EXCLUSIVE JetBlue Released PNR Data

Airline says it is apologizing to customers

By: R. Scott MacIntosh

JetBlue released personal information from 5 million passenger records last year for use in a Department of Defense project.

A contractor that worked on the project used a commercially available database and the jetBlue data, though limited, to extract in-depth information on some travelers, including their Social Security numbers, income and the types of vehicles they owned.

The government’s use of personal data has become controversial in recent months as it tries to develop a national anti-terrorism system, with privacy and civil rights activists raising concerns about possible misuse of personal information.

A jetBlue spokesman said Wednesday that, at the request of the Defense Department, jetBlue gave the agency access to the historical passenger data. On Thursday, the spokesman said the carrier was sending letters of apology from the airline’s CEO, David Neeleman, to some concerned customers who had seen a Web report about jetBlue’s action.

Gareth Edmondson-Jones, the spokesman for jetBlue, also said he had misspoken on Wednesday and that the data was never given to the Defense Department, but was given directly to its contractor, Torch Concepts of Huntsville, Ala. Edmondson-Jones said the airline’s Passenger Name Records were requested in July 2002 and were released within a month. He said the data was from passengers on flights going back to 2000.

In the letter that Edmondson-Jones said the carrier is sending, Neeleman stated: “& (W)e responded to an exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security. & We provided historical customer data including names, addresses and phone numbers. It DID NOT include personal financial information, credit card information, or social security numbers.”

The Defense Department contracted with Torch Concepts for a project related to changes in the Army’s force structure, according to Rich Marsden, the company’s corporate counsel.

Torch Concepts merged the jetBlue passenger information with a commercial database, allowing it to determine detailed information on people in 40 percent of the records including their Social Security numbers, vehicles, income, occupation, gender and home-ownership status, according to a Torch Concepts report.

Torch Concepts presented that information earlier this year at a seminar sponsored by the Transportation Security Administration on development of the TSA’s airline passenger surveillance system, Edmondson-Jones said Wednesday. The jetBlue letter released Thursday acknowledged that the data was used in “& a presentation, without jetBlue’s knowledge, for a Department of Homeland Security symposium.”

The letter also noted that personal information on one customer was used in the presentation, though the passenger’s name was not mentioned.

“(Torch Concepts) acted independently and utilized the information to present at a TSA-sponsored conference,” Edmondson-Jones said. “It was used in a presentation without jetBlue’s knowledge or consent.”

Torch Concepts acknowledged Wednesday that it presented the information at the conference but said the work wasn’t funded by the TSA. “The project just happened to fit into the theme of that conference,” said Marsden. “But it is not related to CAPPS II.” The TSA’s Computer Assisted Passenger Prescreening System is often referred to as CAPPS II.

That TSA program, which is still being developed, proposes to collect airline passenger data and analyze that information with the use of commercial databases to identify potential terrorists.

The Torch Concepts project, however, resembles technology that has been proposed for use in the CAPPS II system. And the presentation report gives broad insight into how extensive the proposed surveillance program could be.

According to the presentation report posted on the Web site of the Tennessee Valley Chapter of the National Defense Industrial Association, Torch Concepts said the jetBlue data provided little detailed information about the passengers.

But Torch Concepts said it was able to extract more intimate details on people in 2 million of the records by comparing the airline’s PNR data with information in a commercial database it purchased from Acxiom.

In its conclusions, Torch Concept’s report said a more thorough assessment of airline passengers could be provided if airline PNRs contained more details. “Known airline terrorists appear readily distinguishable from the normal jetBlue passenger patterns,” the report said. “If a more comprehensive P&R (sic) data base were available, it is expected that analysis could identify and characterize all normal travel patterns.”

The report suggested that regular passengers can be distinguished from terrorists by several key pieces of information: Social Security number, length of residence, income and home ownership. The number of miles flown annually and in a lifetime also would be good indicators, the document said. The report said overtures were made to airlines for data as early as December 2001. It appears to indicate that Delta Air Lines and American Airlines were asked. The report does not say who made the overtures or what the responses were.

The TSA said Wednesday it never contracted with Torch Concepts and that jetBlue has not been involved in the development of its CAPPS II program. “The TSA has never used any historical PNR data from any airline ever in its tests of CAPPS II,” said agency spokesman Brian Turmail.

In his letter, jetBlue’s Neeleman said the airline “&has never supplied, nor will supply, customer information to the Transportation Security Administration, or any government agency, unless we are required to do so by law not for CAPPS II or for any other purposes, whatsoever.”

Still, privacy-rights advocates said they were concerned about the use of jetBlue passenger data.

“We have no idea who else might have this data,” said Edward Hasbrouck, travel privacy activist and writer. “It’s a complete abuse of the trust that travelers have in an airline.”

In his letter, Neeleman stated: “The sole set of data in Torch’s possession has been destroyed; no government agency ever had access to it.”