The U.K. has a shitload of closed circuit television cameras (CCTV) almost everywhere you go. One local artist who realized that he was monitored almost constantly by the police decided to see how long it would take them to notice an 8 foot tall alien wandering on an empty street so he got some friends together and made it happen:

In short, it didn’t take very long for police to show up and they weren’t thrilled at the prank. Watching the video brings home just what living in such a society would be like for anyone who’s at all out of the ordinary. The idea of being constantly watched is chilling indeed and there are many who would love to replicate that sort of thing here in America. It’s already started in some places around the country. I suppose on the one hand it’s a good thing that the police are able to notice and respond to a potential threat so quickly, but it’s so easily abused and the hassle of dealing with countless false alarms is sure to cause many of them to discourage anything that would require them to waste time checking it out. Things like walking around in an 8 foot alien costume.

It also shows how unrealistic Doctor Who is. A police box suddenly appearing out of no where would be swarmed by the police within moments by the looks of it, let alone anything truly alien looking.

Found via Gizmodo.

The new FISA “compromise” bill that the Senate is about to pass makes me angry just to think about, but deep down I’ve long suspected that our government pretty much spies on us with impunity already. This Baltimore Sun news article pretty much confirms that suspicion:

“There’s virtually no branch of the U.S. government that isn’t in some way involved in monitoring or surveillance,“ said Matthew Aid, an intelligence historian and fellow at the National Security Archives at The George Washington University. “We’re operating in a brave new world.“

[...] The Bush administration argues that the privacy and civil liberties protections in place for surveillance not covered by the FISA rules are “unprecedented.“ In addition to the data-mining, use of financial transaction databases and satellite imagery, the surveillance includes monitoring the travel patterns of airline passengers.

[...] But critics say the safeguards don’t always work. Some blunders in the use of such protections have become public. New Yorker writer Lawrence Wright wrote in January about one such experience. In 2002, while he was researching The Looming Tower, his Pulitzer Prize-winning book on al-Qaida, two members of an FBI terrorism task force arrived at his home. Why, they asked, had his daughter been speaking with someone in the United Kingdom who was in touch with suspected al-Qaida operatives?

It wasn’t his daughter, he told them flatly. Wright himself had made the calls. And the person he contacted was a British civil rights lawyer who had asked him not to speak with her clients, some of whom are relatives of Ayman al-Zawahiri, Osama bin Laden’s chief lieutenant.

“My daughter is no terrorist - she went to high school with the Bush twins,“ Wright said. “I was taken aback. They were apparently monitoring my phones.“

Wright said he was particularly surprised because he was aware of protections supposedly in place to conceal his name and other identifying information that would have been gathered during the creation of transcripts of the call.

Wright said he doubted the government would have been able to get a warrant for the information, and he said he didn’t know how the FBI obtained his daughter’s name, let alone got the impression that she was communicating with the British lawyer.

It’s somewhat ironic to note that the new FISA bill actually has more civil liberties protections than the other domestic spying programs that aren’t covered by it. It makes me feel foolish for getting so worked up about the new FISA rules because, really, the cows got out of the barn a long time ago. There’s been reports of various abuses and misuses of these programs for years now and every time a government agency gets new powers, such as the FBI and its “security letters” thanks to the Patriot Act, it’s usually not too long before we hear about them being abused. If anything I suppose I should be angry that the new FISA bill provides the government with even more power it can abuse, not that they haven’t abused the system under the old rules already. They’re just trying to make it quasi-legal to do so now that everyone knows about it.

This article from ArsTechnica about an interview the Director of National Intelligence, Mike McConnell, gave to The New Yorker will send a few shivers down your spine:

US intel chief wants carte blanche to peep all ‘Net traffic - ArsTechnica.com

While short on specifics, the New Yorker piece recognizes that any plan requiring the kind of authority McConnell envisions is apt to be a hard sell: “Americans will have to trust the government not to abuse the authority it must have in order to protect our networks, and yet, historically the government has not proved worthy of that trust.“ McConnell acknowledges that his initiative is bound to spark debate that will make recent wrangling over reforms to the Foreign Intelligence Surveillance Act seem like “a walk in the park compared to this.“

How broad are the powers needed to keep our servers safe? According to the article, in order for cyberspace to be policed, Internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer, or Web search. “Google has records that could help in a cyber-investigation,“ he said. Giorgio warned me, “We have a saying in this business: ‘Privacy and security are a zero-sum game.‘“

Sayings like that, says security guru Bruce Schneier, “are why the police aren’t in charge; security and privacy are complimentary. Privacy is part of our security against government abuse. If they were really zero-sum, we would have seen mass immigration into East Germany.“

If the Director gets his way he’ll be looking at every single bit of data you send over the Internet. All in the interest of keeping you safe, of course. Never would they abuse that power. Honest. You can trust them. Really.

And if you believe that…

    Do you post on blogs? Send jokes to colleagues? Say anything at all that might be construed by anyone as objectionable?

    Well, from now on you had better do it under your own name and not a pseudonym or there could be fines and/or jailtime in your future (read the Cnet article here). It seems that on January 6th of this year “president” Bush signed a law called the ‘Violence against Women and Department of Justice Reauthorization Act” which has an section embedded in it (section 113 to be precise) which is titled “Preventing Cyberstalking”. So far everything I have written here seems pretty innocuous, designed to keep women and girls from being stalked and harrassed by online predators, and I’m all for that.  If I had ANY trust in our current pro-torture, pro-spying, pro-empire, criticism averse administration I might not even bat an eye at this. But I don’t have any trust left.

    How do you define annoying? If I asked 10 people for specific examples of what annoys them I am willing to bet I would get 10 different answers. Something that I find annoying, like prosteletizing, might be sacrosanct to someone else - so who decides? Bush probably finds it annoying that his spy ring has been exposed.  I find it absolutely necessary and downright patriotic. Since the audiences for his townhall meetings are preselected I bet he finds surprise questions and contrary opinions annoying. I find them amusing.

    Because I always post my annoying opinions under my own name, Eric Paulsen, I am safe from fines and jail time (at least in theory), but… why make it necessary that an “annoying” post be under a persons real name and not a psuedonym? Why would an administration that was developing the Total Information Awareness database (an enormous datamining tool), that thinks it is okay to tap the phone calls and read the e-mails of American citizens, and is trying to give the Executive branch limitless powers (“If this were a dictatorship, it’d be a heck of a lot easier…just as long as I’m the dictator…“ G. W. Bush—Washington, DC, Dec 18, 2000) want your real name attached to an “annoying” post. That’s a real puzzler there. Yup, a real puzzler.

    Well, here’s another post for my NSA file.

  I have been opposed to the Patriot Act ever since its inception.  Here is just another news item to support that view.  Proponents of the Patriot Act would have you believe that it is only used for “safety” purposes and only targets suspicious behavior.  First of all, who gets to define what constitutes “suspicious” behavior?  How often have governments in the past abused their access to such private information regarding their citizens?  While not downplaying the threat of terrorism, I am much more likely by the order of many magnitudes to die in a car accident than as the result of a terrorist action.  I am inclined to agree with Franklin’s sentiments about those who are willing to give up freedom for security deserve neither.  Anyway, here are some highlights from the news story.

A member of the American Library Association has sued the Justice Department to challenge an FBI demand for records, but the USA Patriot Act prohibits the plaintiff from publicly disclosing its identity or other details of the dispute, according to court documents released Thursday.

  I have subscribed to the Bill of Rights Defense Committee (BORDC) newsletters for the last several years.  It seems that librarians are doing more to try to protect our fundamental privacies than the average citizen is.  This is not the first case of a librarian bucking the feds over an overly invasive search of a patron’s browsing records.  Gee, how convenient for the feds that we “merely” ordinary citizens can’t even know what the dispute is over.

Justice Department and FBI officials have repeatedly declined to identify how many times Patriot Act-related powers have been used to seek or obtain information from libraries, but they have strongly urged Congress not to limit their ability to do so.

  No doubt they do this because the results would show that overwhelmingly their “fishing” excursions are less than useful and further erode the original freedoms, privacies, and liberties that we used to enjoy.

The lawsuit, originally filed under seal in Connecticut on Aug. 9, focuses on the FBI’s use of a document called a “national security letter,“ which allows investigators to demand records without the approval of a judge and to prohibit companies or institutions from disclosing the request. (emphasis mine) Restrictions on the FBI’s ability to use NSLs were loosened under the Patriot Act.

  Wow, they get to act as judge, jury, and executioner.  How fortuitous!  This is very similar to other provisions of the unPatriot Act where LEO can search your home and computer while you are not present and they don’t even have to notify you at the time.  “Fourth Amendment, what Fourth Amendment?“, chuckled George as the Patriot Act was made into law.  He was further heard to say, “Hell, I can’t even count past three- that damned Bill of Rights and Constitutional guarantees crap just confuses me.  It’s much easier just to ignore it.“

Attorney General Alberto Gonzales said during Senate testimony in April that the Justice Department “has no interest in rummaging through the library records or medical records of Americans” but that “libraries should not become safe havens” for terrorists or other criminals.

Gonzales said at the time that the FBI had never asked for records under a provision of the Patriot Act known by critics as the “library provision,“ which allows the government to demand records from a variety of businesses, including libraries, in intelligence probes.

But that provision is separate from the one that governs the kind of letter used in the Connecticut case.

  As he crossed his fingers behind his back.  What a bunch of lying thieves!  Well, hopefully, the neo-cons are on the wane and we will see the return of true conservatives who are interested in reining in Big Brother and protecting the rights and freedoms of individuals.

Calif. school requires radio ID tags for students

SUTTER, Calif. - The only grade school in this rural town is requiring students to wear radio frequency identification badges that can track their every move. Some parents are outraged, fearing it will rob their children of privacy.

The short gist of the article is that a school has introduced RFID as a means of tracking students.

Security:
There are fears of people using RFID to “stalk” the students. But if I am not wrong the RFID range is not too far, so if someone was stalking the kids, it would be more effective and easier to use the old fashion way of skulking about in the shadows. Of course there are some who argue that if one can develop a long range tracking device that can be implanted into a child, there will be many parents seeking to buy such devices.

Query

- If such a device exist and you have a child who does not mind being “implanted” because she/he is such a sweetie patotie who does not want mommy or daddy to be unnecessarily worried and that she/he feels that such a device is akin to a “guardian angel” would you want your kid to be implanted?

Query

- What are the thoughts of the children, for those people that have school age going children on carrying such a device.

1984 and Big Brother:
I never really understood why the moment people talk about tracking or Identification Numbers everyone starts talking about 1984. After all in the utopic universe of Star Trek, all the people have the tracking device of the communication badge. As they say, its 12pm on a school day, do you know where your children are? Or what about “LoneStar” (the “tracking” device for your car, if I managed to get the name correct). Even the cellphones, which almost everyone seems to be carrying can track its signal to obtain the person’s location.

“TheSystem”
What if one is able to track the movement of everyone but such information is kept in the computer database and that one is only allowed to access them under a court order, say in the instances where the person is being charged with a crime. Is it so bad? Sure it may seem bad for one’s privacy to the extent that a non-sentient computer system knows your movement but as stated above a person’s movement can be tracked.

Query

- If such a system exists would you be for it or against it.

The Mark of the Devil
Here is something which I was wondering. Some people seem to believe that RFID is the so called mark of the devil. So can a student refuse to carry the RFID on grounds of religion? What if someone was to interpret a religion to state that students cannot be held after school say for detention. How far can religion go? In areas of education, specifically evolution, it seems that it can go all the way. But in areas where the purpose is for the safety and security of children it would seem that religion may not extend that far.

Edit: I have edited the text to correct some horrific typing errors.

In the process of renewing my passport, I came across an interesting development within the State Department.  It seems that many Americans have been entirely too happy as of late and they want to change that.  Actually, they are just changing the guidelines for identification photos.  As of January 1st, passport photos that portray a smiling subject will no longer be accepted.

ABC News - You better not crack a smile in your passport photo

December 3, 2004 — If you’re traveling out of the country in the near future you know what you have to do, check out that passport to make sure it’s still valid. And while you’re at it, take a good look at your old passport picture. Are you smiling? If you are, when you get your next photo taken, you won’t be.
That’s right. From now on the state department says we should wipe that smile off our face. They say it’s because when we smile, in a sense, we change our faces and we really don’t look exactly like us.
“No smiling, no frowning. The passport agency wants to see the person’s natural face in a relaxed state,“ said Karen O’Brien, manager “Travisa” Office in Chicago.
They say it has nothing to do with extra security. It’s just so immigration officers can more easily compare the real you with the photo you. So don’t go “cheese.“

“Nothing to do with security”?  I’d say it has everything to do with security.  As a matter-of-fact, I’d say it has everything to do with Facial Recognition.

Following 9/11 there were a bevy of security companies competing to

waste

earn our tax dollars.  Biometric industries seized the opportunity to peddle their wares and move into the Homeland Security Agency spotlight.  In June of 2002, the government sponsored a conference with all the biometric industry leaders and the focus was on facial recognition.  This is where FERET comes in to play.

The FERET program ran from 1993 through 1997. Sponsored by the Department of Defense’s Counterdrug Technology Development Program through the Defense Advanced Research Products Agency (DARPA), its primary mission was to develop automatic face recognition capabilities that could be employed to assist security, intelligence and law enforcement personnel in the performance of their duties.  Source: http://www.frvt.org/

The FERET program was terminated for several reasons: high cost, failure rate and privacy concerns were the major factors.  Following the conference in 2002, the FERET program was given new life and is now being used in collaboration with private companies.  The deployment seems to be moving ahead even though DARPA has openly stated that the improvements in accuracy have been minimal.  Companies such as Ratheon and Imagis have been closing key deals with government agencies.  It will only be a matter of time before security personnel know who you are before you even know they’re present.  Just don’t smile.

Here’s something I didn’t know before now, but it explains a lot: Apparently all color laser devices—printers, copiers, etc.—sold since 1995 have been encoding their serial number into every printout made from them so counterfeit documents can be traced by the government back to the source.

Peter Crean, a senior research fellow at Xerox, says his company’s laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the “serial number of each machine coded in little yellow dots” in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins.

“It’s a trail back to you, like a license plate,“ Crean says.

The dots’ minuscule size, covering less than one-thousandth of the page, along with their color combination of yellow on white, makes them invisible to the naked eye, Crean says. One way to determine if your color laser is applying this tracking process is to shine a blue LED light—say, from a keychain laser flashlight—on your page and use a magnifier.

There have been a number of money and check frauds over the past several years which the Secret Service seemed to be able to crack wide open with amazing ease and speed and now we know why. The color laser printers used tattled on the suspects. Needless to say, this gives one pause to wonder how many other devices have similar “features” in them. It’s not even so much that I have a problem with this technology being in place as much as I have a problem with not knowing about it as it is ripe for abuse in the wrong hands. Something to think about the next time you make a print from a color laser printer or copier.

Found via Boing Boing.

Here is something of interest for those with concerns about privacy:
http://www.theglobeandmail.com/servlet/story/RTGAM.20041029.wscoc1029/BNStory/National/
http://www.lexum.umontreal.ca/csc-scc/en/com/2004/html/04-10-29.3.wpd.html

This is a decision from Canada relating to the use of heat detecting equipment and whether or not such action runs afoul of the right to privacy and violates the reasonable expectation of privacy.

Basically the equipment is fixed to a plane and it flies across the area taking heat signatures and then it compares the signature to what is the normal heat signature. I could not remember if it was this case or another one where basically what the police did was to obtain electricity usage and from there compare it to a normal residence to determine whether there was growth of drugs in the house. Apparently drugs requires one to use a lot of energy up to 4x the normal and as a result produces quite a bit of heat.

The judgment included this line “FLIR technology at this stage of its development is both non-intrusive in its operations and mundane in the data it is capable of producing,“ which suggests that this decision may not stand in future circumstances. Of course a funny result would occur if a new technology is found to be intrusive. Therefore police might have to use older technology to engage in surveillance.

Given that the court did say that the “The nature of the intrusiveness is subtle, but almost Orwellian in its theoretical capacity,“ one question is: How far of intrusiveness is required before the balance tips from protection to privacy?

Personally, I believe that I often come down on the side of greater surveillance powers and capabilities.

Upon recommendation from the Sept. 11th commission, the US Congress has seen fit to establish something of a National ID Card system.  While the card won’t be issued at a federal level, it will require all the information including the ID Number to be standardized across the board.

Congress Close to Establishing Rules for Driver’s Licenses
By MATTHEW L. WALD, New York Times
WASHINGTON, Oct. 10 - Following a recommendation of the Sept. 11 commission, the House and Senate are moving toward setting rules for the states that would standardize the documentation required to obtain a driver’s license, and the data the license would have to contain.

Critics say the plan would create a national identification card. But advocates say it would make it harder for terrorists to operate, as well as reduce the highway death toll by helping states identify applicants whose licenses had been revoked in other states.

The Senate version of the intelligence bill includes an amendment, passed by unanimous consent on Oct. 1, that would let the secretary of homeland security decide what documents a state would have to require before issuing a driver’s license, and would also specify the data that the license would have to include for it to meet federal standards. The secretary could require the license to include fingerprints or eye prints. The provision would allow the Homeland Security Department to require use of the license, or an equivalent card issued by motor vehicle bureaus to non-drivers for identification purposes, for access to planes, trains and other modes of transportation.

The bill does not give the department the authority to force the states to meet the federal standards, but it would create enormous pressure on them to do so. After a transition period, the department could decide to accept only licenses issued under the rules as identification at airports.

The House’s version of the intelligence bill, passed Friday, would require the states to keep all driver’s license information in a linked database, for quick access. It also calls for “an integrated network of screening points that includes the nation’s border security system, transportation system and critical infrastructure facilities that the secretary determines need to be protected against terrorist attack.“

  Full Story 
Ah, the joys of living in a fear based society.  As you can see, advocates are already touting fine examples of the law’s implementation outside the scope of the intended usage.

For some reason the first thing that came into my mind when I read this was my unpaid parking ticket in New Jersey.

As my first attempt to post a story here at SEB, here is a story near and dear to my heart… [cross posted at my Asylum]

The Spy Act, an Anti-Spyware legislation passed this morning in the House of Representatives 399-1 — HR 2929 I believe is the version of this that passed.

The bill, sponsored by Rep. Mary Bono (R-CA) provides guidelines for technology companies that distribute software capable of most types of electronic monitoring. It requires that consumers explicitly choose to install such software and agree to the information being collected.

So now you will have to be given the option to install this crap on your computer… a good first step. This version sponsored by Rep. Bono will impose fines on companies who break the law, but another anti-spyware bill will also be coming to a vote shortly which will impose criminal penalties as well. This bill (HR 4661) is sponsored by Rep. Robert Goodlatte (R-VA).

The chairman of the Energy and Commerce Committee, Rep. Joe Barton, R-Texas, said Goodlatte’s anti-spyware bill was preferable because of its criminal sanctions, and Barton said he will work to combine both proposals for a final vote by year’s end.

Barton acknowledged that experts had recently found more than 60 varieties of spyware installed on the panel’s own computers. He said all the spyware programs had been installed without the permission of computer users.
-Source: Yahoo! News

Rep. Bono’s bill explicitly permits software from the FBI and other ‘spy agencies’ to be installed on computers without the owner’s consent under a court order or other legal permissions affecting federal departments. (Or in the case of the Patriot Act, the whim of the Attorney General).

Way back in December of 2002 I wrote a small entry on Nicholas and Mary Monahan and their run-in with airport security. I was appalled at their treatment to say the least. Now I get word that a fellow blogger has had a less outrageous, but still very upsetting encounter with Federal TSA screeners as well. John of John P. Hoke’s Asylum warns us that the TSA Screeners apparently are allowed to use their discretion in determining which of your personal belongings they can steal… er… I mean “confiscate.“

I arrive at the airport, check my bags and head on down to the Security Screeners, these supposedly well trained, well mannered Federal Employees. I took both of my laptops out of their bags, and along with my shoes, jacket and carry on bags, placed them on the conveyor belt to the x-ray machine.

One screener asked to manually inspect one of my bags, knowing that I had nothing in it that was prohibited based on the TSA’s own site I allowed the search. This inspector found a lighter that I was given by my step daughter for our first Father’s Day together. It was a cigar lighter that did not run on Liquid Fuel, but gas. (Unabsorbed Liquid fueled lighters are prohibited based on the above PDF). He looked at it and exclaimed, “Wow I have always wanted one like this”. Then proceeded to tell me that he had to confiscate my lighter.

John challenges the screener’s judgment and proceeds to ask to speak with a supervisor. The supervisor pretty much tells him to fuck off and tries to dissuade John from filing a formal complaint via an attempt at physical intimidation. John took the form, got on his flight, and plans to follow up his initial entry with more as the story progresses. I’ll honestly be very surprised if he gets any justice out of this whole ordeal, but I fully support and encourage him to try.

This is the sort of crap that the Bush administration has brought us. When you can’t carry fucking fingernail clippers on an airline flight because it might be a weapon you know we’ve descended to new levels of silliness. Seriously, what the fuck is a terrorists going to do with fingernail clippers? Threaten to give the flight crew a really bad manicure if they don’t comply with his demands?? Man, I’m glad I don’t fly anywhere these days. I probably would’ve gotten arrested.

Seems the old adage that “the customer is always right” may be losing it’s appeal among retailers fed up with what is known in the industry as “demon shoppers.“ The folks at Best Buy, for example, are trying to find ways to better deal with problem shoppers that eat into their profits by taking advantage of the system.

The customer is always right? Not anymore. - SFGate.com

Like a customer who ties up a salesworker but never buys anything, or who buys only during big sales. Or one who files for a rebate, then returns the item.

“That would be directly equivalent to somebody going to an ATM and getting money out without putting any in,“ Brad Anderson, Best Buy’s chief executive, said in a recent interview. “Those customers, they’re smart, and they’re costing us money.“

Anderson said Best Buy was tightening its rebate policies in the case of customers who abuse the privilege, but declined to say what else his company was doing to discourage its most costly customers.

Chris Miller sent this article to me as an illustration of one way that stores use data mining techniques to gather info on their customers—in this case on problem customers. I know some folks who don’t like Best Buy, but for me walking into that store is as close as I get to a religious experience. Their prices aren’t bad and their selection is good and they’re not totally against you taking advantage of a good deal. For example, they offer a number of gift cards aimed at different sorts of people including one for video gamers that includes a $5 off coupon on any video game purchased. You can effectively save five bucks on a new video game by buying one of these gift cards and then turning around and immediately applying it and the coupon to your video game purchase. This is apparently a common enough practice that when a friend of mine and I were in a local Best Buy recently so that he could buy a gift card for a niece’s birthday. He also decided to buy himself a video game while he was there and when we got to the counter the cashier asked if he wanted to use the gift card to buy the game so he could use the coupon. It took us a moment to figure out what she was asking.

I have to admit that the idea of Best Buy having that much of a clue as to who I am and how I shop is a little creepy, but at the same time I can’t fault them for collecting the data. The truth is I know some folks who use Best Buy as the ultimate rental shop. They’ll order an uber video card online for a cheap price, but can’t stand waiting for it to arrive in the mail so they’ll go to Best Buy, buy exactly the same card at full retail, use it until their other card arrives in a week or so and then return the card they bought from Best Buy before the 14-day-no-questions-asked-return-period is up. They’re not breaking any rules, but they are taking advantage of Best Buy’s generous return policy and that just feels wrong to me. I hadn’t even considered the idea of buying something with a rebate, filing for the rebate, and then returning the item.

So on the one hand it’s a classic example of how the big companies make use of the data they collect from you every time you buy something with plastic or fill out that lengthy return form when you bring something back to the store and shows the power to invade your privacy that data mining allows, but on the other hand when you consider what some folks are putting these stores through it’s kinda hard to blame them for taking this approach.

I’ve been following the developing story surrounding revelations that various airlines and travel agencies have secretly turned over sensitive passenger data to the Transportation Security Administration without the passenger’s knowledge or consent. TSA officials then lied about this to other government agencies and the public. Wired News has an article up about testimony from acting TSA chief David Stone that indicates that five major airlines and two airline reservation companies provided data to the TSA or its contractors in 2002 and 2003. His testimony contradicts numerous statements made by both airline and government officials.

Delta, Continental, America West, JetBlue and Frontier Airlines secretly turned over sensitive passenger data to Transportation Security Administration contractors in the spring and summer of 2002, according to the sworn statement of acting TSA chief David Stone. In addition, two of the four largest airline reservation centers, Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.

This is the third time in the past nine month that knowledge of the scope of secret information disclosures by airlines has expanded, and now six of the 10 largest airlines are known to have given data to the government secretly. Stone’s disclosure also raises questions about whether TSA officials intentionally withheld information from previous inquiries by the Government Accounting Office, members of Congress and the Department of Homeland Security’s chief privacy officer, Nuala O’Connor Kelly.

In addition, the TSA or its contractors may have violated the Privacy Act, which prohibits the government from compiling secret databases on Americans. Officials could face civil and criminal penalties.

If you recall the folks at the TSA have been working on a passenger screening system known as CAPPS II, which in theory is supposed to help pick out potential terrorists by comparing a passenger’s airline reservation information to various commercial databases, a terrorist watch list and a criminal warrant database. CAPPS II has already been banned from deployment by an act of Congress until it receives GAO approval that it complies with eight privacy and effectiveness criteria and as of a February report the GAO said CAPPS II only met one of those requirements. It’s not even deployed yet and it’s already embroiled in a major privacy issue scandal.

Wired goes on to list off various false statements given by TSA officials including Stone’s predecessor, retired Adm. James Loy, who when questioned by the Senate Governmental Affairs committee in July of 2002 on if any real world data had been used to test CAPPS II replied that only dummy data had been used.

Loy’s sworn written response was, “No. TSA has not used any (passenger) data to test any of the functions of CAPPS II.“

Two TSA spokesmen also made false statements to Wired News about the extent of the transfers.

After the JetBlue transfer was brought to public attention in September 2003, TSA spokesman Brian Turmail told Wired News that the TSA had never used passenger records for testing CAPPS II, nor had it provided records to its contractors. In September 2003, Wired News asked TSA spokesman Nico Melendez whether the TSA’s four contractors had used real passenger records to test and develop their systems. Melendez denied it, saying, “We have only used dummy data to this point.“

“Our agency was only five months old at the time” when these four companies were developing their systems, Melendez said. “We did not need the data at that time.“

The TSA has also not released any information about the JetBlue contractors to Freedom of Information act requesters, even though it granted requests expedited status in the fall.

The data transfer revelations started in the spring of 2003, when privacy activist Bill Scannell launched a boycott of Delta for its role in helping test CAPPS II. But the first real proof of extensive data sharing came in September 2003, when Wired News reported that JetBlue had turned over its entire passenger database to a defense contractor studying passenger profiling algorithms.

JetBlue apologized for the violation of its privacy policy, describing it as a one-time mistake. But it wasn’t a one-time event. The upstart airline transferred passenger data not one but three times, according to Stone’s statement.

There’s more in the article on further false statements and failures to inform the GAO about asking for the data in the first place, but you can go read the rest for yourself. This could blow up into a major mess pretty soon with possible criminal investigations as well as class action lawsuits. With any luck it might even bring about an end to CAPPS II as it’s debatable how effective it would be anyway, but that may be hoping for too much.