JetBlue released personal information from 5 million passenger
records last year for use in a Department of Defense project.
A contractor that worked on the project used a commercially
available database and the jetBlue data, though limited, to extract
in-depth information on some travelers, including their Social
Security numbers, income and the types of vehicles they owned.
The government’s use of personal data has become controversial
in recent months as it tries to develop a national anti-terrorism
system, with privacy and civil rights activists raising concerns
about possible misuse of personal information.
A jetBlue spokesman said Wednesday that, at the request of the
Defense Department, jetBlue gave the agency access to the
historical passenger data. On Thursday, the spokesman said the
carrier was sending letters of apology from the airline’s CEO,
David Neeleman, to some concerned customers who had seen a Web
report about jetBlue’s action.
Gareth Edmondson-Jones, the spokesman for jetBlue, also said he
had misspoken on Wednesday and that the data was never given to the
Defense Department, but was given directly to its contractor, Torch
Concepts of Huntsville, Ala. Edmondson-Jones said the airline’s
Passenger Name Records were requested in July 2002 and were
released within a month. He said the data was from passengers on
flights going back to 2000.
In the letter that Edmondson-Jones said the carrier is sending,
Neeleman stated: “& (W)e responded to an exceptional request
from the Department of Defense to assist their contractor, Torch
Concepts, with a project regarding military base security. & We
provided historical customer data including names, addresses and
phone numbers. It DID NOT include personal financial information,
credit card information, or social security numbers.”
The Defense Department contracted with Torch Concepts for a
project related to changes in the Army’s force structure, according
to Rich Marsden, the company’s corporate counsel.
Torch Concepts merged the jetBlue passenger information with a
commercial database, allowing it to determine detailed information
on people in 40 percent of the records including their Social
Security numbers, vehicles, income, occupation, gender and
home-ownership status, according to a Torch Concepts report.
Torch Concepts presented that information earlier this year at a
seminar sponsored by the Transportation Security Administration on
development of the TSA’s airline passenger surveillance system,
Edmondson-Jones said Wednesday. The jetBlue letter released
Thursday acknowledged that the data was used in “& a
presentation, without jetBlue’s knowledge, for a Department of
Homeland Security symposium.”
The letter also noted that personal information on one customer
was used in the presentation, though the passenger’s name was not
mentioned.
“(Torch Concepts) acted independently and utilized the
information to present at a TSA-sponsored conference,”
Edmondson-Jones said. “It was used in a presentation without
jetBlue’s knowledge or consent.”
Torch Concepts acknowledged Wednesday that it presented the
information at the conference but said the work wasn’t funded by
the TSA. “The project just happened to fit into the theme of that
conference,” said Marsden. “But it is not related to CAPPS II.” The
TSA’s Computer Assisted Passenger Prescreening System is often
referred to as CAPPS II.
That TSA program, which is still being developed, proposes to
collect airline passenger data and analyze that information with
the use of commercial databases to identify potential
terrorists.
The Torch Concepts project, however, resembles technology that
has been proposed for use in the CAPPS II system. And the
presentation report gives broad insight into how extensive the
proposed surveillance program could be.
According to the presentation report posted on the Web site of
the Tennessee Valley Chapter of the National Defense Industrial
Association, Torch Concepts said the jetBlue data provided little
detailed information about the passengers.
But Torch Concepts said it was able to extract more intimate
details on people in 2 million of the records by comparing the
airline’s PNR data with information in a commercial database it
purchased from Acxiom.
In its conclusions, Torch Concept’s report said a more thorough
assessment of airline passengers could be provided if airline PNRs
contained more details. “Known airline terrorists appear readily
distinguishable from the normal jetBlue passenger patterns,” the
report said. “If a more comprehensive P&R (sic) data base were
available, it is expected that analysis could identify and
characterize all normal travel patterns.”
The report suggested that regular passengers can be
distinguished from terrorists by several key pieces of information:
Social Security number, length of residence, income and home
ownership. The number of miles flown annually and in a lifetime
also would be good indicators, the document said. The report said
overtures were made to airlines for data as early as December 2001.
It appears to indicate that Delta Air Lines and American Airlines
were asked. The report does not say who made the overtures or what
the responses were.
The TSA said Wednesday it never contracted with Torch Concepts
and that jetBlue has not been involved in the development of its
CAPPS II program. “The TSA has never used any historical PNR data
from any airline ever in its tests of CAPPS II,” said agency
spokesman Brian Turmail.
In his letter, jetBlue’s Neeleman said the airline “&has
never supplied, nor will supply, customer information to the
Transportation Security Administration, or any government agency,
unless we are required to do so by law not for CAPPS II or for any
other purposes, whatsoever.”
Still, privacy-rights advocates said they were concerned about
the use of jetBlue passenger data.
“We have no idea who else might have this data,” said Edward
Hasbrouck, travel privacy activist and writer. “It’s a complete
abuse of the trust that travelers have in an airline.”
In his letter, Neeleman stated: “The sole set of data in Torch’s
possession has been destroyed; no government agency ever had access
to it.”
