You can't trust anybody

zz03

JetBlue Airways began sending out apologetic e-mails Thursday to customers who are infuriated that the airline gave 5 million passenger records to a defense contractor investigating national security issues.

The form letter, provided by JetBlue to Wired News, confirmed a Wired News story that JetBlue turned over the names, addresses and phone numbers of its customers in September 2002 in response to an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security."

The e-mail was carefully worded to say that data was never provided to a government agency or used for airline security testing, that the sole copy had been destroyed, and that the Torch presentation was developed without JetBlue's knowledge. The company also expressed regret and promised never to turn over passenger information again without court order.

The letter will not be placed on the company's website, but will go out under the name of JetBlue's CEO, David Neeleman, said JetBlue spokesman Gareth Edmundson-Jones. The e-mail closed with, "I am saddened that we have shaken your faith in JetBlue but I assure you personally that we are committed to making this right." Jones added the company was "flabbergasted" when they first saw the Torch Concepts presentation.

The Torch presentation shows that Torch investigated the viability of airline passenger profiling, by combining the JetBlue data with Social Security numbers, income levels, number of children and vehicle ownership that Torch purchased from Acxiom, a company that sells consumer data.

The potential system would check passenger data against private, commercial databases and government watch lists to prevent terrorists and suspected violent felons from boarding airplanes. In the process, it would code every passenger with a risk level from green to red.

Bill Scannell, a privacy activist who brought attention to the report, said the apology was "outrageous."

"I thought they would announce that they would take out full-page ads in major newspapers in every city they fly to (saying) they would fully investigate the matter and file lawsuits if necessary to find out what happened to their customers' data," said Scannell.

At least one of JetBlue's customers has already spoken to lawyers and privacy groups to discuss a possible lawsuit against JetBlue.

Joshua Gruber, a frequent JetBlue passenger who works for database company IX Solutions, sent e-mails to friends and family members after reading reports of the data transfer. The number of people who responded with outrage to his e-mails grew quickly to about 100, and at that point, the group decided to seek legal advice.

"I was in the north tower (of the World Trade Center) on 9/11," said Gruber. "I understand that security is important, but this is not the way to do it. This is off the deep end. This was the wrong way to go about making us secure."

"I'm pissed off enough for 100,000 people," said Gruber, whose actions led Scannell to set up a website for those affected to sign up for a potential class action lawsuit. "I love JetBlue, watching the Food Network from one coast to the other blows every other airline out of the water, but I'm going to be flying anybody else until they do something about this."

Even when told of JetBlue's new e-mail, Gruber remained unconvinced.

Torch Concept's lawyer, Richard Marsden, said his company still had the airline data and was in process of destroying it. Torch Concepts, whose technology attempts to predict future events such as stock market swings or terrorist attacks on military installations, was working on the project for an Army study, Marsden said.

Marsden, on behalf of his client, send a letter to Bill Scannell on Wednesday demanding that he remove a copy of the company's presentation from his website. The presentation included the Social Security number, address and phone number of a JetBlue customer.

The copy was not, however, on Scannell's server; it was a mirror hosted elsewhere. On Wednesday, all traces of the document and presentation were removed from the website of the organization that hosted the February 2003 conference where Torch presented its paper. A Google cache copy disappeared on Thursday.

The Department of Homeland Security's Chief Privacy Officer, Nuala O'Connor Kelly, whose position did not exist last September, said the incident should never have happened, though her initial investigation showed this study was not under the auspices of the Transportation Security Administration.

"I plan on being squeaky clean on the testing of CAPPS II," said O'Connor Kelly, who said the event should be a wake-up call for everyone in the Department of Homeland Security.

See also
JetBlue Shared Passenger Data
JetBlue Data to Fuel CAPPS Test
CAPPS Navigates Unfriendly Skies
Data Dump Required Before Flights
Calif. Eyes Strong Privacy Policy
Picture Yourself in Politics
Today's Top 5 Stories
JetBlue 'Fesses Up, Quietly
Public Wants Biotech Food Tested
Bidding Your Job Bon Voyage
VeriSign Sued Over Search Service
Landline Numbers Can Go Mobile

Links to these from http://www.wired.com/news/politics/0,1283,60502,00.html

zz..

henbane

There's an article over at the Reg related to this kind of thing. Apparently the U.S. is putting pressure on european airlines to reveal details of passengers which are in conflict with most european privacy laws.

It might be an idea to keep an eye on this business for the future. The airlines are likely to give in without letting us know so they can land in the U.S. and still not be accused of breaking european laws.