https://www.eff.org/deeplinks/2025/07/data-brokers-are-selling-your-flight-information-cbp-and-ice Skip to main content * About + Contact + Press + People + Opportunities + EFF's 35th Anniversary * Issues + Free Speech + Privacy + Creativity and Innovation + Transparency + International + Security * Our Work + Deeplinks Blog + Press Releases + Events + Legal Cases + Whitepapers + Podcast + Annual Reports * Take Action + Action Center + Electronic Frontier Alliance + Volunteer * Tools + Privacy Badger + Surveillance Self-Defense + Certbot + Atlas of Surveillance + Cover Your Tracks + Street Level Surveillance + apkeep * Donate + Donate to EFF + Giving Societies + Shop + Sponsorships + Other Ways to Give + Membership FAQ * Donate + Donate to EFF + Shop + Other Ways to Give * Search form Search [ ] --------------------------------------------------------------------- Email updates on news, actions, and events in your area. Join EFF Lists * Copyright (CC BY) * Trademark * Privacy Policy * Thanks Electronic Frontier Foundation Donate [member-202] [member-202] Electronic Frontier Foundation * About + Contact + Press + People + Opportunities + EFF's 35th Anniversary * Issues + Free Speech + Privacy + Creativity and Innovation + Transparency + International + Security * Our Work + Deeplinks Blog + Press Releases + Events + Legal Cases + Whitepapers + Podcast + Annual Reports * Take Action + Action Center + Electronic Frontier Alliance + Volunteer * Tools + Privacy Badger + Surveillance Self-Defense + Certbot + Atlas of Surveillance + Cover Your Tracks + Street Level Surveillance + apkeep * Donate + Donate to EFF + Giving Societies + Shop + Sponsorships + Other Ways to Give + Membership FAQ * Donate + Donate to EFF + Shop + Other Ways to Give * Search form Search [ ] Data Brokers are Selling Your Flight Information to CBP and ICE DEEPLINKS BLOG By Paige Collings and Matthew Guariglia July 9, 2025 An animated image showing location pins dropping onto a street map from above, tracing several paths Data Brokers are Selling Your Flight Information to CBP and ICE Share It Share on Twitter Share on Facebook Copy link An animated image showing location pins dropping onto a street map from above, tracing several paths For many years, data brokers have existed in the shadows, exploiting gaps in privacy laws to harvest our information--all for their own profit. They sell our precise movements without our knowledge or meaningful consent to a variety of private and state actors, including law enforcement agencies. And they show no sign of stopping. This incentivizes other bad actors. If companies collect any kind of personal data and want to make a quick buck, there's a data broker willing to buy it and sell it to the highest bidder-often law enforcement and intelligence agencies. One recent investigation by 404 Media revealed that the Airlines Reporting Corporation (ARC), a data broker owned and operated by at least eight major U.S. airlines, including United Airlines and American Airlines, collected travelers' domestic flight records and secretly sold access to U.S. Customs and Border Protection (CBP). Despite selling passengers' names, full flight itineraries, and financial details, the data broker prevented U.S. border forces from revealing it as the origin of the information. So, not only is the government doing an end run around the Fourth Amendment to get information where they would otherwise need a warrant--they've also been trying to hide how they know these things about us. ARC's Travel Intelligence Program (TIP) aggregates passenger data and contains more than one billion records spanning 39 months of past and future travel by both U.S. and non-U.S. citizens. CBP, which sits within the U.S. Department of Homeland Security (DHS), claims it needs this data to support local and state police keeping track of people of interest. But at a time of growing concerns about increased immigration enforcement at U.S. ports of entry, including unjustified searches, law enforcement officials will use this additional surveillance tool to expand the web of suspicion to even larger numbers of innocent travelers. More than 200 airlines settle tickets through ARC, with information on more than 54% of flights taken globally. ARC's board of directors includes representatives from U.S. airlines like JetBlue and Delta, as well as international airlines like Lufthansa, Air France, and Air Canada. In selling law enforcement agencies bulk access to such sensitive information, these airlines--through their data broker--are putting their own profits over travelers' privacy. U.S. Immigration and Customs Enforcement (ICE) recently detailed its own purchase of personal data from ARC. In the current climate, this can have a detrimental impact on people's lives. Movement unrestricted by governments is a hallmark of a free society. In our current moment, when the federal government is threatening legal consequences based on people's national, religious, and political affiliations, having air travel in and out of the United States tracked by any ARC customer is a recipe for state retribution. Sadly, data brokers are doing even broader harm to our privacy. Sensitive location data is harvested from smartphones and sold to cops, internet backbone data is sold to federal counterintelligence agencies, and utility databases containing phone, water, and electricity records are shared with ICE officers. At a time when immigration authorities are eroding fundamental freedoms through increased--and arbitrary--actions at the U.S. border, this news further exacerbates concerns that creeping authoritarianism can be fueled by the extraction of our most personal data--all without our knowledge or consent. The new revelations about ARC's data sales to CBP and ICE is a fresh reminder of the need for "privacy first" legislation that imposes consent and minimization limits on corporate processing of our data. We also need to pass the "Fourth Amendment is not for sale" act to stop police from bypassing judicial review of their data seizures by means of purchasing data from brokers. And let's enforce data broker registration laws. Related Issues Privacy Share It Share on Twitter Share on Facebook Copy link Join EFF Lists Discover more. Email updates on news, actions, events in your area, and more. Email Address [ ] Postal Code (optional) [ ] Anti-spam question: Enter the three-letter abbreviation for Electronic Frontier Foundation: [ ] Don't fill out this field (required) [ ] [Submit] Thanks, you're awesome! Please check your email for a confirmation link. Oops something is broken right now, please try again later. Related Updates [icon-2019-privacy] Deeplinks Blog by Andrew Crocker | July 10, 2025 EFF Tells Virginia Court That Constitutional Privacy Protections Forbid Cops from Finding out Everyone Who Searched for a Keyword Online queries can give insight into our private details and innermost thoughts, but police increasingly access them without adhering to longstanding limits on government investigative power. [capitol-2] Deeplinks Blog by Matthew Guariglia, Hannah Zhao | July 8, 2025 EFF to US Court of Appeals: Protect Taxpayer Privacy EFF has filed an amicus brief in Trabajadores v. Bessent, a case concerning the Internal Revenue Service (IRS) sharing protected personal tax information with the Department of Homeland Security for the purposes of immigration enforcement. Our expertise in privacy and data sharing makes us the ideal organization to step in... Four medical symbols with keys Deeplinks Blog by Adam Schwartz | July 6, 2025 How to Build on Washington's "My Health, My Data" Act The State of Washington enacted one of the strongest consumer data privacy laws in recent years: the "My Health, My Data" Act. While the law only applies to one category of personal data--our health information--its structure could be used to protect all manner of data. A silhouette of a police officer, with spying eye on his hat Deeplinks Blog by Rory Mir, Aaron Mackey | June 26, 2025 How Cops Can Get Your Private Online Data Can the cops get your online data? In short, yes. There are a variety of US federal and state laws which give law enforcement powers to obtain information that you provided to online services. But, there are steps you as a user and/or as a service provider can take to... California Sunshine Deeplinks Blog by Rindala Alajaji | June 25, 2025 California's Corporate Cover-Up Act Is a Privacy Nightmare California lawmakers are pushing one of the most dangerous privacy rollbacks we've seen in years. S.B. 690, what we're calling the Corporate Cover-Up Act, is a brazen attempt to let corporations spy on us in secret, gutting long-standing protections without a shred... [icon-2019-privacy] Deeplinks Blog by Mario Trujillo, Hayley Tsukayama | June 24, 2025 Why Are Hundreds of Data Brokers Not Registering with States? Hundreds of data brokers have not registered with state consumer protection agencies. A new analysis by Privacy Rights Clearinghouse (PRC) and the Electronic Frontier Foundation (EFF) reveals that many data brokers registered in one state aren't registered in others. A person holding a megaphone that another person speaks through Deeplinks Blog by Veridiana Alimonti | June 24, 2025 Major Setback for Intermediary Liability in Brazil: Risks and Blind Spots This is the third post of a series about internet intermediary liability in Brazil. Our first post gives an overview of Brazil's current internet intermediary liability regime, set out in a law known as "Marco Civil da Internet," the context of its approval in 2014, and the beginning... A person holding a megaphone that another person speaks through Deeplinks Blog by Veridiana Alimonti | June 24, 2025 Major Setback for Intermediary Liability in Brazil: How Did We Get Here? This is the second post of a series about intermediary liability in Brazil. Our first post gives an overview of Brazil's current intermediary liability regime, the context of its approval in 2014, and the beginning of the Supreme Court's analysis of such regime in November 2024. Our third... [icon-2019-privacy] Deeplinks Blog by Tori Noble | June 23, 2025 Copyright Cases Should Not Threaten Chatbot Users' Privacy Like users of all technologies, ChatGPT users deserve the right to delete their personal data. Nineteen U.S. States, the European Union, and a host of other countries already protect users' right to delete. For years, OpenAI gave users the option to delete their conversations with ChatGPT, rather than let their... [database-1] Deeplinks Blog by Svea Windwehr | June 23, 2025 EFF to European Commission: Don't Resurrect Illegal Data Retention Mandates The mandatory retention of metadata is an evergreen of European digital policy. Despite a number of rulings by Europe's highest court, confirming again and again the incompatibility of general and indiscriminate data retention mandates with European fundamental rights, the European Commission is taking major... Discover more. Email updates on news, actions, events in your area, and more. Email Address [ ] Postal Code (optional) [ ] Anti-spam question: Enter the three-letter abbreviation for Electronic Frontier Foundation: [ ] Don't fill out this field (required) [ ] [Submit] Thanks, you're awesome! Please check your email for a confirmation link. Oops something is broken right now, please try again later. Share It Share on Twitter Share on Facebook Copy link Related Issues Privacy Back to top EFF Home Follow EFF: * mastodon * facebook * instagram * x * Blue Sky * youtube * flicker * linkedin * tiktok * threads Check out our 4-star rating on Charity Navigator. Contact * General * Legal * Security * Membership * Press About * Calendar * Volunteer * Victories * History * Internships * Jobs * Staff * Diversity & Inclusion Issues * Free Speech * Privacy * Creativity & Innovation * Transparency * International * Security Updates * Blog * Press Releases * Events * Legal Cases * Whitepapers * EFFector Newsletter Press * Press Contact Donate * Join or Renew Membership Online * One-Time Donation Online * Giving Societies * Corporate Giving and Sponsorship * Shop * Other Ways to Give * Copyright (CC BY) * Trademark * Privacy Policy * Thanks JavaScript license information *