It’s nice to see that this controversial practice will end, as sometimes public backlash does accomplish something.
In this post:
Airlines stop secretly selling passenger data to US government
Several months ago, I wrote about how airlines were secretly selling passenger data to the US government. The Airline Reporting Corporation (ARC), which is owned by several large airlines (Alaska, American, Delta, JetBlue, Southwest, United, etc.), was selling passenger data to US Customs and Border Protection (CBP).
The contract between ARC and CBP even specifically stipulated that the government couldn’t admit where it got that data, which sure sounds suspicious. This included around one billion records searchable by name, credit card, airline, etc., and it applied to roughly 39 months of travel history, plus upcoming bookings.
As you’d expect, once this was made public, there was quite a bit of anger, given the secretive nature of this. So 404 Media now has an update, after some politicians demanded answers as to what was going on. In a letter signed by ARC CEO Lauri Reishus, the organization confirmed
“Your letter urges the recipients to compel ARC to shut down the Travel Intelligence Program (TIP). As part of ARC’s programmatic review of its commercial portfolio, we have previously determined that TIP is no longer aligned with ARC’s core goals of serving the travel industry. All TIP customers, including the government agencies referenced in your letter, were notified on November 12, 2025, that TIP is sunsetting this year.”
This is a positive and overdue development
I’m happy to see this change. What made this situation interesting is that ARC only used data for tickets booked through travel agencies, and not those booked directly with airlines (making up around 50% of ticket sales, give or take).
So while government agencies seeking information about tickets booked directly with airlines would need a subpoena or court order, ARC’s data sales enabled government agencies to just search through a database. That doesn’t seem right.
As you’d expect, the same politicians who sent a letter requesting answers are now praising this change. In response to this update, Oregon Senator Ron Wyden said the following:
“It shouldn’t have taken pressure from Congress for the airlines to finally shut down the sale of their customers’ travel data to government agencies by ARC, but better late than never. I hope other industries will see that selling off their customers’ data to the government and anyone with a checkbook is bad for business and follow suit.”
Meanwhile New York Congressman Adriano Espaillat said the following:
“This is what we do. This is how we’re fighting back. Other industry groups in the private sector should follow suit. They should not be in cahoots with ICE, especially in ways that may be illegal.”
Bottom line
The Airline Reporting Corporation, which is owned by several major airlines, has secretly been selling airline passenger data to the US government for a long time, under the condition that it would be secret.
As you’d expect, once this was discovered, there was quite a bit of backlash. With pressure from politicians and the public, the organization is now reversing course, and will no longer sell data to the government.
What do you make of this update?
You should assume that there is no privacy when travelling. For decades hotels in Europe would photocopy passports upon check in. I understood this data was required by their government.
I am not an expert at cybersecurity but I assume that the USA has ways of accessing travel information. Actually, I feel some of this data is used to monitor and prevent crime.
"...I feel some of this data is used to monitor and prevent crime."
Your feelings aside, that's not the determinant of whether or not the data is used to prevent crime, and frankly it doesn't even matter how it is used.
It's not okay to be selling passenger information without consent. And before you (or anyone) suggests it happens all the time everywhere via other methods, that still doesn't make it okay for ARC to be selling it.
The government doesn't need airline or flight data to find you. Cameras are everywhere watching you.
WTF
"TIP is sunsetting this year."
It should have been shutdown effective immediately, not "sunset" and secretly replaced with a vague date.
See how this PATRIOT is and still spying on you without probable cause or warrant.
Your rights and privacy is just propaganda.
Those Eppy files and other people wars are just distractions.
Ex-Amadeus here. I don't quite get this. Governments (US was first, but this is now quite common for developped countries) get a data feed of passenger data.
As far as I know, for US it's an instant feed upon booking, while for almost all others it's a feed a -72 hours or -24 hours.
So why would they have needed to purchase such data in the first place? Unless we're talking about the US obtaining...
Ex-Amadeus here. I don't quite get this. Governments (US was first, but this is now quite common for developped countries) get a data feed of passenger data.
As far as I know, for US it's an instant feed upon booking, while for almost all others it's a feed a -72 hours or -24 hours.
So why would they have needed to purchase such data in the first place? Unless we're talking about the US obtaining data from non-US travel? But all the airlines in the article are US based...
US automatically gets APIS data for international flights, not for domestic flights which is what the ARC was selling. Domestic "surveillance" is more regulated in the USA. Also, the ARC data includes much more information than what's covered by APIS data.
Only in America!
In Germany the Deutsche Post sells customer data to everyone interested. You can for example ask for 1000 adresses in your city that voted for a specific political party. (Of course the party allegance is determined stochastically by election result per area, but still!)
There is also a European database of plane travelers as reported by Airlines that sounds similar to what is described here (but as of now only covering 50% of travellers). I...
In Germany the Deutsche Post sells customer data to everyone interested. You can for example ask for 1000 adresses in your city that voted for a specific political party. (Of course the party allegance is determined stochastically by election result per area, but still!)
There is also a European database of plane travelers as reported by Airlines that sounds similar to what is described here (but as of now only covering 50% of travellers). I don't think accessing this requires any judge granted permission.