20 September 2003. Add New York Times report on September 20, 2003.

Bear in mind that General Wesley Clark, US presidential contender, is/was a member of the board of Acxiom, giant database producer, which sold far more information to Torch Concepts on citizens of the world than JetBlue provided apparently for no cost. As the Torch study proclaims, it was the Axciom data that was much more useful to spy on citizens than that of JetBlue.

JetBlue has apologized for misuse of its passenger data; Torch has sent threatening letters to those who mirrored Torch's presentation; Acxiom has remained silent in this case and failed to apologize for previous abuse of its vast databases. Will Wesley Clark do the right thing and disavow Acxiom?

19 September 2003. Thanks to H.

The Torch Concepts presentation:

http://cryptome.org/jetblue-spy.pdf  (2.1MB)

The attorney for Torch Concepts has sent cease and desist letters to Bill Scannell and Len Sassaman for offering the Torch Concepts file:

From: "Richard Marsden" <rjm@lfsp.com>
Date: Wed, 17 Sep 2003 20:21:00 -0500
To: <bill@scannell.org>
Cc: <nicholsr@torchconcepts.com>
Subject: Torch Concepts

Dear Sir,

My law firm, Lanier Ford Shaver & Payne P.C., represents Torch Concepts Inc. We have just discovered that your web site (www.dontspyon.us ) is providing access to the copyrighted material of Torch Concepts Inc. Specifically the file  listed as "S3B3_Roark.pdf" contains the proprietary work product of  Torch Concepts Inc. and  was posted without Torches permission or knowledge.You are hereby requested to (1) cease and desist from providing access to this file or its contents and (2) immediately remove the file from your servers.

We will be contacting you tomorrow  regarding  this matter.


Richard J. Marsden
Lanier Ford Shaver & Payne P.C.
200 West Side Square,  
Suite 5000
Huntsville, Alabama 35801
Phone: (256) 535-1100
Fax: (256) 535-1135

Len Sassaman's C&D:


Cryptome mirror:


Wall Street Journal, September 19, 2003

JetBlue Gave Passenger Records To Contractor, Violating Policy

Associated Press

Violating its own privacy policy, JetBlue Airways gave five million passenger itineraries to a Defense Department contractor that used the information as part of a study seeking ways to identify "high risk" airline customers.

The study, produced by Torch Concepts of Huntsville, Ala., was titled "Homeland Security: Airline Passenger Risk Assessment" and was intended to be a proof-of-concept analysis for a project on military base security.

"This was a mistake on our part," JetBlue chief executive David Neeleman said in an apologetic e-mail sent to angry customers.

Mr. Neeleman insisted the data JetBlue provided wasn't shared with any government agency and that Torch has since destroyed the passenger records. New York-based JetBlue said it has taken steps so the situation won't happen again.

Details of the study and JetBlue's involvement were reported Thursday by Wired.com (www.wired.com), which credited privacy activist Bill Scannell for bringing attention to the issue on his Web site, Don't Spy On.Us (www.dontspyon.us).

Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said that by violating its privacy policy, JetBlue could be sued for "deceptive trade practices."

Mr. Rotenberg said his organization was contemplating filing a complaint with the Federal Trade Commission.

JetBlue "really should have known better," said Richard M. Smith, an Internet security and privacy consultant based in Cambridge, Mass. Smith said the content of the study raises serious questions about whether it was really aimed at military base security.

"It's basically a prototype for CAPPS II," Mr. Smith said, referring to the nationwide computer system being developed by the Transportation Security Administration. The Computer Assisted Passenger Prescreening System, ordered by Congress after the Sept. 11 attacks, will check such things as credit reports and consumer transactions and compare passenger names with those on government watch lists.

The TSA, the federal agency in charge of airline and airport security, said Friday it wasn't involved in the study.

Torch contacted the TSA last summer for airline industry contacts and the agency complied with the request, but "that was the extent of our involvement," TSA spokesman Nico Melendez said.

The Torch study analyzed the records JetBlue provided in September 2002, as well as other demographic data collected about the passengers, including Social Security numbers and information about their finances and families.

The apparent goal of the study, which was presented at a technology conference in February, was to determine the usefulness of combining passengers' travel and personal information in order to create a profiling system that would make air travel more safe.

One conclusion of the study was that "data elements have been identified which best distinguish normal JetBlue passengers from past terrorists."

Mr. Neeleman's e-mail said Torch "developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium" and that he was "deeply dismayed to learn of it."

Mr. Neeleman said JetBlue provided passengers' names, addresses and phone numbers to Torch after an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security."

Torch referred calls to its attorney, Richard Marsden, who didn't immediately return a call seeking comment.

Copyright (c) 2003 Associated Press

New York Times, September 20, 2003

JetBlue Gave Defense Firm Files on Passengers


WASHINGTON, Sept. 19 — JetBlue Airways acknowledged publicly today that it had provided a Pentagon contractor with information on more than one million of its passengers as part of a program to track down terrorists and other "high risk" passengers. That data, which was turned over in violation of the airline's own privacy policies, was then used to identify the passengers' Social Security numbers, financial histories and occupations.

JetBlue, a three-year-old discount airline, sent an e-mail message to passengers this week, conceding that it had made a mistake in providing the records last year to Torch Concepts, an Army contractor in Huntsville, Ala., for a research project on "airline passenger risk assessment."

"This was a mistake on our part and I know you and many of our customers feel betrayed by it," said David Neeleman, JetBlue's chief executive, in an e-mail message that the airline, based in New York, said was sent to about 150 passengers who had written in so far to complain.

Mr. Neeleman, the founder of JetBlue, which has been a rare success in the airline industry and has prospered because of its reputation for low fares and consumer friendliness, insisted that none of the passenger information was shared with the government. "The sole set of data in Torch's possession has been destroyed," he wrote. "No government agency ever had access to it."

Privacy rights groups expressed astonishment that JetBlue had shared so much passenger information with a contractor, describing the privacy breach as among the most serious reported by any American company in recent years.

JetBlue's announcement comes at a time when many civil liberties groups are warning that privacy rights are becoming victims of the government's struggle against terrorism and the desire of law enforcement and intelligence agencies for quick access to customer information that has traditionally been closely held by corporations.

The airline said it had provided Torch Concepts with records on about five million individual itineraries, reflecting the travels of about 1.1 million passengers in 2001 and 2002. The records, it said, would have included the passengers' names, addresses and phone numbers but not credit card numbers or government identification numbers commonly collected from travelers like passport numbers.

A lawyer for Torch Concepts, Richard Marsden, said that the passenger records provided by JetBlue were destroyed by the contractor earlier this week after the existence of the project was reported by Wired News, a technology-news Web site. "It's all been destroyed in the last 24 hours," he said in a telephone interview.

But privacy advocates said further investigation was needed. "Five million is a big number," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "JetBlue passengers have reason to be very upset. Will the data be destroyed? Will there be some compensation for the passengers?"

Mr. Neeleman said that the passenger information was turned over last year as a result of an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security." He said that JetBlue was told that "this project had no connection with aviation security."

The Pentagon, which was still largely shut down because of Hurricane Isabel, had no immediate comment on the issue.

Torch Concepts, which describes itself in promotional material as a "content-management and information-mining" company, was hired by the Army more than three years ago to determine how information from public and private records might be analyzed to help defend military bases from attack by terrorists and other adversaries.

While the company has insisted that the Army study was never intended to be used to improve security at civilian airports, there was clearly discussion within the company of whether its research might be of use to the Department of Homeland Security, which is responsible for airport security.

In a study prepared in February and released at a symposium sponsored by the Homeland Security Department, Torch Concepts said that "several data elements have been identified which best distinguish normal JetBlue passengers from past terrorists."

The report said that after receiving the passenger information from JetBlue, Torch Concepts matched the passenger names against a variety of databases that it had purchased from Acxiom, a large consumer research company.

"For approximately 40 percent of the passengers," the report said, the Acxiom databases provided additional "demographic information," including a passenger's Social Security number, occupation, income, gender and home- and car-ownership history, as well as the number of adults and children living in the passenger's household.

Mr. Marsden said the company and its study had no link to the Pentagon's broad electronic surveillance project known as Terrorist Information Awareness, which has drawn harsh criticism from Capitol Hill and from privacy groups in recent months who consider it an effort to intrude on the rights of Americans in the name of counterterrorism.

Nor, he said, was there any link between the Torch Concepts' project and a huge government passenger-screening program that is now being developed by the Transportation Security Administration. The government's antiterrorism program, the second phase in a effort known as the Computer Assisted Passenger Prescreening System, has also been criticized by privacy advocates as overly intrusive.

Gareth Edmondson-Jones, a spokesman for JetBlue, said in a telephone interview that the decision to provide the passenger information to Torch Concepts was a clear violation of the company's own policy. "We have the strongest privacy policy in the industry, which clearly says that we don't supply customer data to third parties," he said.

Asked if Mr. Neeleman or other senior executives had approved the sharing of the passenger information, Mr. Edmondson-Jones said he did not know, adding that there had been no discussion of disciplinary action against anyone at the company for the policy breach. "That's not even come up," he said. "We made the decision as a company, at whatever level it was done."

He suggested that the decision to turn over the passenger information to the contractor was motivated by the airline's concern with security in the aftermath of the Sept. 11 terrorist attacks. "In a post 9/11 word troubled by security issues and terrorists, we had a special request from the Department of Defense to assist in a military project," he said. "The decision was made to assist."


JetBlue Chief's Message to Customers

Following is the text of an e-mail message sent by David Neeleman, the chief executive of JetBlue, to customers who complained after the airline provided information about passengers to a Defense Department contractor involved in an antiterrorism project:

Thank you for writing to me so that I have an opportunity to apologize to you personally and set the record straight.

Most importantly, JetBlue has never supplied, nor will supply, customer information to the Transportation Security Administration, or any government agency, unless we are required to do so by law — not for CAPPS II or for any other purposes, whatsoever.

However, I regret that, more than a year ago, we responded to an exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security. This project had no connection with aviation security or the CAPPS II program and no data files were ever shared with the Department of Defense or any other government agency or contractor.

We provided limited historical customer data including names, addresses and phone numbers. It DID NOT include personal financial information, credit card information, or Social Security numbers.

Torch further developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium. We regret that this presentation included the personal information of one customer — although the customer's name was not used. Again, we had no knowledge of this presentation until two days ago and we were deeply dismayed to learn of it.

The sole set of data in Torch's possession has been destroyed; no government agency ever had access to it. With Torch's help, we are continuing to make every effort to have the Torch presentation with the one customer's information removed from the Internet.

This was a mistake on our part and I know you and many of our customers feel betrayed by it. We deeply regret that this happened and have taken steps to fix the situation and make sure that it never happens again.

I am saddened that we have shaken your faith in JetBlue but I assure you personally that we are committed to making this right.


David Neeleman

Chief Executive Officer