Lay Off JetBlueA "serious betrayal" of consumer privacy? Get real.
Posted Wednesday, Sept. 24, 2003, at 7:00 PM ETWhy all the hysteria about JetBlue? On Sept. 16, Wired News broke the story that the discount airline had shared old passenger itineraries with a government contractor seeking to improve the screening of airline passengers. It had received the tip from Paul Weyrich, the cultish chairman of the far-right Free Congress Foundation. Weyrich, who's very interested in privacy issues, had learned about JetBlue's actions from "a very high-level official at the Transportation Security Administration." Wired News ran with it. The AP picked up the story, erroneously attributing the scoop to privacy advocate Bill Scannell. (Wired News made it perfectly plain that Weyrich was its original source. Scannell was cited merely as a confirming source. Was AP simply embarrassed to state the story's real provenance?) The following day, the story landed with a thud on Page One of the New York Times, whose editorial page was soon declaring it "one of the most serious betrayals of consumers' privacy rights by an American business." Now lawsuits are being filed, a formal complaint is being lodged with the Federal Trade Commission, and JetBlue's CEO, David Neeleman, is begging its customers' forgiveness.
PRINT
DISCUSS
E-MAIL
RSS
RECOMMEND...
Facebook
MySpace
Mixx
Digg
Reddit
del.icio.us
Furl
Ma.gnolia
Sphere
StumbleUponForgiveness for what? As a general rule, airline passengers do not reveal their darkest, most intimate secrets when they book a flight. The information JetBlue gave the contractor, Torch Concepts, consisted of names, addresses, phone numbers, and itineraries. Admittedly, JetBlue did violate is own privacy policy, which states, "The financial and personal information collected on this site is not shared with any third parties." This minor act of corporate malfeasance would have made a nice little story for Airways magazine. But Chatterbox can't see what makes it a major national story.
I'm not sure why you are so obsessed with how the jetBlue Airways privacy scandal came to light.
You are certainly entitled to your opinion as to whether travelers should care that their travel records have been passed on to companies they've never heard of, and used for purposes they didn't know about or authorize. Your readers, of course, might beg to differ. And if you still think this is a "trivial goof," and don't get why folks are concerned, you might look at the information my Web site.
But for what it is worth, and so that you can run an appropriate correction, the fact that jetBlue Airways gave 5 million reservation records to a military contractor for use in testing passenger profiling systems was first reported on my Web site, in my newsletter, and to the Infotec-Travel mailing list (archived at Infotec-Travel.com) on 16 September 2003. It was (and is) part of an update to my overview of travel records and privacy, "Total Travel Information Awareness," at: http://hasbrouck.org/articles/travelprivacy.html
It wasn't mentioned in the Wired News story that day, and it came from my own research and sources. Not Paul Weyrich, not Bill Scannell, and not Wired -- contrary to your story.
After posting my own story, I alerted reporters at both Wired News and the New York Times (among others) to the document I had found. Wired News picked up the story two
days later, properly ackowledging me as the source:
http://www.wired.com/news/privacy/0,1848,60489,00.html
AP picked it up from Wired, a day later, and the Times a day after that. AP correctly credited Bill Scannell for "bringing attention to the issue on his Web site, DontSpyOn.Us", which is true. The AP story said nothing about who uncovered the document or where the expose was first published.
(To respond, click here)
Ryan Singel Responds:
Timothy Noah's recent column questioned the enormity, or non-enormity, of the revelation that JetBlue violated its privacy policy, a story I first reported in Wired News.
And that's a legitimate question to ask.
However, the story did not unfold quite the way Noah portrayed it. Noah conflates 2 separate stories, both about JetBlue and data transfers. But one was about the future, and one was about the past.
On September 16, Wired News published a story
(http://www.wired.com/news/privacy/0,1848,60456,00.html) stating that JetBlue had agreed to help with the testing of the government's new airline passenger profiling system. That system is run by the Transportation Security Admnistration and goes by the name CAPPS II.
But that story simply said that JetBlue had agreed to provide passsenger data to help test CAPPS II in the *future*. The information was news because Delta had made a similiar promise in the spring but retracted it when it came under criticism from privacy advocates.
The promise came to light after a number of conservatives who are concerned about government surveillance met with the TSA's head, Adm. James Loy.
He told this group, in an off-the record meeting, about JetBlue's promise to help out when CAPPS II gets tested on real data in the future.
I quoted Paul Weyrich, who runs the Free Congress Foundation, because the information about JetBlue was related by the TSA to a group of conservative privacy advocates and Weyrich was willing to speak on the record. He was not my only source for the story. It is even incorrect to say he was how I learned about the promise.
Noah pokes some fun at Weyrich, which is Noah's perogative, but Weyrich's information was correct.
In fact, all last week, JetBlue denied that it had promised to help CAPPS II in the *future*, even when it was apologizing for its actions from last year. On Monday, JetBlue released this press release, http://www.jetblue.com/learnmore/pressDetail.asp?newsId=202, which confirmed my first story, saying that although JetBlue had volunteered to help CAPPS II in the future, they were revoking that promise.
However this was NOT the story that the NY Times and the wire services picked up.
That story, which came out two days later, on the 18th, was about what JetBlue did in the *past*, specifically in September 2002. http://www.wired.com/news/privacy/0,1848,60489,00.html
The document that prompted this story, as my story clearly stated, was unearthed by travel privacy activist, Edward Hasbrouck. Let me repeat, Weyrich did not find the document that showed that JetBlue gave passenger info to a defense contractor.
Bill Scannell posted it to his protest website (www.dontspyon.us) a day before my story came out (I also credited him for quasi-breaking the story), but Scannell was also not my source for the document.
Furthermore, as my story clearly indicated, the TSA adamant the Torch study
was NOT about their passenger screening program. The TSA says all they did
was ask JetBlue to help out the Pentagon with a project on researching military installation security. The Pentagon confirms this. The TSA also says CAPPS II has never been tested on real data.
Many wonder why a defense contractor used passenger data to study passenger profiling, but did so for the Army.
And many, like Noah, believe the JetBlue data transfer had to be related to CAPPS II.
However, there is no proof of any connection to date and to state that as proven fact would be erroneous.
All parties invloved -- the Army, the TSA, the defense contractor and JetBlue -- maintain the JetBlue data leak was about army base security.
One must also take into account that the Army has stood up and said this is our program. One might be able to conjure a theory explaining why the Army took a bullet for the Department of Homeland Security, but I've seen no proof that they are doing so.
There are, in fact, some questions about whether the Army violated the Privacy Act by commissioning the study. If they did, then officials at the Army could face civil and criminal penalties. The Army is looking into the matter.
The TSA does wants to test its system on real data in the future, but they need to go through with a set of Privacy Act statements, so people can know what data will be used, how long it will be kept, and what the penalty is for non-compliance. This law is meant to promote open-government and prevent secretive databases on Americans.
There are good reasons for such rules. For those don't know what those reasons are, I suggest reading the intro to the Church Committee report http://www.icdc.com/~paulwolf/cointelpro/churchfinalreportIIa.htm. Then you will understand why the Privacy Act was passed.
Again, Noah's questioning of the amount of attention the story has gotten is legitimate. However, his account of how the story unfolded was misleading in my opinion.
And more to the point, I do not believe the press should give JetBlue a pass for betraying its promise to its customers, just because it had wide seats, great customer service, and Animal Planet from airport to airport.
Nor should the press let the government get away with breaking or skirting laws because of legitimate fears of further terrorist attacks.
(To reply, click here)
Tim Noah responds:
Edward Hasbrouck and Ryan Singel maintain that the JetBlue story broke not on Sept. 16, when Singel reported that JetBlue would be sharing passenger itineraries with the Transportation Security Administration, but on Sept. 18, when Singel reported that JetBlue had already shared 5 million itineraries with Torch Concepts, a government contractor. In fact, the Sept. 18 story was a refinement of the Sept. 16 story, correcting some facts in the earlier story and adding many details. If you don't believe me, compare them yourself.
Here's the Sept. 16 story:
http://www.wired.com/news/privacy/0,1848,60456,00.html
Here's the Sept. 18 story:
http://www.wired.com/news/privacy/0,1848,60489,00.html
It may be that what is described in these stories are two separate instances where JetBlue shared or planned to share passenger itineraries with the government or a government contractor. Or it may be that the two stories describe the same transaction. (That's what I think. It's hard to tell, though, because the TSA and the Army are not being forthcoming about this.) But the essence of both stories was that JetBlue was providing passenger data to be used in devising a passenger screening program. That is what privacy advocates are upset about (and what I'm not particularly upset about).
The Army and TSA insist that the 5 million itineraries that JetBlue gave Torch Concepts were NOT used in devising a passenger screening program, but instead were used in a study of army base security. That is disproved by a Torch Concepts report on the project, titled "Homeland Security Airline Passenger Risk Assessment." The report refers specifically to Torch's receiving "the Jet Blue Data Base."
The report can be accessed here:
http://cryptome.org/jetblue-spy.pdf
I am happy to see Hasbrouck and Singel provide Slate's readers with additional details, but they are wrong to suggest they've found an error in the column.
(To reply, click here)
Addendum from Tim Noah:
Edward Hasbrouck has written me to complain that I failed to acknowledge that Singel's second story drew heavily on data that he, Hasbrouck, first made public on his Web site on Sept. 16, the same day Wired had its first JetBlue scoop. I hereby acknowledge it. Does that mean the JetBlue scoop belongs to Hasbrouck and not Wired? Arguably, yes. But Wired has much greater reach than Hasbrouck's Web site, and is more unambiguously a journalistic (rather than an advocacy) organization. In crediting Wired with the scoop, I didn't mean to slight Hasbrouck's obviously central role in uncovering much of the information.
(To respond, click here)
(9/28)
After Torch Concepts got its hands on JetBlue's names, addresses, phone numbers, and itineraries, it matched some of these up with data it purchased elsewhere. Apparently this included Social Security numbers and financial data. Much concern has been raised that this constituted government snooping into the lives of innocent Americans. (Torch Concepts never actually turned its data over to the TSA, but the TSA put Torch Concepts in touch with JetBlue and clearly hoped the result would be a usable prototype for the TSA's airline screening in the future.) But the government already has financial data—in most cases, of much better quality—on everybody who pays income tax. It knows your Social Security number, too. It gave you your Social Security number.
The purpose of JetBlue's collaboration with Torch Concepts was to compile profiling data on airline passengers. Torch Concepts' strategy was to look for suspicious "transportation transactions," "investment transactions," and "biochemical transactions." Given the reality of 9/11, some kind of profiling is going to occur. Whether these particular benchmarks will prove reliable is anybody's guess. But almost anything would be an improvement on the current system, which relies heavily on unacknowledged racial profiling of Arabs and the escalating removal of clothing at the metal detectors. (For casual voyeurs, airports are now almost as much fun to visit as public beaches.)
So, where's the concrete harm? "It's really quite unclear what the damages are," says Solveig Singleton, a senior analyst at the libertarian Competitiveness Enterprise Institute. Singleton is a frequent critic of privacy advocates, but on this point, privacy advocate Marcia Hofmann, staff counsel at the Electronic Privacy Information Center, agrees. "When you're dealing with privacy law, it's always a problem trying to define how someone was injured," she told Chatterbox. When pressed, Hofmann cited the hypothetical risk of identity theft. Surely, though, the data most helpful to identity thieves is what's available publicly, not what some government agency keeps private for law enforcement.
There was one troubling instance where Torch Concepts put information it compiled on one individual (including the Social Security number, but minus the name) on the Web, as a sample of what it can do. In the Sept. 24 Wall Street Journal, Torch said that information has now been destroyed. That isn't true. Chatterbox clicked onto the data just today. Want to guess how Chatterbox found it? Through a document posted by the privacy-obsessed Electronic Privacy Information Center!
Here's a little personal information about Chatterbox: Last month, on the recommendation of the Chattersister, he booked a flight to Los Angeles with the Chatterkinder on JetBlue. Circumstances required him to change the flight fairly close to the departure date. It was a complicated transaction that involved removing Chatterbox from the return flight and substituting Mammy Chatterbox. The JetBlue agent with whom Chatterbox spoke was unfailingly competent and kind in making these changes, which occasioned a minimal additional charge.
When Chatterbox and the Chatterkinder walked onto the plane, the overhead racks were spewing what appeared to be smoke. That was momentarily alarming. But it turned out to be condensation! It was a very humid day, and someone had made the improbable decision to crank up the air conditioning to make the passengers more comfortable! The plane itself was brand-new, with leather seats, legroom far exceeding anything Chatterbox had ever encountered in coach, individualized DirectTV for every passenger, and a little card tucked behind the barf bag recommending yoga positions to ease muscle strain during the flight, which took off and arrived on time. All the more remarkable was that these luxuries were available on a discount airline. In sum, this commercial flight was a pleasurable consumer experience. When's the last time you saw the words "commercial flight" and "pleasurable" in the same sentence? (No, Chatterbox doesn't own any JetBlue stock, or know anyone who works for the company.)
So, they made a trivial goof enforcing their privacy policy. They don't need to apologize to Chatterbox, who looks forward to his next flight on JetBlue.
E-mail Timothy Noah at .
What It Will Cost You To Deny Illegal Immigrants Health Insurance
Stupid Drug Story of the Week: NBC's Today Show Discovers Huffing
Can the Government Call God Jesus? What About Allah?
How Twilight Made Goth Fashion Mainstream
Is Disney's The Suite Life Making Your Child Into an Evil Lothario?
What Sarah Palin Wrote in Obama's Facebook Feed
