How U.S. Agencies Access Airline Passenger Data Through Brokers Like ARC

A new investigation shows that a data broker sold detailed passenger data to the government.

A data broker sold access to passenger information to the Department of Homeland Security’s Customs and Border Protection, Wired reported this week. The broker, Airlines Reporting Corp. (ARC), is owned by major airlines, including Delta, United, and American, and has representatives from these airlines on its board. It sold access to sensitive data—including names, full itineraries, and credit card details—and, according to documents reviewed by the technology publication 404 Media, asked the government not to disclose the source of the information.

Last month, The Lever revealed that a clearinghouse—a financial institution that facilitates transactions between buyers and sellers—sold data from 12 billion flights annually to the Trump administration. Government agencies, which would typically need to obtain subpoenas to collect private information, are using brokers and third parties to circumvent laws surrounding surveillance and privacy.

Mobile phone apps—not just social media, but all types—collect vast amounts of user data, which brokers sell to brands as well as government entities without users’ explicit consent. Amid mass immigration crackdowns, this development is concerning not only for immigrants and foreigners, but also for U.S. citizens.

The company states on its website, “ARC manages the world’s most comprehensive air transaction data. ARC’s data is derived from ticketed transactions, reflecting both historical and advance travel purchases.” ARC provides ticket settlement services to airlines and analyzes travel trends for companies. It holds data on billions of passenger trips worldwide.

Wired explained that ARC operates a Travel Intelligence Program (TIP), which, according to the company, was established after 9/11 to provide data to the government for national security purposes. Several federal departments have access to the program “to support federal, state, and local law enforcement agencies to identify persons of interest’s US domestic air travel ticketing information.”

Government agencies can search TIP to locate individuals after an investigation is initiated. A Customs and Border Protection (CBP) spokesperson said, “CBP is committed to protecting individuals’ privacy during the execution of its mission to protect the American people, safeguard our borders, and enhance the nation’s economic prosperity. CBP follows a robust privacy policy as we protect the homeland through the air, land and maritime environments against illegal entry, illicit activity or other threats to national sovereignty and economic security.”

The TIP database is updated daily and contains more than 1 billion records. Documents revealed that ARC collected passenger information from purchases made through ARC-accredited travel websites—not directly from airline websites.

This is not the first such disclosure. In 2023, it was revealed that the Department of Homeland Security was using an artificial intelligence tool to screen both U.S. citizens and foreign nationals, including asylum seekers. The tool allowed officials to retrieve an individual’s records, including location data and social media posts. At the time, a DHS representative told Vice, “DHS uses various forms of technology to execute its mission, including tools to support investigations related to threats to infrastructure, illegal trafficking on the dark web, cross-border transnational crime, and terrorism. DHS leverages this technology in ways that are consistent with its authorities and the law.”

Related: The U.S. Is Allegedly Using A.I. to Track Travelers’ Social Media. Should You Be Concerned?

Big Tech Incoming

Data has become the new currency. Even when not used for surveillance or security, it fuels marketing efforts—often without travelers’ awareness.

In 2024, The Wall Street Journal reported that United Airlines planned to use customer data to personalize advertisements on in-flight screens. The airline maintains a massive database, including customer travel history and miles usage, which could be used to recommend movies or promote products during flights. Marriott piloted a similar initiative in 2022, allowing advertisers to reach hotel guests via on-screen displays and its app. The company claimed it anonymized the data and did not sell it to brands, instead allowing targeted advertising based on user searches and bookings.

Researcher and professor Shoshana Zuboff coined the term “surveillance capitalism” and wrote a book exploring how companies collect, predict and influence consumer behavior through data. Personal data is being monetized by companies around the world, and the full scope of what is collected, used or sold remains unclear to most consumers. That’s why it’s essential to understand what you’re agreeing to. You can request access to your data and opt out of default settings that allow companies to store and share your information.