Airlines Gave More Data Than Previously Disclosed

scottfk writes "Wired news has an article exposing the fact that still more customer data recorded by airlines were turned over to the TSA for their CAPPS II testing. From the article, 'Delta, Continental, America West, JetBlue and Frontier Airlines secretly turned over sensitive passenger data to Transportation Security Administration contractors in the spring and summer of 2002, according to the sworn statement of acting TSA chief David Stone. In addion, two of the four largest airline reservation centers, Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.'"

Remember Northwest?

[Mz6]

Very funny how this comes out a week to the day (atleast when it was posted) that a judge tossed out a privacy lawsuit against Northwest when they released their cutomer's personal info.

Well, perhaps it's not funny... But pretty damn scary.

Is it legal to distribute people's credit card #s?

credit card numbers

Is this even legal to distribute credit card numbers like that?

I hear that there's this websize h@x0rz.hk that'll happily buy such lists of information. Does this precident mean it's Ok to share with them?

Unnecessary

[supersandra]

The problem is there's a need to balance privacy rights with a hightened level of security.

Disclosing that much information is , in my opinion, excessive and crosses the line.

Of course, privacy seems all but dead these days, so maybe I'm just being too optomistic even about what could be. All I know is I don't think anyone needs my credit card info to figure out if I'm a security threat or not, not really.

Re:Unnecessary

[stanmann]

Depending on who else co-operated linking a fertilizer purchase with a diesil purchase by someone who doesn't own a farm or a tractor may or may not warrant further investigation, and if the arrest or evidence is later thrown out for constitutional privacy reasons so be it, even if the person was building a bomb, because the bomb didn't go off. Should we throw out the constitutional privacy protections?

Of course not.

Protect the rights of the individuals... ALL of them... esp the right to live.

Re:Unnecessary

[stanmann]

Constitution Ammendments 1,2,4,5,6,9,10 Provide Constitutional privacy protections...

please note, that NO-where did I use the phrase right to privacy, I said constitutional privacy protections.

Re:Unnecessary

[sdjunky]

"and if the arrest or evidence is later thrown out for constitutional privacy reasons so be it"

I'm sorry.. you're assuming that they won't be kept in detention indefinitely.

You're assuming that the evidence will be made available to the defendant. Or that the means of obtaining that evidence will be available to their lawyer.

And, if for some reason there is a trial, you're assuming that the trial will be fair.

"Timid men prefer the calm of despotism to the tempestuous sea of liberty."
-Thomas Jefferson

"I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it."
-Thomas Jefferson

"When governments fear the people, there is liberty. When the people fear the government, there is tyranny. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government."
-Thomas Jefferson

Re:Unnecessary

[GSloop]

unreasonable behaviour MAY be the reasonable response to extreme behavior.

I STRONGLY disagree. It is never reasonable to be unreasonable - both in the pedantic sense and in a practical sense.

It would never make moral sense to kill someone elses kids simply because they killed yours, or anyone elses for that matter.

The moral highground we MUST stand for as a nation is that we keep our morals and high priciples even though the "enemy" may not.

Revoking privacy and liberty to stop the bad "evil-doers" just makes us evil and bad too.

Either we believe in liberty and freedom or we don't. If we do, then liberty and freedom should never be abridged. If we don't, lets quit posturing as though we do and say we embrace freedom and liberty *except* when it's inconvienient.

The same arguments apply to free speech. The speech that is MOST IMPORTANT to protect is the speech we find offensive. It's easy to protect speech you agree with, but much harder to allow the angry, hateful and plain wrong SOB to express himself too.

It's a short step from depriving those who are "terrorists" of a fair trial and due process to people just like you and me. If we don't rise up and loudly protest at their treatment, even though we may abhor their thinking and acts then when you and I lose our freedom and liberty, we'll have little to complain about.

As for rectifying mistakes. Sure, we can keep from making the same mistake in the future, we we rarely make whole those who were injured in the past.

Examples?
Japaneese internment.
Slavery
Jim crow laws
Mistreatment of the mentally incapacitated and ill
Virtual extermination and disenfranchisement of the native indians.

There are dozens and even hundreds of others. Have we paid reparations to black slaves, the victims of jim crow laws, the indians or even come close to repaying the true economic and psychological losses of the Japaneese internment?

No, DAMN NO! It's pretty easy to say - well we'll fix that later. But we don't pay the true costs of our actions impact on those mistreated by those mistakes.

Strive greatly not to make mistakes the first time. Few of us are willing to truely cover the costs of those mistakes later. Myself included.

Cheers,
Greg

Speaking as devil's advocate...

[fiannaFailMan]

..the TSA or its contractors may have violated the Privacy Act, which prohibits the government from compiling secret databases on Americans

I thought that under the 'Patriot' (sic) Act it was perfectly legal for information to be handed over to federal agencies without their knowledge. Is there some sort of conflict between the 'Patriot' (sic) Act and the Privacy Act?

Health data?

Requested center seat. Indications of possible insanity.

Go Greyhound

This is why I use the bus. Nobody wants any personal information on anyone they've met on a bus.

Re:Go Greyhound

[pilgrim23]

For years, back when I traveled a lot by plane.. and this was many years back... I ALWAYS used a fake name, and paid by cash. Why? Not because I had something to hide. I do not. But I DO believe that my business is just that: my business, and not yours, not the government's, not Acme Marketing's.. These days I travel by car, bus, walk, or ride a bike. I do not fly. I would see no difficulty in "hopping a frieght" if it came to it..
I have always wondered why good network geeks who go out of their way to hide their real IP, and take various other protective steps to insure their net is not violated, will hand over the most confidential data about themselves without a backward glance..
Every incremental step taken "for our own good", "To protect us", or whatever the reason du jours, is just another step away from what this land was once about. We have met the Evil Empire and him be US!

Re:Go Greyhound

[gstoddart]

Unless it's a pair of hot Swedish chicks (preferably twins) with blonde hair, seductive blue eyes and sexy smiles.

Ah, so you've never actually been on a bus before I see. ;-)

Travelers?

[ryanwright]

without disclosing the transfers to travelers or asking their permission

Don't you mean terrorists? You can't tell citiz..-err, terrorists, that you're going to investigate them.

Welcome to the United States, where any random citizen is an enemy of the state.

Re:Travelers?

[the_mad_poster]

Welcome to the United States, where any random citizen is an enemy of the state.

It's much more convenient that way. All that actual investigating and charging with real crimes and such is so much WORK. It's just so much easier to declare people enemy combatants and have jack booted thugs drag them off in the night.

Besides, little Sarah, Agent Bob's daughter, thought it was GREAT FUN hooking up electrodes to the enemy combatants' nutsack when she got to sit in on the interrogation of one of these "terrorists-who-we-can't-actually-pin-with-a-crime " on take your daughter to work day.

Sadly, the fact that little Sarah was privvy to this information without the proper security clearance made her an enemy comabtant, and Agent Johnson was ordered to.... deal with her.

Re:Travelers?

[sirReal.83.]

I don't know who originally said this, so I guess I'm totally stealing credit.

You can't control innocent people... but you can control criminals. What do you do with a large group of innocents that you want to control? You make them criminals. You pass so many ridiculous and confusing laws that it's impossible for one to lead any kind of reasonable life on the good side of the law.

Okay, that's old news. I guess the newish part they're tacking onto this time-tested tactic is to simultaneously scare the piss out of people using various methods such as erosion of privacy, and study them statistically with the information gained as a result of the former. Know your enemy, scare your enemy, own your enemy. Just like bullies on the playground.

It's legal when you make the laws.

[Trigun]

Nobody's going to get fired over this, nobody's going to go to jail over this, nobody's going to even care about this.

If you do, you're un-American. Welcome to McCarthyism, population: you.

Privacy Act Violation

[insomnyuk]

If they mis-handled Social Security numbers alone (simply by sending them to the TSA without the approval of the people who possess those SSNs) then this is a very clear violation of the Privacy Act. Hello lawsuit?

Paranoia

[stanmann]

I understand the worry and concern about mis-use of this data, BUT as I recall, and you might also, in the short months directly following the 4 attempted attacks using airliners the airlines and associates were running scared and were providing the FBI and later HSA any and all information they had, requested or not.

So any surprise or concern over this data seems misplaced. Patterns were being examined and evidence compiled. Yes, extreme measures were taken and should be acknowledged and where appropriate apologized for, but these events should surprise noone and these revelations simply confirm what we already know.

Some people(and corporations) do foolish things when faced with a catastrophe.

Re:Paranoia

[the_mad_poster]

You make it sound (intentional or not) like this was done as part of an investigation. This data, however, was provided as part of a screening tool test. Grabbing needed information to investigate a crime that has already occurred seems acceptable. Grabbing personal information to make people into unwitting, unwilling guinea pigs is not.

So?

[azmatsci]

So? Forget the fact that all of this information is available on the Internet, the FBI can pull this information very quickly anyway. I support this because it just eliminates the wasted time for the FBI to do so. Passenger tracking by governments is going to be a way of life permanently thanks to a few morons. Just prey it doesn't extend fully into automobile driving, trains, or buses. The fundamental issue here is citizens willingness to have their personal information and whereabouts freely available by the government they are currently involved with, be that their home country or the country they reside in. But I think that is just a phantom of the real issue which is people's fears that by governments simply having that information it can be stolen or sold to somebody to use it against the individual. This is a valid concern in most countries right now. As governments advance and globalize, this kind of information sharing should become more secure and less invasive. Meaning full detailed information will not need to be kept on anyone because if you are in a modern country the needed information will be generated when you need it and not sitting on a server to be misused. I personally don't mind my government (US) tracing my whereabouts and my purchases because I don't feel they can use that information against me. Mainly because I do nothing that they would conceive as harmful to them. Some people want to keep everything private because they fear misuse, but I truly believe most people that want to keep everything out of government hands is because they have something to hide. Perhaps I am wrong in calling them the majority, but I don't understand when someone is worried about your government knowing where you are or how to find you.

Re:So?

[g0bshiTe]

Yeah and next we will all have to have the proper papers to fart. Let me ask you this. Since Sept 11 and the Patriot Act went into effect, are you or do you feel anymore secure? Does it make you sleep better at night knowing that the FBI can knock down the door of a suspected terrorist in the middle of the night? Your door in fact. Should your paper boy get pissed because you stiffed him last week on his tip and dropped a dime, told some agency that he has seen plans in your house of building blueprints. And they kicked in your door. Pulled your family out of your house at 3 am at gunpoint, this makes you safe? Statistically you have a greater chance of being eaten by a shark than ever encountering a terrorist. Personally I would rather live with the terrorist threat, than lose the freedoms that my father, and those before him fought for. Don't confuse false security with real security. Welcome to the new police state. They are watching us all.

Re:So?

[deity]

I personally don't mind my government (US) tracing my whereabouts and my purchases because I don't feel they can use that information against me. Mainly because I do nothing that they would conceive as harmful to them.

I take it that you don't sit too far from the center of the political spectrum. You're probably not a third party supporter (Communist, Green, Libertarian, etc.). You're probably not Muslim. You're probably not gay or lesbian. By your statements, you don't strike me as an activist for social justice or civil liberties. It might surprise you to learn that our country has quite a lot of folks who, for some reason or other, are currently or will eventually be persecuted for being different, holding different political or religious beliefs, or pissing off the wrong elected official. Think about the journalists--what happens when their every move is known in advance? This is a power that the government should not have, not without warrants and the traditional Constitutional protections given to our people by the Bill of Rights.

Head over to Wikipedia and read the article on CAPPS (disclosure: I wrote it a few months ago) and CAPPS II. There are so many problems with this system, besides the big one--it won't work.

In my opinion, the most disheartening aspect of this debacle is that a syndicate of large corporations lied to the public, lied to their customers, and undermined the Constitution. But there will be no reckoning. This is a burning example of our corporate "citizens" escaping responsibility.

Can you say lawsuit?

[g0bshiTe]

Galileo International and Sabre, also gave sensitive passenger information, including home phone numbers, credit card numbers and health data, without disclosing the transfers to travelers or asking their permission.'"

Is a direct violation of the Grahm Leech Bliley Act which states that any private information may not be released to third parties without the persons prior notice. The only time it may be given out is if there is an investigation into that individual. Seeing as how several airlaines gave it to the TSA I wonder who authorized that information to be released? Had I flown with them then and found this out, the requesting agency had better have the proper authorization, or I would damn sure file a class action lawsuit against the TSA and the airline.

That'd be the 4th Amendment.

[Jack_Frost]

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Your credit card and medical information can easily be argued to be your "papers and effects." Privacy is one of the few rights that is specifically defined by the Constitution.

A little more information

I'm posting this AC because it touches on my job and I try to keep that separate.

Sabre and Galileo are Global Distribution Systems, or just GDSs to people in the travel industry. Several are or were started by groups of major airlines. Worldspan is another; I forget the names of the rest. There are about five of them in total, and they formerly were a very heavily federally regulated industry, the idea being that if they were allowed to, for example, choose their own prices they could offer different prices to different airlines (or different travel agents) and exert an unfair hold on the market. They've been deregulated by Congress within the last year, but it's too soon to say what effect that will have.

The relevant part is this: If you purchase a plane ticket, regardless of how or where you buy it, your availability and booking are handled by one of the GDSes. Access methods vary by GDS, but the reality of it is, much of your information is available to not just the government, but really anyone with the proper knowledge of how to get at it. I can't imagine too many hackers being very interested in getting your mom's flight information or personal info from Sabre, but if they did it wouldn't be especially hard.

There aren't a lot of choices to insure your privacy here. Most of us can't realistically choose not to fly.

Best. Sworn. Statement. Evah!

[Tackhead]

> Loy's sworn written response was, "No. TSA has not used any (passenger) data to test any of the functions of CAPPS II."

Pop Quiz! Loy's unsworn, unwritten response was,

a) "Agencies other than TSA have used (passenger) data to test all of the functions of CAPPS II."
b) "TSA has used (passenger) data to test functions of screening systems not called CAPPS II"
c) "Agencies other than TSA have used (passenger) data to test functions of systems other than CAPPS II"
d) "TSA has used (passenger) data not to test, but to implement, CAPPS II",
e) "Agencies other than TSA have used (passenger) data not to test, but to implement, CAPPS II"
f) "Agencies other than TSA have used (passenger) data not to test, but to implement, profiling systems other than CAPPS II".
g) "All of the above are belong to us!"

Remember, we live in a litigious society.

Republicans: You can say - truthfully - that you "did not have sexual relations with that woman", and that still leaves room for gettin' the knob polished, spunkin' up her dress, and finishing off with a slightly fishy-smelling cigar.

Democrats: Now watch this drive!

All laws can (and often will) be abused

[linuxhansl]

As history taught us (or not is seems)...

Laws increasing governments' power will ultimately be abused.

How long before the transmitted information will be used to catch tax-evaders? Be crosslinked with other data to find *potential* criminals (Minority Report anyone)?

The funny thing is that this information won't even help to catch any terrorists. How often can a suicide bomber be caught repeating his crimes? All that terrorist groups have to do is to send previously unknown people.

The only people suffering are average joes going about their lives.

And don't tell me: "If you don't have anything to hide, why bother." If that is the case, than why not install a camera in everybodys home ala 1984... Nothing to hide... No problem... Right?

And this is just the beginning. I remember a few years back an extensive camera system was installed in London, allegedly to find terrorists. Well, now this system is being used to catch speeders, and to track where everybody is going in the city just in case (which is used to collect tolls).

Can they search your browser cache / trashcan?

[gentlewizard]

Compounding the problem is the vagueness of policies and incomplete training of personnel. My laptop gave a false positive for TNT a while back, so I had to submit to a secondary search at the security checkpoint. Besides proving that the laptop did indeed boot up, the police officer double-clicked on my trashcan to see what files were there, and checked the dropdown on my browser to see what recent links I had been to.

It didn't look like the officer was following any kind of script, was just nosy. But I was quite steamed about it at the time. (Good thing I had recently cleared both before packing the laptop!)

Re:This info is important!

[The+Angry+Mick]

I call bullshit.

The only way to be totally secure , is to park your monkey ass in a shallow underground bunker and NEVER leave. Ever. Pray that your God delivers you food and water, because actually having someone deliver it is a risk. Going to the store to buy it is a risk. Eating anything ever handled by another human being is a risk.

In other words, welcome back to the dawn of man where just being alive is a security risk!

There is a deeper problem here. Any idoiot that believes if we only collected more information, we'd be a lot more safer, is fooling themselves and ignoring a much greater set of problems.

Terrorism exist because of anger, distrust, and a sense of hopelessness and/or exploitation. Deal with the core issues as they arrive, instead of waiting for them to fester and explode, and it is entirely possible to limit, if not actually eliminate, the rage quite literally blowing back in your face.

But its neither easy or convenient to think like this - in a capitalist society, some would even consider it heresy. It's time consuming - don't think that declaring a Palestinian state would make Osama retire tomorrow. It demands a greater understanding of foreign culture, idealogy, and history - don't assume that global economics will eventually "buy" peace by making all the citizens of the world consumers in a common market. It'll cost time and (get ready to flinch) money.

As a nation, the U.S seems far more attentive to the fear and loathing aspects of human existence, than it does its so-called "Christian" beliefs and values - there is very little of Christ in American christianity right now - and most of the fear is centered on pure and simple economic greed. Blame mass marketing, blame capitalism, blame anything, but this country loves its money and all the toys it can buy more than it has ever loved anything else. Other cultures see this, and resent it, and learn to hate it.

Just stop to think for one second what the goodwill payoff would be if a country like the U.S spent just one-tenth of its defense budget on development programs in third world countries. Millions of people would benefit, and, to give the hard-core capitalists a reality check, would be more likely to invest in U.S products and interests.

Just so my point is clear. Increased data collection will not stop the terrorists.

It will, however, make it easier to market to the families of the victims . . .

Re:This info is important!

[Laroue]

Trying to keep dangerous weapons off of planes is a futile effort.

Yes you confiscate a gun, whoppie. I can take my steel bodied ink pen and a paper bag full of gunpowder. No one is screening for matches. As long as we allow the people on board we are allowing weapons. The mind is the only real weapon anyway. I find the security in airports a joke. I flew threw Portland, recently, and a terminal was being remodelled, cordless drills and tools everywhere, with no one watching them at all(I assume it was the lunch break for the crew). Anyone could pick up and take whatever they want onto the plane. In Cincinati you can buy the nail
clippers that are prohibited in the terminal. Take liquids for instance, we don't check them to see if they are volatile. Anyone could walk on board with a 20oz Sprite bottle filled with nitro and no one would question it.

I will say it again airport security is a joke. period.

The only way that I see to secure our airlines, is to issue every adult border a knife/handgun/weapon. Then we can be sure that everyone is armed. Perhaps a simple check, "Are you prepared to defend the plane if terrorists attack?" if not you can drive.

Just my 2 cents.

Re:Great...

[njdj]

This is the land of the FREE

The bitterest pill to swallow is that for a brief moment, say from about 1968 (when civil rights started to mean something in the South) until about 1989 (when Bush I started to shred the Constitution in the name of the 'War on Drugs'), the United States of America really was 'the land of the free'.

Why is loss of freedom on-topic? Because it has the same cause as the privacy violations. As you wrote, "people continue to look the other way." Having freedom, or privacy, is an unstable condition. Either you're willing to fight to keep it, or somebody (usually politicians, sometimes powerful corporations) will take it away from you.

Mistakes are never made, Mr. Tuttle/Buttle...

[geekotourist]

When the former privacy czar of Canada wrote his Warnings on why privacy protection is important post 9/11, he intended it to be a warning to Canadians not to lose rights Americans have already lost. I'm sure he didn't intend it to be an anti-guidebook for Ashcroft et ilk. The essay answers your question:

"A popular response is: "If you have nothing to hide, you have nothing to fear... the truth is that we all do have something to hide, not because it's criminal or even shameful, but simply because it's private. We carefully calibrate what we reveal about ourselves to others... The right not to be known against our will - indeed, the right to be anonymous except when we choose to identify ourselves - is at the very core of human dignity, autonomy and freedom.

If we allow the state to sweep away the normal walls of privacy that protect the details of our lives, we will consign ourselves psychologically to living in a fishbowl. Even if we suffered no other specific harm as a result, that alone would profoundly change how we feel. Anyone who has lived in a totalitarian society can attest that what often felt most oppressive was precisely the lack of privacy.

But there also will be tangible, specific harm.

• The more information government compiles about us, the more of it will be wrong. That's simply a fact of life...
• wrong information and misinterpretations will have potential consequences. If information that is actually about someone else is wrongly applied to us, if wrong facts make it appear that we've done things we haven't, if perfectly innocent behavior is misinterpreted as suspicious because authorities don't know our reasons or our circumstances, we will be at risk of finding ourselves in trouble in a society where everyone is regarded as a suspect...
• Decisions detrimental to us may be made on the basis of wrong facts, incomplete or out-of-context information or incorrect assumptions, without our ever having the chance to find out about it, let alone to set the record straight...
• That possibility alone will, over time, make us increasingly think twice about what we do, where we go, with whom we associate, because we will learn to be concerned about how it might look to the ubiquitous watchers of the state.
• The bottom line is this: If we have to live our lives weighing every action, every communication, every human contact, wondering what agents of the state might find out about it, analyze it, judge it, possibly misconstrue it, and somehow use it to our detriment, we are not truly free. That sort of life is characteristic of totalitarian countries, not a free and open society like Canada.

Here's where Ashcroft is using the essay as a guidebook:

"Last summer, the CCRA informed me that, contrary to its past undertaking, it has decided to keep all API/PNR information about Canadian travellers for six years in a massive new database.

All this personal information - more than 30 data elements including every destination to which we travel, who we travel with, how we pay for the tickets (sometimes including credit card numbers), what contact numbers we provide, even any dietary preferences or health-related requirements we communicate to the airline - will be available for an almost limitless range of governmental purposes...

"This is unprecedented. The Government of Canada has absolutely no business creating a massive database of personal information about all law-abiding Canadians that is collected without our consent from third parties, not to provide us with any service but simply to have it available to use against us if it ever becomes expedient to do so. Compiling dossiers on the private activities of all law-abiding citizens is the sort of thing the Stasi secret police used to do in the former East Germany. It has no place in a free and democratic society...

It is difficult to imagine a m

As a former Sabre employee...

[luke923]

...I have to say that this is scary, considering that both Sabre and Galileo aren't limited to airlines for their clientele. In other words, if you booked a hotel, rented a car, bought a train ticket, or anything other transaction that can be made on Travelocity (a Sabre Company), then your info could possibly be in the hands of the TSA or other third parties. Also, I remember when I first started working there, I had to fill out a bunch of paperwork stating that I would not give out sensitive information to third parties. This is crucial considering most of the paperwork was for EU compliance. I'm not surprised that the EU is not in an uproar.

Where's the French when you need them?