Monday, 9 August 2004

ACLU targets airlines' role in the "Surveillance-Industrial Complex"

A new No Spy Pledge campaign announced today by the ACLU targets airlines and other travel companies as key retail businesses involved in the emerging "Surveillance-Industrial Complex" described in an ACLU report released in conjunction with the launch of the campaign.

I highly recommend the report as an overview of the relationship between commercial data and government surveillance. It cites some of my work on travel data, but puts it in larger context.

The campaign seeks to get the targetted companies to take the "No Spy Pledge":

I understand that companies like yours are sometimes confronted with subpoenas, national security letters, or other legally binding intruments that require you to share information with the government. But you still have a lot of lattitude in deciding whether you will become an extension of the government's surveillance machinery.

And so, I am asking whether you will pledge to me that:

  1. You will not turn individually identifiable data on your customers over to the government for security purposes unless legally required to do so.

  2. You will use every legal means to fight government demands for data that are not authorized by current law, or which violate your Constitutional rights or those of your customers.

  3. If the government serves you with a legally binding request to turn over customer information, you will notify customers that our information has been turned over (unless you are subject to a gag order prohibiting you from doing so under the Patriot Act or other legislation). In addition, companies called data aggregators are increasingly becoming a means by which the government accesses information on individuals. I would also like to ask whether you provide information about your customers to data aggregators or any other companies that are in the business of consolidating customer information. If so, which ones?

Unfortunately, the computerized reservation systems (CRS's) -- the principal travel data aggregators, travel privacy invaders, and travel surveillance partners of the government -- don't deal directly with consumers, in most cases, and thus are immune to this sort of consumer campaign.

It will be interesting to see how the targetted airlines respond to the question about third-party data aggregators, but the role of CRS's is likely to be glossed over, or to get lost in finger-pointing between airlines and CRS's as to which of them is the real "owner" of personal data in reservations (which ought to belong to the travellers to whom it pertains).

Without having any foreknowledge of the new ACLU campaign, I've recently asked almost exactly the same questions of some of the CRS's (the others wouldn't respond at all), but none were willing to agree to change their current policies reserving the right to provide information to the government whenever they are asked (not ordered) to do so, without notice to the people whose data is being handed over.

Of necessity, most airlines and almost all travel agencies rely on the CRS's to host their databases. As a result, even the best privacy policy from a retail travel company is effectively meaningless until the CRS's clean up their act -- which they've made clear they aren't going to do unless they are forced to by enactment of a new Federal travel privacy law in the USA, specifically written to encompass the potential abuse of CRS data, or by enforcement action on complaints by citizens and residents of other countries (especially the European Union) where those CRS's operate and where local privacy laws are being broken by the CRS's current policies and practices.

Link | Posted by Edward on Monday, 9 August 2004, 11:12 (11:12 AM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?