. According to an AP story, the TSA plans to test whether commercial data could help find terrorist "sleeper cells." "We are trying to use commercial data to verify the identities of people who fly because we are not going to rely on the watch list," said Justin Oberman, who's in charge of Secure Flight. "If we just rise and fall on the watch list, it's not adequate."
That blatantly contradicts what the TSA previously said about Secure Flight. While its predecessor, CAPPS II, would have mined commercial data to predict who might be a terrorist, Secure Flight was supposed to use the data only to match names to existing watch lists (see the March 2005 GAO report; PDF).