JetBlue Action Prompts Suits, Federal Scrutiny

9/29/2003

By R. Scott Macintosh

TravelAgeWest

Originally published at http://www.travelagewest.com/newsarticle.asp?articleid=2480  


The use of jetBlue passenger information for a government project has sparked a federal inquiry, class-action lawsuits and widespread outrage over what civil rights groups are calling a grave violation of consumer privacy rights.

Passengers in California and Utah last week filed class-action suits against the airline, while the Federal Trade Commission, Electronic Privacy Information Center and the American Civil Liberties Union have called for investigations.

While the incident is not expected to affect the airline surveillance system currently being developed by the Transportation Security Administration, which also intends to use airline passenger records to screen for potential terrorists, it raises more questions about the privacy rights of travelers in a post-Sept. 11 world — and how the government intends to use and protect the information it wants to collect.

“I think we’ve learned that even when a company like jetBlue discloses minor information, it can be combined with more sensitive information to create some pretty extensive dossiers on people,” said Marcia Hoffman, an attorney with the Electronic Privacy Information Center.

JetBlue has apologized to some of its customers for releasing 5 million passenger records to a federal contractor to use in the project related to military base security.

The contractor, Torch Concepts of Huntsville, Ala., used the records and a commercially available database it purchased from Acxiom to extract in-depth information on some jetBlue travelers, including their Social Security numbers, income and the types of vehicles they owned.

The results of the project were presented earlier this year at a Department of Homeland Security seminar and posted on the Web site of the Tennessee Valley Chapter of the National Defense Industrial Association.

A spokesman for jetBlue last week said the carrier passed along the passenger data out of concern for consumer safety after the Sept. 11 terrorist attacks.

“It’s important to remember that the request was made less than a year after September 11,” said Fiona Morrisson of jetBlue. “Like everyone else we were concerned about the safety and security of airline passengers.”

The airline said it received a request for the records in July 2002 and delivered them within a month.

In the letter of apology to customers, jetBlue CEO David Neeleman stated that the records in Torch’s possession had been destroyed and that no government agency had access to it.

But the episode leaves unanswered questions about the extent of government involvement in the program and how it might relate to the development of a security system for the commercial aviation industry.

The Federal Trade Commission has agreed to investigate the business practices of jetBlue and Acxiom after a complaint was filed with the agency by the Electronic Privacy Information Center, which contends that the companies violated their own privacy policies by providing consumer records for the project.

A spokesman for Acxiom has denied that the company violated its privacy policy.

Two lawsuits seeking class-action status have been filed on behalf of jetBlue passengers in Salt Lake City and Los Angeles. Both suits also allege that the airline invaded the privacy of consumers.

The American Civil Liberties Union and the Electronic Privacy Information Center have each filed requests with federal agencies to access more details on the project, including how the jetBlue project might relate to the TSA’s Computer Assisted Passenger Prescreening program, known as CAPPS II, and how the agency plans to use airline passenger records in the future.

The TSA and jetBlue claim that none of the records were used for the testing of the CAPPS II project. A TSA spokesperson said Wednesday that the agency facilitated an introduction between jetBlue and Torch Concepts, but was not involved with the project.

On Monday, jetBlue admitted that it had entered into discussions with the TSA about involvement in the program, but has since pulled out.

“We support the TSA and the important work they do to ensure the safety and security of all airline passengers but we decided no to be involved in CAPPS II testing given the unresolved issues regarding privacy protection,” Neeleman said in a statement.

The airline also said that it has hired Deloitte & Touche to help develop a privacy policy.

The government’s use of personal data has become controversial since the TSA started developing CAPPS II.

Advocates are now using the jetBlue incident as an example of how personal information could be misused by the government.

“It illustrates how quickly this information can be used for unrelated purposes and how quickly it can get out,” said Barry Steinhardt, director of the ACLU’s technology and liberty program. “This demonstrates what could happen once CAPPS II has been built. It can’t possibly remain leak-proof.”

The incident, privacy advocates contend, fuels their fears that the government can use private data in unauthorized ways.

The Electronic Privacy Information Center fears that the CAPPS II system, initially intended to prevent terrorist attacks could also be used as a law enforcement tool to nab criminals.

The organization also contends that there is no meaningful provision to access or correct misinformation in the proposed system.

“No one disputes that there needs to be an improved security system,” said Hoffman, of the Electronic Privacy Information Center.

“No one ever wants to see another 9/11. But there must be methods for people to access records and see what the government collects.”

Still, some believe that it is inevitable that travelers eventually will have to yield more personal details when they fly.

“Right now we are at war,” said travel attorney Alexander Anolik. “People are going to have to give more information to the airlines. It is only going to get tighter and tighter.”