FOIA Request from the ACLU to the TSA Concerning JetBlue's Privacy Violations
Patricia M. Riep-Dice
Transportation Security Administration
TSA Headquarters-West Tower
4th Floor, TSA-20
601 South 12th Street
Washington, DC 22202-4220
Director, Freedom of Information & Security Review
Department of Defense
1155 Defense Pentagon, Room 2C757
Washington, DC 20301-1155
Department of the Army
FOIA/Privacy Acts Office
7798 Cissna Road, Suite 205
Springfield, VA 22150-3197
Re: Freedom of Information Act Request
This is a request pursuant to the Freedom of Information Act (5 U.S.C. § 552) for all agency records (including, but not limited to letters, correspondence, tape recordings, notes, data, memoranda, reports, email, computer source and object code, technical manuals, technical specifications, or any other materials) held by the United States Transportation Security Administration (TSA), the U.S. Department of Defense (DoD) and/or the U.S. Department of the Army (Army) regarding access and/or use of JetBlue Airways (JetBlue) passenger data in connection with various security systems. This request includes, but is not limited to documents regarding Torch Concepts' Homeland Security Airline Passenger Risk Assessment (APRA) program as well as access and/or use of JetBlue passenger data in connection with the Computer Assisted Passenger Prescreening System II (CAPPS II).
Moreover, this request includes, but is not limited to documents regarding:
- What personal data has been obtained, including, but not limited to documents regarding the types of personal data that have been obtained, the contents of any personal information databases related to such systems, and the number of individuals whose personal data has been obtained;
- How that data was obtained, including, but not limited to documents regarding how such data was selected for use in the relevant security systems (including, but not limited to APRA and/or CAPPS II), any agreements and/or contracts to obtain such personal data, including, but not limited to agreements and/or contracts with JetBlue and or Acxiom Corporation (Acxiom), and any requests by the TSA, the DoD and/or the Army for such information, including, but not limited to a request from the DoD to JetBlue to provide JetBlue passenger data to assist Torch Concepts with a project regarding military base security;
- The specifications for any security system (including, but not limited to APRA and CAPPS II) that collected or used such data, including, but not limited to documents regarding storage capacities, throughput (e.g. number of identity files processed per hour), types of computers used, and user manuals;
- How such data was used, including, but not limited to documents regarding any procedures for analyzing the data, any procedures for cross-referencing JetBlue passenger data with data obtained from non-JetBlue sources (including, but not limited to data obtained from Acxiom), the results of any tests, including, but not limited to any logs or other written descriptions of how any such systems is and/or has been used, the accuracy rates of any such systems while in operation and assessments of the individuals whose data was collected and used, the retention of any such data, including, but not limited to retained records or results, the record retention policies pertaining to these systems, any documentation of the approval of the retention policies by the TSA, the DoD, the Army and/or their contractors, how any of the aforementioned data will be destroyed, and documentation of any policies permitting such destruction, any procedures in place to protect the privacy of the individuals whose data was accessed and/or used, a complete list of all recipients of such data;
- Any legal analyses regarding the collection and use of such data for security systems (including, but not limited to APRA and CAPPS II), including, but not limited to documents regarding whether the collection and use of such data in connection with such security systems violates international, Federal, state and/or local privacy laws and whether the collection and use of such data for such security systems violates international, Federal, state or local discrimination laws; and
- Meetings regarding access and use of this data, including, but not limited to documents regarding a June 2002 meeting between representatives from the TSA and the U.S. Department of Transportation regarding the Homeland Security Airline Passenger Risk Assessment project, a meeting held on or about April-May 2002 meeting with a Congressional liaison-arranged meeting with Homeland Security Airline Passenger Risk Assessment project officials and TSA officials, meetings between TSA officials and Acxiom representatives, meetings between TSA officials and Department of Defense representatives and meetings between TSA officials and Army representatives.
This request also includes, but is not restricted to information regarding similar tests being conducted by any public and/or private agency or organization.
We request a fee waiver pursuant to 5 U.S.C. § 552(a)(4)(A)(ii)(II) & (iii), 68 Fed. Reg. 4063 and DoD Directive 5400.7 C 220.127.116.11.1 because the subject matter of the requested records concerns the operations and activities of the Federal government, the disclosure is likely to contribute to an understanding of Federal government operations or activities, disclosure of the requested information is in the public interest, the contribution to public understanding of Federal government operations or activities will be significant, and, as a non-profit 501(c)(3) organization, we do not have a commercial interest that would be furthered by the disclosure of the requested information.
We seek expedited review of this FOIA request because this information relates to impending policy decisions to which informed members of the public might contribute. Timely public access to these materials is necessary to fully inform the public about the issues surrounding airport security devices and related technological developments.
Specifically, we request expedited access pursuant to 5 U.S.C. § 552(a)(6)(E)(v)(II) and 68 Fed. Reg. 4059 and DoD Directive 5400.7 C 18.104.22.168 which allows such processing when a requester ""primarily engaged in disseminating information"" shows an ""urgency to inform the public of an actual or alleged Federal government activity."" We further note that this ""exceptional need or urgency for the records"" is such that it ""beyond the public's right generally to know about government activity"" and ""warrants prioritization"" of this request ""over other requests that were made earlier."" Access and use of airline passenger data is a matter of great importance because it raises serious questions as to the government's willingness to protect individual privacy and civil liberties. The access and use of JetBlue passenger data in connection with various security programs have already engendered a considerable amount of press coverage-a clear indication of the ""urgency to inform the public"" on this issue. (See, e.g., Ryan Singel, JetBlue 'Fesses Up, Quietly, WIRED NEWS, Sept. 19, 2003; JetBlue Gives Away Passenger Info To TSA? SLASHDOT, Sept. 18, 2003; Ryan Singel, JetBlue Shared Passenger Data, WIRED NEWS, Sept. 18, 2003; Cynthia L. Webb, Government IT Review, WASHINGTONPOST.COM, Sept. 18, 2003; Ryan Singel, JetBlue Data to Fuel CAPPS Test, WIRED NEWS, Sept. 16, 2003.) Any delays in responding to this request for records would compromise a significant recognized interest to and throughout the American general public.
Moreover, the American Civil Liberties Union Foundation (ACLU Foundation) meets the criterion laid out in National Security Archive v. Department of Defense, where a representative of the news media is defined as an entity that "gathers information of potential interest to a segment of the public" and "uses its editorial skills to turn raw materials into a distinct work, and distributes that work to an audience." 880 F. 2d at 1387. The ACLU Foundation publishes newsletters, frequent press releases, news briefings, right to know handbooks, and other materials that are disseminated to the public. Its material is widely available to everyone including tax exempt organizations, not-for-profit groups, law students and faculty, not to mention our 400,000 members. The ACLU Foundation disseminates information through publications available on-line at www.aclu.org as well. Thus the organization meets the pertinent regulatory requirements for expedited access as well as a fee waiver.
We have enclosed certification (for the purposes of expedited access) with this letter. If our request is denied in whole or part, we ask that you justify all deletions by reference to specific exemptions of the act. We expect you to release all segregable portions of otherwise exempt material, and we wish to have copies made and furnished of all such material. We reserve the right to appeal your decision to withhold any information or to deny a waiver of fees.
We look forward to your reply within ten calendar days, as required under 5 U.S.C. § 552(a)(6)(E)(ii)(I), 68 Fed. Reg. 4059 and DoD Directive 5400.7 C 22.214.171.124.
Christopher T. Chiu
Director, Technology & Liberty Program
To find out more about JetBlue's unauthorized release of their passenger's private data, please visit our JetBlue feature page.