Slashdot Mirror
JetBlue Gives Away Passenger Info To TSA?
Old Ben Franklin writes "In September of 2002, JetBlue Airways secretly gave the Transportation Security Administration the full travel records of 5 million JetBlue customers. This sensitive travel data was then turned-over to a private security contractor for analysis, the results of which were presented at a security conference earlier this year and the analysis then posted on the Internet." This comes after Wired News's recent article on this matter, explaining that "...the proposed government system to prevent terrorism by color-coding airline passengers according to their risk level will be tested using old passenger itineraries from JetBlue", but quoting a TSA spokesman as saying that "currently only fake passenger data was being used."
the proposed government system to prevent terrorism by color-coding airline passengers according to their risk level will be tested using old passenger itineraries from JetBlue
So is blue good or bad?
I flew them earlier this year. After already being on the plane 15 minutes at the gate a guy comes on board, calls my name, and escorts me off. Apparently they had marked me for the double-secret security scanning and failed to do it at the security checkpoint. No problems, really, and I was back on the plane about 10 minutes later in plenty of time for departure. Of course, my carry on bag was left in the overhead compartment the whole time I was off the plane.
It was the security folks who failed to do the extra scanning at the checkpoint, but it was Jet Blue's guy who got me off the plane. He didn't know and didn't care that I might have already snuck something onto the plane. If Jet Blue wants to help fight terror in the skies they'd better re-think their priorities. Paying lip-service to security is a long tradition in commercial aviation. Just think about this: if there was no law passed mandating crash-proof cockpit doors, most airlines wouldn't have put them in.
Typical - the first step probably seemed perfectly reasonable to JetBlue - I mean what could be safer than a Security Administration huh?
But then the records get given to a private firm and like Chinese Whispers, the privacy implications are completely forgotten.
I notice the exact same effect at work. I explain the ethical implications of not spamming to my boss. He then exlpains to clients that it's fine for them to send information to existing client lists. They then come and ask us to send mail to a list they have bought in from a 3rd party supplier!
I guess that problems like this are going to crop up more and more as we give up more and more of our personal data to large companies.
A little planning goes a long way...
I don't know about this -- this seems a little specious to me.
I'm not saying that I don't beleive that it's impossible that JetBlue gave/sold their passenger list, but the article doesn't give any corroborating evidence other than the old "they deny it, it must be true." The file they linked to as a copy of data put up on the web also seems to be empty, so I couldn't look at what this data was. Regardless, how did they figure out that this was JetBlue's data? I'm also wondering if JetBlue even has had 5 million customers -- perhaps they meant 5 million transaction records?
I'm all for privacy, free speech, blah blah blah, but this seems pretty alarmist and reeks of, what's the term... conspiracy theory. This just doesn't add up.
Just my two cents, go ahead and flame me.
As one of JetBlue's first passengers, when the seats were still new and the TV's weren't working yet, I'm upset by this. I flew them in the first weeks they were flying, and then frequently afterwards, because the planes were nice, the service was good, and the rates were cheap. Now I'm even more screwed than normal, I'm deep in the belly of the CAPPS II system. Bastards.
It was very nice of them to include the SS#, address, and date of birth. I recognize some of the addresses on pg 20 of the PDF, it would be almost trivial to find out the names to go with those, and use them in identity theft.
I wouldn't do it, but I might anonymously mail a printout of the pdf to them.
Serious? Seriousness is well above my pay grade.
"The United States has long pressured European airlines to submit passenger information in order to prevent the arrival of terrorists in the country."
"This information will include names, travel routes, credit card numbers, and possible special meals."
full article
if you color code the passanger's in the traffic light way (green for "too stupid to be a terrorist"; yellow for "suspect" and red for "oh my god, he has a beard and even more, he wears a turban") and there is a suspected terrorist threat in a location of the u.s. will you deny the "red" passengers transportation? And how do you classyfy the color system? Would be interessting what happens when sombody say's there will be an attack on the white house and 5 planes with "red" passengers are on it's way to Washington DC. will they be rerouted to a save location (Nevada for instance, or maybe even Guantanamo)
".Sig Stealer" was here
If the idea is to test whether CAPPS II can accurately determine the risk level of a potential flyer, I don't see how they can accomplish this with data from old passengers. Don't they also need data on how much each of those passengers ended up BEING a RISK?
I don't know how you'd even begin to come up with such data. But if you can't figure out how much of a risk each passenger actually was, how can you see whether this correlates with the risk score CAPPS spits out? As far as I can see, this massive breach of passenger confidentiality will do nothing to test the efficacy of CAPPS.
(As far as I know, no terrorist acts have been committed on JetBlue, so all passengers who have flown on JetBlue should have been given the "Green" CAPPS rating. Hence once they feed this passenger data through CAPPS, it better spit out low risk for everybody. Otherwise, this profiling obviously isn't working.)
All schemes like this increase the chance that evil people will target low risk travelers for identity theft.
Scenario: terrorists identify suitable target in fairly remote location. Break in, force target to purchase tickets over the internet, disclose PIN numbers to credit cards etc., kill target and catch plane. It takes a bit more organisation and time, but these people seem to have plenty of that. You can't even rely on those sneaky people to be darker shades of brown: the white English-speaking world has shown an ability to produce home-grown bombers, in the US, Northern Ireland and the UK.
If this is going to be a substitute for airport security (and I suspect it will be) all I can say is, fortunately I rarely need to travel by plane nowadays.
Panurge has posted for the last time. Thanks for the positive moderations.
Can anyone tell me why they let known Airline Terrorists fly at all??
There is some interesting data-mining being done in the document. Correlating several databases together gives you a good profile of the people on the plane, but it doesn't give you an idea if someone is a terrorist. Like the presentation sais, Find a needle in a haystack, without knowing what the needle looks like If you don't know what it looks like you won't find it. What you do find is anamolous behaviour that points to interesting people to check.
Finding these people largely depends on how much they differ from the ordinary profile. Ordinary here is middle income suburbanite. So low income ghetto dwellers get singled out time and time again. Yes they might be out of the ordinary, but it doesn't mean that they will blow up the plane.
Use Adsense for Charity
Same thing happened to me at JFK. Ever since taking a one-way flight to Florida for a prolonged business trip, every flight I've been on I've been labeled "SSSS." I think it stands for Super Secret Squirrel Security.. I'm not sure. Anyway I get to cut the long lines at regular security so I don't care if they think I'm a terrorist.
The usual procedure is to stamp the ticket and punch a hole into the ticket to prove that the SSSS security check was made. After my very thorough SSSS check which involved unzipping my carry on and looking under one shirt, I got my ticket stamped but no hole. I'm about to board the plane when they say I can't get on because I only have the stamp.. not the hole.
Mind you, the hole IS A REGULAR CIRCULAR PUNCH HOLE CREATED BY A 1.99 STAPLES HOLE PUNCHER.
Of course I had to walk 900 feet back to the checkpoint, as this magical punchhole proved I was clean and not a terrorist. Kinda scary, no?
Also upon flying out of Burbank airport, flagged my usual terroristic SSSS, I asked which line is for SSSS security. To which the "guard" replied "Oh we don't do that here, just go through regular."
Now of course I know that I am no terrorist, but what about others who may be? When I told a close friend who is a pilot for United about that, he freaked out and said theyd be in huge trouble if the FAA ever found out.
Needless to say the whole airport security thing is a facade of false security, regulated by mystic punch holes, dimwitted workers, and innane flagged policies - He took a one-way flight!!! He's a terrorist lets do extra security on him for the next 30 flights!!" When of course anyone looking to cause trouble would just book round trip..
How To Fly Without ID. I wonder if this will still work... and if so for how much longer.
Ah, but you see someone getting searched. That's the point really. It looks like they're doing something. The Boy Scouts even think it's kinda cool and don't sue or nothin'.
It's kinda like the "Blue Line," where the cops don't go into the bad neighborhoods because that's where all the crime and dangerous people are, but they make sure they're well seen cruising the ritzy neighborhoods so the residents there feel "safe."
Granny gets a little annoyed when they take away her crochet hooks and so she starts sneaking plastic ones in inside her Suphose, but hey, that just proves she really is terrorist scum, doesn't it?
In the meantime most real terrorists could work around the system if they really wanted to. They always have. They always will. That's the one grim reality no one really wants to look in the eye.
And what do you do about the terrorist on a bicycle? Even the Israelis haven't been able to crack that conundrum with half a century of trying.
You could try to put a cop in everyone's pocket, but the recursive nature of that is somewhat daunting. Not to mention the fact that it wouldn't even work.
The world isn't a safe place.
Bummer, huh?
KFG
This is the icing on the cake, it's kinda late so I guess that's my excuse for forgetting to type it..
While leaving Burbank my "friend" had purchased a kitchen utensil set. Upon packing the luggage my "friend" looked at the 8 inch chef knife and said.. "Damn I'm gonna have to ship this back or give it away cause there's no shot in hell this is getting let on the plane in my carry-on." His brother says Ah give it a shot, if its a no-go let security confiscate it.
Needless to say, my "friend's" bag went through the X-Ray machine, and the attendant didn't even give it a glance. Remember he is flagged for extra security.. regardless of the 8 inch knife on the X-Ray, the bag has to be checked by FAA policy!!! His bag was never opened and he boarded the plane and landed with the obvious contraband aboard. But I dare the 90 year old woman to try to board with a nail clipper.
So not only was he flagged as a security risk, but he sucessfully boarded the plane with an 8 inch chef knife without anyone giving him a second glance! Of course he had no mal-intents but the whole incident shocked my pilot friend and he was furious as it showed how really terrible airport security is, and how easy a terrorist can smuggle stuff in if a regular passenger (who was flagged a terrorist!!) can get by without trying to circumvent any security.
My eyes never roll back as far as they do when I hear about somebody complaining about "racial profiling". Apparently, these people forgot that all 19 of the 9/11 hijackers were young, middle-eastern men, so that's who they should be looking at the closest (aaaand duh).
First of all, the Oklahoma City bombers were all white Americans. The Unabomber was a white American. Clearly, not all terrorists are "young, middle-eastern men". The sooner you get out of that mindset the better.
Using September 11th as an excuse to treat people with darker skin or of middle-eastern origin differently to everyone else is the slippery slope. What next, make them travel on seperate planes? (And, lest we forget, there was plenty of "get that Arab off the plane before you get us off the ground" hysteria amongst a lot of American passengers in the immediate aftermath of 9/11.)
Seperate planes first, seperate neighbourhoods next. Why not just round them all up and put them all in a ghetto now?
What you fail to realise, living with your head in the sand, is that by treating people differently just because of what they look like, where they come from or what faith they follow you rather are doing exactly what Osama bin Laden and other religous fundamentalists (Islamic and Christian) want you to do.
Al Qaeda's main objective on 9/11 wasn't to kill a few thousand people or to blow up some buildings, it's main objective was to promote conflict between Islamic cutures and western ones. The sooner you absorb that information the better.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
You are ignorant. I'm not being rude, I'm being honest. Profiling is less secure then random sampling. It's mathematical FACT.
The reason it is less secure is because it's hackable. By that I mean, if you can reverse engineer the algorithm they use to determine who is to be searched, you can break it. All you would have to do is go a few hours early for your next flight with a pen a paper and sit in front of the gate. As you sit there you tally who gets searched (what do they look like, what are they wearing, etc.) and who doesn't. Do that for a month and you now have all the data you need to find the "perfect" terrorist.
For example, if you see that white teenage girls almost never get searched, then your next recruit will be a naive white girl you meet at a sorority mixer. She'll bring in the weapons for you and boom, you have your next terrorist attack, and it's much less probable that you'll get caught.
A random sample, even despite the 12 year olds and grandmothers, is inherantly more secure becuase you can't find a way to guarantee that you won't be searched with the right racial candidate. It is impossible to reverse engineer.
You have the actual label on your boarding pass effectively saying that you are suspect? Ubelievably cynical! Even in late Soviet Uinon, where I happened to live good part of my life, authorities avoided to humiliate the citizens so openly. (And mind you, USSR wasn't exactly the place where personal freedoms were flourhising).
I sympathise you, and wish you best of luck. Hopefully your country will recover the freedoms and sanity that its dwellers were so proud of.
Lisp is the Tengwar of programming languages.
If you thought misleading or incorrect credit information was hard to change, just wait until the credit people and insurance people get ahold of our "security color coding information" and start using it to alter^H^H^H^H^Hjack up our rates.
There's already been a flap in Minnesota about insurance companies using credit scores to influence auto insurance; they claim a correlation, which is probably there, but someone wisely called "bullshit" and took them to task for using criteria other than someone's actual driving record.
Further ironies abound, since those of us who don't carry a lot of debt and pay of our credit early get reduced credit scores -- and I thought responsibility was rewarded! (Yes, I'm aware that those of us that pay off early fubar the economic plans and machinations of the credit industry, since they plan to make all that interest income off of me).
But just wait until you apply for a loan and find out your interest rate is sky high or your insurance has gone through the roof because you're mistakenly labeled a "security threat". I've already read plenty of horror stories about people that couldn't fly and who spent months fighting the national insecurity apparatus trying to understand why they were considered risks and getting it changed.
I used to think that the foil hat crowd was a little off the deep end with most of their complaints about the collection of information, but now I'm starting to agree -- its gone too far, there are no controls, and its clear that Bu$h and A$hcroft have no compunction about giving this information away to their corporate allies.
OK, I wrote a letter to David Neeleman and recieved this in response. I thought it was a nice gesture, and personally I like JetBlue. Every airline has its weakness' - most don't make a big fuck up like this though.
CUT CUT CUT
Thank you for writing to me so that I have an opportunity to apologize
to you personally and set the record straight.
Most importantly, JetBlue has never supplied, nor will supply, customer
information to the Transportation Security Administration, or any
government agency, unless we are required to do so by law -- not for
CAPPS II or for any other purposes, whatsoever.
However, I regret that, more than a year ago, we responded to an
exceptional request from the Department of Defense to assist their
contractor, Torch Concepts, with a project regarding military base
security. This project had no connection with aviation security or the
CAPPS II program and no data files were ever shared with the Department
of Defense or any other government agency or contractor.
We provided limited historical customer data including names, addresses
and phone numbers. It DID NOT include personal financial information,
credit card information, or social security numbers.
Torch further developed this information into a presentation, without
JetBlue's knowledge, for a Department of Homeland Security symposium.
We regret that this presentation included the personal information of
one customer -- although the customer's name was not used. Again, we
had no knowledge of this presentation until two days ago and we were
deeply dismayed to learn of it.
The sole set of data in Torch's possession has been destroyed; no
government agency ever had access to it. With Torch's help, we are
continuing to make every effort to have the Torch presentation with the
one customer's information removed from the internet.
This was a mistake on our part and I know you and many of our customers
feel betrayed by it. We deeply regret that this happened and have taken
steps to fix the situation and make sure that it never happens again.
I am saddened that we have shaken your faith in JetBlue but I assure you
personally that we are committed to making this right.
Sincerely,
David Neeleman
Chief Executive Officer