Slashdot Mirror

← Back to Stories (view on slashdot.org)

Airlines Gave More Data Than Previously Disclosed

Posted by timothy on from the thanks-fellas-love-the-security-facade dept.

scottfk writes "Wired news has an article exposing the fact that still more customer data recorded by airlines were turned over to the TSA for their CAPPS II testing. From the article, 'Delta, Continental, America West, JetBlue and Frontier Airlines secretly turned over sensitive passenger data to Transportation Security Administration contractors in the spring and summer of 2002, according to the sworn statement of acting TSA chief David Stone. In addion, two of the four largest airline reservation centers, Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.'"

17 of 365 comments (clear)

  1. Privacy Act Violation by insomnyuk · · Score: 4, Informative

    If they mis-handled Social Security numbers alone (simply by sending them to the TSA without the approval of the people who possess those SSNs) then this is a very clear violation of the Privacy Act. Hello lawsuit?

  2. Bah... by Ag3nt · · Score: 2, Informative

    Mz6 makes a very good and valid point. I can't say I blame the airlines though. Bad times plus the chance for a law suit sure would make me put all my cards on the table. I am amazed however by how many people think that they have a right to privacy. Unfortunately, no where is it written in the Constitution or any other civil documents that individuals are entitled to privacy.

  3. And if they ask.... by Creepy+Crawler · · Score: 3, Informative

    YOu cant refuse to give them your name anyways.

    They still'll get all your data.

    --
  4. Re:This info is important! by ITman75 · · Score: 2, Informative

    Yes i can understand confiscating those things, but taking home phone number...Ok, I'll give you that, make sure that its a true home number and citizen.

    However, Credit card info and other types of private info, like SS# I would not want that stuff given out.

  5. Can you say lawsuit? by g0bshiTe · · Score: 5, Informative
    Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.'"
    Is a direct violation of the Grahm Leech Bliley Act which states that any private information may not be released to third parties without the persons prior notice. The only time it may be given out is if there is an investigation into that individual. Seeing as how several airlaines gave it to the TSA I wonder who authorized that information to be released? Had I flown with them then and found this out, the requesting agency had better have the proper authorization, or I would damn sure file a class action lawsuit against the TSA and the airline.
    --
    I am Bennett Haselton! I am Bennett Haselton!
  6. A little more information by Anonymous Coward · · Score: 5, Informative

    I'm posting this AC because it touches on my job and I try to keep that separate.

    Sabre and Galileo are Global Distribution Systems, or just GDSs to people in the travel industry. Several are or were started by groups of major airlines. Worldspan is another; I forget the names of the rest. There are about five of them in total, and they formerly were a very heavily federally regulated industry, the idea being that if they were allowed to, for example, choose their own prices they could offer different prices to different airlines (or different travel agents) and exert an unfair hold on the market. They've been deregulated by Congress within the last year, but it's too soon to say what effect that will have.

    The relevant part is this: If you purchase a plane ticket, regardless of how or where you buy it, your availability and booking are handled by one of the GDSes. Access methods vary by GDS, but the reality of it is, much of your information is available to not just the government, but really anyone with the proper knowledge of how to get at it. I can't imagine too many hackers being very interested in getting your mom's flight information or personal info from Sabre, but if they did it wouldn't be especially hard.

    There aren't a lot of choices to insure your privacy here. Most of us can't realistically choose not to fly.

  7. Re:Unnecessary by stanmann · · Score: 5, Informative

    Constitution Ammendments 1,2,4,5,6,9,10 Provide Constitutional privacy protections...

    please note, that NO-where did I use the phrase right to privacy, I said constitutional privacy protections.

    --
    Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
  8. Re:Unnecessary by stanmann · · Score: 2, Informative

    I noted on further examination that 14,15 and 21 also touch on privacy. I'm sure that an exhaustive reading would reveal more data points... Privacy is the only "right" provided by the constitution that is defined rather than enumerated.

    And by that I mean of course that the constitution doesn't say " you have the right to privacy" it instead says you have the right to x,y,z,a,d,g,h,n,m and r which add up to privacy.

    --
    Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
  9. Re:Remember Northwest? by kfg · · Score: 2, Informative

    Ironically enough I was just writing about the meaning of irony over in the "Microsoft owns your galvanic skin response" thread.

    What's wrong with that sentence? There is no irony. "Oddly" enough, or "Funnily" enough would have been correct, or "Coincidentally."

    OP was implying the possibility of causality between the court ruling and the announcement. If I drop a ball and it falls, that is not irony. His use of the word "Oddly" was ironic, he meant to imply it wasn't odd at all, but you cannot substitute the word "ironic" for a word spoken ironically.

    It's "Yeah, right," not "Ironic, ironic."

    An ironic event is one where something desirable happens, but in such a manner that something undesirable is the result. This announcement takes something undesirable and adds something undesirable to it.

    The Sorcerer's Apprentice and The Porridge Pot are children's cautionary tales that are based on ironic situations. Be careful what you wish for, you might get it. Getting it turns out to suck, but that isn't what makes it irony. What makes it irony is that you wished for it.

    An example of irony would be someone who had successfully promoted an airline privacy law who subsequently died on a flight because medical information about him that could have saved his life couldn't be released to the person capable of saving it.

    Dying just because you happened to get on the flight that crashed that day isn't ironic, it just sucks.

    Now I've got "that song" running through my head. Arrrrrrrrrrgh! Somebody shoot me.

    KFG

  10. Re:Travelers? by the_mad_poster · · Score: 3, Informative

    Here's a complete sentence you lumbering, trogolodytic, slope-skulled, grunting moron:

    Not a single one of them would have been saved by the PATRIOT act even if it was 500 times more draconian than it is, because the CIA already had the legal power to neutralize the guilty parties in those cases before PATRIOT passed.

    So, your theory here, I suppose, is that people who don't get caught because nobody can locate them when the authorities already have the legal power to arrest or kill them, would magically appear in broad daylight on the town square if we passed enough unnecessarily Draconian laws giving them... more legal powers that they didn't need to make an arrest or launch a raid? Good theory. Might I just say that I'm glad you're not the one in charge of guarding us?

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  11. Re:I smell a lawsuit... really! by zoombat · · Score: 3, Informative
    According to HIPAA, this is a big, costly, no-no

    HIPAA only applies to Covered Entities:

    1. Health plans
    2. Health care providers
    3. Health care clearinghouses
    Thus these companies are not Covered Entities and are not bound by HIPAA law, unless they have a Business Associate Agreement with a Covered Entity to preform some function for them, but that is very unlikely.
  12. Re:So? by deity · · Score: 4, Informative

    I personally don't mind my government (US) tracing my whereabouts and my purchases because I don't feel they can use that information against me. Mainly because I do nothing that they would conceive as harmful to them.


    I take it that you don't sit too far from the center of the political spectrum. You're probably not a third party supporter (Communist, Green, Libertarian, etc.). You're probably not Muslim. You're probably not gay or lesbian. By your statements, you don't strike me as an activist for social justice or civil liberties. It might surprise you to learn that our country has quite a lot of folks who, for some reason or other, are currently or will eventually be persecuted for being different, holding different political or religious beliefs, or pissing off the wrong elected official. Think about the journalists--what happens when their every move is known in advance? This is a power that the government should not have, not without warrants and the traditional Constitutional protections given to our people by the Bill of Rights.

    Head over to Wikipedia and read the article on CAPPS (disclosure: I wrote it a few months ago) and CAPPS II. There are so many problems with this system, besides the big one--it won't work.

    In my opinion, the most disheartening aspect of this debacle is that a syndicate of large corporations lied to the public, lied to their customers, and undermined the Constitution. But there will be no reckoning. This is a burning example of our corporate "citizens" escaping responsibility.
  13. Re:Travelers? by red+floyd · · Score: 3, Informative

    Ayn Rand, "Atlas Shrugged".

    --
    The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
  14. Re:Travelers? by GileadGreene · · Score: 2, Informative
    You can't control innocent people... but you can control criminals. What do you do with a large group of innocents that you want to control? You make them criminals. You pass so many ridiculous and confusing laws that it's impossible for one to lead any kind of reasonable life on the good side of the law.

    I'm not sure if she originated it or not, but a speech roughly similar to the above appeared in Ayn Rand's "Atlas Shrugged".

  15. Mistakes are never made, Mr. Tuttle/Buttle... by geekotourist · · Score: 4, Informative
    When the former privacy czar of Canada wrote his Warnings on why privacy protection is important post 9/11, he intended it to be a warning to Canadians not to lose rights Americans have already lost. I'm sure he didn't intend it to be an anti-guidebook for Ashcroft et ilk. The essay answers your question:

    "A popular response is: "If you have nothing to hide, you have nothing to fear... the truth is that we all do have something to hide, not because it's criminal or even shameful, but simply because it's private. We carefully calibrate what we reveal about ourselves to others... The right not to be known against our will - indeed, the right to be anonymous except when we choose to identify ourselves - is at the very core of human dignity, autonomy and freedom.

    If we allow the state to sweep away the normal walls of privacy that protect the details of our lives, we will consign ourselves psychologically to living in a fishbowl. Even if we suffered no other specific harm as a result, that alone would profoundly change how we feel. Anyone who has lived in a totalitarian society can attest that what often felt most oppressive was precisely the lack of privacy.

    But there also will be tangible, specific harm.

    • The more information government compiles about us, the more of it will be wrong. That's simply a fact of life...
    • wrong information and misinterpretations will have potential consequences. If information that is actually about someone else is wrongly applied to us, if wrong facts make it appear that we've done things we haven't, if perfectly innocent behavior is misinterpreted as suspicious because authorities don't know our reasons or our circumstances, we will be at risk of finding ourselves in trouble in a society where everyone is regarded as a suspect...
    • Decisions detrimental to us may be made on the basis of wrong facts, incomplete or out-of-context information or incorrect assumptions, without our ever having the chance to find out about it, let alone to set the record straight...
    • That possibility alone will, over time, make us increasingly think twice about what we do, where we go, with whom we associate, because we will learn to be concerned about how it might look to the ubiquitous watchers of the state.
    • The bottom line is this: If we have to live our lives weighing every action, every communication, every human contact, wondering what agents of the state might find out about it, analyze it, judge it, possibly misconstrue it, and somehow use it to our detriment, we are not truly free. That sort of life is characteristic of totalitarian countries, not a free and open society like Canada.

    Here's where Ashcroft is using the essay as a guidebook:

    "Last summer, the CCRA informed me that, contrary to its past undertaking, it has decided to keep all API/PNR information about Canadian travellers for six years in a massive new database.

    All this personal information - more than 30 data elements including every destination to which we travel, who we travel with, how we pay for the tickets (sometimes including credit card numbers), what contact numbers we provide, even any dietary preferences or health-related requirements we communicate to the airline - will be available for an almost limitless range of governmental purposes...

    "This is unprecedented. The Government of Canada has absolutely no business creating a massive database of personal information about all law-abiding Canadians that is collected without our consent from third parties, not to provide us with any service but simply to have it available to use against us if it ever becomes expedient to do so. Compiling dossiers on the private activities of all law-abiding citizens is the sort of thing the Stasi secret police used to do in the former East Germany. It has no place in a free and democratic society...

    It is difficult to imagine a m

  16. As a former Sabre employee... by luke923 · · Score: 4, Informative

    ...I have to say that this is scary, considering that both Sabre and Galileo aren't limited to airlines for their clientele. In other words, if you booked a hotel, rented a car, bought a train ticket, or anything other transaction that can be made on Travelocity (a Sabre Company), then your info could possibly be in the hands of the TSA or other third parties. Also, I remember when I first started working there, I had to fill out a bunch of paperwork stating that I would not give out sensitive information to third parties. This is crucial considering most of the paperwork was for EU compliance. I'm not surprised that the EU is not in an uproar.

    Where's the French when you need them?

    --
    "Good, Fast, Cheap: Pick any two" -- RFC 1925
  17. Re:Unnecessary by gilroy · · Score: 2, Informative

    Interesting factoid: The Third Amendment is the only one with essentially no case law. It hasn't been the basis of any Supreme Court decisions, I believe...

    --
    The Mongrel Dogs Who Teach