The world’s largest database of global airline tickets was just sold to a part of the Department of Homeland Security. Here’s how some experts say travelers can protect themselves.
Most travelers have never heard of the Airlines Reporting Corporation (ARC), but odds are their information has passed through this company, which is owned by eight major U.S. airlines. According to the ARC website, it is “the world’s largest, most comprehensive repository of global airline tickets.”
This database was just sold to the U.S. Customs and Border Protection (CBP) — a branch under the Department of Homeland Security (DHS) — amid the Trump administration’s immigration crackdown. The information includes passenger names, financial details, and passenger’s flight itineraries, according to 404 Media.
According to the Federal Procurement Data System, ARC signed a contract that gives U.S. Immigration and Customs Enforcement (ICE) access to its Travel Intelligence Program (TIP) database through May 2028. An ARC representative said the TIP was “created after the Sept. 11 terrorist attacks to provide certain data … to law enforcement.” GovTribe, a software that tracks federal and state contracts, estimates that this contract is worth $776,750.
Procurement documents obtained by The Lever and 404 Media state that ICE would be able to search this database using the names or credit card information of a “traveler/target.” They will have access to “full flight itineraries, passenger name records, and financial details, which are otherwise difficult or impossible to obtain.”
Travel + Leisure reached out to the Department of Homeland Security, which referred questions to ICE. At the time of publication, ICE has not responded.
“I have never seen government access to ARC — or even ARC itself — mentioned in an airline privacy policy or a travel agency policy,” travel data privacy expert Edward Hasbrouck told The Lever.
ARC is owned and operated by eight major airlines: Delta Air Lines, Southwest Airlines, United Airlines, American Airlines, Alaska Airlines, Air Canada, Lufthansa, and Air France. According to its website, ARC’s database represents 54 percent of all flights taken globally. This data is collected directly from airlines and through accredited travel agencies.
T+L reached out to all eight airlines. Alaska Airlines pointed to the ARC for a comment; the other seven carriers did not respond to questions at the time of publication.
“It’s shocking to a lot of Americans right now that they don’t have the rights in travel that they thought they did,” Joshua McKenty, former chief cloud architect at NASA and founder of Polyguard, told T+L.
McKenty advised that travelers, especially foreign nationals visiting the United States, buy their own flights. He also said that immigration lawyers and others involved in the refugee process should not purchase their clients’ tickets. Otherwise, their data might become affiliated in the eyes of the DHS.
This data purchase is happening in parallel to the Real ID mandate, the increase in facial recognition programs at airports, and other changes in travel data privacy.
“The scariest parts of the biometrics are what travelers don’t notice or think about,” McKenty said.
For those who are not U.S. citizens, there is no guarantee that photos taken at airports will be deleted. In fact, according to Customs and Border Protection documents, “All biometrics of in-scope [noncitizen] travelers are transmitted to IDENT/HART as encounters and are retained for 75 years in support of immigration, border management, and law enforcement activities.” (HART stands for Homeland Advanced Recognition Technology, and it is a DHS biometric identity database.)
Last month, the Government Accountability Office (GAO) raised concerns about HART and wrote a letter imploring Homeland Security Secretary Kristi Noem to take the urgent steps necessary to mitigate privacy risks. A GAO report warns that “HART could be used beyond its intended scope, leading to surveillance of law-abiding individuals and communities.”
Privacy experts also raise concerns around the DHS’s collection of immigrant data, including its storage of children’s DNA in a criminal database.
Privacy is a human right, enshrined by Article 12 of the United Nations Universal Declaration of Human Rights. However, McKenty warned that a traveler’s right to privacy is changing with government policies and is quickly being aligned with the priorities of the administration. McKenty recommends that everyone traveling stay aware of their rights in travel, or lack thereof.
“The idea that we should violate everyone’s privacy, so we can look for anything that we as a government think is suspicious is just wrong,” McKenty said. “We have protections against that as a behavior in every other aspect of government overreach.”
