JetBlue In Privacy Faux Pas
Violating its own privacy policy, JetBlue Airways gave 5 million passenger itineraries to a Defense Department contractor that used the information as part of a study seeking ways to identify "high risk" airline customers.
The study, produced by Torch Concepts of Huntsville, Ala., was titled "Homeland Security: Airline Passenger Risk Assessment." The apparent goal of the report was to determine whether it was possible to combine travel and personal information to create a profiling system that would make air travel safer.
The New York-based airline sent an e-mail apologizing to angry customers and said it has taken steps so the situation will not happen again. "This was a mistake on our part," JetBlue chief executive David Neeleman said.
Neeleman insisted the data JetBlue provided was not shared with any government agency and that Torch has since destroyed the passenger records.
Details of the study and JetBlue's involvement were reported Thursday by Wired.com, which credited privacy activist Bill Scannell for bringing attention to the issue on his Web site.
Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said that by violating its privacy policy, JetBlue could be sued for "deceptive trade practices." Rotenberg said his organization was contemplating filing a complaint with the Federal Trade Commission.
JetBlue "really should have known better," said Richard M. Smith, an Internet security and privacy consultant based in Cambridge, Mass.
Torch says the intent of the study was to guide the Pentagon on a project for military base security.
But Smith said the study was basically a prototype for a nationwide computer system being developed by the Transportation Security Administration. The system, ordered by Congress after the Sept. 11 attacks, will check such things as credit reports and consumer transactions and compare passenger names with those on government watch lists.
The TSA, the federal agency in charge of airline and airport security, said Friday it was not involved in the study.
Torch contacted the TSA last summer for airline industry contacts and the agency complied with the request, but "that was the extent of our involvement," TSA spokesman Nico Melendez said.
The Torch study analyzed the records JetBlue provided in September 2002, as well as other demographic data collected about the passengers, including Social Security numbers and information about their finances and families.
Neeleman's e-mail said Torch "developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium" and that he was "deeply dismayed to learn of it."
Neeleman said JetBlue provided passengers' names, addresses and phone numbers to Torch after an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security."
Torch referred calls to its attorney, Richard Marsden, who did not immediately return a call seeking comment.