ACLU investigates CDC, Homeland Security deal

Responding to the revelation that the Department of Homeland Security (DHS) has reached a secret agreement to share airline passenger data with the Centers for Disease Control and Prevention (CDC), the American Civil Liberties Union (ACLU) said on Apr. 21 that it has asked the CDC to disclose details of the deal. "The tracking of data on airline passengers, which can amount to building lifetime dossiers on Americans, has been a hotly debated issue for many years–and now we find out that two government agencies may have agreed, behind the public's back, to share data," said Barry Steinhardt, Director of the ACLU's Technology and Liberty Project. "These agencies have no justification for instituting a major new data-sharing arrangement on this issue, with all of its implications for privacy, and keeping it hidden from public scrutiny and debate." The ACLU's request for information was filed as a Freedom of Information Act (FOIA) request for a copy of the memorandum and related information. Disclosure of the secret agreement comes at a time when the CDC is proposing controversial regulations that would require the airlines to collect and turn over a broad array of personal information on air travelers. In formal comments about the draft regulations submitted in March, the ACLU called the proposal "a coercive data grab that will allow the unregulated data surveillance of hundreds of millions of Americans." The surveillance of airline passengers through data collection has also been debated in the context of the government's failed "CAPPS II" program and its current "Secure Flight" program– both of which purport to protect against terrorism by collecting information on millions of travelers. The agreement was disclosed in comments on the CDC's draft regulations by the Air Transport Association of America, which said that a written "Memorandum of Understanding" between the two agencies reportedly includes "provisions for data sharing, including allowing CDC access to passenger information." That deal, Steinhardt said, appears to violate an agreement between the United States and the European Union over the sharing of European passenger data. Under the agreement, the European Commission found that US privacy protections were "adequate" to protect the privacy of Europeans under the EU legal standard (a finding that is currently being challenged by the European Parliament in the European Court of Justice). In return, DHS agreed that the passenger data would not be used for any purpose other than preventing acts of terrorism or other serious crimes. "Once again, we are seeing that DHS cannot be trusted to exhibit restraint in the handling of personal information," said ACLU Legislative Counsel Tim Sparapani. "They collect information, say they'll use it for one purpose, and then they turn around and use it for another." Added Steinhardt, "This provision violates not only the agreement with the European Union, but a core principle of privacy that is recognized around the world."