I go through TSA every time I fly where they scan my ID and boarding pass containing all of this data. You're telling me the government went and paid money for that data separately when it already had it?
TSA is a government organizations. They paid to buy it from elsewhere in order bypass rules and perhaps even laws governing how government organizations can use their data
If the law says the agency can’t collect when they scanned your I’d and store it, or has to destroy the data it collected after a certain time, they can argue the law doesn’t prevent them from acquiring the data from a third party, or acquiring data they can internally convert to something functionally equivalent to the data they collected directly (and need to destroy, or are forbidden touse in certain ways).
It's more relevant when flying overseas i think. For instance if you buy a round trip to Sweden in USD and then a separate round trip in Kroner as a Swedish transaction to Iraq, it doesn't seem to set off alarm bells that buying a straight round trip ticket from NYC might since it appears to TSA you are just going and coming from Sweden.
Purchasing from data brokers in order to avoid getting a search warrant is just unambiguously against the Fourth Amendment, right? It’s amazing to me that this hasn’t been stopped by the courts.
The problem is a search warrant grants additional powers to a government agent, that a private citizen doesn't have. Whereas buying from data brokers is something anyone can do - it would be odd if a government agent had less authority than a random citizen.
On the other hand, it could be argued that buying this data amounts to hiring the airline to spy on you, no different than if they had hired a private investigator to follow you. But if everything is tracked and stored indefinitely, a mere warrant isn't much of a shield [1]. Nor does this solve the problem of corporate surveillance, which I see as just as big a threat.
The courts have a third party doctrine. If you willingly give your data to a third party (the airlines) it's not a violation for the government to also use it.
"Willingly" needs an update in the age of hidden and unreadable ToS agreements and data brokers. I willingly board a plane, which the airline takes to mean that I willingly agree to their contract of carriage, so I willingly hand over my data to a data broker that passes it to the government. But was I really agreeing to any of that?
You presumably know this but just to clarify for other readers: it's if you willingly give your data to a third party (the airlines) and the third party willingly gives it to the government, then it's not a violation for the government to use it.
Note there's an exception for cell tower data because courts ruled that cellphones are absolutely necessary for people to live their lives today. They collect so much data that applying Third Party Doctrine to that data is tantamount to a 24/7 100% carte blanche surveillance system across the entire country, so SCOTUS carved this one out.
Which is an insane doctrine in 2025 although I can see how it made more sense historically.
They gotta get a search warrant for a storage locker or bank box. They ought to have to get the same warrant for your gmail or fitness app records or whatever. "Papers and effects" and all that.
I don't think it is unambiguously against the fourth amendment. And in any case domestic flights are interstate commerce so with approximately similar authority you could claim it's unambiguously legal if authorized by Congress (which is very likely since IIRC all this business records stuff and any authority needed to spin activies off to contractors plowed through Congress after 9/11 and was implemented by Bush).
Being interstate commerce would only bring it under the jurisdiction of the federal government, it would not free the government from 4th amendment limits.
The 4th Amendment doesn't have anything to do with information that is freely sold by its owner. The 4th Amendment at best would apply when the government wanted to force it to be handed over against the company's will.
Nobody is forcing these companies to do this. They just happen to have stuff the government wants to buy and are more than happy to sell it for a profit. And Congress doesn't forbid it.
Same but absolutely not surprised about paying for it. Nobody in their right mind would expect any business to not sell everything they know about you unless explicitly regulated by Congress (health care and education records) and even for those you should expect lines to be maximally toed.
If you sell access to the data then buy it back, that basically lets you get it organized, formatted, and searchable for a fraction of the cost of developing and maintaining your own internal API’s, no?
All it costs is your citizens’ privacy, which if we’re being honest was never a priority in the first place.
Re: sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media.
Irrelevant and pointless. If CBP had such data where else could it come from?
Uncle Sam, who could legislate privacy protections, loves the fact there is so little protection. No need for legal channels and approvals when the data can be purchased directly or indirectly.
It could come from surveillance but yes indeed it's easier for all involved to take the capitalist route and pay someone for an integrated and curated dataset.
I go through TSA every time I fly where they scan my ID and boarding pass containing all of this data. You're telling me the government went and paid money for that data separately when it already had it?
TSA is a government organizations. They paid to buy it from elsewhere in order bypass rules and perhaps even laws governing how government organizations can use their data
If the law says the agency can’t collect when they scanned your I’d and store it, or has to destroy the data it collected after a certain time, they can argue the law doesn’t prevent them from acquiring the data from a third party, or acquiring data they can internally convert to something functionally equivalent to the data they collected directly (and need to destroy, or are forbidden touse in certain ways).
It's more relevant when flying overseas i think. For instance if you buy a round trip to Sweden in USD and then a separate round trip in Kroner as a Swedish transaction to Iraq, it doesn't seem to set off alarm bells that buying a straight round trip ticket from NYC might since it appears to TSA you are just going and coming from Sweden.
I sort of assumed when you use your passport, that it would inform the home country though?
> when you use your passport, that it would inform the home country though?
Depends on who is checking.
The article specifically says "domestic flight records"
Purchasing from data brokers in order to avoid getting a search warrant is just unambiguously against the Fourth Amendment, right? It’s amazing to me that this hasn’t been stopped by the courts.
The problem is a search warrant grants additional powers to a government agent, that a private citizen doesn't have. Whereas buying from data brokers is something anyone can do - it would be odd if a government agent had less authority than a random citizen.
On the other hand, it could be argued that buying this data amounts to hiring the airline to spy on you, no different than if they had hired a private investigator to follow you. But if everything is tracked and stored indefinitely, a mere warrant isn't much of a shield [1]. Nor does this solve the problem of corporate surveillance, which I see as just as big a threat.
[1] https://web.archive.org/web/20140718122350/https://www.popeh...
The courts have a third party doctrine. If you willingly give your data to a third party (the airlines) it's not a violation for the government to also use it.
"Willingly" needs an update in the age of hidden and unreadable ToS agreements and data brokers. I willingly board a plane, which the airline takes to mean that I willingly agree to their contract of carriage, so I willingly hand over my data to a data broker that passes it to the government. But was I really agreeing to any of that?
You presumably know this but just to clarify for other readers: it's if you willingly give your data to a third party (the airlines) and the third party willingly gives it to the government, then it's not a violation for the government to use it.
Note there's an exception for cell tower data because courts ruled that cellphones are absolutely necessary for people to live their lives today. They collect so much data that applying Third Party Doctrine to that data is tantamount to a 24/7 100% carte blanche surveillance system across the entire country, so SCOTUS carved this one out.
Which is an insane doctrine in 2025 although I can see how it made more sense historically.
They gotta get a search warrant for a storage locker or bank box. They ought to have to get the same warrant for your gmail or fitness app records or whatever. "Papers and effects" and all that.
I don't think it is unambiguously against the fourth amendment. And in any case domestic flights are interstate commerce so with approximately similar authority you could claim it's unambiguously legal if authorized by Congress (which is very likely since IIRC all this business records stuff and any authority needed to spin activies off to contractors plowed through Congress after 9/11 and was implemented by Bush).
Being interstate commerce would only bring it under the jurisdiction of the federal government, it would not free the government from 4th amendment limits.
The 4th Amendment doesn't have anything to do with information that is freely sold by its owner. The 4th Amendment at best would apply when the government wanted to force it to be handed over against the company's will.
Nobody is forcing these companies to do this. They just happen to have stuff the government wants to buy and are more than happy to sell it for a profit. And Congress doesn't forbid it.
I assumed that was happening. I'm only surprised that DHS had to pay for it.
Same but absolutely not surprised about paying for it. Nobody in their right mind would expect any business to not sell everything they know about you unless explicitly regulated by Congress (health care and education records) and even for those you should expect lines to be maximally toed.
I mean that I had imagined the DHS had some means of simply taking the data, for free.
Too much hassle and doesn't recycle taxes into pork and campaign donations.
Incentives ensure that Congress will always chose pork and campaign donations over handing the Executive a blank check every day of the week.
If you sell access to the data then buy it back, that basically lets you get it organized, formatted, and searchable for a fraction of the cost of developing and maintaining your own internal API’s, no?
All it costs is your citizens’ privacy, which if we’re being honest was never a priority in the first place.
Re: sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media.
Irrelevant and pointless. If CBP had such data where else could it come from?
Uncle Sam, who could legislate privacy protections, loves the fact there is so little protection. No need for legal channels and approvals when the data can be purchased directly or indirectly.
It could come from surveillance but yes indeed it's easier for all involved to take the capitalist route and pay someone for an integrated and curated dataset.
Selling private data isn’t capitalism. It’s totalitarian, via financial transaction.
Honestly, I'm surprised.
Sold, not simply handed over??
I would assume the government knows any flight I take on a US carrier, and any flight I ticket in the US.
Hope they got a good rate for it at least, unlike the BS where car companies sold data for pennies to insurance companies on driver behaviour.