The Internal Revenue Service (IRS) has been revealed to have accessed a massive database of American travelers’ flight records without obtaining a warrant, according to a letter signed by a bipartisan group of lawmakers and shared with 404 Media. The data, which includes detailed information on when and where individuals flew, as well as the credit cards they used, is part of a commercial data-selling program operated by the Airlines Reporting Corporation (ARC). This program enables government agencies to purchase access to private travel information without undergoing the legal procedures required for obtaining data through court orders or warrants, the letter states. Lawmakers have called on the major airlines to halt the data-selling initiative, as the program now appears to have been shut down.
According to the letter, the IRS did not follow federal law or its own internal policies when purchasing airline data, confirming that the agency failed to conduct a legal review to determine if the data acquisition required a warrant. The letter, addressed to nine major airlines, highlights the broader issue of government agencies leveraging commercially available data to bypass traditional legal mechanisms. The airline industry, including Delta, United Airlines, American Airlines, and Southwest, is part of a data-sharing arrangement through ARC, a data broker they co-own. This arrangement has raised significant concerns about privacy and the potential for abuse of personal information, as consumers’ travel patterns are now accessible to government entities without proper legal oversight.
Lawmakers have expressed alarm over the implications of this data access, particularly in the context of national security and civil liberties. The bipartisan letter calls for greater transparency and accountability in how government agencies obtain and use personal data. With the data selling program now reported to be shut down, the immediate concern has been addressed, but the underlying issues of privacy and government surveillance remain unresolved. This case underscores the need for stronger legal safeguards to prevent the misuse of private data by public institutions, as well as the importance of protecting individual privacy rights in an increasingly data-driven society.