TSA's plan to compel United States airlines to produce old passenger name record data would, if implemented, be an unfair invasion of passengers' privacy, since those passengers who chose to fly during the period in question could not have been aware that their personal details would be released in this manner. Passengers expect privacy; this is evident from the public fury and class action suits that accompanied admissions by JetBlue in September 2003, Northwest Airlines in January 2004, and American Airlines in April 2004 that in June 2002 they disclosed passenger name records in response to a non-binding request from TSA, in violation of these airlines' own privacy policies. Though a government order compelling the disclosure of such records would release the airlines from the dictates of their privacy policies, it would not alter passengers' objection to the use of their personal details in government databases. If TSA's planned test of Secure Flight does proceed, TSA should use data that are prospectively rather than retrospectively collected, and should offer each individual passenger the option to refuse permission for the use of their data.

The assertion that "TSA does not assume that the result of comparison of passenger information to commercial data is determinative of information accuracy or the intent of the person who provided the information" is encouraging. However, TSA's continued plan to use information from commercial databases remains worrisome, since most commercial databases offer no easy way for individuals to examine and to correct information pertaining to them. TSA should avoid using any databases that do not allow data to be easily examined and corrected by the individuals whom it affects. Furthermore, individuals seeking to correct or to amend erroneous or misleading information should not bear the burden of proof of their identities and must not be compelled to spend time in onerous and intrusive verification procedures.