JetBlue Airways apologized yesterday for giving records on more than 1 million passengers to a Defense Department contractor to test a security system.
David Neeleman, chief executive of the New York-based carrier, said in an e-mail to customers that JetBlue made a mistake a year ago when it agreed to a Defense Department request to provide the data to Torch Concepts Inc. of Huntsville, Ala., for a project said to involve military base security.
_____Related Coverage_____
•
Fliers to Be Rated for Risk Level (The Washington Post, Sep 9, 2003)
•
Surveillance Proposal Expanded (The Washington Post, Jul 31, 2003)
•
TSA Modifies Screening Plan (The Washington Post, Jun 14, 2003)
•
Aviation ID System Stirs Doubts (The Washington Post, Mar 14, 2003)
•
Air Security Network Advances (The Washington Post, Mar 1, 2003)
|
| |
|
Wired magazine printed online articles Thursday and yesterday about the project, giving credit to privacy advocate Bill Scannell for alerting it to the matter. The Torch study was presented to a conference in February and was included on a Web site. One customer's personal information was included on the Web site, though not by name.
The airline said the study had nothing to do with the government's planned CAPPS II passenger profiling system, which uses a massive secret database of information to assess individuals' security-threat levels.
However, the flap over JetBlue's action illustrated the nervousness of passengers and federal officials as the launch of the Computer Assisted Passenger Pre-screening System II approaches. The government has already agreed not to include financial data and similar personal data in the CAPPS II profile, but privacy advocates say they are not convinced that the new system will not infringe on personal privacy.
JetBlue gave Torch itinerary information on 1.5 million passengers along with their names, addresses and phone numbers in September 2002. Torch then used another service, Acxiom Corp., to add Social Security numbers, economic status, occupation and other information.
Torch used the information to test the viability of airline passenger profiling. It was unclear how this related to military base security.
JetBlue said that the only set of data given to Torch has been destroyed and that the information was not given to any other government agency. The Transportation Security Administration (TSA) also said it had not received the information.
Gareth Edmundson-Jones, a JetBlue spokesman, said that no sensitive personal information such as Social Security numbers was released and that "customers are more concerned than they need to be."
He acknowledged that JetBlue violated its own privacy policy by releasing the information, although "at the time it made sense" in the patriotic fervor that developed after the Sept. 11, 2001, terrorist attacks. He said it will not happen again.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said he considers JetBlue's release of information a serious matter that probably will be brought up in the debate over the privacy aspects of passenger profiling.
"Someone someplace is not listening too well to what's going on in Washington," he said. "People care about privacy."
Shortly after the first Wired article, Neeleman sent an e-mail to those who raised questions, saying that no customer information had been shared with the government to test CAPPS II. The e-mail said JetBlue respects the work of the TSA, and "we're proud to have a close working relationship with them." That e-mail did not deal with the Torch study.
However, yesterday's e-mail was far more detailed and apologetic.
"We provided limited historical customer data including names, addresses and phone numbers. It DID NOT include personal financial information, credit card information, or social security numbers," Neeleman wrote.
"Torch further developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium. We regret that this presentation included the personal information of one customer. . . . Again, we had no knowledge of this presentation until two days ago and we were deeply dismayed to learn of it."
JetBlue said it "continuing to make every effort" to have the customer's personal information removed from the Internet.
"This was a mistake on our part and I know you and many of our customers feel betrayed by it. We deeply regret that this happened and have taken steps to fix the situation and make sure that it never happens again," Neeleman wrote.
