Contracts by Federal agencies with the Airlines Reporting Corporation for access to reports of airline tickets issued by US travel agencies, from USAspending.gov.

A company you’ve probably never heard of is selling copies of every airline ticket issued by a travel agency in the US to the US Department of Homeland Security (DHS) and a plethora of other Federal law enforcement and immigration agencies — and who knows who else.

Records of all airline tickets issued by travel agencies in the US are being sold to US Immigration and Customs Enforcement (ICE) and other Federal law enforcement agencies, according to an ICE procurement document posted yesterday on a US government contract website and uncovered in a major scoop today by Katya Schwenk of Lever News.

According to the document found by Ms. Schwenk on SAM.gov, ICE is entering into a no-bid contract with the Airlines Reporting Corporation (ARC) “to procure, on a sole source basis, licenses for Travel Intelligence Program (TIP)… The vendor listed is the only company that can provide the required software licenses.”

ARC is the financial clearinghouse through which travel agencies in the US (from mom-and-pop agencies to online mega-agencies like Expedia) pay airlines (including both US and foreign airlines) for the tickets those agencies have sold. Its role is similar to that of VISA and MasterCard for credit card merchant  transactions, except that VISA and MasterCard compete with each other, while ARC has no competitor in  the US. A few travel agencies have special arrangements to pay certain airlines directly, bypassing ARC for tickets those agencies issue on those airlines only, but that’s the exception.

Ticket sales by travel agencies in the US are reported daily to ARC through links to computerized reservation systems. Every week, each travel agency in the US submits a report to ARC with a copy of every ticket it has issued, the amount paid, the fare calculation and tax breakdown, and the form of payment. ARC takes the total for the week’s sales on all airlines out of the agency’s bank account, and pays each airline a weekly total for its tickets issued by all agencies accredited through ARC. (The amount transferred to or from the agency is the net total, taking into account ticket sales, refunds, any commissions to the agency from airlines, “debit memos” when an airline disputes the fare originally collected by the agency, and whether credit card charges have been processed by the agency or the airline as the merchant.) Copies of tickets are included with agencies’ reports to ARC so that airlines can audit that agents have charged the correct fare. ARC is a joint venture owned by just a few airlines, but provides settlement services to more than 200 other airlines.

(ARC only handles payments from travel agencies in the US. Payments and credits to airlines from travel agencies in countries other than the US are settled through other regional financial clearinghouses under IATA’s Billing and Settlement Plan, BSP.)

The amounts paid to ARC by Federal agencies aren’t large enough to make selling data to the Feds a significant line of business for ARC.  But the amounts are large enough to indicate that Federal law enforcement and immigration agencies are using information about airline tickets obtained from ARC in a significant and growing number of cases, for unknown purposes and on an unknown legal basis.

We’ve never heard of the “Travel Intelligence Portal” through which ARC offers access to ticket records before now. TIP isn’t mentioned anywhere on ARC’s website, in ARC’s privacy policy, or in the privacy policy of any airline or travel agency we’ve reviewed.  Travelers and ticket purchasers who don’t know that ARC exists aren’t likely to ask what it has done with their data. We don’t know whether TIP is a service offered by ARC exclusively to Federal agencies, or if it has other government or commercial users in the US and/or abroad.

The previously unnoticed ARC contracts with ICE and other US government agencies also raise substantial doubt as to whether travel agencies or airlines — including foreign airlines that process payments for their ticket sales in the US through ARC, and travel agencies that act as their agents in the US — are complying with foreign laws including PIPEDA in Canada and the GDPR in Europe.

If ARC is selling ticket data to the US government without reporting those disclosures to the travel agencies and airlines involved, those agencies and airlines  will be unable to provide data subjects with an accurate or complete accounting of the disclosures of their personal data, as required by PIPEDA and the GDPR.

On the other hand, if travel agencies and/or airlines have authorized ARC to make this data available to the US government, or have continued to transmit data to ARC after learning that ARC was making it available to the US government, those travel agencies and/or airlines have likely violated their duty not to transmit personal data to entities that can’t not assure adequate protection of that data against onward disclosure.

Read More →

Today the Identity Project, Privacy Times, and Government Information Watch filed comments objecting to a proposal by US Citizenship and Immigration Services (USCIS) for blanket advance approval for USCIS to demand that all foreigners submitting any sort of application to USCIS provide a statement under penalty of perjury a list of all  social media “platforms” and “identifiers” they have used in the last five years. The forms on which this information would be required would include applications for permanent residency, adjustment of status, and naturalization.

The proposal builds on earlier proposals, to which we and many other organizations objected, to require applicants for visas or visa-free entry to the US to provide lists of social media platforms and identifiers they have used. The current proposal by USCIS would extend mandatory social media usage reporting to those foreigners who have already demonstrated the strongest ties to the US, including permanent US residents applying for naturalization as US citizens. The current proposal would also give blanket pre-approval to USCIS to demand this information on other forms in the future.

According to our comments:

The proposed collection of information does not comply with the Paperwork Reduction Act (PRA), the First and Fourth Amendments to the U.S. Constitution, or the International Covenant on Civil and Political Rights (ICCPR). This vague and overbroad collection of information from permanent residents, applicants for naturalization, and other non-U.S. citizens is inappropriate as a matter of policy and contrary to U.S. national and international interests in democracy and human rights. In many cases, it would be impossible for individuals to provide the requested information or to attest under penalty of perjury to its completeness. The proposed request for information, in its proposed form, would thus function as a pretext for denial of residency or naturalization as a citizen or other adverse decisions.

The proposal for this collection of information by U.S. Citizenship and Immigration Services (USCIS) should be withdrawn. If this proposal is submitted to the Office of Management and Budget (OMB) for approval, it should be rejected as failing to meet the statutory standard of necessity for an agency purpose and as a violation of the Constitutional and human rights of individuals about whom information would be collected, including U.S. citizens who engage in protected acts of assembly and speech with non-U.S citizens.

Social media platforms and identifiers are undefined in the proposal or in any other law or regulation, leaving the proposed requirement unconstitutionally vague.

The proposal targets social media, and only social media, in order to identify with whom we associate, including associations between US and foreign citizens. It appears to be based on the assumption that freedom of speech and freedom of association are rights of citizenship, not human rights, that can be denied not just to non-citizens but to US citizens who associate with foreigners. But this assumption has no basis in the US Constitution or in the human rights treaties the US has ratified.

What, if any, social media platforms or identifiers a person has used is not, and cannot Constitutionally be, a basis for USCIS decisions. Rather than having any lawful use, this information would be useful only for a a variety of unlawful purposes, including:

• Robotic predictive pre-crime profiling;
• Suspicion generation and guilt by association; and
• Pretextual denial of applications for permanent residency or naturalization.

You can submit your own comments on the USCIS proposal by clicking on the “Comment” button here until the end of the day on Monday, May 5, 2025.

We have urged USCIS to withdraw its proposal for this collection of social media usage information. If the proposal is not withdrawn, there will be a second comment period when it is submitted to the Office of Management and Budget (OMB) for final approval