A secretive data-sharing deal between major U.S. airlines and the Department of Homeland Security gave border agents access to billions of domestic passenger flight data—without informing travelers or the public. The information, including names, itineraries, and payment details, was sold by a data broker owned by the airlines themselves, raising serious concerns about transparency and passenger privacy.
The broker in question, the Airlines Reporting Corporation (ARC), quietly sold access to this data to Customs and Border Protection (CBP) through its Travel Intelligence Program (TIP). ARC, largely unknown outside the travel industry, is jointly owned by eight major airlines, including Delta, United, American Airlines, Southwest, JetBlue, Alaska Airlines, Lufthansa, Air France, and Air Canada. The revelation came from documents obtained by 404 Media via a Freedom of Information Act request.
How U.S. Airlines Quietly Sold Passenger Flight Data to DHS
ARC’s Travel Intelligence Program, originally created in the wake of 9/11, updates daily and contains more than one billion travel records. These include data from tickets booked through ARC-accredited travel agencies such as Expedia, not direct airline bookings. The system can be queried by name, credit card number, or airline, giving federal and local law enforcement near real-time insight into Americans’ travel plans.
CBP’s internal documents indicate the data is used to identify travel records for people of interest. A Statement of Work in the contract explains that TIP provides “visibility on a subject’s or person of interest’s domestic air travel ticketing information,” which is considered “crucial” in both criminal and administrative investigations. Yet the contract also explicitly instructs CBP not to publicly identify ARC or its employees as the data source unless compelled by court order.
ARC’s Role and Airline Ownership
ARC’s board of directors includes executives from many of the largest U.S. and international carriers. The organization facilitates ticket settlement for over 240 airlines and thousands of travel agencies, but TIP adds a surveillance dimension to its offerings. ARC markets TIP as a national security tool, yet its use in ordinary criminal investigations and its secrecy clause have alarmed privacy advocates and lawmakers.
Senator Ron Wyden sharply criticized the arrangement, calling ARC a “shady data broker” and accusing airlines of profiting from the sensitive travel data of millions of Americans. He also revealed that ARC has refused to answer oversight questions from Congress, prompting him to directly contact the airlines involved.
Privacy Risks and the “Data Broker Loophole”
Privacy experts argue that the government is exploiting what’s become known as the data broker loophole: the ability to purchase sensitive data from private firms instead of obtaining a warrant. Jake Laperruque, deputy director at the Center for Democracy & Technology, warned that such practices bypass important legal safeguards, enabling the government to gather data without judicial oversight.
“It’s clear the data broker loophole is pushing the government back toward a ‘collect it all’ mentality,” said Laperruque. “A decade ago, the public rejected that approach, and Congress passed surveillance reform legislation that banned domestic bulk collection. Clearly, it’s time for Congress to step in again.”
The DHS’s own Privacy Impact Assessment acknowledges that TIP data affects both U.S. and non-U.S. citizens. While CBP insists the information is only used when an investigation is already underway, watchdogs are skeptical about the lack of external accountability.
Contract Timeline and Scope
CBP’s current contract with ARC began in June 2024 and is set to continue through 2029. The initial value of the agreement was $11,025, with a recent $6,847.50 addition under “Option Year 1.” The low dollar amounts mask the scope of the access provided—ARC’s TIP grants visibility into billions of travel records updated daily, forming a powerful tool in the hands of government agencies.
Agencies linked to similar ARC contracts include ICE, the U.S. Marshals Service, TSA, DEA, ATF, the Secret Service, the Air Force, and the Securities and Exchange Commission. ICE’s own contract with ARC came to light earlier this year, sparking the series of FOIA requests that exposed CBP’s involvement.
Lack of Airline Transparency
Airlines contacted by 404 Media largely declined to comment or redirected questions to ARC or DHS. ARC also refused to comment directly on the CBP deal, though it previously told The Lever that TIP was designed to support law enforcement and national security efforts.
What remains unclear is whether passengers had any meaningful way to consent to this data sharing. Booking a flight through a travel agency—or even via platforms connected to ARC’s back-end systems—effectively puts personal travel information into a database that is quietly being queried by law enforcement.
Growing Pressure for Reform
Senator Wyden and others are now pushing for legislative changes to close the data broker loophole and require greater transparency from airlines and their intermediaries. Potential reforms could include:
- Mandating court orders for all purchases of personal data by government agencies
- Requiring companies like ARC to disclose government data-sharing agreements in privacy policies
- Giving consumers an opt-out mechanism for third-party data collection
Until such measures are enacted, travelers remain unaware that their domestic travel plans may be shared with government agencies—sometimes before they even reach the airport.
For more on this story, read the original investigative report from WIRED.
