Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Under fire for violating its own privacy policies, JetBlue says it won't participate in a computer-assisted passenger pre-screening system unless mandated by law.
September 23, 2003
3 Min Read
The lawsuit charges JetBlue with fraudulent misrepresentation, breach of contract, and invasion of privacy and seeks unspecified compensatory damages but no punitive damages.
JetBlue admitted Monday that it provided passenger names, addresses, and phone numbers to Torch Concepts Inc., a defense contractor that develops data-mining and pattern-recognition technology to identify potential terrorists. Torch Concepts used the data as part of a risk-assessment study to improve security at military bases.
On Monday the Electronic Privacy Information Center, a privacy advocacy organization, filed a complaint with the FTC against JetBlue and Acxiom Corp., a marketing database company, charging the two with violating consumer protection laws by providing Torch Concepts with customer data. The complaint says JetBlue provided information on 1.5 million passengers.
The privacy information center says Torch Concepts combined the JetBlue information with additional personal information from Acxiom, including demographic data and Social Security numbers, to determine if passengers could be deemed a security risk, according to the privacy information center complaint.
The privacy information center's complaint charges that JetBlue's and Acxiom's actions violated privacy policies posted on their Web sites. Violating published privacy policies is fraudulent under consumer protection laws.
The privacy information center also filed Freedom of Information Act requests with the Federal Aviation Administration, the Transportation Security Administration, and the U.S. Army (which commissioned the Torch Concepts work) seeking additional information about the anti-terrorism screening program.
JetBlue provided passenger itinerary data--but not credit-card or payment information--to Torch Concepts "at the special request of the Department of Defense," according to the airline's statement. JetBlue also said it has been told by Torch Concepts that no "identifiable customer data" was shared with other parties, including the Defense Department or the transportation security administration, and that all the data has been destroyed.
JetBlue also said it has decided, unless mandated by law, that it will not participate in the CAPPS II (computer-assisted passenger prescreening system) program now being developed by the transportation security administration. JetBlue had initially agreed to participate in the development of CAPPS II.
The FTC has "been very active" in enforcing privacy regulations, "so we take allegations like this very seriously," says FTC spokeswoman Claudia Bourne Farrell. She could not say how long it will take to investigate the privacy information center complaint, although she said such complaints are often resolved by the parties through negotiation and consent decrees.
You May Also Like
Data Center Firewall Toolkit
Integrations to automate your framework compliance: ISO 27001, SOC 2, and NIST CSF
NIST Cybersecurity Framework 2.0: Changes, impacts, and opportunities for your InfoSec program
*Why DDI? Why it is Important to Integrate DNS, DHCP, and IP Address Management in Your Network
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend