Journal hotgazpacho's Journal: JetBlue and Customer Data 2
I have been corresponding with the CEO of JetBlue in regards to JetBlue Gives Away Passenger Info To TSA?. Needless to say, I was more than concerned, seeing as how I flew JetBlue back in March. What follows is that correspondance, from newset to oldest.
===========================================
Mr. Neeleman, thank you for your prompt response. You have brought some new information to the table, to which I would like to take the time to respond.
You state "JetBlue has never supplied, nor will supply, customer information to the Transportation Security Administration, or any government agency, unless we are required to do so by law".
However, in the very next paragraph, you state that the Department of Defense (a government agency!) requested that you help one of their contrators (funded by a government agency!) with a project regarding Military (another government agency!) base security by providing "historical" customer data to said contractor, and that you obliged them.
Now, which non-goverment, or non-goverment-funded, body did you not give your customer's data to?
I am truly perplexed by your assertion that "This project had no connection with aviation security or the CAPPS II program...."
Please explain to me, in detail, how CUSTOMER data from a CIVILIAN corporation could possibly help with MILITARY base security, without pertaining whatsoever to aviation security.
Then, explain to me, in detail, just exactly what you thought, or were told, or knew, Torch and the DOD were going to do with such information.
Now, explain to me why you gave the data to them, and what data, precisely, this included.
While I am glad to hear that "the sole set of data in Torch's possession has been destroyed", I consider the assertion that "no government agency ever had access to it" dubious at best. Let me plainly state why I feel this way:
YOUR COMPANY GAVE CUSTOMER DATA TO A GOVERNMENT CONTRACTOR, AT THE BEHEST OF THE DEPARTMENT OF DEFENSE, FOR A GOVERNMENT PROJECT, WHILE DENYING EVER DOING SO, OR THAT YOU WOULD EVER DO SO!!!
If you seemingly contradict yourself in regards to what actually happened, how I can possibly believe your claims of what never happened, outside the control of your company?
Now, Mr. Neeleman, I do not feel angry or betrayed because you gave your customer data to the government, or one of its contractors, for a government project.
I FEEL ANGRY AND BETRAYED THAT YOU GAVE IT TO ANYONE AT ALL!!!
Nevermind that you never asked us, your customers, if it were OK for you to give OUR DATA to a 3rd party. If there were some such document from your company bearing my signature (and thus my consent), that could possibly be construed as giving you consent to give my data to a 3rd party, please, by all means, show it to me.
Mr. Neeleman, I am in a line of business (e-commerce) where we collect customer data as a matter of course. To accidentally divulge this data to ANY 3rd party is unacceptable. To knowingly do so is absolutely unconscionable. To do so without your customer's explicit consent is not only immoral, but it is unforgivable, and may even border on criminal. You and the rest of the board of directors should be utterly ashamed of yourselves and your company.
While I appreciate your personal appology, due to your company's utter disregard for your customer's privacy, I will not be flying JetBlue again in the forseeable future, despite having nearly $400 in vouchers from your airline.
==
William Green
Dear Mr. Green,
Thank you for writing to me so that I have an opportunity to apologize to you personally and set the record straight.
Most importantly, JetBlue has never supplied, nor will supply, customer information to the Transportation Security Administration, or any government agency, unless we are required to do so by law -- not for CAPPS II or for any other purposes, whatsoever.
However, I regret that, more than a year ago, we responded to an exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security. This project had no connection with aviation security or the CAPPS II program and no data files were ever shared with the Department of Defense or any other government agency or contractor.
We provided limited historical customer data including names, addresses and phone numbers. It DID NOT include personal financial information, credit card information, or social security numbers.
Torch further developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium. We regret that this presentation included the personal information of one customer -- although the customer's name was not used. Again, we had no knowledge of this presentation until two days ago and we were deeply dismayed to learn of it.
The sole set of data in Torch's possession has been destroyed; no government agency ever had access to it. With Torch's help, we are continuing to make every effort to have the Torch presentation with the one customer's information removed from the internet.
This was a mistake on our part and I know you and many of our customers feel betrayed by it. We deeply regret that this happened and have taken steps to fix the situation and make sure that it never happens again.
I am saddened that we have shaken your faith in JetBlue but I assure you personally that we are committed to making this right.
Sincerely,
David Neeleman
Chief Executive Officer
-----Original Message-----
I must say I was shocked and dismayed to learn (from http://www.dontspyon.us/ ) that JetBlue, with the help of Cendant's CSR Galileo, turned over the Passenger Name Records of 5 million customers, including myself, to the TSA, which, in turn, handed that data off to a private company (Torch Technologies) to perform some data mining for a test of the CAPPS II system. This information included Social Security Numbers, Credit Card Numbers, and credit histories. Why on earth does a company that I have no pre-existing relationship with need access to such sensitive personal data, WITHOUT MY CONSENT?!?!
Not only that, but Torch Technologies also posted a report (mirrored here: http://www.abditum.com/~rabbi/S3B3_Roark.pdf ) on their efforts to compile the database. This report included SOCIAL SECURITY NUMBERS and addresses of individuals, and was PUBLICLY AVAILABLE!!! Fortunately, my information was directly included in the report, however this is unconscionable! I would wager that those whose information is publicly available in this document would have an actionable claim against Torch, and it is all thanks to YOU and your voluntary participation in CAPPS II testing.
That is just one example of how misguided CAPPS II and its implementation are. For another example, mathematicians from MIT have conducted a study, and proved mathematically that CAPPS will not work, and will, in fact, actually make flying MORE DANGEROUS! That study and its results are available here: http://www.swiss.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm
This Draconian CAPPS II system is an invasion of my privacy, and a violation of my Constitutional Rights. I will not stand for this. As a result, I will boycott both JetBlue and Cendant (and ALL of its subsidiaries, which are so conveniently listed on its web site) until both companies publicly denounce CAPPS II, apologize to their customers, and see to it that the database created by Torch Technologies is destroyed. I will also work hard to assure that others do the same unless the above is accomplished.
Please feel free to contact me to explain your position on this issue. I would be very interrested to hear what you have to say for yourselves.
== William Green
===========================================
Mr. Neeleman, thank you for your prompt response. You have brought some new information to the table, to which I would like to take the time to respond.
You state "JetBlue has never supplied, nor will supply, customer information to the Transportation Security Administration, or any government agency, unless we are required to do so by law".
However, in the very next paragraph, you state that the Department of Defense (a government agency!) requested that you help one of their contrators (funded by a government agency!) with a project regarding Military (another government agency!) base security by providing "historical" customer data to said contractor, and that you obliged them.
Now, which non-goverment, or non-goverment-funded, body did you not give your customer's data to?
I am truly perplexed by your assertion that "This project had no connection with aviation security or the CAPPS II program...."
Please explain to me, in detail, how CUSTOMER data from a CIVILIAN corporation could possibly help with MILITARY base security, without pertaining whatsoever to aviation security.
Then, explain to me, in detail, just exactly what you thought, or were told, or knew, Torch and the DOD were going to do with such information.
Now, explain to me why you gave the data to them, and what data, precisely, this included.
While I am glad to hear that "the sole set of data in Torch's possession has been destroyed", I consider the assertion that "no government agency ever had access to it" dubious at best. Let me plainly state why I feel this way:
YOUR COMPANY GAVE CUSTOMER DATA TO A GOVERNMENT CONTRACTOR, AT THE BEHEST OF THE DEPARTMENT OF DEFENSE, FOR A GOVERNMENT PROJECT, WHILE DENYING EVER DOING SO, OR THAT YOU WOULD EVER DO SO!!!
If you seemingly contradict yourself in regards to what actually happened, how I can possibly believe your claims of what never happened, outside the control of your company?
Now, Mr. Neeleman, I do not feel angry or betrayed because you gave your customer data to the government, or one of its contractors, for a government project.
I FEEL ANGRY AND BETRAYED THAT YOU GAVE IT TO ANYONE AT ALL!!!
Nevermind that you never asked us, your customers, if it were OK for you to give OUR DATA to a 3rd party. If there were some such document from your company bearing my signature (and thus my consent), that could possibly be construed as giving you consent to give my data to a 3rd party, please, by all means, show it to me.
Mr. Neeleman, I am in a line of business (e-commerce) where we collect customer data as a matter of course. To accidentally divulge this data to ANY 3rd party is unacceptable. To knowingly do so is absolutely unconscionable. To do so without your customer's explicit consent is not only immoral, but it is unforgivable, and may even border on criminal. You and the rest of the board of directors should be utterly ashamed of yourselves and your company.
While I appreciate your personal appology, due to your company's utter disregard for your customer's privacy, I will not be flying JetBlue again in the forseeable future, despite having nearly $400 in vouchers from your airline.
==
William Green
Dear Mr. Green,
Thank you for writing to me so that I have an opportunity to apologize to you personally and set the record straight.
Most importantly, JetBlue has never supplied, nor will supply, customer information to the Transportation Security Administration, or any government agency, unless we are required to do so by law -- not for CAPPS II or for any other purposes, whatsoever.
However, I regret that, more than a year ago, we responded to an exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security. This project had no connection with aviation security or the CAPPS II program and no data files were ever shared with the Department of Defense or any other government agency or contractor.
We provided limited historical customer data including names, addresses and phone numbers. It DID NOT include personal financial information, credit card information, or social security numbers.
Torch further developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium. We regret that this presentation included the personal information of one customer -- although the customer's name was not used. Again, we had no knowledge of this presentation until two days ago and we were deeply dismayed to learn of it.
The sole set of data in Torch's possession has been destroyed; no government agency ever had access to it. With Torch's help, we are continuing to make every effort to have the Torch presentation with the one customer's information removed from the internet.
This was a mistake on our part and I know you and many of our customers feel betrayed by it. We deeply regret that this happened and have taken steps to fix the situation and make sure that it never happens again.
I am saddened that we have shaken your faith in JetBlue but I assure you personally that we are committed to making this right.
Sincerely,
David Neeleman
Chief Executive Officer
-----Original Message-----
I must say I was shocked and dismayed to learn (from http://www.dontspyon.us/ ) that JetBlue, with the help of Cendant's CSR Galileo, turned over the Passenger Name Records of 5 million customers, including myself, to the TSA, which, in turn, handed that data off to a private company (Torch Technologies) to perform some data mining for a test of the CAPPS II system. This information included Social Security Numbers, Credit Card Numbers, and credit histories. Why on earth does a company that I have no pre-existing relationship with need access to such sensitive personal data, WITHOUT MY CONSENT?!?!
Not only that, but Torch Technologies also posted a report (mirrored here: http://www.abditum.com/~rabbi/S3B3_Roark.pdf ) on their efforts to compile the database. This report included SOCIAL SECURITY NUMBERS and addresses of individuals, and was PUBLICLY AVAILABLE!!! Fortunately, my information was directly included in the report, however this is unconscionable! I would wager that those whose information is publicly available in this document would have an actionable claim against Torch, and it is all thanks to YOU and your voluntary participation in CAPPS II testing.
That is just one example of how misguided CAPPS II and its implementation are. For another example, mathematicians from MIT have conducted a study, and proved mathematically that CAPPS will not work, and will, in fact, actually make flying MORE DANGEROUS! That study and its results are available here: http://www.swiss.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm
This Draconian CAPPS II system is an invasion of my privacy, and a violation of my Constitutional Rights. I will not stand for this. As a result, I will boycott both JetBlue and Cendant (and ALL of its subsidiaries, which are so conveniently listed on its web site) until both companies publicly denounce CAPPS II, apologize to their customers, and see to it that the database created by Torch Technologies is destroyed. I will also work hard to assure that others do the same unless the above is accomplished.
Please feel free to contact me to explain your position on this issue. I would be very interrested to hear what you have to say for yourselves.
== William Green
It seems to me... (Score:2)
Not only that, since he used the words "exceptional", then it seems to have been a martial law kind of warrant. Essentially, JetBlue is governed by the Transportation authority, which in turn is responsible for patrolling the skies. So perhaps they then said "if you wish to continue to fly the friendly skies, you have to provide us with this data."
Which then becomes an issue of
Re:It seems to me... (Score:1)
No, JetBlue volunteered their customer data to 3rd party corporation, under whatever pressure, for a specific project... no other airlines provided similiar data for the same project.