Jam Piper Jam
Truth Seeker
JetBlue Gave Defense Firm Files on Passengers
By PHILIP SHENON
ASHINGTON, Sept. 19 ? JetBlue Airways acknowledged publicly today that it had provided a Pentagon contractor with information on more than one million of its passengers as part of a program to track down terrorists and other "high risk" passengers. That data, which was turned over in violation of the airline's own privacy policies, was then used to identify the passengers' Social Security numbers, financial histories and occupations.
JetBlue, a three-year-old discount airline, sent an e-mail message to passengers this week, conceding that it had made a mistake in providing the records last year to Torch Concepts, an Army contractor in Huntsville, Ala., for a research project on "airline passenger risk assessment."
"This was a mistake on our part and I know you and many of our customers feel betrayed by it," said David Neeleman, JetBlue's chief executive, in an e-mail message that the airline, based in New York, said was sent to about 150 passengers who had written in so far to complain.
Mr. Neeleman, the founder of JetBlue, which has been a rare success in the airline industry and has prospered because of its reputation for low fares and consumer friendliness, insisted that none of the passenger information was shared with the government. "The sole set of data in Torch's possession has been destroyed," he wrote. "No government agency ever had access to it."
Privacy rights groups expressed astonishment that JetBlue had shared so much passenger information with a contractor, describing the privacy breach as among the most serious reported by any American company in recent years.
JetBlue's announcement comes at a time when many civil liberties groups are warning that privacy rights are becoming victims of the government's struggle against terrorism and the desire of law enforcement and intelligence agencies for quick access to customer information that has traditionally been closely held by corporations.
The airline said it had provided Torch Concepts with records on about five million individual itineraries, reflecting the travels of about 1.1 million passengers in 2001 and 2002. The records, it said, would have included the passengers' names, addresses and phone numbers but not credit card numbers or government identification numbers commonly collected from travelers like passport numbers.
A lawyer for Torch Concepts, Richard Marsden, said that the passenger records provided by JetBlue were destroyed by the contractor earlier this week after the existence of the project was reported by Wired News, a technology-news Web site. "It's all been destroyed in the last 24 hours," he said in a telephone interview.
But privacy advocates said further investigation was needed. "Five million is a big number," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "JetBlue passengers have reason to be very upset. Will the data be destroyed? Will there be some compensation for the passengers?"
Mr. Neeleman said that the passenger information was turned over last year as a result of an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security." He said that JetBlue was told that "this project had no connection with aviation security."
The Pentagon, which was still largely shut down because of Hurricane Isabel, had no immediate comment on the issue.
Torch Concepts, which describes itself in promotional material as a "content-management and information-mining" company, was hired by the Army more than three years ago to determine how information from public and private records might be analyzed to help defend military bases from attack by terrorists and other adversaries.
While the company has insisted that the Army study was never intended to be used to improve security at civilian airports, there was clearly discussion within the company of whether its research might be of use to the Department of Homeland Security, which is responsible for airport security.
In a study prepared in February and released at a symposium sponsored by the Homeland Security Department, Torch Concepts said that "several data elements have been identified which best distinguish normal JetBlue passengers from past terrorists."
The report said that after receiving the passenger information from JetBlue, Torch Concepts matched the passenger names against a variety of databases that it had purchased from Acxiom, a large consumer research company.
"For approximately 40 percent of the passengers," the report said, the Acxiom databases provided additional "demographic information," including a passenger's Social Security number, occupation, income, gender and home- and car-ownership history, as well as the number of adults and children living in the passenger's household.
Mr. Marsden said the company and its study had no link to the Pentagon's broad electronic surveillance project known as Terrorist Information Awareness, which has drawn harsh criticism from Capitol Hill and from privacy groups in recent months who consider it an effort to intrude on the rights of Americans in the name of counterterrorism.
Nor, he said, was there any link between the Torch Concepts' project and a huge government passenger-screening program that is now being developed by the Transportation Security Administration. The government's antiterrorism program, the second phase in a effort known as the Computer Assisted Passenger Prescreening System, has also been criticized by privacy advocates as overly intrusive.
Gareth Edmondson-Jones, a spokesman for JetBlue, said in a telephone interview that the decision to provide the passenger information to Torch Concepts was a clear violation of the company's own policy. "We have the strongest privacy policy in the industry, which clearly says that we don't supply customer data to third parties," he said.
Asked if Mr. Neeleman or other senior executives had approved the sharing of the passenger information, Mr. Edmondson-Jones said he did not know, adding that there had been no discussion of disciplinary action against anyone at the company for the policy breach. "That's not even come up," he said. "We made the decision as a company, at whatever level it was done."
He suggested that the decision to turn over the passenger information to the contractor was motivated by the airline's concern with security in the aftermath of the Sept. 11 terrorist attacks. "In a post 9/11 word troubled by security issues and terrorists, we had a special request from the Department of Defense to assist in a military project," he said. "The decision was made to assist."
By PHILIP SHENON
ASHINGTON, Sept. 19 ? JetBlue Airways acknowledged publicly today that it had provided a Pentagon contractor with information on more than one million of its passengers as part of a program to track down terrorists and other "high risk" passengers. That data, which was turned over in violation of the airline's own privacy policies, was then used to identify the passengers' Social Security numbers, financial histories and occupations.
JetBlue, a three-year-old discount airline, sent an e-mail message to passengers this week, conceding that it had made a mistake in providing the records last year to Torch Concepts, an Army contractor in Huntsville, Ala., for a research project on "airline passenger risk assessment."
"This was a mistake on our part and I know you and many of our customers feel betrayed by it," said David Neeleman, JetBlue's chief executive, in an e-mail message that the airline, based in New York, said was sent to about 150 passengers who had written in so far to complain.
Mr. Neeleman, the founder of JetBlue, which has been a rare success in the airline industry and has prospered because of its reputation for low fares and consumer friendliness, insisted that none of the passenger information was shared with the government. "The sole set of data in Torch's possession has been destroyed," he wrote. "No government agency ever had access to it."
Privacy rights groups expressed astonishment that JetBlue had shared so much passenger information with a contractor, describing the privacy breach as among the most serious reported by any American company in recent years.
JetBlue's announcement comes at a time when many civil liberties groups are warning that privacy rights are becoming victims of the government's struggle against terrorism and the desire of law enforcement and intelligence agencies for quick access to customer information that has traditionally been closely held by corporations.
The airline said it had provided Torch Concepts with records on about five million individual itineraries, reflecting the travels of about 1.1 million passengers in 2001 and 2002. The records, it said, would have included the passengers' names, addresses and phone numbers but not credit card numbers or government identification numbers commonly collected from travelers like passport numbers.
A lawyer for Torch Concepts, Richard Marsden, said that the passenger records provided by JetBlue were destroyed by the contractor earlier this week after the existence of the project was reported by Wired News, a technology-news Web site. "It's all been destroyed in the last 24 hours," he said in a telephone interview.
But privacy advocates said further investigation was needed. "Five million is a big number," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "JetBlue passengers have reason to be very upset. Will the data be destroyed? Will there be some compensation for the passengers?"
Mr. Neeleman said that the passenger information was turned over last year as a result of an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security." He said that JetBlue was told that "this project had no connection with aviation security."
The Pentagon, which was still largely shut down because of Hurricane Isabel, had no immediate comment on the issue.
Torch Concepts, which describes itself in promotional material as a "content-management and information-mining" company, was hired by the Army more than three years ago to determine how information from public and private records might be analyzed to help defend military bases from attack by terrorists and other adversaries.
While the company has insisted that the Army study was never intended to be used to improve security at civilian airports, there was clearly discussion within the company of whether its research might be of use to the Department of Homeland Security, which is responsible for airport security.
In a study prepared in February and released at a symposium sponsored by the Homeland Security Department, Torch Concepts said that "several data elements have been identified which best distinguish normal JetBlue passengers from past terrorists."
The report said that after receiving the passenger information from JetBlue, Torch Concepts matched the passenger names against a variety of databases that it had purchased from Acxiom, a large consumer research company.
"For approximately 40 percent of the passengers," the report said, the Acxiom databases provided additional "demographic information," including a passenger's Social Security number, occupation, income, gender and home- and car-ownership history, as well as the number of adults and children living in the passenger's household.
Mr. Marsden said the company and its study had no link to the Pentagon's broad electronic surveillance project known as Terrorist Information Awareness, which has drawn harsh criticism from Capitol Hill and from privacy groups in recent months who consider it an effort to intrude on the rights of Americans in the name of counterterrorism.
Nor, he said, was there any link between the Torch Concepts' project and a huge government passenger-screening program that is now being developed by the Transportation Security Administration. The government's antiterrorism program, the second phase in a effort known as the Computer Assisted Passenger Prescreening System, has also been criticized by privacy advocates as overly intrusive.
Gareth Edmondson-Jones, a spokesman for JetBlue, said in a telephone interview that the decision to provide the passenger information to Torch Concepts was a clear violation of the company's own policy. "We have the strongest privacy policy in the industry, which clearly says that we don't supply customer data to third parties," he said.
Asked if Mr. Neeleman or other senior executives had approved the sharing of the passenger information, Mr. Edmondson-Jones said he did not know, adding that there had been no discussion of disciplinary action against anyone at the company for the policy breach. "That's not even come up," he said. "We made the decision as a company, at whatever level it was done."
He suggested that the decision to turn over the passenger information to the contractor was motivated by the airline's concern with security in the aftermath of the Sept. 11 terrorist attacks. "In a post 9/11 word troubled by security issues and terrorists, we had a special request from the Department of Defense to assist in a military project," he said. "The decision was made to assist."