Slashdot Mirror
Airlines Gave More Data Than Previously Disclosed
scottfk writes "Wired news has an article exposing the fact that still more customer data recorded by airlines were turned over to the TSA for their CAPPS II testing. From the article, 'Delta, Continental, America West, JetBlue and Frontier Airlines secretly turned over sensitive passenger data to Transportation Security Administration contractors in the spring and summer of 2002, according to the sworn statement of acting TSA chief David Stone. In addion, two of the four largest airline reservation centers, Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.'"
Well, perhaps it's not funny... But pretty damn scary.
Hmmm.
Is this even legal to distribute credit card numbers like that?
I hear that there's this websize h@x0rz.hk that'll happily buy such lists of information. Does this precident mean it's Ok to share with them?
The problem is there's a need to balance privacy rights with a hightened level of security.
Disclosing that much information is , in my opinion, excessive and crosses the line.
Of course, privacy seems all but dead these days, so maybe I'm just being too optomistic even about what could be. All I know is I don't think anyone needs my credit card info to figure out if I'm a security threat or not, not really.
"I hate quotations." - Ralph Waldo Emerson
Drill baby drill - on Mars
Requested center seat. Indications of possible insanity.
This is why I use the bus. Nobody wants any personal information on anyone they've met on a bus.
without disclosing the transfers to travelers or asking their permission
Don't you mean terrorists? You can't tell citiz..-err, terrorists, that you're going to investigate them.
Welcome to the United States, where any random citizen is an enemy of the state.
-Ryan, with the unoriginal sig
Nobody's going to get fired over this, nobody's going to go to jail over this, nobody's going to even care about this.
If you do, you're un-American. Welcome to McCarthyism, population: you.
If they mis-handled Social Security numbers alone (simply by sending them to the TSA without the approval of the people who possess those SSNs) then this is a very clear violation of the Privacy Act. Hello lawsuit?
I understand the worry and concern about mis-use of this data, BUT as I recall, and you might also, in the short months directly following the 4 attempted attacks using airliners the airlines and associates were running scared and were providing the FBI and later HSA any and all information they had, requested or not.
So any surprise or concern over this data seems misplaced. Patterns were being examined and evidence compiled. Yes, extreme measures were taken and should be acknowledged and where appropriate apologized for, but these events should surprise noone and these revelations simply confirm what we already know.
Some people(and corporations) do foolish things when faced with a catastrophe.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
You must be crazy to think that not using the inofrmation doesn't "make us secure". Do you even know how much crap is confiscated from passengers during searches? My friend works for the TSA and they've confiscated, among other things, switch blades/knives, drugs (LOTS of it, and not just pot either), guns, etc... And almost all of the time these items are taken from white/american citizens.
Now imagine what would happen if that gun wasn't confiscated, got on the plane, and some nutcase decided to start firing at people for whatever reason.
Being "secure" means being certain that there are no holes in the screening process, even if it inconveniences you.
CMDRTACO CHECK YOUR EMAIL!
YOu cant refuse to give them your name anyways.
They still'll get all your data.
So? Forget the fact that all of this information is available on the Internet, the FBI can pull this information very quickly anyway. I support this because it just eliminates the wasted time for the FBI to do so. Passenger tracking by governments is going to be a way of life permanently thanks to a few morons. Just prey it doesn't extend fully into automobile driving, trains, or buses. The fundamental issue here is citizens willingness to have their personal information and whereabouts freely available by the government they are currently involved with, be that their home country or the country they reside in. But I think that is just a phantom of the real issue which is people's fears that by governments simply having that information it can be stolen or sold to somebody to use it against the individual. This is a valid concern in most countries right now. As governments advance and globalize, this kind of information sharing should become more secure and less invasive. Meaning full detailed information will not need to be kept on anyone because if you are in a modern country the needed information will be generated when you need it and not sitting on a server to be misused. I personally don't mind my government (US) tracing my whereabouts and my purchases because I don't feel they can use that information against me. Mainly because I do nothing that they would conceive as harmful to them. Some people want to keep everything private because they fear misuse, but I truly believe most people that want to keep everything out of government hands is because they have something to hide. Perhaps I am wrong in calling them the majority, but I don't understand when someone is worried about your government knowing where you are or how to find you.
I stole this sig.
I am Bennett Haselton! I am Bennett Haselton!
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Your credit card and medical information can easily be argued to be your "papers and effects." Privacy is one of the few rights that is specifically defined by the Constitution.
The airlines gave that much no doubt because they were asked to. And the reason why they were asked to is because it takes a lot of data points on an individual to fully cross-link and cross-reference all the scattered databases that are used to define who someone is and what they are doing recently.
Yeah it is excessive. I don't like it at all. It is spooky. But it happens all the time though generally on a smaller scale.
This is just one time when it was on a huge scale, and so we found out.
Before very long there will be a lot of strangers in the world (I mean all over the world, including offshore outsourced data mining facilities) that know more about the Total You than anyone you actually know personally, outside yourself. That's one of the reasons why privacy laws are such a total flipping joke in the absence of data secrecy.
It's probably better just to stay out of the databases if you don't want your whole life being dredged up in the next terrorist-inspired data dragnet.
=^..^= all your rodent are belong to us
I'm posting this AC because it touches on my job and I try to keep that separate.
Sabre and Galileo are Global Distribution Systems, or just GDSs to people in the travel industry. Several are or were started by groups of major airlines. Worldspan is another; I forget the names of the rest. There are about five of them in total, and they formerly were a very heavily federally regulated industry, the idea being that if they were allowed to, for example, choose their own prices they could offer different prices to different airlines (or different travel agents) and exert an unfair hold on the market. They've been deregulated by Congress within the last year, but it's too soon to say what effect that will have.
The relevant part is this: If you purchase a plane ticket, regardless of how or where you buy it, your availability and booking are handled by one of the GDSes. Access methods vary by GDS, but the reality of it is, much of your information is available to not just the government, but really anyone with the proper knowledge of how to get at it. I can't imagine too many hackers being very interested in getting your mom's flight information or personal info from Sabre, but if they did it wouldn't be especially hard.
There aren't a lot of choices to insure your privacy here. Most of us can't realistically choose not to fly.
Pop Quiz! Loy's unsworn, unwritten response was,
a) "Agencies other than TSA have used (passenger) data to test all of the functions of CAPPS II."
b) "TSA has used (passenger) data to test functions of screening systems not called CAPPS II"
c) "Agencies other than TSA have used (passenger) data to test functions of systems other than CAPPS II"
d) "TSA has used (passenger) data not to test, but to implement, CAPPS II",
e) "Agencies other than TSA have used (passenger) data not to test, but to implement, CAPPS II"
f) "Agencies other than TSA have used (passenger) data not to test, but to implement, profiling systems other than CAPPS II".
g) "All of the above are belong to us!"
Remember, we live in a litigious society.
Republicans: You can say - truthfully - that you "did not have sexual relations with that woman", and that still leaves room for gettin' the knob polished, spunkin' up her dress, and finishing off with a slightly fishy-smelling cigar.
Democrats: Now watch this drive!
Last I checked, there's no right to breath free air in the Constitution either. Doesn't mean I have given up that right.
Amendment X:
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.
Get that, reserved by the people. Nice little catch-all Amendment.
A bit naive perhaps...
As history taught us (or not is seems)...
Laws increasing governments' power will ultimately be abused.
How long before the transmitted information will be used to catch tax-evaders? Be crosslinked with other data to find *potential* criminals (Minority Report anyone)?
The funny thing is that this information won't even help to catch any terrorists. How often can a suicide bomber be caught repeating his crimes? All that terrorist groups have to do is to send previously unknown people.
The only people suffering are average joes going about their lives.
And don't tell me: "If you don't have anything to hide, why bother." If that is the case, than why not install a camera in everybodys home ala 1984... Nothing to hide... No problem... Right?
And this is just the beginning. I remember a few years back an extensive camera system was installed in London, allegedly to find terrorists. Well, now this system is being used to catch speeders, and to track where everybody is going in the city just in case (which is used to collect tolls).
Compounding the problem is the vagueness of policies and incomplete training of personnel. My laptop gave a false positive for TNT a while back, so I had to submit to a secondary search at the security checkpoint. Besides proving that the laptop did indeed boot up, the police officer double-clicked on my trashcan to see what files were there, and checked the dropdown on my browser to see what recent links I had been to.
It didn't look like the officer was following any kind of script, was just nosy. But I was quite steamed about it at the time. (Good thing I had recently cleared both before packing the laptop!)
This very statement is why many people were opposed to the Bill of Rights. They thought it would limit people's rights. One subtle but important fact of the Bill of Rights is that it does not grant rights to anyone, it only lists them. You have the right to life, liberty, and the pursuit of happiness inherently. You were born with it. This right wasn't granted to you by a piece of paper. The Bill of Rights simply declares that which is already so.
It is entirely possible that they left one or two things out.
irb(main):001:0>
Dick? President Mr. Vice President, is that you? How low you've sunk, posting as an Anonymous lying Coward to Slashdot.
Surely you knew terrorists were planning on crashing into buildings after the President's Daily Briefing intelligence clearly said Al Qaeda was planning on crashing planes into buildings. Or after the French government foiled a well developed plot in the 1990s to crash planes into the Eiffel Tower.
Of course, your "moral equivalence" calculator is broken. I'll point out the moral distance between crashing a hijacked plane into the US Capitol housing Congress, and shooting down that plane: one US Congress, and everything that goes with it.
Cut the crap with rhetorical nonsense like "the gov't is not perfect" - that strawman BS is too tired to even bother with. The government's job is to protect the people. Instead, the Bush/Cheney government has miserably failed to do so, at every turn. Instead of lying behind an anonymous Slashdot post, try reading the 9/11 Commission report, which details a government in "widespread chaos", as summarized last week in a NY Times front-page headline. I only hope I'm wrong, and the actual poster isn't actually controlling the US Executive Branch from some creepy "undisclosed location", but is rather merely controlling a grubby keyboard in their parent's suburban basement.
--
make install -not war
HIPAA only applies to Covered Entities:
- Health plans
- Health care providers
- Health care clearinghouses
Thus these companies are not Covered Entities and are not bound by HIPAA law, unless they have a Business Associate Agreement with a Covered Entity to preform some function for them, but that is very unlikely.On two occasions I have been asked [by members of Parliament!], ``Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?'' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. -- Charles Babbage
The bitterest pill to swallow is that for a brief moment, say from about 1968 (when civil rights started to mean something in the South) until about 1989 (when Bush I started to shred the Constitution in the name of the 'War on Drugs'), the United States of America really was 'the land of the free'.
Why is loss of freedom on-topic? Because it has the same cause as the privacy violations. As you wrote, "people continue to look the other way." Having freedom, or privacy, is an unstable condition. Either you're willing to fight to keep it, or somebody (usually politicians, sometimes powerful corporations) will take it away from you.
I work for the government and all I have seen from my end as an employee is an increase in regulations, paperwork, and workload but no difference in how difficult it is to enter the country, purchase a fake identity, and live/exist here with little or no fear of being caught. We can track a single cow to its origin if we suspect that it may be infected with mad-cow disease, but we lose how many dozens of legal aliens every year, not to mention the illegal ones that we genuinely have no idea of...
Again, nothing new here, move along with the rest of the sheep.......we are from the government - we are here to help...
"A popular response is: "If you have nothing to hide, you have nothing to fear... the truth is that we all do have something to hide, not because it's criminal or even shameful, but simply because it's private. We carefully calibrate what we reveal about ourselves to others... The right not to be known against our will - indeed, the right to be anonymous except when we choose to identify ourselves - is at the very core of human dignity, autonomy and freedom.
If we allow the state to sweep away the normal walls of privacy that protect the details of our lives, we will consign ourselves psychologically to living in a fishbowl. Even if we suffered no other specific harm as a result, that alone would profoundly change how we feel. Anyone who has lived in a totalitarian society can attest that what often felt most oppressive was precisely the lack of privacy.
But there also will be tangible, specific harm.
Here's where Ashcroft is using the essay as a guidebook:
"Last summer, the CCRA informed me that, contrary to its past undertaking, it has decided to keep all API/PNR information about Canadian travellers for six years in a massive new database.
All this personal information - more than 30 data elements including every destination to which we travel, who we travel with, how we pay for the tickets (sometimes including credit card numbers), what contact numbers we provide, even any dietary preferences or health-related requirements we communicate to the airline - will be available for an almost limitless range of governmental purposes...
"This is unprecedented. The Government of Canada has absolutely no business creating a massive database of personal information about all law-abiding Canadians that is collected without our consent from third parties, not to provide us with any service but simply to have it available to use against us if it ever becomes expedient to do so. Compiling dossiers on the private activities of all law-abiding citizens is the sort of thing the Stasi secret police used to do in the former East Germany. It has no place in a free and democratic society...
It is difficult to imagine a m
...I have to say that this is scary, considering that both Sabre and Galileo aren't limited to airlines for their clientele. In other words, if you booked a hotel, rented a car, bought a train ticket, or anything other transaction that can be made on Travelocity (a Sabre Company), then your info could possibly be in the hands of the TSA or other third parties. Also, I remember when I first started working there, I had to fill out a bunch of paperwork stating that I would not give out sensitive information to third parties. This is crucial considering most of the paperwork was for EU compliance. I'm not surprised that the EU is not in an uproar.
Where's the French when you need them?
"Good, Fast, Cheap: Pick any two" -- RFC 1925