Airline Passenger Data Sold to DHS in Secret by Data Broker, Hidden by Contract
Published on June 11, 2025
- A newly discovered practice in the airline industry involves the sale of passenger data to government agencies.
- The ARC data broker, owned by major airlines such as Delta, United, and American Airlines, reportedly sold data to DHS.
- The information includes passenger names, their full flight itineraries, and financial details.
The Airlines Reporting Corporation (ARC)–a data broker owned by major airlines such as Delta, United, and American Airlines–has been providing Customs and Border Protection (CBP), a part of the Department of Homeland Security (DHS), with access to U.S. domestic flight records.Â
This includes passenger names, flight itineraries, and financial details, raising red flags among privacy advocates, a 404 Media report says, citing documents obtained through a Freedom of Information Act (FOIA) request.
The data-sharing arrangement, part of ARC’s Travel Intelligence Program (TIP), allegedly serves as an investigatory resource to assist federal, state, and local law enforcement in identifying individuals of interest, and CBP is not to reveal where the data came from.
However, the information transfer occurs under directives that prevent CBP from publicly disclosing ARC as the data source unless legally compelled.
Critics argue that this raises significant privacy issues. Jake Laperruque, deputy director at the Center for Democracy & Technology, suggested the government is leveraging data brokers to bypass legal processes like warrants, undermining critical privacy guardrails designed to protect sensitive information.Â
Civil liberties advocates are calling for Congressional intervention to close what is being referred to as a "data broker loophole." ARC claims this initiative was implemented for national security purposes following the events of September 11.
The ARC data is updated daily, reportedly covering over a billion individual travel records, spanning 39 months of past and upcoming flights. Notably, this information includes data from ARC-accredited travel agencies, meaning travelers booking directly with airlines are excluded.
Privacy groups remain wary. With ARC mandating multi-factor authentication (MFA) only recently, concerns about how securely this sensitive data is managed persist.Â
Lawmakers, like Senator Ron Wyden, have initiated inquiries to airlines to clarify why ARC, which appears to be operated by at least eight major airlines, was permitted to sell customer data to the U.S. government, signaling a potential shift toward greater transparency in this gray area of data handling.Â
Related
Most Popular
Most Popular