JetBlue shared Passenger Data, now 'Fesses Up, Quietly

JetBlue 'Fesses Up, Quietly

The form letter, provided by JetBlue to Wired News, confirmed a Wired News story that JetBlue turned over the names, addresses and phone numbers of its customers in September 2002 in response to an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security."

The e-mail was carefully worded to say that data was never provided to a government agency or used for airline security testing, that the sole copy had been destroyed, and that the Torch presentation was developed without JetBlue's knowledge. The company also expressed regret and promised never to turn over passenger information again without court order.

The letter will not be placed on the company's website, but will go out under the name of JetBlue's CEO, David Neeleman, said JetBlue spokesman Gareth Edmundson-Jones. The e-mail closed with, "I am saddened that we have shaken your faith in JetBlue but I assure you personally that we are committed to making this right." Jones added the company was "flabbergasted" when they first saw the Torch Concepts presentation.

The Torch presentation (PDF) shows that Torch investigated the viability of airline passenger profiling, by combining the JetBlue data with Social Security numbers, income levels, number of children and vehicle ownership that Torch purchased from Acxiom, a company that sells consumer data.

The potential system would check passenger data against private, commercial databases and government watch lists to prevent terrorists and suspected violent felons from boarding airplanes. In the process, it would code every passenger with a risk level from green to red.

Bill Scannell, a privacy activist who brought attention to the report, said the apology was "outrageous."

"I thought they would announce that they would take out full-page ads in major newspapers in every city they fly to (saying) they would fully investigate the matter and file lawsuits if necessary to find out what happened to their customers' data," said Scannell.

At least one of JetBlue's customers has already spoken to lawyers and privacy groups to discuss a possible lawsuit against JetBlue.

Joshua Gruber, a frequent JetBlue passenger who works for database company IX Solutions, sent e-mails to friends and family members after reading reports of the data transfer. The number of people who responded with outrage to his e-mails grew quickly to about 100, and at that point, the group decided to seek legal advice.

"I was in the north tower (of the World Trade Center) on 9/11," said Gruber. "I understand that security is important, but this is not the way to do it. This is off the deep end. This was the wrong way to go about making us secure."

"I'm pissed off enough for 100,000 people," said Gruber, whose actions led Scannell to set up a website for those affected to sign up for a potential class action lawsuit. "I love JetBlue, watching the Food Network from one coast to the other blows every other airline out of the water, but I'm going to be flying anybody else until they do something about this."

Even when told of JetBlue's new e-mail, Gruber remained unconvinced.

Torch Concept's lawyer, Richard Marsden, said his company still had the airline data and was in process of destroying it. Torch Concepts, whose technology attempts to predict future events such as stock market swings or terrorist attacks on military installations, was working on the project for an Army study, Marsden said.

Marsden, on behalf of his client, send a letter to Bill Scannell on Wednesday demanding that he remove a copy of the company's presentation from his website. The presentation included the Social Security number, address and phone number of a JetBlue customer.

The copy was not, however, on Scannell's server; it was a mirror hosted elsewhere. On Wednesday, all traces of the document and presentation were removed from the website of the organization that hosted the February 2003 conference where Torch presented its paper. A Google cache copy disappeared on Thursday.

The Department of Homeland Security's Chief Privacy Officer, Nuala O'Connor Kelly, whose position did not exist last September, said the incident should never have happened, though her initial investigation showed this study was not under the auspices of the Transportation Security Administration.

"I plan on being squeaky clean on the testing of CAPPS II," said O'Connor Kelly, who said the event should be a wake-up call for everyone in the Department of Homeland Security.

Wired -Sep. 18, 2003

JetBlue Airways confirmed on Thursday that in September 2002, it provided 5 million passenger itineraries to a defense contractor for proof-of-concept testing of a Pentagon project unrelated to airline security -- with help from the Transportation Security Administration.

The contractor, Torch Concepts, then augmented that data with Social Security numbers and other sensitive personal information, including income level, to develop what looks to be a study of whether passenger-profiling systems such as CAPPS II are feasible.

The study (PDF), titled "Homeland Security -- Airline Passenger Risk Assessment," which JetBlue says was based on an unauthorized use of its data, was presented at a February technology conference.

Privacy activist Bill Scannell, who runs the Don't Spy On.Us website, had scathing words for JetBlue's revelation.

"JetBlue has assaulted the privacy of 5 million of its customers," said Scannell. "Anyone who flew JetBlue before September 2002 should be aware and very scared that there is a dossier on them."

Torch Concepts acquired the data by contacting the Transportation Security Administration, which says it facilitated the transfer of the data from JetBlue to Torch Concepts, according to TSA spokesman Brian Turmail.

The TSA says the study was for a Pentagon proof-of-concept program related to improving security on military bases.

Torch Concept's lawyer, Richard Marsden, says the study was authorized and was related to "a science and technology study on the feasibility of enhancing the structure of the Army."

It remains unclear how an airline passenger-screening feasibility study without any references to the military relates to an Army feasibility study, though Marsden said he could not reveal any more information because of a confidentiality agreement.

The Army is investigating the matter, according to spokesman Maj. Gary Tallman, who added that "we take data and privacy regulations seriously and do everything we can to protect people's privacy."

Because it was a defense contractor that set up the records system, the Army may have violated the Privacy Act by not issuing official notice of the creation of the system.

The Privacy Act requires an agency to apply the act's provisions when it "provides by a contract for the operation by or on behalf of the agency of a system of records."

JetBlue clearly violated its own privacy policy by transferring its passenger data. Such a violation could be grounds for an investigation of unfair business practices by the Federal Trade Commission, which has the authority to fine companies and issue injunctions.

"We made a special exemption for this one exceptional case," said Gareth Edmundson-Jones, a spokesman for JetBlue. "We clearly have to review internally the decision and reconsider our policies."

The TSA, which is in charge of developing a new airline passenger-screening system called CAPPS II, adamantly denied receiving or reviewing the JetBlue data in the transfer. Turmail also said that the data was not used to test CAPPS II or CAPPS II prototypes.

Torch Concept's presentation, unearthed on a conference website by travel privacy activist and travel agent Edward Hasbrouck, shows that upon receiving the data, Torch Concepts purchased matching personal records from Acxiom, one of the country's largest data-aggregation companies.

That information included incomes, occupations, vehicle ownership information, number of children and Social Security numbers.

The company then used the data to create profiles of groups of travelers, dividing them into three specific groups: young middle-income homeowners, older upper-income homeowners and a group of passengers with anomalous records, which the presentation attributes to "erroneous entry, fraud or mischief."

Under the proposed CAPPS II system, passengers like those in Torch's third group would likely be assigned a yellow code by the system's algorithms, resulting in increased screening at the gate. Those whose identifying information is verified and who do not match a watch list of terrorists or wanted felons would get a green and face minimal scrutiny. Those whose names show up on the watch list would face arrest or be barred from flying.

The company's presentation concluded that "known airline terrorists appear readily distinguishable from the normal JetBlue passenger patterns," but said differentiation would be enhanced if the system had access to a passenger's annual, as well as lifetime, traveling history.

Torch Concept's work does not seem to be a prototype of CAPPS II, but instead an attempt to measure the viability of verifying and scoring passengers by checking them against data-aggregation companies' files. This is the same mechanism that will be used in CAPPS II, but TSA officials are adamant this study was not part of the CAPPS II program.

After a reporter made inquiries to the TSA, JetBlue and Torch Concepts, the presentation and all references to it were removed from the conference website, which is run by the Tennessee Valley Chapter of the National Defense Industrial Association.

The chapter's president, Joel Thomas of Elmco, said he received an internal e-mail Wednesday morning requesting its removal. Scannell has since mirrored the original document.

JetBlue's revelation came after two days of inquiry from Wired News, which reported Tuesday that TSA officials had told privacy activists that JetBlue gave assurances it would help in the testing of the agency's controversial new passenger-screening system, CAPPS II.

The presentation document also says the company first met with Jim Yeager at the Department of Transportation, who worked for the inspector general's office at the DOT.

Yeager was described as the "aviation security project manager" in a Jan. 4, 2002, document that announced the inspector general would conduct a review of proposed technologies to enhance aviation security. That audit, which is classified, was published in February 2003 and furnished to Congress.

Yeager, who now works at the Border and Transportation Security branch of the Department of Homeland Security's inspector general's office, did not respond to messages left for him.

Rick Toliver, a researcher for SRI who has worked on homeland security projects, chaired the session at the February conference. Toliver confirmed that Torch Concepts' then-CEO Bill Roark delivered the paper and that the session was well-attended.

Roark, who has a 15-year history of working on Pentagon projects, now works as the CEO of Torch Technologies, a Torch Concepts spin-off designed to focus on defense contracts.

On Wednesday, JetBlue issued a carefully worded statement and sent e-mails to customers. "Contrary to reports, JetBlue has not entered into an agreement to implement the CAPPS II program with the Transportation Security Administration. Further, no JetBlue customer information has been provided for purposes of testing the CAPPS II program currently under design."

David Sobel, an attorney with the Electronic Privacy Information Center, said it should not matter who received JetBlue's data in the transfer.

"A third party is a third party, whether that is the DOT, TSA or a contractor," said Sobel.

Hasbrouck called the presentation a "smoking gun" that proves that real passenger data has been used in the development of CAPPS II without attempting to get consent from passengers.

"Data from a number of different sources -- airlines, computer reservation systems, and third-party data warehouses -- (has) been provided to various contractors at various stages," said Hasbrouck.

Hasbrouck said the TSA has no authority to compel any airline to provide data, but even if JetBlue was ordered to provide data, the company should have told its customers.

"The ethical thing would be to reveal the transfer to passengers, so they can make a decision whether or not to fly JetBlue," said Hasbrouck. "Instead the company turned over what appears to be every reservation they've ever made."

It is unknown if the data has been destroyed or returned to JetBlue.

NBTA Attendees Sweat Out The Stagnant Economy At Dallas Show
Business Travel News - Aug 25, 2003
... to several issues raised by delegates, including data ... JetBlue ... and the second-generation
Computer Assisted Passenger ... The more information shared with us, the ...

<  We met Meacher in Boston: "Both Wars were planned in advance before 9/11"