Monday, 15 March 2004

Want privacy? Don't fly Northwest Airlines.

In a memorandum of law at once extraordinary and typical in its dismissal of travellers' concerns for the privacy of their reservation records, Northwest Airlines (IATA airline code "NW") has declared that:

[T]here is no general "public policy" in favor of such [privacy] rights. Passengers have no inherent right or expectation of total privacy in the information provided when traveling on commercial airlines..... Northwest Airlines makes no representations that information will not be shared with the government.

The privacy rights advocated by EPIC and MCLU do not exist in the rules, precedent or practices of the Department. There is similarly no applicable right to privacy imposed by any other federal law. Indeed, passengers have no inherent right or expectation of total privacy in the information they provide when traveling on commercial airlines.... Congress has not imposed any affirmative privacy obligations on airline passenger data, and Congress knows how to do so.

Expectations of privacy in air travel have always been low.... A reasonable person does not expect privacy in his personal information.... The Supreme Court has further held that citizens forfeit any expectation of privacy when they voluntarily provide information to third parties.... [T]here is no reasonable expectation of privacy in public travel.... Given that the public does not reasonably expect the type of privacy that EPIC and MCLU advocate, there is no "substantial" injury in the disclosure of passenger information.

NW's claims were made in its answer to complaints filed with the USA Department of Transportation (DOT) by the Electronic Privacy Information Center (EPIC) and the Minnesota Civil Liberties Union (MCLU), alleging that NW engaged in "unfair and deceptive trade practices" by having a so-called privacy policy that was contrary to its actual privacy practices and specifically by secretly turning over millions of reservations to NASA for experiments in passenger profiling, even while NW's own CEO denied it had done so.

EPIC's reply to the NW argument makes clear the government's dilemna in responding to the complaint while simultaneously trying to defend the government's increasing demands for access to travel records for CAPPS-II and other "Homeland Security" surveillance and monitoring programs.

As EPIC points out, this is the first test case of the USA government's claims to the European Union that the DOT complaint and enforcement process provides a level of privacy protection that satisfies EU standards of "adequacy".

If the DOT fails to upheld the complaints against NW in such an egregious case of lying and privacy invasion, it will severely jeopardize whatever slight chance the USA might have had to get a finding of "adequacy" approved by the European Parliament (as the USA Dept. of Homeland Security has promised it will do before resuming testing or deplyment of CAPPS-II.) But a ruling against NW would significantly limit the government's future ability to gain access to PNR's or PNR archives without prior notice to, and consent of, travellers -- as would be required for CAPPS-II as currently planned.

I've spoken in the past with senior DOT officials supposedly responsible for acting on complaints like the one by EPIC against NW, and it was clear to me that they had no desire at all to get involved in privacy enforcement -- even under laws prohibiting lying to consumers. Local law eneforcement authorities are powerless to object: state attorneys general have almost unanimously denounced their inability, under the "Federal preemption" provisions of the Airline Deregulation Act of 1978, to subject airlines to the same state consumer fraud laws that govern all other businesses. (A 2000 letter to Congress calling for legislation to narrow the preemption provisions of the 1978 law was signed by 47 state and territorial attorneys general.)

To date, Congress has been reluctant to act, but if the DOT upholds NW's claim that their actions violated no existing law, it will be hard to escape the conclusion that there ought to be such a law. There could scarcely be a clearer call for Congressional action than NW's argument that, "Congress has not imposed any affirmative privacy obligations on airline passenger data, and Congress knows how to do so."

Indeed Congress does, and should. In the meantime, NW has made clear where they stand, and travellers should act accordingly.

Link | Posted by Edward on Monday, 15 March 2004, 15:07 ( 3:07 PM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?