According to a internal document obtained by 404 Media, it would appear that US Customs and Border Protection (CBP) may have been purchasing the domestic flight records of US travellers from a little-known data broker owned by major US airlines, including Delta, American Airlines and United. The contract between the Airlines Reporting Corporation (ARC) and CBP is reported to have stipulated that the agency must not disclose the source of the data.
Against the backdrop of mounting tensions surrounding the enforcement of federal immigration laws, as evidenced by the riots in Los Angeles following the ICE raids at the start of June, new revelations appear to highlight the aviation industry’s involvement in expanding national surveillance.
The data, allegedly sold under ARC’s ‘Travel Intelligence Programme’, includes passengers’ names, full itineraries, and credit card information. The initial contract, signed in June 2024, was due to run until 2029 but has already been extended. While ARC was originally set up for fraud prevention and ticketing settlement, it may now be providing law enforcement with tools to track domestic travel in near real-time.
ARC is jointly owned by at least eight major US and international airlines, including Delta, United, American, Alaska Airlines, JetBlue, Southwest, Lufthansa, Air France and Air Canada. The dataset includes not only tickets bought directly from airline websites but also bookings made through third-party agencies such as Expedia. According to a DHS Privacy Impact Assessment, the dataset comprises over a billion travel records, covering more than 39 months of past and future travel, and is updated daily.
While the DHS maintains that this data is only used during ongoing investigations, concerns have been fuelled by the fact that ICE and other federal agencies are also reported to have made similar purchases. Agencies named in procurement records include the Secret Service, the Transportation Security Administration (TSA), the Drug Enforcement Administration (DEA), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), the Securities and Exchange Commission (SEC), the U.S. Marshals Service and the Air Force.
According to Jake Laperruque, deputy director of the Center for Democracy & Technology, this is part of a worrying trend:
‘The government seems intent on using data brokers to buy their way around important guardrails and limits. Overall it strikes me as yet another alarming example of how the “Big Data Surveillance Complex” is becoming the digital age version of the Military-Industrial Complex.’
ARC is said to have asked agencies not to name it as a source unless legally compelled to do so. This lack of transparency only heightened concerns over government overreach and the erosion of privacy protections.
The airline data surveillance programme reportedly began after the 11 September attacks under the Patriot Act, which granted national security agencies broad powers and curtailed civil liberties to assist in anti-terrorism efforts.
Senator Wyden has called for an immediate investigation and greater accountability.
‘The big airlines – through a shady data broker that they own called ARC – are selling the government bulk access to Americans’ sensitive information, revealing where they fly and the credit card they used,’ said Senator Ron Wyden.
‘ARC has refused to answer oversight questions from Congress, so I have already contacted the major airlines that own ARC – like Delta, American Airlines, and United – to find out why they gave the green light to sell their customers’ data to the government’, Wyden’s statement added.
At the time of publication, none of the contacted airlines had provided comment.
