[Politech] Delta Airlines still doesn't like to talk about CAPPS II [priv]

From: Declan McCullagh (declan@private)
Date: Tue Nov 18 2003 - 06:21:54 PST

  • Next message: Declan McCullagh: "[Politech] Australian tech-journalist caught by U.S. visa trap"

    ---
    
    Date: Mon, 17 Nov 2003 09:22:56 -0800 (PST)
    From: M Grossmann <m_w_grossmann@private>
    Subject: CAPPS II: Delta doesn't like to talk about it
    To: declan@private
    MIME-Version: 1.0
    
    Declan,
    
    In case anyone is wondering, Delta is still playing
    along, and they don't like to talk about it. Here's my
    mail thread with their "customer care" department
    (personal information edited out). I can forward the
    original thread if you want to ensure this is verbatim
    text.
    
    Their mail response time is similar to their on-time
    departures, except that they can't push E-Mail two
    feet back from the gate, wait on the tarmac for 45
    minutes and claim on-time departure.
    
    Flying other airlines is about 40% more expensive,
    considerably less convenient, and doesn't allow me to
    use my various Medallion awards, including business
    check-in, seat upgrades and increased mileage bonuses.
    My privacy and dignity are worth it.
    
    The site www.boycottdelta.com was helpful in preparing
    my letters to them.
    
    Cheers,
    M W Grossmann
    
    #######
    
    Date: Sun, 16 Nov 2003 22:40:52 -0500
    To: "M Grossmann" <m_w_grossmann@private>
    Subject: Re: Re: Re: Other - Current or Future
    (KMM5134796V39305L0KM)
    From: "Customer Care" <Customer-Care@private> | Add
    to Address Book
    
    
    Dear Mr. Grossmann,
    
    This will acknowledge your additional comments
    concerning the Computer
    Assisted Passenger Pre-Screening System II (CAPPS II).
    
    CAPPS II is not a Delta product, but rather a federal
    government
    program administered by the Transportation Security
    Administration
    (TSA) as a result of the heightened threat of
    terrorism to our country.
      Delta was selected by the TSA to participate in
    tests, during the
    pilot phase of the program, and we are sorry you
    disapprove.  Our
    primary concern is to ensure that our customers and
    crew are provided
    with a safe and reliable transportation network.
    
    As previously indicated, you may direct your inquiries
    to the TSA by
    calling their Consumer Response Center at
    1-866-289-9673.
    
    Thank you for the opportunity to offer our final
    comments.
    
    Sincerely,
    
    Cliff Sanders
    Online Customer Support Desk
    http://www.delta.com
    
    
    Original Message Follows:
    ------------------------
    Once again, you have failed to answer the questions I
    raised. You have also continued to send me canned
    responses
    (http://algorhythm.org/archives/2003/03/08/delta_and_capps_ii.html).
    
    CAPPS II is a program PROPOSAL in which only Delta has
    taken part, other airlines seemingly realising both
    the uselessness of it and the extreme violations of
    their customers' privacy, customers they can
    ill-afford to lose. The TSA has not given Delta any
    CAPPS II orders to implement the proposal; they can't.
    The TSA can't order any airline to test or implement
    CAPPS II until 30 days after the comment and
    rulemaking process is completed.
    As an MIT study has shown
    (http://www.swiss.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm),
    
    CAPPS II is not only easily defeated but actually
    makes terrorist activities easier, because once you
    have green-lighted a passenger, he can move with
    relative impunity.
    
     > Delta is not running credit or background checks on
     > customers.
    This is not true, since CAPPS II *requires* background
    checks on all airline passengers when they book a
    ticket, including checking credit reports, banking and
    criminal records. Delta has publicly stated it is
    implementing the full CAPPS-II program in (at least)
    three airports. Nobody has said *how* any of this
    information will be used to spot terrorists, but many
    have explained how intrusive and insecure storing such
    information *FOR UP TO FIFTY YEARS* is. Since ATL and
    JFK are Delta's primary international gateways, it's a
    fair assumption that Delta has implemented CAPPS II in
    at least one of these airports.
    
    I've been the victim of identity theft already, and
    that despite my work in computer security and my
    having safeguarded all personal information, from my
    SSN to my mother's maiden name, which I never give out
    but substitute with a secret word. I'm paid to find
    security holes, among other things, and I've never
    found software I couldn't break, save for the BSD-fork
    UNIX and Linux kernels. The CAPPS II program alone
    threatens to undermine any personal security, simply
    with a consolidated database which has no oversight
    and ha not been opened for public critical review.
    "Security through obscurity" has never been effective
    and never will be.
    
    The first thing one learns in the most basic First Aid
    course is that it is NOT better to do "something"
    rather than nothing. The post-9/11 reactions have not
    made flights the slightest bit safer, but they have
    resulted in angered and alienated passengers,
    resulting in continually decreasing numbers of air
    travelers -- passengers who are tired of being treated
    as criminals.
    
    I have been forced to wait until 1700GMT Monday,
    17NOV03 to book my tickets. I have seen that I would
    save at least $700 by flying with Delta, based on my
    expected schedule, in addition to being able to use my
    upgrades. However, my privacy, my security and my
    dignity are worth considerably more than $700.
    I will only fly with Delta ? in full expectation of
    often surly service and condescending FA blabbering --
    with the following information:
    
    1)	A list specifying exactly what data concerning me
    are stored by Delta;
    2)	A list specifying exactly what data concerning me
    are shared;
    3)	A list specifying with whom any data concerning me
    are shared;
    4)	A list specifying how long any data concerning me
    are stored, both with Delta and any third party;
    5)	An acknowledgement that my credit record will not
    be accessed in any way, not even to see if I indeed
    have one;
    6)	An acknowledgement that my bank records will not be
    accessed in any way, not even to see if I indeed have
    any;
    7)	An agreement to pay US$5,000,000 (five million
    dollars US funds) within three months of discovery
    should I find that Delta did, in fact, access, store
    and/or share information about me it has said through
    its agents that it would not.
    
    While I understand point 7 may seem a bit excessive,
    if Delta is truly not accessing, storing or sharing
    such information, then Delta could promise ten billion
    dollars for this point and it would still be moot.
    
    For the record, Lufthansa, USAir, Northwest and
    British Airways have already provided such
    acknowledgement that they are not taking part in
    CAPPS-II and that they are not attempting to access
    any personal records, contact any third party about
    me, and are not sharing any personal information about
    me with any third party.
    
    Please don't waste my time with another cut-and-paste
    response. Either answer my questions or respond with
    "We have nothing further to say on the matter" and
    consider me a "former passenger". You can also reach
    me by telephone at +xx xxxxxxxxxx.
    
    Sincerely,
    M W Grossmann (DL FF# xxxxxxxxxx)
    
    --- Customer Care <Customer-Care@private> wrote:
     > Dear Mr. Grossmann,
     >
     > Thank you for your e-mail to Delta Air Lines.
     >
     > CAPPS II is a federal program administered by the
     > Transportation
     > Security Administration (TSA) as a result of the
     > heightened threat of
     > terrorism to our country. Delta's role in the CAPPS
     > II program will be
     > limited to providing data to the TSA that Delta
     > already collects from
     > passengers as part of our normal reservations and
     > ticketing process.
     >
     > Delta is not running credit or background checks on
     > customers. The
     > security of Delta's passengers and safeguarding
     > passenger information
     > remains a top priority.
     >
     > You may direct any additional questions to the TSA's
     > Consumer Response
     > Center at 1 (866) 289-9673.
     >
     > Sincerely,
     >
     > Heide Starr
     > Online Customer Support Desk
     > http://www.delta.com
     >
     >
     > Original Message Follows:
     > ------------------------
     > Dear Ms. Happel,
     >
     > You have utterly failed to answer all but the first
     > question I raised. Because the costs of tickets
     > increase daily as the dates of my flights approach,
     > I am in a rush to purchase them.
     >
     > CAPPS II is not a requirement but rather a poorly
     > thought-out program *proposal* hastily
     > thrown-together
     > in a knee-jerk reaction to 9/11. It is beyond
     > intrusive, and Delta's previous statements to the
     > effect of contacting credit bureaus have, to the
     > best of my knowledge, not been rescinded.
     >
     > Contacting credit bureaus provides not one iota of
     > additional "security", and does this at the cost of
     > the passenger's credit record, which is damaged by
     > constant accesses.
     >
     > Because I have flown Delta for so long, and because
     > Delta is the most convenient for my travel, I am
     > willing to wait until the end of business today
     > (Thursday) for a response which clearly answers the
     > rest of my concerns to my satisfaction (see below).
     > At stake are the following tickets, which I will
     > otherwise book with airlines that show a little more
     > respect for my privacy and dignity (dates
     > approximate):
     >
     > 08DEC-11JAN: xxx-xxx
     > 09DEC:       xxx-xxx
     > 10DEC-24DEC: xxx-xxx (or other nearby airports such
     > as xxx, xxx, xxx)
     > 21DEC-24DEC: xxx-xxx
     > 22DEC-23DEC: xxx-xxx (possible)
     > 03 JAN:      xxx-xxx
     > 04JAN-09JAN: xxx-xxx
     >
     > Even with discounts and early purchase, this is
     > easily
     > $2000 in tickets. I look forward to your response so
     > that I can book my travel. I can be contacted by
     > telephone at +xx xxxxxxxxxx (Germany).
     >
     > Sincerely,
     > M W Grossmann
     >
     >
     >
     > --- Customer Care <Customer-Care@private> wrote:
     > > Dear Mr. Grossmann,
     > >
     > > Thank you for your e-mail to Delta Air Lines.
     > >
     > > At check-in all passengers age 18 and over must
     > > present positive
     > > identification.  Accepted ID is:
     > >
     > > 1. One form of unexpired and valid photo ID issued
     > > by a local/state or
     > > federal government agency (ie: drivers
     > > license/passport/military ID)
     > >
     > > -or-
     > >
     > > 2. Two forms of unexpired and valid non-photo ID
     > one
     > > of which must have
     > > been issued by a local/state or federal government
     > > agency (ie: birth
     > > certificate/ voters registration/ medicare card/
     > > social security card)
     > >
     > > Note: passengers without proper ID may be denied
     > > boarding.
     > >
     > > Thank you for your inquiry regarding the Computer
     > > Assisted Passenger
     > > Pre-Screening System II (CAPPS II). Your concerns
     > > about privacy are
     > > certainly understandable.
     > >
     > > As noted by the Transportation Security
     > > Administration in a recent news
     > > release, CAPPS II is an enhanced system to confirm
     > > the identities of
     > > passengers, and to identify foreign terrorists or
     > > persons with
     > > terrorist connections, before they can board a
     > U.S.
     > > aircraft. The
     > > carefully limited system is being developed, in
     > > compliance with the
     > > Aviation and Transportation Security Act, which
     > > Congress passed in
     > > response to the terrorist attacks on September 11,
     > > 2001.
     > >
     > > Delta, as well as every US commercial carrier,
     > will
     > > be limited to
     > > providing data to the TSA that all airlines
     > collect
     > > from passengers as
     > > part of the normal reservations and ticketing
     > > process.  As TSA news
     > > releases indicate, the TSA asked Delta to provide
     > > assistance during the
     > > early development of the system's infrastructure,
     > to
     > > be certain that
     > > the TSA can obtain the necessary passenger
     > > reservations and ticketing
     > > data from airlines.  Delta has no role in
     > directing
     > > or supervising the
     > > CAPPS II program, nor is it conducting any sort of
     > > background checks on
     > > behalf of the TSA.  The security of Delta's
     > > passengers and safeguarding
     > > passenger information, remains a top priority.
     > >
     > > Although we cannot comment further, you may direct
     > > your questions to
     > > the TSA by calling their Consumer Response Center
     > at
     > > 1-866-289-9673.
     > >
     > > We appreciate your interest in Delta Air Lines.
     > >
     > > Sincerely,
     > >
     > > Patricia Happel
     > > Online Customer Support Desk
     > > http://www.delta.com
     > >
     > >
     > > Original Message Follows:
     > > ------------------------
     > >
     > > Name           : Mr M W Grossmann
     > > Email Address  : m_w_grossmann@private
     > > SkyMiles Number: 2042643623
     > >
     > > Comments:
     > > I am booking tickets today for flights in December
     > > and January. Before I
     > > book a ticket with Delta, I need the following
     > > information:
     > >
     > > * type(s) of identification required at
     > > check-in/boarding
     > > * personal information kept on file besides name,
     > > address and flight
     > > history
     > > * companies and agencies with which you share my
     > > personal information
     > > * whether Delta contacts credit agencies in any
     > way
     > > concerning PAX (the
     > > dumbest idea ever, and one guaranteed to alienate
     > > your frequent fliers
     > > whose credit records you will destroy due to
     > > repeated access)
     > > what other "security measuers and policies" Delta
     > > has in effect which
     > > may affect my privacy
     > >
     > >
     > > Your immediate response is necessary; I need to
    book
     > > my flights. Despite
     > > the often surly flight attendants who are of the
     > > opinion that having a
     > > PA system demands the constant use of it in an
     > > incredibly condescending
     > > manner, Delta's schedules best fit mine.
     > >
     > > Sincerely,
     > > M W Grossmann
     > >
     > > Would you like a reply to your e-mail? : yes
    
    _______________________________________________
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)
    



    This archive was generated by hypermail 2b30 : Tue Nov 18 2003 - 07:01:02 PST