Your Personal Airline Data Is Secretly Being Sold to U.S.…

Perhaps it surprises nobody that in this age of meaningless digital privacy protections, the U.S. government has been secretly buying up data about airline passengers.

But that’s what was confirmed by a report in Wired yesterday.

Wired reported that it had obtained internal documents from Customs and Border Patrol (CBP) that indicated that Airlines Reporting Corporation (ARC), a data broker that is owned and operated through a cooperation of at least 8 major airlines, entered into an agreement to sell the government data that “includes passenger names, their full flight itineraries, and financial details.”

ARC is an integral part of global airfare sales infrastructure that connects airlines with travel agencies; some 240 airlines worldwide use ARC to settle ticket transactions. Its board of directors includes executives from Alaska Airlines, American Airlines, Delta, JetBlue, Southwest, United, and international airlines Air Canada, Air France, and Lufthansa.

Customs and Border Patrol (CBP) is part of the Department of Homeland Security (DHS), and the documents show its agreement to purchase data began in June 2024.

The transaction, which is ongoing, includes more than a billion itineraries for commercial flights taken both in the past and planned for the future, and it affects passengers of all nationalities.

“The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans’ sensitive information, revealing where they fly and the credit card they used,” Wired quoted U.S. Senator Ron Wyden saying in a statement.

As part of the sales contract, ARC also instructed “government agencies not to mention where it sourced the flight data from,” according to Wired‘s reporting.

Frommer’s first reported on a backroom deal to funnel your personal info to the government on June 10 in a column by contributor William McGee, who sourced a May report of a connected agreement with Immigration and Customs Enforcement (ICE) that was exposed in May by TheLever.com.

According internal CBP documents obtained by Wired, the data purchase was orchestrated “to support federal, state, and local law enforcement agencies to identify persons of interest’s U.S. domestic air travel ticketing information.”

Privacy assessment documents by the DHS indicate that the information handover contains data on flight purchases that were made by third-party sellers such as Expedia or other online search engines. Tickets purchased directly from airlines reportedly do not appear in that data. It’s not yet publicly known if the airlines are supplying the data from in-house purchases to CBP through other channels.

USA Today asked for comment from both ARC and CBP, but it did not receive a reply.

To read Wired’s full report on the private data purchase by CBP, click here. To read about ICE’s purchase of passenger data in TheLever, click here.