The use of jetBlue passenger information for a government project
has sparked a federal inquiry, class-action lawsuits and widespread
outrage over what civil rights groups are calling a grave violation
of consumer privacy rights.
Passengers in California and Utah last week filed class-action
suits against the airline, while the Federal Trade Commission,
Electronic Privacy Information Center and the American Civil
Liberties Union have called for investigations.
While the incident is not expected to affect the airline
surveillance system currently being developed by the Transportation
Security Administration, which also intends to use airline
passenger records to screen for potential terrorists, it raises
more questions about the privacy rights of travelers in a
post-Sept. 11 world and how the government intends to use and
protect the information it wants to collect.
“I think we’ve learned that even when a company like jetBlue
discloses minor information, it can be combined with more sensitive
information to create some pretty extensive dossiers on people,”
said Marcia Hoffman, an attorney with the Electronic Privacy
JetBlue has apologized to some of its customers for releasing 5
million passenger records to a federal contractor to use in the
project related to military base security.
The contractor, Torch Concepts of Huntsville, Ala., used the
records and a commercially available database it purchased from
Acxiom to extract in-depth information on some jetBlue travelers,
including their Social Security numbers, income and the types of
vehicles they owned.
The results of the project were presented earlier this year at a
Department of Homeland Security seminar and posted on the Web site
of the Tennessee Valley Chapter of the National Defense Industrial
A spokesman for jetBlue last week said the carrier passed along
the passenger data out of concern for consumer safety after the
Sept. 11 terrorist attacks.
“It’s important to remember that the request was made less than
a year after September 11,” said Fiona Morrisson of jetBlue. “Like
everyone else we were concerned about the safety and security of
The airline said it received a request for the records in July
2002 and delivered them within a month.
In the letter of apology to customers, jetBlue CEO David
Neeleman stated that the records in Torch’s possession had been
destroyed and that no government agency had access to it.
But the episode leaves unanswered questions about the extent of
government involvement in the program and how it might relate to
the development of a security system for the commercial aviation
The Federal Trade Commission has agreed to investigate the
business practices of jetBlue and Acxiom after a complaint was
filed with the agency by the Electronic Privacy Information Center,
which contends that the companies violated their own privacy
policies by providing consumer records for the project.
A spokesman for Acxiom has denied that the company violated its
Two lawsuits seeking class-action status have been filed on
behalf of jetBlue passengers in Salt Lake City and Los Angeles.
Both suits also allege that the airline invaded the privacy of
The American Civil Liberties Union and the Electronic Privacy
Information Center have each filed requests with federal agencies
to access more details on the project, including how the jetBlue
project might relate to the TSA’s Computer Assisted Passenger
Prescreening program, known as CAPPS II, and how the agency plans
to use airline passenger records in the future.
The TSA and jetBlue claim that none of the records were used for
the testing of the CAPPS II project. A TSA spokesperson said
Wednesday that the agency facilitated an introduction between
jetBlue and Torch Concepts, but was not involved with the
On Monday, jetBlue admitted that it had entered into discussions
with the TSA about involvement in the program, but has since pulled
“We support the TSA and the important work they do to ensure the
safety and security of all airline passengers but we decided no to
be involved in CAPPS II testing given the unresolved issues
regarding privacy protection,” Neeleman said in a statement.
The airline also said that it has hired Deloitte & Touche to
The government’s use of personal data has become controversial
since the TSA started developing CAPPS II.
Advocates are now using the jetBlue incident as an example of
how personal information could be misused by the government.
“It illustrates how quickly this information can be used for
unrelated purposes and how quickly it can get out,” said Barry
Steinhardt, director of the ACLU’s technology and liberty program.
“This demonstrates what could happen once CAPPS II has been built.
It can’t possibly remain leak-proof.”
The incident, privacy advocates contend, fuels their fears that
the government can use private data in unauthorized ways.
The Electronic Privacy Information Center fears that the CAPPS
II system, initially intended to prevent terrorist attacks could
also be used as a law enforcement tool to nab criminals.
The organization also contends that there is no meaningful
provision to access or correct misinformation in the proposed
“No one disputes that there needs to be an improved security
system,” said Hoffman, of the Electronic Privacy Information
“No one ever wants to see another 9/11. But there must be
methods for people to access records and see what the government
Still, some believe that it is inevitable that travelers
eventually will have to yield more personal details when they
“Right now we are at war,” said travel attorney Alexander
Anolik. “People are going to have to give more information to the
airlines. It is only going to get tighter and tighter.”