Under fire for violating its own privacy policies, JetBlue says it won't participate in a computer-assisted passenger pre-screening system unless mandated by law.
The lawsuit charges JetBlue with fraudulent misrepresentation, breach of contract, and invasion of privacy and seeks unspecified compensatory damages but no punitive damages.
JetBlue admitted Monday that it provided passenger names, addresses, and phone numbers to Torch Concepts Inc., a defense contractor that develops data-mining and pattern-recognition technology to identify potential terrorists. Torch Concepts used the data as part of a risk-assessment study to improve security at military bases.
On Monday the Electronic Privacy Information Center, a privacy advocacy organization, filed a complaint with the FTC against JetBlue and Acxiom Corp., a marketing database company, charging the two with violating consumer protection laws by providing Torch Concepts with customer data. The complaint says JetBlue provided information on 1.5 million passengers.
The privacy information center says Torch Concepts combined the JetBlue information with additional personal information from Acxiom, including demographic data and Social Security numbers, to determine if passengers could be deemed a security risk, according to the privacy information center complaint.
The privacy information center's complaint charges that JetBlue's and Acxiom's actions violated privacy policies posted on their Web sites. Violating published privacy policies is fraudulent under consumer protection laws.
The privacy information center also filed Freedom of Information Act requests with the Federal Aviation Administration, the Transportation Security Administration, and the U.S. Army (which commissioned the Torch Concepts work) seeking additional information about the anti-terrorism screening program.
JetBlue provided passenger itinerary data--but not credit-card or payment information--to Torch Concepts "at the special request of the Department of Defense," according to the airline's statement. JetBlue also said it has been told by Torch Concepts that no "identifiable customer data" was shared with other parties, including the Defense Department or the transportation security administration, and that all the data has been destroyed.
JetBlue also said it has decided, unless mandated by law, that it will not participate in the CAPPS II (computer-assisted passenger prescreening system) program now being developed by the transportation security administration. JetBlue had initially agreed to participate in the development of CAPPS II.
The FTC has "been very active" in enforcing privacy regulations, "so we take allegations like this very seriously," says FTC spokeswoman Claudia Bourne Farrell. She could not say how long it will take to investigate the privacy information center complaint, although she said such complaints are often resolved by the parties through negotiation and consent decrees.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.