Delta
Zoshua Colah/Unsplash

Extensive passenger data has been sold to the US Government by major airline companies including Delta, United Airlines, and American Airlines, new documents reveal.

US travellers' domestic flight records, including their names, full itineraries, and financial details were sold to Customs and Border Protection (CBP).

CBP is a part of the Department of Homeland Security (DHS). They said they acquired the data to track people of interest's air travel.

The documents, obtained by 404 Media, showed that passenger information was sold through a data broker that major airlines including Delta, American Airlines and United Airlines collectively own.

They revealed that Immigration and Customs Enforcement (ICE) also purchased the data as ongoing ICE raids spread across the country, spurring nati`onwide protests.

Passenger Data Sold Is Part Of Travel Intelligence Program

The Airlines Reporting Corporation (ARC) is the data broker owned by major airline companies like Delta. They sold passengers' data from their travel intelligence program (TIP).

ARC acts as a conduit between travel agencies and airlines, seeking out travel trends in data from the likes of Expedia and other firms, and fraud prevention.

More than 240 airlines also depend on ARC for ticket settlement services.

TIP data shows a person's paid intent to travel, and tickets they've purchased through travel companies in the US and its territories.

A Statement of Work in the documents obtained by 404 Media showed that CBP asked for access to ARC's TIP data to 'support federal, state, and local law enforcement agencies to identify persons of interest's US domestic air travel ticketing information.'

The data is updated daily with ticket sales from the previous day and spans 39 months of travel with over a billion records.

Through TIP, passengers name, credit card or airline can be searched, but only if they booked through an ARC-accredited travel agency such as Expedia. Passenger information won't come up through ARC's data if they booked directly with an airline.

Data includes information from both US and non-US passengers travelling domestically through the States.

Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media:

'While obtaining domestic airline data—like many other transaction and purchase records—generally doesn't require a warrant, there's still supposed to go through a legal process that ensures independent oversight and limits data collection to records that will support an investigation.'

Number Of Major Airlines Who Own ARC Is Unknown

At least eight major US airlines own and operate ARC.

The company's board of directors include representatives from US airlines including Delta, Southwest, United Airlines, American Airlines, Alaska Airlines, and JetBlue. Representatives from European airlines Lufthansa and Air France, and Canada's Air Canada are also on the board.

'The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans' sensitive information, revealing where they fly and the credit card they used,' Senator Ron Wyden said in a statement to 404 Media.

ARC told CBP not to disclose where the data came from as part of their contract upon selling passenger information.

Contract To Potentially Span Five Years

The contract between ARC and CBP began in June 2024 and could extend until 2029.

An $11,025 (£8,125.54) transaction was seen to be made in the contract obtained by 404 Media. A $6,847.50 (£5,045.61) update to the contract was made last Tuesday and said it was exercising 'Option Year 1' meaning the contract was being extended.

A CBP spokesperson said they only use the data when an OPR investigation is open and they need to locate a person related to the investigation. They said, 'CBP follows a robust privacy policy as we protect the homeland through the air, land and maritime environments against illegal entry, illicit activity or other threats to national sovereignty and economic security.'

However, Laperruque said, 'As with many other types of sensitive and revealing data, the government seems intent on using data brokers to buy their way around important guardrails and limits.'

Writer's pick