--- http://news.com.com/2010-1029-5080339.html JetBlue privacy--under federal wings? September 23, 2003, 4:00 AM PT By Declan McCullagh Ever since its launch, I've been an unabashed fan of JetBlue Airways, the brash start-up that offers comfortable seats, satellite-linked TVs and beat-the-competition prices. Until last week, that is, when I found out that JetBlue secretly turned over my personal information and details on some 5 million other passengers to a private contractor that's working on a data-mining project for the Bush administration. A presentation prepared by contractor, Torch Concepts of Huntsville, Ala., describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels and vehicle ownership information it purchased from Acxiom, a company that sells consumer data. Not all the details are clear, but the presentation discusses how Torch, on behalf of Uncle Sam, tried to rate each passenger's security risk level by analyzing the merged databases. That kind of disgraceful privacy intrusion demonstrates that it's high time to amend the Privacy Act of 1974, which restricts databases that the U.S. government compiles but does not regulate how agencies access databases the private sector runs. [...] ----- Forwarded message from John Gilmore <gnu@private> ----- From: John Gilmore <gnu@private> Subject: Please submit public comments on CAPPS 2 / JetBlue Date: Wed, 24 Sep 2003 02:12:16 -0700 [Moderator's note: This isn't about crypto, but I have a tradition of forwarding John's appeals on such topics. --Perry] There's something you can do *right now* that will stop pending abuses of air travelers' private data. And your chance to do it will expire this coming Tuesday (Sept 30). The government has published a Privacy Act notice about its CAPPS-2 program, which would require all airlines to provide JetBlue-style information (full PNRs) to the government -- all the time, before every flight. It's like another JetBlue database dump that happens again and again, day after day, month after month, airline after airline. Affecting everyone who ever flies. CAPPS-2 is the real thing, for which the Torch Concepts/JetBlue contract was one of the test runs. The government is taking public comments on the CAPPS-2 proposal, by email or postal mail, between now and September 30th. After that, if you send them your opinion, they'll ignore it (even more than usual). Address your email like this: To: privacy@private Subject: DHS/TSA-2003-1 Then tell them whatever you want. If the government is honest, then they would stop CAPPS-2 if they got individual notes from 10,000 people saying "KILL CAPPS-2! Don't sacrifice the privacy of 600 million travelers each year in a foolish attempt to catch less than a dozen actual terrorists each year." If they are dishonest and don't care what the public thinks, then they would at least be on notice that 10,000 honest and involved people are watching them. You can write them pages and pages of details on how terrible CAPPS-2 is, and how corrupt they are to propose it, instead of a short note. But I suggest reading the details of what they propose, if you're going to that much trouble. You can find their proposal (in proprietary PDF format) here: http://www.dhs.gov/interweb/assetlibrary/CAPPSII_PRIVACY_ACT_NOTICE.pdf They claim that they're putting up the comments for public viewing on http://www.dhs.gov, but if they have done so, I can't find them there. You can find an earlier round of 282 overwhelmingly negative public comments on CAPPS-2 here, if you click "Simple Search" and enter "1437": http://dms.dot.gov As a brief overview, CAPPS-2 would require airlines to collect peoples' full legal name, residence address, home phone number, and date of birth (none of which is currently used by airlines today) before they can even make a flight reservation. They would be required to hand this information, and everything else in the PNR (flight reservation), to the government, LONG BEFORE the flight takes off. Then the government (or its "contractors") would do the same kind of data matching that Torch Concepts did, hooking up your flight reservations to credit databases and many other government and private databases. The difference is that if YOUR data was one of those "anomalous records" (that didn't fit one of the standard patterns of your airline's customers), you would be singled out to be specially searched, and/or kept off the airplane. Torch Concepts' report blew the whistle on this secret program. The report is at http://cryptome.org/jetblue-spy.pdf. On page 22, Torch found two major groupings of JetBlue customers: (1) Young Middle Income Home Owners with Short Length-of-Residence (2) Older Upper Income Home Owners with Longer Length-of-Residence Everybody else they categorized into "anomalous records". If you're an oldster who moved to Florida recently -- or a renter -- or a lower income person of any type -- you're anomalous. You're going to get that special government search whenever you fly on JetBlue, if TSA succeeds in imposing CAPPS 2. (Oh, perhaps their final system will be more subtle than this clumsy contractor was, but the basic problem is the same: the government will forcibly identify each traveler, evalulate their lifestyle from database records, and then make snap decisions about what civil rights that person will have while traveling. They propose to permanently withhold the right to anonymity; grant or withhold the right to travel; and grant or withhold the right not to be searched without probable cause. I thought rights were something that you had *all the time*, not just if the government likes your lifestyle.) CAPPS-2 also proposes that this "airport checkpoint" also be used to try to catch various kinds of criminals, rather than solely to make flying supposedly safer. It would also be used to catch foreign visitors whose visa has expired or whose paperwork is snarled. And once the public is used to it, of course I expect it would be expanded to stop people for everything up to and including parking tickets. The judges say that searching the general public without cause, in order to catch criminals, is unconstitutional. But don't depend on a judge to guard your rights. Complain to the government yourself, right now! Here's the best part. Besides the "blacklists" that today's CAPPS-1 system uses, the CAPPS-2 system will have "whitelists". Anyone with a government security clearance, or a "position of trust and confidence", will never get singled out, screened, or delayed. They will be able to show up at the airport half an hour before their flight, like everyone used to be able to do, and just walk on board. There'll be one rule for "Party members" and another rule for the "proletariat". CAPPS-2 assumes you are guilty until proven innocent -- and assumes you are innocent if you work for the government. That alone is reason enough to stop it. EFF has also set up an Action Alert web site as another way to submit your comments on CAPPS-2. See: http://action.eff.org/action/index.asp?step=2&item=2785 John Gilmore http://freetotravel.org and Electronic Frontier Foundation (EFF) ----- End forwarded message ----- _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 09:20:55 PDT