News
News
4/12/2004
05:14 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

American Latest Airline To Admit To Sharing Passenger Data

American Airlines, like JetBlue and Northwest before it, reveals its passenger data was shared with third-party companies working on security systems.

Echoing privacy controversies faced by JetBlue and Northwest Airlines, American Airlines revealed that data on its passengers was given to third-party contractors so they could test aviation-security systems.

American said Friday that in June 2002, one of the airline's data-processing vendors, Airline Automation Inc., shared 1.2 million passenger records with four companies vying for contracts from the Transportation Security Administration. The four companies, Ascent Technology, HNC Software, Infoglide Software, and Lockheed Martin, were testing security systems for TSA as part of the government agency's effort to improve aviation security in response to 9/11.

"Our desire to assist TSA in the aftermath of the events of Sept. 11 was consistent with our focus on safety and security," an American Airlines spokesman said in a statement. "No passengers were harmed by the transfer of the data."

American Airlines says it authorized Airline Automation to give passenger records directly to TSA. Instead, the company claims Airline Automation gave the data to the four vendors. Airline Automation paints a slightly different picture. The company says it provided the data only after receiving authorization of American in May 2002 to release passenger data for security-testing purposes. An Airline Automation statement says the authorization from American made clear that Airline Automation was to receive written instructions from TSA concerning the details of the release of the data to be provided for testing.

Airline Automation says the four vendors involved signed confidentiality agreements and have returned or destroyed the passenger data as per those agreements.

American executives weren't immediately available for comment. Airline Automation declined to comment further, citing the possibility of an investigation by the Department of Homeland Security, which oversees TSA. Ascent Technologies did not respond to requests for an interview.

TSA is gathering information related to the situation and will provide it to Homeland Security chief privacy officer Nuala O'Connor Kelly, who will review whether the data was handled in accordance with U.S. privacy laws and procedures. "We'll follow the same protocol we did when investigating JetBlue," O'Connor Kelly says. She says she's not aware of any additional airlines facing similar scrutiny for privacy compliance.

American's privacy policy on its Web site states that "American does not sell any customer information or share your E-mail address with third parties, unless required by law." While such wording precludes the sale of customer data, it only disavows the sharing of E-mail addresses. Marcia Hofmann, staff counsel for the Electronic Privacy Information Center, a Washington-based privacy and civil-liberties advocacy group, says the organization is trying to determine if American's privacy policy today is the same one it had in June 2002.

Hofmann also noted that it's not clear whether a contractual relationship existed between TSA and the four vendors. American describes the vendors as "vying for contracts." Airline Automation's statement suggests a more established relationship. Whether these companies were formally engaged by TSA might have a bearing on whether the government agency violated its own rules. TSA declined to comment on the matter.

Now that three airlines appear to have shared data with organizations testing security systems, Hofmann says it's possible other airlines had similar arrangements with TSA or contractors: "I think this could be an industrywide phenomenon."

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.