Wednesday, 19 October 2016

Writers shouldn't have to choose between privacy and copyright

Writers shouldn't have to choose between protecting our privacy and protecting our copyrights. But existing and proposed laws in the US and other countries are forcing us to do so. They should be, and can be, changed to remove this unnecessary and unfair dilemma for working writers.

That's the message of comments I helped draft, as part of my volunteer work as a member of the National Writers Union (NWU), which were filed this week with the U.S. Copyright Office by the NWU and the American Society of Journalists and Authors (ASJA):

Writers are being forced to choose between revealing their identities and personal information or risking the loss of some of their rights. We should not be forced to choose between protecting our privacy and protecting our copyrights....

We urge Congress and the Copyright Office to address the causes of this dilemma, and repeal the registration requirements for enforcement of copyright and remedies for infringement (17 U.S. Code §411 and § 412). And, in light of the privacy issues highlighted by this NPRM [Notice of Proposed Rulemaking], we encourage the Copyright Office to reconsider and withdraw its proposal for legislation to categorize rights to any work as "orphaned" and fair game for unauthorized and uncompensated copying if an author has not chosen to make public sufficient information that they may be contacted by would-be licensees, or deliberately or inadvertently does not respond to licensing requests, regardless of how actively they are exploiting the rights to their work.

Privacy and copyright are fundamental rights. Writers should not have to choose between them.

I work on privacy issues with the Identity Project and as a consumer advocate for travellers, and I work on copyright issues as a member of the NWU (and, through the NWU, of the International Federation of Journalists and the International Authors Forum).

But despite fundamental similarities and -- in at least some legal systems -- common conceptual roots of privacy rights and writers' rights, the relationships between these rights, and their effects on each other, have often been overlooked in policy-making.

British novelist, blogger, and activist for writers' rights Nick Harkaway remarked on this in his book, The Blind Giant: Being Human in a Digital World:

I don't think it's a coincidence that privacy and intellectual property are major battlegrounds in the shaping of our digital environment, but I do find it odd that so many privacy campaigners are also uncomfortable with the idea of IP [Intellectual Property].... To me, the issues are closely related. Privacy and IP share to my eye a common conceptual basis, and the problems that they both face in the age of digital reproduction are problems in common....

Intellectual property, more than ever, is a line drawn around information, which asserts that despite having been set loose in the world -- and having inevitably, been created out of an individual's relationship with the world -- that information retains some connection with its author that allows that person some control over how it is replicated and used.

In other words, the claim that lies beneath the notion of of intellectual property is similar or identical to the one that underpins notions of privacy. It seems to me that the two are inseparable, because they are fundamentally aspects of the same issue.

This commonality is even more evident, as Harkaway notes, if writers' rights are conceptualized as human rights rather than property rights. In Continental European law, authors' rights ("droit de l'auteur") are human rights of the creator, some of which (such as moral rights) are inalienable. Copyright in the USA and UK is a property right that can be freely traded, completely separated from its creator, and held by a non-human corporation. The USA has ratified the Berne Convention copyright treaty, which recognizes writers' moral rights, but Congress has done nothing to enact those rights into US copyright law for written works.

This isn't the first time the NWU and allied writers' organization have addressed the dilemma for writers created by laws that force us to choose between protecting our privacy and our copyrights. Nor is it the first time that we too have noted the anomaly, noted by Harkaway in the passage quoted above, of support for some of these laws and policies from groups and individuals who are normally protective of privacy.

In comments to the U.S. Copyright Office last year, for example, the NWU and the Science Fiction and Fantasy Writers of America (SFWA) had this to say about the threat to anonymous writing posed by laws that already do (in the UK and the European Union) or would (as proposed in the USA) define essentially all anonymously self-published work as "orphaned" from birth, because its creators haven't chosen to identify themselves publicly:

Continue reading "Writers shouldn't have to choose between privacy and copyright"
Link | Posted by Edward, 19 October 2016, 06:30 ( 6:30 AM) | Comments (1) | TrackBack (0)

Tuesday, 18 October 2016

National reading of "It Can't Happen Here" on Monday, Oct. 24th

Over the weekend I got to see a stellar new staging of Sinclair Lewis' It Can't Happen Here at the Berkeley Repertory Theater.

The 1935 novel is prescient even in its details. I've re-read it several times in the last year, and I've been recommending it to everyone I know.

It's rightly known as an anti-fascist work, but it's also a paean to the power of the pen. The protagonist is the social democratic editor of a small-town newspaper in northern Vermont, and his role in the resistance to American fascism is as a propagandist.

Lewis himself was commissioned by the Federal Theatre to adapt his novel for the stage. In 1936, as one of the Federal Theatre's experiments in using the arts to promote popular national discourse, it was produced simultaneously in more than 20 cities throughout the country.

(The Federal Theatre was a WPA arts project directed by my great-aunt, Hallie Flanagan Davis. It was eventually defunded and shut down by Congress for allegedly purveying Communist propaganda, after Aunt Hallie was unrepentant in her testimony before the House Un-American Activities Committee.)

I was disappointed when I learned that the Berkeley Rep has written a new staging of the novel, rather than using Lewis' own script. But the new adaptation is both excellent and faithful to the book -- it wasn't necessary to change even the details to make it timely and relevant.

In the spirit of the original Federal Theatre national production, the Berkeley Rep has instigated a national staged reading of the new version of "It Can't Happen Here" this coming Monday, October 24, 2016. Dozens of professional and amateur theater companies, libraries, etc. are participating.

I encourage any of you who are able to attend one of these readings. (And if you are in the Bay Area, try to make it to the Berkeley Rep, in spite of the price. Trust me, this show is worth it, if you can afford it.) It's a chance to celebrate engaged journalism, and to be reminded that while fascism has its American face, so does resistance to fascism.

Link | Posted by Edward, 18 October 2016, 11:23 (11:23 AM) | Comments (0) | TrackBack (0)

Thursday, 13 October 2016

Amtrak improves long-distance bicycle transport

Over the last month, Amtrak has quietly rolled out a major upgrade to its services for transporting bicycles on long-distance trains: Amtrak has added bike racks or hooks for unboxed bikes in the baggage cars of almost all of its long-distance trains.

Kudos to Amtrak, whose headquarters isn't always so highly regarded for marketing savvy or customer responsiveness. (Amtrak's front-line staff, especially onboard, on the other hand, are known among regular riders for going the extra mile to accommodate passengers.)

This changes makes Amtrak a better choice than ever for bicycle transport across the USA compared to planes, buses, DHL, Fedex, or the U.S. Post Office. But the latest change has gotten remarkably little fanfare from either Amtrak or cycle-touring organizations such as the Adventure Cycling Association, which is why I'm bothering to call it out here.

Intermodal transport of bikes on trains is long established as a way for cyclists to get to and from their rides, whether using a bicycle for the first and/or last miles of their daily commute, putting their bike on a train to get out of the city for a Sunday ride in the country, or getting to the start or home from the finish of a cross-country tour.

As members of the hospitality network for touring bicyclists, we get many cycle-touring guests in our home in San Francisco who are riding up or down the West Coast or across the USA. San Francisco is often the start or end of their ride, and we often find ourselves talking with our visitors about options for getting themselves and their bikes across the country or back up or down the coast. Our answer to, "What's the best way to do this?" is usually, "If you have the time, Amtrak."

There are racks for two or three bikes on many city buses in the US, and a tired cyclists can sometimes use a local bus as a "sag wagon" if it has a bike rack. But bikes on buses don't scale if there are a lot of cyclists travelling together. You can slide your bike on its side into the luggage compartment under a long-distance bus, but it's vulnerable to damage en route unless you dismantle, pad, and box it.

With some exceptions, bringing a bike with you as airline luggage is expensive (US$150 per bike, one way, is typical for a boxed bike checked as airline luggage on a flight within the USA) and requires you to partially dismantle and box it. Sending a bike as unaccompanied air cargo is even more expensive, and also requires boxing it. Within the USA, shipping a boxed bike by UPS or Fedex Ground is cheaper than sending or bringing it with you by air, but still not cheap and still requires boxing to meet package size limits.

Some of these fees and restrictions can be avoided by getting a bike with S&S couplers so that the frame can be split in half. You can even get couplers retrofitted in an existing steel frame, for a price. But breaking down a bike with couplers to fit into airline luggage is still a non-trivial task that requires finding or cutting down a box to exactly the right size.

A train (or in most cases a ferry) has room for many more bikes onboard than a bus or plane. If there's a dedicated baggage car, it's relatively easy to fit it with racks, hooks, and/or straps to secure numerous unboxed bikes. And for both historical and business reasons, passenger railroads around the world generally charge much less to transport bikes than do most airlines or other cargo shipping companies.

What does this mean if you want to bring your bike with you, or ship it unaccompanied, on an Amtrak train?

Continue reading "Amtrak improves long-distance bicycle transport"
Link | Posted by Edward, 13 October 2016, 07:41 ( 7:41 AM) | Comments (0) | TrackBack (0)

Wednesday, 10 August 2016

Computer "outage" disrupts Delta flights

An outage of some computer systems or components on Monday led to cancellations and delays of Delta Air Lines flights.

Once planes and crews are out of position, it takes time to get them back to where they are needed. New crews and/or planes may have to be sent out if the original planes and/or crews have exceeded their safety time limits for periodic equipment maintenance or crew rest. Only today, Wednesday, are Delta flights getting back on schedule and back to their normal capacity.

Last month Southwest Airlines flights were similarly cancelled, delayed, and disrupted for several days after a computer system component failed.

What caused the problems with Delta flights? The "outage" that affected Delta operations has been attributed to an equipment failure that cut power to some components of Delta's computer system. But neither the nature of the problem nor the specific component(s) that were affected have been clearly identified. My guess is that the equipment that lost power was part of the interface between some components of Delta's in-house IT systems including its departure control system (DCS) and flight management system, and the Worldspan computerized reservation system (CRS).

Was this a result of problems with Delta's reservation system? No. Other airlines that use Worldspan had no problems. One thing we know for certain is that this was a problem internal to Delta's own systems (or those of some other Delta service provider) or related to the Delta-Worldspan interface, not to any core or shared Worldspan functionality.

Where would you point the finger of blame? I don't yet have enough information to be sure, but the underlying cause is likely to turn out to be a combination of (1) over-reliance on technology (see more on that below) and (2) the inability of airlines like Delta to make a clear, long-term commitment either to outsource their operational IT systems or keep them in-house. The interface between in-house and outsourced IT systems that failed only existed because Delta chose take some parts of its systems in-house while outsourcing others. Prior to that, Delta's IT systems had been integrated, first wholly in-house and then wholly outsourced to a single company, Worldspan.

Delta has an unnecessarily complicated relationship with Worldspan. Worldspan was originally developed in-house by Delta, but was spun off and eventually acquired by Travelport, a holding company which also bought the competing Galileo/Amadeus CRS. Throughout that time, Delta's systems continued to be operated by essentially the same team of people in the same facilities. But recently, Delta has taken some IT functionality in-house, while continuing to outsource database hosting to Worldspan. Given the changes back and forth between Travelport's Worldspan division and Delta over operational and legal responsibility for elements of the airline's IT systems, it's scarcely surprising that the interfaces grafted on to connect but separate Worldspan and Delta (a digital corpus callosum between the halves of its logical brain) are among the least well-tested and most vulnerable components of the complex and formerly unified system.

Was this a result of airlines using "old-fashioned" computer equipment? No. There's no basis to claims like the headline today in the Wall Street Journal, Delta Meltdown Reflects Problems With Aging Technology. One of the biggest advantages of "mature" software and systems is that they have had time for bugs to manifest themselves and be corrected. Legacy systems are often kept around and preferred because of their reliability. The major CRSs are no exception, and one of the many reasons most airlines outsource reservation hosting and other functions is the extreme reliability of the CRSs.

Can modern airlines operate flight even when their computers are down? Yes. Delta could, and perhaps should, take lessons from the best practices of more reliable airlines like Ethiopian (long one of the world's standouts for operational efficiency and reliability). As I've written about before, I travelled without incident with e-tickets on Ethiopian flights and connections that operated on time with a full passenger load even when the power had been out for almost two days at the place where we started our trip. Not having manual backups such as printed passenger manifests and paper tickets is a deliberate cost-cutting (and reliability-cutting) choice by airlines like Delta. This week's events show why I think it's the wrong choice, even if it saves a couple of dollars a ticket. And whatever the reasons for Delta's choice to take that risk, the airline has to take responsibility to passengers for its consequences. Delta gambled that its computers would never go down, and it lost. Now it needs to pay up.

Do government "security" or passenger permission requirements prohibit airlines for operating flights when their computers are down? No. Since 2006 airlines have, by default, been required to get permission from the US Department of Homeland Security before issuing each boarding pass. But while some of the permission procedures are secret, the Consolidated User Guide issued to airlines makes clear that there are multiple levels of fallback "outage" procedures (beginning on page 89 of the user guide) that allow airlines to operate flights and board passengers even when their computer systems are down -- as long as the airline still have access (e.g. through printed backups of passenger manifests, or through paper tickets) to lists of names of ticketed passengers by flight. (An unredacted version of the extremely interesting DHS Consolidated User Guide was apparently leaked and posted online without fanfare in 2010 by, but I only recently noticed it.)

Why couldn't Delta "endorse" my ticket to American Airlines, if Delta's flights were cancelled and American had empty seats? (1) Because Delta couldn't retrieve your electronic ticket in order to endorse it to another airline if Delta's reservation system was down (the ability to have paper tickets endorsed to another airline is one of their major advantages over e-tickets), and (2) because Delta and American ended their decades-old interline ticket acceptance agreement in 2015. As I predicted in 2005 when the process was just beginning, airlines have been steadily cutting back on interline agreements, retaining only those within "alliances" and deliberately making themselves unable to interoperate with members of other "alliances" or assist their passengers in case of disruptions to flight operations. Airlines lie and claim that alliances allow them to offer more flights to more places, but the termination of interline agreements between members of rival alliances is clearly detrimental to passengers' interests. This week's events were the first major demonstration of the consequences.

What are my rights if I had tickets for a flight that was cancelled? Delta wants to keep your money, of course. So it is urging passengers to apply the "credits" for cancelled flights to future Delta flights. But you are legally entitled to more: According to Delta's own domestic and international conditions of carriage, you have the absolute right to a full and unconditional refund which you can then use to buy new tickets on Delta, new tickets on a competing airlines, or anything else. You are entitled to a refund in the same form of payment you used to pay for your tickets (cash, credit, or debit card), and not just a "refund" in airline scrip limited to use with Delta and within a limited time:

In the event of flight cancellation, diversion, delays of greater than 90 minutes, or delays that will cause a passenger to miss connections, Delta will (at passenger's request) cancel the remaining ticket and refund the unused portion of the ticket and unused ancillary fees in the original form of payment.

Note that to get a refund from Delta, you have to request it. It might take some time, so make your request, in writing, as soon as you are sure you want a refund rather than just airline credit ("scrip"). Keep copies of documentation of your ticket, flight cancellation, and refund claim. If the airline refuses to give you a full refund, you can sue them for it in small claims court.

The travel consumer advocacy group Travelers United as well as some members of Congress are already calling on Delta to better inform ticket holders about their right to a full cash or credit card refund, and not to pressure them into accepting restricted credits in airline scrip usable only on Delta and only for a limited time.

For more advice, see my FAQ About Changes to Flights and Tickets and my previous commentary on CRS and other airline IT outages:

Link | Posted by Edward, 10 August 2016, 12:49 (12:49 PM) | Comments (0) | TrackBack (0)

Monday, 25 July 2016

Burning the U.S. flag

Edward Hasbrouck at the U.S. Capitol, gagged with a U.S. flag

[On the lawn of the U.S. Capitol, gagged with a U.S. flag, at a press conference with Joey Johnson and others on 21 June 1990, as Congress was voting on whether to amend the U.S. Constitution to outlaw the "desecration" of the U.S. flag.]

Nobody could seriously argue that Joey Johnson's right to burn a flag outside the Republican National Convention is anything other than well-established law.

But instead of respecting that right, a Cleveland prosecutor and police are trying to frame Joey Johnson for something he didn't do, in order to punish him for what he and others did in exercising their right to express themselves by burning a U.S. flag -- just as a Dallas prosecutor and police did in 1984.

Here's what happened last week, some of the back story I was involved in that you won't learn if you only read news reports and/or court records, and why Joey Johnson deserves our support now just as much as he did more than three decades ago.

Continue reading "Burning the U.S. flag"
Link | Posted by Edward, 25 July 2016, 18:40 ( 6:40 PM) | Comments (6) | TrackBack (0)

Thursday, 7 July 2016

House votes down proposal to defund the Selective Service System

We are your childen. Support draft resistance.

This week, during consideration of the annual funding bill for the Selective Service System and miscellaneous other agencies, the U.S. House of Representatives:

  1. Yesterday, voted down (294-128) a proposed amendment to completely defund the Selective Service System; and then

  2. Today, approved (217-203)an amendment that forbids the use of any of the money appropriated for the Selective Service System for Federal Fiscal Year 2017 "to change Selective Service System registration requirements" (such as to require women as well as men to register for the draft).

The effect of these two votes is likely to be limited. But in their current context, they are not a good sign for opponents of conscription and war, and confirm the need for continued, expanded, and more visible resistance to draft registration.

Continue reading "House votes down proposal to defund the Selective Service System"
Link | Posted by Edward, 7 July 2016, 21:50 ( 9:50 PM) | Comments (2) | TrackBack (0)

Wednesday, 6 July 2016

The no-fly list and the no-gun list

watchlist/blacklist flow chart
[The proposed No-Fly, No Buy law currently under debate in Congress would add the Terrorist Screening Database as a third source (yellow arrow at center right of flow chart) of entries in the "No-Gun" list, in addition to Federal and state felony convictions and certain misdemeanor crimes of domestic violence. Everything else on this diagram already exists and would remain the same. Click the image above for a larger version of the flow chart, or click here for a full-page PDF with a key to the acronyms.]

Last month, some (Democratic Party) members of Congress held a sit-in on the floor of the House of Representatives to try to pressure their (Republican Party) colleagues to agree to allow a vote on what was described as a "gun control" bill. The sit-in ended after the House adjourned for its 4th of July holiday without bringing the bill to a vote. But the bill remains pending as Congress reconvenes.

I'm a pacifist. I support gun control. Having guns around doesn't make me feel safer, no matter who has them. I've never owned or used a firearm. I don't want, and don't knowingly allow, any guns in my home, for any reason. Speaking only for myself, and not for any of the organizations with which I'm associated, I would vote to repeal the Second Amendment rather than trying to play games with its language about "a well-regulated militia".

I'm a firm believer in nonviolent direct action and a supporter of extra-legal tactics like sit-ins as a useful and often essential way to bring about political change, including revolutionary change, with or without the cooperation of the government.

So why do I think that that the Congressional sit-in was at best misguided, and that this is a dangerous bill that would set an even more dangerous precedent, regardless of the good intentions of some of its supporters?

The bill at issue in the House, like the similar bill still pending in the Senate that I wrote about last year in the Identity Project blog, has been described as "No-Fly, No-Buy". It would prohibit anyone on the U.S. no-fly list, and possibly also anyone listed in the Terrorist Screening Database (TSDB) as a "suspected" terrorist, terrorist supporter, or terrorist sympathizer, from buying a firearm.

To put it another way, these bills would add everyone on the no-fly list or in the government's "suspected terrorist" file to the no-gun list.

This is a people-control measure, not a gun-control measure. It is one more step away from punishment of criminal acts and toward pre-crime policing and imposition of sanctions based on predictions and blacklists. And it would do nothing to improve the "no-gun list" that we already have.

Yes, the US already has a "no-gun list". I'm on it, for all the wrong reasons, along with 25 million or more other people.

Continue reading "The no-fly list and the no-gun list"
Link | Posted by Edward, 6 July 2016, 07:11 ( 7:11 AM) | Comments (0) | TrackBack (0)

Tuesday, 14 June 2016

Senate approves "Defense" bill including expansion of draft registration to women

Feminists Say: Stop The Draft
[Poster by Yolanda V. Fundora]

Today the U.S. Senate voted 85-13 to approve a version of the proposed National Defense Authorization Act for Fiscal Year 2017 (S. 2943) including a provision which, if also approved by the House of Representatives and signed into law by the President, would extend draft registration to women. (Bernie Sanders and Barbara Boxer were the only Senators absent from this vote. So far as I have been able to find, Sen. Sanders has made no public comment on this issue.)

As had happened in the House of Representatives, the Senate voted to approve the bill as a whole, without a separate vote on on whether to make changes to Selective Service registration. The version approved by the Senate would expand registration to women, while the version approved by the House would not.

Continue reading "Senate approves "Defense" bill including expansion of draft registration to women"
Link | Posted by Edward, 14 June 2016, 18:54 ( 6:54 PM) | Comments (44) | TrackBack (0)

Sunday, 5 June 2016

Op-Ed: Dump draft registration, don't extend it to women

[My "Open Forum" op-ed on Selective Service registration in the San Francisco Chronicle, online 4 June 2016, print edition 7 June 2016, page A8. Original version on the sometimes-paywalled Web site; PDF. If you agree, here's a leaflet about what you can do to help.]

Congress is now debating amendments to a pending defense bill to either extend Selective Service System registration to women or end it entirely. Congress should drop this costly and inevitably futile attempt to extend draft registration to women, and end draft registration altogether.

The debate was prompted by the change in policy that allows women in combat. If all combat assignments are open to women, then it follows that there is no longer a basis in military policy for requiring men but not women to register. If Congress does nothing, pending court cases are likely to produce a ruling that the men-only draft registration requirement is unconstitutional.

Those who believe in treating women and men equally include those who would register both men and women for the draft, and those who wouldn't require anyone to register.

Missing from this debate has been whether it will even be possible to get women to register.

President Jimmy Carter's proposal to reinstate draft registration in 1980, after a five-year hiatus, initially included men and women. Some of the strongest opposition came from women. The National Resistance Committee was founded at the Women's Building in San Francisco within weeks of Carter's announcement.

Carter's rationale for bringing back draft registration was to prepare for U.S. intervention in Afghanistan in support of the fighters who were then referred to as "mujahedeen," and who later became the Taliban and al Qaeda. (The U.S. government put me in prison in 1983-1984 for refusing to agree to fight on the side of the Taliban and al Qaeda.)

In the early 1980s, the government tried to scare young men into registering by prosecuting a handful of vocal nonregistrants. But the show trials backfired. They called attention to the resistance and made clear that there was safety in numbers. Enforcement of draft registration was suspended in 1988, and never resumed.

Young men today have to register in order to be eligible for student aid and some other government programs, but there's no attempt to verify their addresses. The only audit of Selective Service, in 1982, found that 20 to 40 percent of addresses on file already were outdated. Noncompliance has made registration unenforceable and the registration database useless as the basis for a fair or inclusive draft.

Any realistic budget for the expansion of draft registration to women would need to include the cost to track down, prosecute, and imprison those who resist.

Young women have the same reasons as young men to oppose draft registration, and will undoubtedly have other reasons of their own. A petition to end draft registration entirely, started last month by a draft-age San Francisco woman, Julie Mastrine, got more than 10,000 signatures in its first week. The petition quotes the young feminist writer Lucy Steigerwald, "You don't stop the runaway truck of U.S. foreign policy by throwing a man in front of it, and you definitely don't stop it by throwing a man and a woman, just to make things equal."

The federal government doesn't do well at acknowledging that its power is limited by the willingness of the people to carry out its orders. But draft registration has failed. The only realistic choice is to end it.

Edward Hasbrouck is a travel writer and human rights activist in San Francisco. His website about the draft, draft registration, and draft resistance is at

Link | Posted by Edward, 5 June 2016, 18:49 ( 6:49 PM) | Comments (8) | TrackBack (0)

Monday, 30 May 2016

How can we make airlines respect our privacy?

A decision last week by a California state Court of Appeal in a case involving an airline smartphone app highlights the legal impunity enjoyed by airlines that invade their customers' and passengers' privacy.

Delta Air Lines' mobile app collects all the information travellers provide when they buy tickets, reserve seats, or check in for flights: credit card numbers, travelling companions, special meal requests that can provide a clue to their religion, special service requests that can indicate invisible medical conditions, and so forth. It also collects other information, such as real-time location and movement tracking through access by the Delta app to the GPS and other location information in your phone.

How much of this data is sent to Delta? There's no way for travellers to know, since the data transmission channel from the app on your phone to the airline is encrypted. What did Delta do with this data about its customers and passengers? We don't know that either. Airlines use as much data about travellers as they can get for marketing and operations, and have been trying to get permission from the US government to use any or all of this data, and/or information about customers obtained from third parties, to "personalize" ticket prices and fees for checked baggage and other services. But the Delta app was launched and operated for years with no privacy policy at all, leaving travellers to speculate why the airline wants a log of each app user's movements, or how it uses or shares this data.

How much of this data is made available to government agencies or other third parties? Delta doesn't say. Unlike many other online service providers, no airline has ever published any sort of transparency report about how often the government asks for information about its customers, or how the company has responded to those requests.

California's Attorney General, in her capacity as chief enforcer of the state's consumer protection laws, sued Delta in 2012 for violating the California Online Privacy Protection Act, which "requires commercial operators of websites and online services, including mobile and social apps, which collect personally identifiable information from Californians to conspicuously post a privacy policy."

It's worth noting that this law doesn't restrict companies' ability and legal "right" to spy on their customers, invade their privacy, or rat them out to their private enemies or competitors or to the police or other government agencies. All California law requires is that each company subject to the law post some sort of privacy policy saying what data they claim to collect and what they claim to do with it, and not get caught lying to customers about their practices. In the absence of audits by investigators with subpoena power, of course, companies are unlikely to get caught no matter what they do.

The lawsuit against Delta Air Lines was the first action brought by the state of California to enforce this law, which was enacted in 2003 and took effect in 2004. It was an entirely appropriate choice of an especially large, sophisticated, and egregious corporate violator of the law. It was also, I suspect, a popular choice by a politically savvy official with her sights on higher elected office. Most people want, and would expect, consumer privacy laws to be applied to airlines.

Delta initially told the California A.G.'s office that it "intended" to provide the information that was supposed to be in its privacy policy, but then decided to stonewall. Delta argued successfully both in the trial court and before the Court of Appeals that it doesn't have to have any privacy policy or reveal its personal data collection, usage, or disclosure policies to its customers. The Federal "Airline Deregulation Act of 1978" has preempted any state regulation of these practices, Delta said -- and state judges agreed. Only the U.S. Department of Transportation (DOT) has jurisdiction over these practices, or the authority to impose sanctions against airlines that spy on their customers or lie about what they are doing with the data they collect about us.

A company that doesn't say anything about its practices can't get caught in a lie. So unless some sort of disclosure is legally required, or demanded by popular pressure, silence -- which is to say, secrecy -- is the legally safest course of corporate action.

If that's the direction in which the law has driven airlines -- and it is -- then something is wrong with both the law and the airlines.

Tracking your missing bags in real time is one thing, but tracking you in real time is another. Regardless of whether what Delta is doing is legal -- and it might be, at least in the USA -- it should go without saying that an airline or any other company that deploys an app that's constantly phoning home to report your location, and goes to court to defend its right not to tell you what it's doing with that information, is in contempt of customers and doesn't deserve your business. I'd recommend you choose a different airline, except that most airlines are just as bad, or worse. Delta didn't claim to protect app users' privacy. Most other airlines do have privacy policies for their apps, but they are typically full of blatant lies of commission and omission that are apparent to anyone familiar with airlines' privacy (invasion) practices. I'd be hard pressed to say which is the lesser evil. Delta has "voluntarily" published a privacy policy, despite winning its lawsuit against being forced to do so, but it's not clear that its policy is any more candid or truthful than the industry norm.

What Delta and other airlines are doing does violate privacy and data protection laws in Canada and the European Union. Even domestic US airlines that only operate flights within the USA all accept reservations from customers in Canada and in the EU. Most of them also have offices and/or agents who sell tickets on their behalf in Canada and the EU. But none of them bother to comply with Canadian or EU privacy law. As businesses trying to maximize profits, why would they spend money on compliance with laws that aren't being enforced? I know of no airline, for example, that has established a procedure for providing you, on request, with copies of all of your reservations and all of the data about you collected through their and their agents' Web sites and apps, which would be required to comply with the "subject access" requirements of Canadian and EU law. I've made complaints about this to local privacy and data protection authorities, against local airlines, under local laws, in Canada, Germany, France, and the Netherlands. None of them have taken any enforcement action, and some of them haven't even bothered to respond to my complaints. So the problem can't be blamed solely on US exceptionalism.

Airlines in the USA say that Federal preemption of consumer privacy protection avoids "a patchwork of different regulations around the country". That's true. But if Congress enacted a Federal travel privacy law (as I've been urging publicly for more than a decade), or a general consumer data privacy law applicable to airlines, or if the Department of Transportation did its job of enforcing existing Federal laws against unfair and deceptive airline practices, airlines could be held to a uniform minimal standard without having to worry about divergent or potentially incompatible state requirements.

Desire for national standardization is a reason for Federal action, not an excuse for Federal inaction, much less for Federal intervention to prevent states from trying to fill the airline consumer protection gaps left by do-nothing Federal regulators. That's the real effect of Federal aviation preemption today, and that's why state Attorneys General have called repeatedly and with bipartisan near-unanimity for its repeal or reform.

Consumers can and should push the U.S. Department of Transportation to act by filing formal complaints whenever airlines lie to them. In most cases, the DOT will try to find excuses not to act, or will impose only token penalties, even when presented with meticulously documented formal complaints like these examples from Harvard Business School professor Ben Edelman. But as I pointed out 15 years ago in The Practical Nomad Guide to the Online Travel Marketplace, the DOT will do nothing at all, and will claim that it is unaware of any problem, if consumers don't complain at all or submit only "informal" letters of complaint rather than formal filings in the public DOT regulatory docket that can't be hidden or ignored. As I said in The Practical Nomad: How to Travel Around the World, "Enough sacks of mail, dear readers, and maybe DOT will get the message and start doing its job to protect consumers."

When I testified before the DOT Advisory Committee for Aviation Consumer Protection at the first (and to date only) DOT inquiry into the privacy of airline data in 2013, the response of the DOT regulators in the room was to claim there must not be a problem because DOT doesn't get any complaints about airline privacy practices, even though, as I pointed out in my testimony, there's no way anyone could tell from DOT's Web site that DOT has jurisdiction over privacy issues or accepts complaints of privacy policy violations, much less how to submit such a complaint.

Airlines, members of Congress, and the do-nothings at DOT all need to hear from the public that this sort of airline behavior is not acceptable and should be subject to legal sanctions that are costly enough to affect airlines' profits and influence their decisions.

Link | Posted by Edward, 30 May 2016, 11:51 (11:51 AM) | Comments (0) | TrackBack (0)