The Airlines Reporting Corporation — the financial clearinghouse that processes payments between U.S. travel agencies and hundreds of airlines in the U.S. and worldwide — plans to sunset the program through which it has given Federal agencies and an unknown range of other customers access to searchable archives of billions of agency-issued tickets for past and future airline flights.

According to a letter (first reported by Joseph Cox of 404 Media) sent by ARC in response to a request by members of Congress to end warrantless access by law enforcement agencies to ticketing data,  ARC says its Travel Intelligence Program (TIP) “is sunsetting this year”.

ARC’s “TIP” program was first uncovered by Katya Schwenk of Lever News in May 2025, and discussed in more detail here on PapersPlease.org and in a series of follow-up stories by Joseph Cox of 404 Media based on his FOIA requests to agencies that subscribe to TIP.

Many of these stories have described ARC as a “data broker”, which is legally correct but somewhat misleading. ARC is a financial clearinghouse that provides its airline and travel agency customers with transaction and payment-processing services.

It’s unclear whether the TIP program was devised by ARC as a profit center, or simply as a way to efficiently manage  and defray the expense of responding to requests by law enforcement agencies for searches of ticketing records.

TIP was always peripheral to ARC’s core business, as is demonstrated by the alacrity with which ARC was willing to end it as soon as it came under criticism from Congress. It’s unlikely that shutting down TIP will have any any material impact on ARC’s bottom line.

ARC could have told police and Federal agencies to go away and not come back without a warrant. But while some travel agencies might have preferred that course of action to protect their customers’ privacy, ARC is controlled by airlines, not agencies. And airlines have never prioritized protecting passengers’ privacy or security against police or anyone else.

Airlines have largely ignored privacy and data protection laws, even in jurisdictions like Canada and the European Union that have them (unlike the US). And data protection authorities (DPSs), even in jurisdictions that have such agencies (again, unlike the US), have largely let airlines get away with this.

When the cops come knocking, the typical response of an airline is, “Please come in! How can we help?” Airlines’ willingness to allow ARC to sell ticketing data is not an anomaly but an indication of the pervasive airline industry culture of collaboration with law enforcement. We can find no record of any airline, anywhere in the world, ever, that has gone to court to challenge government demands or requests for passenger data.

It’s unclear what motivated ARC’s decision to pull the plug on police access to ticketing data through TIP.  A few members of Congress had complained about TIP, but the odds that Congress would finally enact privacy legislation applicable to airlines remain slight.

A more likely explanation may be that publicity about TIP (and inquiries about TIP from local journalists) may have caused some of the airlines that use ARC to process payments for tickets issued by their U.S. agents to fear that DPSs in their home countries might be prompted by the ARC scandal to start asking more general questions about how airlines apply their purported privacy policies to the agents they appoint to execute contracts in their name in other countries such as the US with lax or nonexistent privacy laws.

Agencies and contractors in the US, including computerized reservation systems, have always been among of the skeletons in the closet of airline privacy invasion, and could expose airlines to huge liability if foreign DPA’s ever looked behind the curtain at airlines’ agents and contractors — not just ARC — in the US.

ARC has a nearly total but insecure monopoly, and can ill afford to give airlines a reason to start looking harder for alternatives. The existential threat to ARC for decades has been wider adoption of direct connections between airlines and travel agencies. Some of the largest airlines have already set up direct connections and settlement with some of the largest online and offline travel agencies. ARC might have decided that the incremental revenue from TIP, and the goodwill that being a willing police informer and collaborator generated with governments, weren’t worth possibly driving away some of its core financial-clearinghouse business.

ARC probably assumes that ending the TIP program ends the problem — but it shouldn’t. The TIP program may not have violated any US law, which is why even angry members of Congress could only ask, not demand, that ARC stop selling out travelers to the police. It’s a different story abroad, though.

Foreign airlines that participate in the ARC settlement clearinghouse — and not just those that share in ownership of ARC as a joint venture — have been systematically violating the privacy and data protection laws of their home countries for twenty years. They could, and should, be held to account for that history of misconduct.

ARC still has data on all the ticketing transactions it processes. It could still be ordered to provide ticketing data to the police, as compuerized reservation systems have been, and could be ordered not to disclose this to the airline, travel agency, or passenger involved in the transaction.

The TIP scandal should be the beginning, not the end, of investigation, exposure, and enforcement action against airlines that have been disregarding passengers’ expectations of privacy, willingly and often secretly  collaborating with law enforcement agencies, and failing to protect them against stalkers and other everyday threats to their privacy and security.

Another Federal appeals court has overruled arguments by the Transportation Security Administration (TSA) that its checkpoint staff are immune from any liability for sexual assaults or other offenses committed in the course of their official duties.

In its decision last week in Elisabeth Koletas v. USA, the 11th Circuit Court of Appeals didn’t reach the question of whether sexual or other assaults on airline passengers are within the scope of TSA officers’ duties. But a panel of the 11th Circuit held that . The panel was unpersuaded by a decade-old, unpublished, nonprecedential decision by an earlier panel of the 11th Circuit that failed to address the text of the law that makes the US government liable for the wrongful acts of “any officer of the United States who is empowered by law to execute searches.”

It would seem beyond argument that “Transportation Security Officers” (TSOs), as they are identified by the TSA and on their uniforms and badges, are “officers  of the United States”. And the entire reason for their job is to “execute searches” of travelers.

But in Circuit after Circuit, the TSA has put forth the absurd (and, we are pleased to report, unsucessful) argument that TSOs aren’t the sort of officers Congress meant when it enacted this law. That argument has now been rejected, in published precedential opinions, by all six Circuit Courts of Appeal that have considered it.

More information about the case of Koletas v. USA:

• District Court docket and links to pleadings
• Circuit Court docket and links to pleadings
• Oral argument (March 4, 2025)
• Circuit Court slip opinion (November 12, 2025)
• Blog post from plaintiff’s law firm

Despite the rulings in victimized travelers’ favor in each of these courts, we are disturbed that the TSA is so fixated on its quest for absolute impunity that it continues to make this discredited argument. The TSA’s hope, apparently, is to find one sympathetic Court of Appeals that will buy its argument, creating a circuit split that can provide a basis for getting the Supreme Court to weigh in on the question.

Let’s not get bogged down in the details of statutory construction, though. Checkpoint staff — whether they are TSOs or TSA contractors — should be liable to criminal sanctions if they rape or assault travelers. And both thewy and the Federal government in whose name they act and whose power they wield should face civil liability in these cases.

Doubling down on its attack on anonymity and disregarding comments from the Identity Project and more than a thousand other organizations and individuals, US Citizenship and Immigration Services (USCIS) has renewed its request for blanket authorization to require applicants for US visas, visa-free entry, residency, or citizenship to disclose every social media platform and identifier they have used in the last five years.

Today the Identity Project and Restore The Fourth (RT4) filed comments opposing this USCIS proposal for dragnet social media surveillance of foreign visitors and residents and the US citizens with whom they communicate and associate on social media.

USCIS made no significant changes in response to the first round of public comments and ignored most of the issues we and others raised, including the ways that social media surveillance would impact First Amendment rights of assembly and association.

In addition to reiterating the unanswered concerns raised in our initial comments, our latest comments also respond to the false claims made by USCIS:

In its analysis of the first round of comments, USCIS claimed that “the information that DHS may access via social media is publicly accessible and DHS may not access information that is designated as private.”

This claim is entirely unsupported, and clearly false.

The association between an individual and a particular anonymous or pseudonymous social media account or posting is, by definition, not public information. In requiring individuals to disclose with which social media accounts they are associated, including anonymous or pseudonymous accounts, USCIS is demanding disclosure of non-public information.

Of course, if all of the requested information including which individuals are associated with which anonymous or pseudonymous social media accounts and postings were public, USCIS would have no need to request it from individuals or require them to provide it. USCIS is requiring individuals to list all social media accounts with which they are associated, including anonymous and pseudonymous accounts, precisely because this information is deliberately private – in some cases intensely private – and because USCIS cannot obtain this information without forcing individuals to disclose this private information and make it public.

The purpose – the only purpose – of requiring individuals to disclose anonymous and pseudonymous social media accounts is to enable USCIS to access private information.

By falsely claiming that all of this information is public, USCIS entirely avoids responding to any of the comments regarding the compelled disclosure of private information.

The deadline to comment on this proposal is midnight tonight, Eastern time.

How can your movements be tracked?

The Penlink surveillance company counts some of the ways:

Penlink was brought to our attention by a report from Joseph Cox in 404 Media that the Immigration and Customs Enforcement (ICE) division of the US Department of Homeland security (DHS) is entering into a contract with Penlink as a unique and irreplaceable source of aggregated location data from smartphone apps and other sources.

According to an ICE document  justifying the no-bid single-source contract that was uncovered by 404 Media, Penlink is the only company that can “compile, process, and validate billions of daily location signals from hundreds of millions of mobile devices, providing both forensic and predictive analytics”, and that is willing to sell ICE access to this data.

Penlink also extracts and makes available to its subscribers, in real-time, location data embedded in EXIF metadata in smartphone photos uploaded to Facebook and other social media, and boasts of its ability to aggregate location data from many other sources.

How does Penlink get this data, in order to be able to sell it to ICE?

Most people didn’t (and wouldn’t) knowingly consent to having this information sent to and used by the government, and wouldn’t think of this information as “open source”. How many people even realize that, by default, each smartphone photo contains precise location information included within the image file?

Most people would consider an app that collects timestamped location tracking data and sends it to a company that sells it to the police to be “malware”.

Almost all of these apps with embedded surveillance malware are distributed — in most cases, distributed exclusively — through the Google Play Store or the Apple App Store.

To put it another way, the Google Play Store and the Apple App Store are the primary distribution channels for malware people install on their smartphones that enable government surveillance.

Read More →

We’ve often pointed to China as exemplifying modes of government surveillance and control of movement that we don’t want replicated in the USA.

But a new report by independent journalist Yael Grauer and a team from the Associated Press, based on documents provided by courageous whistleblowers in China and the US, shows that US technology companies are sometimes leaders, not just followers, in the globalization of Big Brother tools and techniques.

As a summary of key takeaways from the AP investigation puts it, “America brought ‘predictive policing’ to China”:

U.S. companies introduced systems that mine a vast array of information — texts, calls, payments, flights, video, DNA swabs, mail deliveries, the internet, even water and power use — to unearth individuals deemed suspicious and predict their movements. But this technology also allows Chinese police to threaten friends and family and preemptively detain people for crimes they have not even committed….

Across China, surveillance systems track blacklisted “key persons,” whose movements are restricted and monitored. In Xinjiang, administrators logged people as high, medium, or low risk, often according to 100-point scores with deductions for factors like growing a beard, being 15 to 55 years old, or just being Uyghur.

Chinese government agencies and companies (often indistinguishable in the Chinese economy of state-owned enterprises) have bought into the US model of  pre-crime predictive policing, purchasing or copying US pre-crime tools.

This isn’t the first time, of course, that US companies have provided the hardware and software used by foreign governments to identify, track, and control individuals. In the 1970s, for example,  Polaroid and IBM sold the South African government the database software, computers, instant cameras, and ID-card printers used to manufacture and keep track of the infamous apartheid travel-permission “passbooks”, with IBM developing customized hardware and software specifically for enforcement of apartheid.

Whistleblowers and dissidents within tech companies played an important role in exposing the role their employers and other corporate partners played as enablers of, and profiteers from, apartheid in South Africa.  Similarly today, anonymous whistleblowers within tech companies provided much of the source material for the latest AP report on the US sources of China’s infrastructure of surveillance and control.

We commend these whistleblowers for taking the risk to expose what their employers are doing. We encourage more whistleblowing by other tech workers with information about the companies building Big Brother, whether in the US, China, or anywhere else.