20 September 2003. Add New York Times report on September 20, 2003.
Bear in mind that General Wesley Clark, US presidential contender, is/was a member of the board of Acxiom, giant database producer, which sold far more information to Torch Concepts on citizens of the world than JetBlue provided apparently for no cost. As the Torch study proclaims, it was the Axciom data that was much more useful to spy on citizens than that of JetBlue.
JetBlue has apologized for misuse of its passenger data; Torch has sent threatening letters to those who mirrored Torch's presentation; Acxiom has remained silent in this case and failed to apologize for previous abuse of its vast databases. Will Wesley Clark do the right thing and disavow Acxiom?
19 September 2003. Thanks to H.
The Torch Concepts presentation:
http://cryptome.org/jetblue-spy.pdf (2.1MB)
The attorney for Torch Concepts has sent cease and desist letters to Bill Scannell and Len Sassaman for offering the Torch Concepts file:
From: "Richard Marsden" <rjm@lfsp.com>
Date: Wed, 17 Sep 2003 20:21:00 -0500
To: <bill@scannell.org>
Cc: <nicholsr@torchconcepts.com>
Subject: Torch ConceptsDear Sir,
My law firm, Lanier Ford Shaver & Payne P.C., represents Torch Concepts Inc. We have just discovered that your web site (www.dontspyon.us ) is providing access to the copyrighted material of Torch Concepts Inc. Specifically the file listed as "S3B3_Roark.pdf" contains the proprietary work product of Torch Concepts Inc. and was posted without Torches permission or knowledge.You are hereby requested to (1) cease and desist from providing access to this file or its contents and (2) immediately remove the file from your servers.
We will be contacting you tomorrow regarding this matter.
Sincerely
Richard J. Marsden
Lanier Ford Shaver & Payne P.C.
200 West Side Square,
Suite 5000
Huntsville, Alabama 35801
Phone: (256) 535-1100
Fax: (256) 535-1135
Len Sassaman's C&D:
http://www.abditum.com/~rabbi/torch-nastygram.pdfCryptome mirror:
Wall Street Journal, September 19, 2003
Associated Press
Violating its own privacy policy, JetBlue Airways gave five million passenger itineraries to a Defense Department contractor that used the information as part of a study seeking ways to identify "high risk" airline customers.
The study, produced by Torch Concepts of Huntsville, Ala., was titled "Homeland Security: Airline Passenger Risk Assessment" and was intended to be a proof-of-concept analysis for a project on military base security.
"This was a mistake on our part," JetBlue chief executive David Neeleman said in an apologetic e-mail sent to angry customers.
Mr. Neeleman insisted the data JetBlue provided wasn't shared with any government agency and that Torch has since destroyed the passenger records. New York-based JetBlue said it has taken steps so the situation won't happen again.
Details of the study and JetBlue's involvement were reported Thursday by Wired.com (www.wired.com), which credited privacy activist Bill Scannell for bringing attention to the issue on his Web site, Don't Spy On.Us (www.dontspyon.us).
Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said that by violating its privacy policy, JetBlue could be sued for "deceptive trade practices."
Mr. Rotenberg said his organization was contemplating filing a complaint with the Federal Trade Commission.
JetBlue "really should have known better," said Richard M. Smith, an Internet security and privacy consultant based in Cambridge, Mass. Smith said the content of the study raises serious questions about whether it was really aimed at military base security.
"It's basically a prototype for CAPPS II," Mr. Smith said, referring to the nationwide computer system being developed by the Transportation Security Administration. The Computer Assisted Passenger Prescreening System, ordered by Congress after the Sept. 11 attacks, will check such things as credit reports and consumer transactions and compare passenger names with those on government watch lists.
The TSA, the federal agency in charge of airline and airport security, said Friday it wasn't involved in the study.
Torch contacted the TSA last summer for airline industry contacts and the agency complied with the request, but "that was the extent of our involvement," TSA spokesman Nico Melendez said.
The Torch study analyzed the records JetBlue provided in September 2002, as well as other demographic data collected about the passengers, including Social Security numbers and information about their finances and families.
The apparent goal of the study, which was presented at a technology conference in February, was to determine the usefulness of combining passengers' travel and personal information in order to create a profiling system that would make air travel more safe.
One conclusion of the study was that "data elements have been identified which best distinguish normal JetBlue passengers from past terrorists."
Mr. Neeleman's e-mail said Torch "developed this information into a presentation, without JetBlue's knowledge, for a Department of Homeland Security symposium" and that he was "deeply dismayed to learn of it."
Mr. Neeleman said JetBlue provided passengers' names, addresses and phone numbers to Torch after an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security."
Torch referred calls to its attorney, Richard Marsden, who didn't immediately return a call seeking comment.
Copyright (c) 2003 Associated Press
New York Times, September 20, 2003
JetBlue, a three-year-old discount airline, sent an e-mail message to passengers
this week, conceding that it had made a mistake in providing the records
last year to Torch Concepts, an Army contractor in Huntsville, Ala., for
a research project on "airline passenger risk assessment."
"This was a mistake on our part and I know you and many of our customers
feel betrayed by it," said David Neeleman, JetBlue's chief executive, in
an e-mail message that the airline, based in New York, said was sent to about
150 passengers who had written in so far to complain.
Mr. Neeleman, the founder of JetBlue, which has been a rare success in the
airline industry and has prospered because of its reputation for low fares
and consumer friendliness, insisted that none of the passenger information
was shared with the government. "The sole set of data in Torch's possession
has been destroyed," he wrote. "No government agency ever had access to it."
Privacy rights groups expressed astonishment that JetBlue had shared so much
passenger information with a contractor, describing the privacy breach as
among the most serious reported by any American company in recent years.
JetBlue's announcement comes at a time when many civil liberties groups are
warning that privacy rights are becoming victims of the government's struggle
against terrorism and the desire of law enforcement and intelligence agencies
for quick access to customer information that has traditionally been closely
held by corporations.
The airline said it had provided Torch Concepts with records on about five
million individual itineraries, reflecting the travels of about 1.1 million
passengers in 2001 and 2002. The records, it said, would have included the
passengers' names, addresses and phone numbers but not credit card numbers
or government identification numbers commonly collected from travelers like
passport numbers.
A lawyer for Torch Concepts, Richard Marsden, said that the passenger records
provided by JetBlue were destroyed by the contractor earlier this week after
the existence of the project was reported by Wired News, a technology-news
Web site. "It's all been destroyed in the last 24 hours," he said in a telephone
interview.
But privacy advocates said further investigation was needed. "Five million
is a big number," said Marc Rotenberg, executive director of the Electronic
Privacy Information Center in Washington. "JetBlue passengers have reason
to be very upset. Will the data be destroyed? Will there be some compensation
for the passengers?"
Mr. Neeleman said that the passenger information was turned over last year
as a result of an "exceptional request from the Department of Defense to
assist their contractor, Torch Concepts, with a project regarding military
base security." He said that JetBlue was told that "this project had no
connection with aviation security."
The Pentagon, which was still largely shut down because of Hurricane Isabel,
had no immediate comment on the issue.
Torch Concepts, which describes itself in promotional material as a
"content-management and information-mining" company, was hired by the Army
more than three years ago to determine how information from public and private
records might be analyzed to help defend military bases from attack by terrorists
and other adversaries.
While the company has insisted that the Army study was never intended to
be used to improve security at civilian airports, there was clearly discussion
within the company of whether its research might be of use to the Department
of Homeland Security, which is responsible for airport security.
In a study prepared in February and released at a symposium sponsored by
the Homeland Security Department, Torch Concepts said that "several data
elements have been identified which best distinguish normal JetBlue passengers
from past terrorists."
The report said that after receiving the passenger information from JetBlue,
Torch Concepts matched the passenger names against a variety of databases
that it had purchased from Acxiom, a large consumer research company.
"For approximately 40 percent of the passengers," the report said, the Acxiom
databases provided additional "demographic information," including a passenger's
Social Security number, occupation, income, gender and home- and car-ownership
history, as well as the number of adults and children living in the passenger's
household.
Mr. Marsden said the company and its study had no link to the Pentagon's
broad electronic surveillance project known as Terrorist Information Awareness,
which has drawn harsh criticism from Capitol Hill and from privacy groups
in recent months who consider it an effort to intrude on the rights of Americans
in the name of counterterrorism.
Nor, he said, was there any link between the Torch Concepts' project and
a huge government passenger-screening program that is now being developed
by the Transportation Security Administration. The government's antiterrorism
program, the second phase in a effort known as the Computer Assisted Passenger
Prescreening System, has also been criticized by privacy advocates as overly
intrusive.
Gareth Edmondson-Jones, a spokesman for JetBlue, said in a telephone interview
that the decision to provide the passenger information to Torch Concepts
was a clear violation of the company's own policy. "We have the strongest
privacy policy in the industry, which clearly says that we don't supply customer
data to third parties," he said.
Asked if Mr. Neeleman or other senior executives had approved the sharing
of the passenger information, Mr. Edmondson-Jones said he did not know, adding
that there had been no discussion of disciplinary action against anyone at
the company for the policy breach. "That's not even come up," he said. "We
made the decision as a company, at whatever level it was done."
He suggested that the decision to turn over the passenger information to
the contractor was motivated by the airline's concern with security in the
aftermath of the Sept. 11 terrorist attacks. "In a post 9/11 word troubled
by security issues and terrorists, we had a special request from the Department
of Defense to assist in a military project," he said. "The decision was made
to assist."
____________________________
Following is the text of an e-mail message sent by David Neeleman, the chief
executive of JetBlue, to customers who complained after the airline provided
information about passengers to a Defense Department contractor involved
in an antiterrorism project:
Most importantly, JetBlue has never supplied, nor will supply, customer
information to the Transportation Security Administration, or any government
agency, unless we are required to do so by law — not for CAPPS II or
for any other purposes, whatsoever.
However, I regret that, more than a year ago, we responded to an exceptional
request from the Department of Defense to assist their contractor, Torch
Concepts, with a project regarding military base security. This project had
no connection with aviation security or the CAPPS II program and no data
files were ever shared with the Department of Defense or any other government
agency or contractor.
We provided limited historical customer data including names, addresses and
phone numbers. It DID NOT include personal financial information, credit
card information, or Social Security numbers.
Torch further developed this information into a presentation, without JetBlue's
knowledge, for a Department of Homeland Security symposium. We regret that
this presentation included the personal information of one customer —
although the customer's name was not used. Again, we had no knowledge of
this presentation until two days ago and we were deeply dismayed to learn
of it.
The sole set of data in Torch's possession has been destroyed; no government
agency ever had access to it. With Torch's help, we are continuing to make
every effort to have the Torch presentation with the one customer's information
removed from the Internet.
This was a mistake on our part and I know you and many of our customers feel
betrayed by it. We deeply regret that this happened and have taken steps
to fix the situation and make sure that it never happens again.
I am saddened that we have shaken your faith in JetBlue but I assure you
personally that we are committed to making this right.
Sincerely,
David Neeleman
Chief Executive Officer
JetBlue Chief's Message to Customers
Thank you for writing to me so that I have an opportunity to apologize to
you personally and set the record straight.