Most Americans are aware that their personal information is often up for grabs, but many probably wouldn’t expect that domestic flight records are part of that trade. When booking a flight, you might assume that your data is only shared with the airline and, maybe, your travel agent. Recent revelations, however, suggest otherwise. Internal documents indicate that major U.S. airlines are funneling detailed passenger data to lesser-known brokers, who then sell it directly to the Department of Homeland Security.
Which airlines shared their data and how did the travel intelligence program work?
Central to this issue is the Airline Reporting Corporation (ARC), jointly owned by major U.S. airlines such as Delta, American Airlines, and United. ARC primarily manages ticket settlements between carriers and travel agents. Yet, through a little-known initiative named the Travel Intelligence Program (TIP), ARC collects substantial amounts of data from domestic flight bookings, including passenger names, itineraries, and payment information.
Documents reveal that Customs and Border Protection (CBP), a part of the Department of Homeland Security, can access this data in order to monitor individuals across the U.S. CBP asserts that this access aids their criminal and administrative investigations. This sharing of data occurs without travelers’ knowledge or consent, and ARC reportedly asked CBP to keep its identity under wraps unless legally obligated to disclose it. Notably, CBP’s initial agreement with ARC was established in June 2024 and has already been extended through 2029. While the price for access may seem reasonable initially, it has surged from $6,800 to approximately $11,000 – raising significant implications.
What DHS collects from flight bookings and why is it a concern?
The ARC’s travel intelligence program does more than compile basic passenger manifests; it encompasses over a billion records that include both past and upcoming travel, updated daily. This information can be searched by name, credit card number, or through a travel agent. However, it’s worth noting that it generally excludes data from tickets bought directly through airlines’ websites, focusing mainly on third-party bookings like those made through Expedia.
DHS justifies TIP’s utilization in their public privacy assessments, claiming it facilitates active investigations. CBP echoes this sentiment, emphasizing that the data is only functional if open and available. Still, this normalization of extensive surveillance via third-party data purchases poses a troubling precedent, undermining existing protections against unnecessary intrusions.
This isn’t an isolated case. Last month, immigration and customs enforcement also allowed purchases of ARC data. Procurement records indicate that other federal agencies, such as the Secret Service, SEC, DEA, TSA, and even the Air Force, are similarly involved.
Six ways to protect privacy from data brokers
If you want to reclaim control over your personal information, here are six practical steps to help reduce exposure to data brokers.
1. Book flights directly on the airline’s website. Whenever feasible, avoid third-party travel sites, as they are a primary data source for ARC through the Travel Intelligence Program. Booking directly through the airline’s official site significantly reduces the likelihood of your data being shared or sold to government bodies.
2. Use virtual or disposable credit cards. Since the ARC system can query by credit card numbers, consider using a virtual or disposable card to make your flight purchases. These often allow you to create temporary numbers, making it harder for data brokers to link bookings to your identity.
3. Minimize shared booking information. Be careful with the data you provide during the booking process. Avoid entering superfluous details, such as frequent flyer numbers, unless absolutely necessary. Creating a unique email just for travel can also help reduce the chances of cross-linking your data.
4. Delete your information from the internet. To manage your personal data effectively, consider utilizing a data deletion service. Although no service can promise total erasure from the internet, certain ones can assist in continuously monitoring and automating removal from various sites over time.
5. Use privacy-focused browsers and email services. Opt for browsers like Brave or Firefox to limit tracking of your online activity. Setting up a secure email for bookings can further restrict how easily brokers can connect your travel info with your online profiles.
6. Consider identity theft protection services. If your data is compromised, services can help freeze accounts to prevent further fraudulent activity. Some companies also monitor information like Social Security numbers, alerting you if it’s being misused.
Important points to consider
The ARC scenario highlights a concerning trend of federal agencies bypassing traditional legal protocols to acquire sensitive data from private firms. Travelers now appear as mere data points in a wider ecosystem where information serves as currency. The fact that such transactions occur without informed consent rightly raises alarms for those who prioritize privacy.
