US airlines quietly sold passenger data to CPB for traveler surveillance

A data broker owned by eight major US airlines—including Delta, American Airlines, and United—has been selling travelers’ domestic flight records to US Customs and Border Protection (CBP), with contractual instructions for the agency not to disclose the source, according to documents obtained by 404 Media through public records requests. The sale, enabled by the Airlines Reporting Corporation (ARC), gives CBP access to complete passenger name records (PNRs), including complete itineraries and payment details, raising new privacy concerns among civil liberties advocates.

CBP told 404 Media that it requires this data to assist state and local police in tracking air travel for individuals of interest, a practice that has alarmed privacy experts. The documents reveal not just the extent of the data flow to federal authorities, but also that ARC—operated by a board including representatives from Delta, American, Southwest, United, and others—specifically instructed CBP to keep the origin of the data secret unless compelled by a court order.

Senator Ron Wyden called the practice a “shady” end-run around traditional legal safeguards. “The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans' sensitive information, revealing where they fly and the credit card they used,” Wyden said.

ARC’s Travel Intelligence Program (TIP) reportedly provides law enforcement with searchable access to over a billion records spanning thirty-nine months, covering both past and future domestic travel booked through travel agencies, not directly with airlines. The purchase does not generally require a warrant, relying on a “data broker loophole” to sidestep oversight mechanisms. Jake Laperruque of the Center for Democracy & Technology told 404 Media that this is part of a trend where agencies buy data to “circumvent important guardrails and limits.”

CBP confirmed the information is used only in connection with active investigations by its Office of Professional Responsibility, but privacy watchdogs argue that large-scale data sharing with minimal transparency or oversight marks a return to “collect it all” surveillance practices that Congress had previously taken steps to curtail. The airline industry and ARC declined to comment.