Airlines were secretly selling your flight data to ICE, FBI, and IRS. That ends this year.

The Program Just Got Shut Down

For over 20 years, a company most travelers have never heard of was selling their flight data to the federal government.

Airlines Reporting Corporation, owned by nine major airlines including Delta, United, and American, let agencies like ICE, the FBI, and the IRS search through 722 million ticket records without a warrant.

Names, destinations, credit cards, future travel plans. All searchable.

All without a court order.

The whole operation stayed hidden until this fall, and what happened next forced the airlines to pull the plug.

ARC Ran the Program Since 9/11

The Travel Intelligence Program launched after the September 11 attacks.

ARC pitched it as a national security tool to catch terrorists, human traffickers, and money launderers. Over time, it grew into something much bigger.

The database eventually held 722 million ticket transactions covering 39 months of past and future travel. It captured about half of all U.S. airline tickets, updated daily, and agencies paid for access like any other commercial product.

The IRS Got Caught Breaking Rules

Senator Ron Wyden of Oregon started investigating ARC in mid-2025. What he found was worse than expected.

The IRS had been searching the database without conducting a legally required privacy review. The agency admitted it never checked whether buying Americans’ travel data required a warrant.

It had broken federal law and its own internal policies. Wyden called ARC a “shady data broker” profiting from sensitive information.

Four Lawmakers Sent a Bipartisan Letter

On November 18, 2025, Senator Wyden joined Republican Congressman Andy Biggs, Senator Cynthia Lummis, and Congressional Hispanic Caucus Chair Adriano Espaillat. They sent letters directly to nine airline CEOs.

The message was blunt. Whether the airlines approved the program or simply failed to stop it, they were directly responsible for violating their customers’ privacy. The lawmakers demanded the program end immediately.

Nine Airlines Own Every Board Seat

ARC is not some random tech startup. It is co-owned by United, American, Delta, Southwest, JetBlue, Alaska, Lufthansa, Air France, and Air Canada. Each airline holds a seat on ARC’s board of directors.

That means the biggest names in American aviation had direct oversight of a program selling passenger data to federal agencies. None of them stopped it until Congress forced the issue.

Expedia and Kayak Users Got Tracked

If you booked a flight through Expedia, Kayak, Priceline, or any of 12,800 travel agencies, your data went to ARC. That includes corporate booking tools and credit card travel portals.

Every time someone used a travel agency instead of booking directly with an airline, their information flowed into the searchable database. Agencies could look up passengers by name, credit card number, route, or date.

Direct Bookings Stayed Protected

Here is the strange part. If you bought your ticket directly from an airline’s website, your data never went to ARC.

Government agencies would need a subpoena or court order to access those records. But anyone who used a third-party site lost that protection.

The lawmakers pointed out this created a two-tiered privacy system, and that direct bookings also happen to be the most profitable for airlines.

Agencies Exploited the Data Broker Loophole

The Fourth Amendment protects Americans from unreasonable searches. Normally, the government needs a warrant to dig through your personal records.

But there is a loophole. If a private company collects the data and sells it commercially, agencies can just buy it.

No warrant needed.

The FBI, ICE, ATF, Secret Service, IRS, SEC, TSA, and Customs and Border Protection all purchased access to the ARC database through this legal gap.

ARC Asked Agencies to Keep Quiet

The secrecy went deeper than most people realized.

In at least one contract with Customs and Border Protection, ARC explicitly asked the agency not to reveal where the data came from.

The contract language instructed CBP not to publicly identify ARC or its employees as the source unless forced by a court order. The airlines were not just selling data.

They were hiding the fact they were selling it.

The Program Ends by December 2025

Two days after the congressional letter went out, ARC CEO Lauri Reishus responded.

She said the company had already notified all government customers on November 12, 2025, that the Travel Intelligence Program was ending.

She framed it as a business decision, saying the program no longer aligned with ARC’s core goals. Senator Wyden was not impressed.

He said it should not have taken pressure from Congress to shut down the sale of customer data.

Hispanic Caucus Chair Called It a Win

Congressman Espaillat held a press conference at the Capitol celebrating the shutdown.

He urged other companies to follow ARC’s example and stop cooperating with ICE, especially in ways he described as potentially illegal. The bipartisan nature of the opposition was notable.

Republican Andy Biggs said it was better late than never.

Privacy advocates saw it as proof that public pressure and congressional scrutiny could force change.

The Loophole Still Exists

The Travel Intelligence Program is ending, but the data broker loophole that made it possible remains open.

Senator Wyden’s Fourth Amendment Is Not For Sale Act passed the House in 2024 with unanimous support from the Judiciary Committee. It has not passed the Senate.

Until Congress closes the gap, nothing stops other companies from selling your personal data to the government. The airlines stopped this time.

The law still lets the next one start.

This article was created with AI assistance and human editing.

Read more from this brand:

• 14 Brutally Honest Reasons Folks Are Leaving California Behind in 2026
• Houston revealed as America’s fastest sinking city while California battles land drop and rising seas
• The ultimate winter experiences to enjoy in Hawaii