Back to Hub

Airlines Secretly Selling Passenger Data to the Government

Airlines Secretly Selling Passenger Data to the Government: A Privacy Breach Exposed

Recent revelations confirm that major U.S. airlines, including Delta, American Airlines, and United, have been covertly selling domestic passenger flight records to Customs and Border Protection (CBP) through a data broker. Internal CBP documents, obtained by 404 Media, reveal that the airlines’ data broker, owned collectively by these carriers, collected and monetized travelers’ flight data while explicitly instructing CBP to conceal the data’s origin. This arrangement raises alarming questions about privacy, consent, and government surveillance.

How the Data Was Collected and Shared

The airlines’ data broker, operating under the guise of industry collaboration, aggregated passenger flight details—including names, itineraries, seat assignments, and payment methods—under the pretext of "operational efficiency." However, the data was repurposed and sold to CBP for undisclosed surveillance purposes. The contract included a non-disclosure clause preventing CBP from revealing the airlines’ involvement, effectively bypassing transparency requirements.

Cybersecurity and Privacy Implications

This incident underscores the risks of unregulated data brokerage ecosystems. Passengers were never informed their data was being shared, violating principles of informed consent under frameworks like the General Data Protection Regulation (GDPR). The lack of encryption or anonymization in the data transfers also exposes travelers to potential misuse, such as profiling or identity theft.

For the cybersecurity community, this highlights the dangers of supply-chain data leaks—where third-party intermediaries become vectors for surveillance. The U.S. lacks comprehensive federal data privacy laws, allowing such practices to thrive unchecked.

Government Surveillance and Legal Concerns

CBP’s use of this data likely falls under its border security exception, which permits warrantless searches of electronic devices at borders. However, extending this to bulk flight records stretches legal boundaries, as it constitutes passive surveillance of domestic travelers without probable cause. Legal experts argue this could violate the Fourth Amendment, which protects against unreasonable searches.

Broader Industry Impact

This scandal mirrors past controversies involving telecom and social media companies sharing user data with governments. It reinforces the need for data minimization policies and stricter oversight of public-private data partnerships. Cybersecurity professionals must advocate for end-to-end encryption and zero-trust architectures to prevent unauthorized data exploitation.

Conclusion

The covert sale of passenger data exemplifies how corporations and governments can exploit legal gray areas to undermine privacy. As travelers, consumers, and technologists, demanding accountability and legislative action is critical to prevent further erosion of digital rights.
Original source: Schneier on Security
Published: 17/06/2025 Data Breaches

Comentarios 0

¡Únete a la conversación!

Sé el primero en compartir tu opinión sobre este artículo.