 | |
| |
TechnologyDaily Mobile
The Outcry Over Airline Passenger Records
by Drew ClarkNorthwest Airlines' admission last week that it shared personal passenger information with the National Aeronautics and Space Administration (NASA) for a data-mining project has stirred privacy fears about several such monitoring measures.
Northwest gave millions of records to NASA's Ames Research Center at NASA's request. The data represented the airline's complete travel database for October, November and December 2001, during which time 10.9 million passengers flew on the airline. The news followed reports last September about JetBlue Airways giving personal information on about 1.5 million customers to a government contractor conducting anti-terrorism research and then apologizing.
The Northwest flap may prove particularly damaging because CEO Richard Anderson said in an interview days after the JetBlue story broke that Northwest "will not share customer information, as JetBlue Airways has." Northwest officials said last week, "At the time Mr. Anderson answered this question, he had no knowledge of the ... passenger data for the NASA research study."
Transportation industry experts and privacy advocates now warn of a far-greater threat: data mining by companies affiliated with three of the four major computer-reservation systems: European Amadeus, Galileo, Sabre Holdings and WorldSpan. The critics said a proposed U.S. government surveillance system could help the companies unlock information about all Americans' travel records.
A Lifetime Of Revealing Data?
The Electronic Privacy Information Center (EPIC) has gone to the Transportation Department to sue Northwest, claiming that the company breached its privacy policy, and EPIC is pressing NASA's Ames Center for further details on the data handover. Two class-action lawsuits also have been filed in Minnesota against the St. Paul-based airline.
Sen. Gordon Smith, R-Ore., has written Anderson and NASA to seek answers about privacy protections for passengers. And reports that NASA honed its technology with Census Bureau data prompted a stiff letter on Thursday from Rep. Carolyn Maloney, D-N.Y., and William Clay, D-Mo., demanding answers about the bureau's cooperation with the Homeland Security Business. They demanded a request by the close of business on Monday.
As with the JetBlue disclosure, the Northwest data dispute has reawakened concerns about the new Computer-Assisted Passenger Pre-screening System (CAPPS II) being designed by the Homeland Security Department's Transportation Security Administration (TSA). The cases also have prompted new questions about a December deal between Homeland Security and the European Union over passenger records from European flights to the United States.
Now several privacy experts argue that all travel records, including such personal details as traveling companions, lodging and the number of beds booked in a room, soon will be widely available to both government officials and to many businesses.
"This is not just everywhere you ever went on an airplane" but information "behind the closed doors of a hotel," said Edward Hasbrouck, author of "The Practical Nomad" air-travel guide. "This is not just an individual trip but a lifetime of where you've stayed. This is extremely intimate or revealing."
Before And After The Internet
The linchpin of almost all travel information is the data like Northwest gave to NASA and JetBlue gave to the Army contractor Torch Concept. Although airlines and travel agents selling tickets initially collect and create the data, it is generally stored not with airlines but with the computer-reservation systems of companies that stay in the background and avoid establishing relationships with individual customers.
In pre-Internet days, airlines owned the reservation systems, and travel agents facilitated computerized bookings. When low-cost airlines complained that their fares were listed below those of the big carriers that owned the systems, the Transportation Department imposed a bevy of regulations in 1984 and tightened them in 1992. Since then, however, the airlines have sold their interests in all but Amadeus, and come July 31, the department is lifting all rules.
Companies now affiliated with Sabre, Worldspan and Amadeus have conducted at least three other tests of CAPPS II-style technology. TSA contractors, including Infoglide Software, used data from Sabre to run "proof of concept tests" for CAPPS II, Hasbrouck said. Worldspan and Delta Airlines -- at that time a part owner of Worldspan -- tested the CAPPS II system using samples of archived data, TSA officials said. And a company in Phoenix called Airline Automation, since purchased by Amadeus, searched more than 5 million flight reservations with several airlines, according to a study by the Reason Public Policy Institute.
In the United States -- unlike Europe, which still has rules for computer-reservation systems -- the regulations never have imposed privacy requirements. That difference is one element in the continuing disagreement between European Union officials and Homeland Security officials over passenger data on flights originating in Europe.
The only privacy rules governing American flights are the privacy policies established by airlines, and even those may apply only to reservations made on the airlines' Web sites.
EPIC charges that Northwest's data disclosure breaches its policy, but Northwest disagrees. "Our privacy policy commits Northwest not to sell passenger information to third parties for marketing purposes," the company said in statement. "By providing the passenger-name-record data directly to NASA, a federal agency with its own strict privacy protections, Northwest acted appropriately and consistent with its own privacy policy and all applicable federal laws."
The Push For Privacy Rules
Northwest is now pressing the Air Transport Association (ATA), the top airlines' main lobbying group, to develop privacy rules for passengers, and it used a meeting of the group last Thursday to advance that agenda. An ATA official said after the meeting that the group supports CAPPS II but also has raised privacy concerns about it.
Under the proposed CAPPS II system, airlines would be responsible for collecting the name, addresses, telephone numbers and birth dates of every passenger and passing the information to commercial companies like ChoicePoint of LexisNexis, which run the information through their databases to verify the identities of travelers. The database companies then would divide passengers into a "green" category cleared for travel, a "yellow" category to be searched more thoroughly and a "red" category to be blocked from boarding airplanes or arrested.
Homeland Security officials have said that the personal data airlines collect will not be available either to the government or the database companies verifying passenger identities. But Hasbrouck and other privacy and travel experts said that the computer companies would reap an unexpected boon with the additional date-of-birth information collected by the airlines and that they could efficiently link millions of passenger records with individual travelers.
The computer-reservation companies "are legally allowed to do absolutely anything" with name records, Hasbrouck said. "The practical limit is not legal or policy or a fear of customer retaliation. The practical limit of what they do is the difficulty of correlating separate reservations" with individuals, he said.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
