Wednesday, 4 February 2004

Many questions, few answers on jetBlue scandal

What's come out of the inquiries into the jetBlue Airways privacy scandal four months ago?

Nothing , Ryan Singel concludes today after investigating the investigations for Wired News .

After my report in September 2003 that jetBlue had given their entire archive of reservation data to a subcontractor to the USA military's "Total Information Awareness" program, both the Department of Homeland Security's Chief Privacy Officer and the Army's Office of the Inspector General promised to investigate and report on what had happened.

Members of Congress sent lists of written questions to the DHS and the Department of Defense, and requested briefings on the results of those departments' internal investigations.

Freedom of Information Act (FOIA) requests by EPIC were promised "expedited prcessing". And EPIC made a formal complaint to the Federal Trade Commission, requesting that they investigate jetBlue's deceptive business practices for publishing a privacy policy contrary to their actual data handling practices.

To date, no report on the jetBlue scandal by any agency has been made public. Not a single document has been released in response to Congressional or FOIA requests. And so far as can be determined, no sanctions have been imposed on any of the parties to the misuse of millions fo jetBlue passengers', ticket buyers', and reservation agents' personal information.

Which all goes to prove, as I've been saying since the start, that we're unlikely to get to the bottom of the scandals related to the use of airline reservation data (from jetBlue, from Northwest, and from other airlines) for passenger profiling experiments without a Congressional investigation and public Congressional hearings.

It's an instructive example to European and Canadians who are being asked to accept these internal "oversight" ("self regulation") mechanisms as sufficent to assure the privacy of reservation data sent from their countries to the USA. The history of corporate and government self-restraint with respect to opportunities for misuse of personal data isn't promising. And the healthy scepticism of European observers toward the "Trust us" claims of USA corporations and intelligence agencies is well founded.

That skepticism appears to have led to a widening rift, not between the USA and the European Union but within the EU between those willing to acquiesce to USA surveillance demands (mainly in the European Commission) and those insisting -- as they should -- on compliance with existing EU privacy norms (in the European Parliament and national data protection authorites).

An EC "staff working paper", An EC-U.S. Agreement on Passenger Name Record, PNR (21 January 2004), posted today with an analysis and commentary by Statewatch, is dramatically at odds with EP staff drafts on the same topic I've seen recently. Stay tuned for more fireworks when the EP LIBE Committee revisits the issue later this month following the release date of the GAO report on CAPPS-II .

Link | Posted by Edward on Wednesday, 4 February 2004, 18:16 ( 6:16 PM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?