A data broker, owned by major US airlines like Delta, American Airlines, and United, has been found to be collecting and selling domestic flight records of US travelers to Customs and Border Protection (CBP). According to internal documents acquired by 404 Media, the broker instructed CBP not to disclose the source of this data, which includes sensitive information such as passenger names, full itineraries, and financial details.
CBP, which operates under the Department of Homeland Security (DHS), defends its acquisition of this data as necessary for assisting state and local law enforcement in tracking individuals of interest across the nation. This arrangement has raised red flags among civil liberties advocates who express concerns over privacy violations and governmental overreach.
The internal documents offer unprecedented insights into DHS’s rationale for acquiring this information. These revelations follow an earlier disclosure by Immigration and Customs Enforcement (ICE), detailing its own procurement of similar data. The data broker in question, identified as the Airlines Reporting Corporation (ARC), has explicitly requested that government entities refrain from mentioning the source of the flight records.
Senator Ron Wyden criticized the actions of the airlines and ARC, stating that the major carriers are leveraging a dubious data broker to provide the government with broad access to sensitive information regarding American travelers, including their flight patterns and credit card usage.
ARC, which is governed by an assortment of major US airlines, includes representatives from Delta, Southwest, United, American Airlines, Alaska Airlines, JetBlue, and even international carriers such as Lufthansa, Air France, and Air Canada. Over 240 airlines rely on ARC for ticket settlement services, indicating its significance in the aviation ecosystem.
Beyond selling travel data, ARC operates as an intermediary between airlines and travel agencies, examines travel trends in collaboration with companies like Expedia, and contributes to fraud prevention efforts. The sale of US travelers’ information falls under ARC’s Travel Intelligence Program (TIP), which is designed to enhance law enforcement’s operational capabilities.
Documentation related to CBP’s contract with ARC specifies that the agency requires access to TIP data to help law enforcement agencies identify the air travel patterns of individuals of interest. This information has been described as “crucial” for both administrative and criminal investigations. The data provided through TIP is reportedly updated daily and encompasses over one billion records from the last 39 months.
While such data collection generally does not necessitate a warrant, experts have raised concerns about the lack of judicial oversight in the process. Jake Laperruque, Deputy Director of the Center for Democracy & Technology’s Security and Surveillance Project, emphasized that independent checks are crucial to ensure data acquisition supports legitimate investigations.
The CBP’s contract with ARC, initiated in June 2024, could extend to 2029. The recent documents reveal a contract transaction worth $11,025 with an additional update, signifying the exercise of “Option Year 1,” indicating a continuation of this partnership. These revelations underline the need for heightened scrutiny of data brokerage practices and their implications for personal privacy.
