U.S. Airlines Built A Secret Data Broker To Help The Government Spy On Customers
from the golden-era-of-hyper-surveillance dept
We’ve noted many times that there are two major reasons the U.S. doesn’t have a functional privacy law for the modern internet era. One, we’re too corrupt and greedy to do the right thing, causing us to prioritize making money over literally everything else — including public safety. And two, the government long ago realized it can bypass the need for a warrant by simply buying surveillance data from U.S. companies.
There have been some new revelations on that second point. A new report by 404 Media this week revealed that U.S. airlines have created a data broker whose primary purpose is to covertly sell user flight and other information to Customs and Border Protection (CBP). As part of the airlines’ contract with the government, it was demanded they not tell anybody about the program:
“The documents reveal for the first time in detail why at least one part of DHS purchased such information, and comes after Immigration and Customs Enforcement (ICE) detailed its own purchase of the data. The documents also show for the first time that the data broker, called the Airlines Reporting Corporation (ARC), tells government agencies not to mention where it sourced the flight data from.”
ARC is owned and operated by at least eight major US airlines, according to public documents reviewed by 404 Media. ARC’s Travel Intelligence Program (TIP) also monetizes your data in other nontransparent ways, including partnerships with travel agencies and air travel trend reporting. In a functional government with meaningful rules, authorities are supposed to get warrants for this data:
“While obtaining domestic airline data—like many other transaction and purchase records—generally doesn’t require a warrant, there’s still supposed to go through a legal process that ensures independent oversight and limits data collection to records that will support an investigation,” Jake Laperruque, deputy director of the Center for Democracy & Technology’s Security and Surveillance Project, told 404 Media in an email. “As with many other types of sensitive and revealing data, the government seems intent on using data brokers to buy their way around important guardrails and limits.”
The corporate monetization of your every behavior and location metric has resulted in a vast sea of nontransparent hyper-surveillance the government has zero interest in fixing. And should a U.S. regulator actually try — like the FCC’s recent attempt to fine AT&T for selling sensitive wireless user location data — the Trump-stocked courts are there to invalidate the efforts to the benefit of corporate power.
Documents indicate the government ambiguously claims to use this data “to support federal, state, and local law enforcement agencies to identify persons of interest’s U.S. domestic air travel ticketing information.” Airlines understandably didn’t want to comment on the new report.
Without reforms this sort of hyper-surveillance just gets consistently worse, more dangerous, and more secretive which is is extra problematic in an era where the U.S. government has fallen into historically corrupt authoritarian kakistocracy. The warnings have been relentless that we’re on an extremely dangerous path, but Congress, as always, remains too corrupt to function in the public interest.
Filed Under: airlines, cbp, customs and border protection, flight data, location data, privacy, security, surveillance
Companies: airlines reporting corporation, arc
Comments on “U.S. Airlines Built A Secret Data Broker To Help The Government Spy On Customers”
So which airlines aren't in it?
The 404 piece is lovely, but it’s a bit coy about just what airlines are involved; it says eight (but doesn’t name them), names nine with board representatives, and mentions that data from 240 flows through… but none of this provides the basic surveillance self-defense info of what airlines aren’t in on the surveillance cartel. It seems like we should be rewarding those airlines with our dollars.
Re:
Supposedly, your data isn’t in the TIP database if you get tickets directly from the airlines themselves like Delta. Whether this is actually true is questionable right now, I think, even if the documents say that it isn’t.
Re: Who ARC is, what it does, and what data it has
ARC is actually a longstanding transaction processor and financial clearinghouse that serves almost all airlines, not just its owners. Selling data is incidental to its core business. There’s more about ARC, what it does, what data it has, and how this differs from the government’s other datasets and access pathways for airline info in my article about this last month for the Identity Project:
https://papersplease.org/wp/2025/05/08/arc-sells-airline-ticket-records-to-ice-and-others/
Re: Re:
Yes, indeed. And thanks for the further work.
For anyone else: ARC has it’s own website. i don’t know if they outright say anywhere who founded it, but basically all the airlines use it.
Spreadsheet, even:
https://www2.arccorp.com/support-training/travel-agencies/participating-airline-information
It’s a thing that makes sense, like the BMV/DMV/WhateverMV, but who then decided at some point to sell all your info, because people are assholes.
So far, so good, it’s exactly what we can expect from the current administration.
With all bad persons coming or living in US, criminals, arsonists, shooters, rioters, judges, leftists, Democrats… there is at most 300M people to watch, so better broke as much data as possible on all citizens.
Since China is doing the same, why not the US.
Re:
Yeah, the current administration is 8 airlines who just took office a few months back and the data brokering is totally new.
Re:
Because we’re supposed to be better than China in that regard.
404 Media is an excellent site, but FYI Edward Hasbrouck broke this story on May 8 at Papersplease.org. Hasbrouck is the top expert on travel data privacy, which he has covered for several decades.
wg
Meh.
What is actually needed is a non-secret database of stupid design errors that can cause fancy airliners to nose-dive without warning.
Hmmm, come to think of it, does that problem occur in the white elephant Qatar was/is trying to palm off on the US? Asking for a friend.
It’s what we call “wetted surface” in aerohydrodynamics. In Computer Security, it’s called “attack surface”.
Storing all this info on citizens (and citizens of allies) means that when – as seems to be inevitable – those networks and databases are attacked and get compromised, the attackers also get to compromise the security of citizens as well.