The scary part to me is, if you read some of the commentary, TSA seems to be proposing a sort of 3 strikes policy to allow use of a non "real" ID twice before starting enforcement. That means they either have or are planning to create the database infrastructure to track individual encounters over time at checkpoints (and potentially federal courthouses, etc.)

Has maintaining that sort of record ever been disclosed in a TSA Privacy Act statement?