GAO: Security agency broke privacy laws

The Transportation Security Administration violated federal privacy law by failing to report exactly how and why it has collected personal data on nearly 250,000 airline passengers since last fall, according to a Government Accountability Office letter to Congress released Friday. Under the 1974 Privacy Act, federal agencies must post public notices outlining precisely how citizens' personal information is "collected, maintained, used and disseminated," the report said. The TSA twice delivered inaccurate and incomplete notices in fall 2004, the GAO concluded, when the agency began testing a new passenger prescreening program, known as Secure Flight, which would compare commercial airline reservation data against government "watch lists."

In response to the GAO findings, the TSA last month posted an updated notice intended to clarify its purpose. "However, that action does not excuse TSA's failure to meet basic Privacy Act requirements in carrying out this program," wrote Sen. Susan Collins, R-Maine, and Sen. Joseph Lieberman, D-Conn., in a letter to Department of Homeland Security Secretary Michael Chertoff.