JetBlue Airways confirmed on Thursday that in September 2002, it provided 5 million passenger itineraries to a defense contractor for proof-of-concept testing of a Pentagon project unrelated to airline security -- with help from the Transportation Security Administration.
The contractor, Torch Concepts, then augmented that data with Social Security numbers and other sensitive personal information, including income level, to develop what looks to be a study of whether passenger-profiling systems such as CAPPS II are feasible.
The study (PDF), titled "Homeland Security -- Airline Passenger Risk Assessment," which JetBlue says was based on an unauthorized use of its data, was presented at a February technology conference.
Privacy activist Bill Scannell, who runs the Don't Spy On.Us website, had scathing words for JetBlue's revelation.
"JetBlue has assaulted the privacy of 5 million of its customers," said Scannell. "Anyone who flew JetBlue before September 2002 should be aware and very scared that there is a dossier on them."
Torch Concepts acquired the data by contacting the Transportation Security Administration, which says it facilitated the transfer of the data from JetBlue to Torch Concepts, according to TSA spokesman Brian Turmail.
The TSA says the study was for a Pentagon proof-of-concept program related to improving security on military bases.
Torch Concept's lawyer, Richard Marsden, says the study was authorized and was related to "a science and technology study on the feasibility of enhancing the structure of the Army."
It remains unclear how an airline passenger-screening feasibility study without any references to the military relates to an Army feasibility study, though Marsden said he could not reveal any more information because of a confidentiality agreement.
The Army is investigating the matter, according to spokesman Maj. Gary Tallman, who added that "we take data and privacy regulations seriously and do everything we can to protect people's privacy."
Because it was a defense contractor that set up the records system, the Army may have violated the Privacy Act by not issuing official notice of the creation of the system.
The Privacy Act requires an agency to apply the act's provisions when it "provides by a contract for the operation by or on behalf of the agency of a system of records."
"We made a special exemption for this one exceptional case," said Gareth Edmundson-Jones, a spokesman for JetBlue. "We clearly have to review internally the decision and reconsider our policies."
The TSA, which is in charge of developing a new airline passenger-screening system called CAPPS II, adamantly denied receiving or reviewing the JetBlue data in the transfer. Turmail also said that the data was not used to test CAPPS II or CAPPS II prototypes.
Torch Concept's presentation, unearthed on a conference website by travel privacy activist and travel agent Edward Hasbrouck, shows that upon receiving the data, Torch Concepts purchased matching personal records from Acxiom, one of the country's largest data-aggregation companies.
That information included incomes, occupations, vehicle ownership information, number of children and Social Security numbers.
The company then used the data to create profiles of groups of travelers, dividing them into three specific groups: young middle-income homeowners, older upper-income homeowners and a group of passengers with anomalous records, which the presentation attributes to "erroneous entry, fraud or mischief."
Under the proposed CAPPS II system, passengers like those in Torch's third group would likely be assigned a yellow code by the system's algorithms, resulting in increased screening at the gate. Those whose identifying information is verified and who do not match a watch list of terrorists or wanted felons would get a green and face minimal scrutiny. Those whose names show up on the watch list would face arrest or be barred from flying.
The company's presentation concluded that "known airline terrorists appear readily distinguishable from the normal JetBlue passenger patterns," but said differentiation would be enhanced if the system had access to a passenger's annual, as well as lifetime, traveling history.
Torch Concept's work does not seem to be a prototype of CAPPS II, but instead an attempt to measure the viability of verifying and scoring passengers by checking them against data-aggregation companies' files. This is the same mechanism that will be used in CAPPS II, but TSA officials are adamant this study was not part of the CAPPS II program.
After a reporter made inquiries to the TSA, JetBlue and Torch Concepts, the presentation and all references to it were removed from the conference website, which is run by the Tennessee Valley Chapter of the National Defense Industrial Association.
The chapter's president, Joel Thomas of Elmco, said he received an internal e-mail Wednesday morning requesting its removal. Scannell has since mirrored the original document.
JetBlue's revelation came after two days of inquiry from Wired News, which reported Tuesday that TSA officials had told privacy activists that JetBlue gave assurances it would help in the testing of the agency's controversial new passenger-screening system, CAPPS II.
The presentation document also says the company first met with Jim Yeager at the Department of Transportation, who worked for the inspector general's office at the DOT.
Yeager was described as the "aviation security project manager" in a Jan. 4, 2002, document that announced the inspector general would conduct a review of proposed technologies to enhance aviation security. That audit, which is classified, was published in February 2003 and furnished to Congress.
Yeager, who now works at the Border and Transportation Security branch of the Department of Homeland Security's inspector general's office, did not respond to messages left for him.
Rick Toliver, a researcher for SRI who has worked on homeland security projects, chaired the session at the February conference. Toliver confirmed that Torch Concepts' then-CEO Bill Roark delivered the paper and that the session was well-attended.
Roark, who has a 15-year history of working on Pentagon projects, now works as the CEO of Torch Technologies, a Torch Concepts spin-off designed to focus on defense contracts.
On Wednesday, JetBlue issued a carefully worded statement and sent e-mails to customers. "Contrary to reports, JetBlue has not entered into an agreement to implement the CAPPS II program with the Transportation Security Administration. Further, no JetBlue customer information has been provided for purposes of testing the CAPPS II program currently under design."
David Sobel, an attorney with the Electronic Privacy Information Center, said it should not matter who received JetBlue's data in the transfer.
"A third party is a third party, whether that is the DOT, TSA or a contractor," said Sobel.
Hasbrouck called the presentation a "smoking gun" that proves that real passenger data has been used in the development of CAPPS II without attempting to get consent from passengers.
"Data from a number of different sources -- airlines, computer reservation systems, and third-party data warehouses -- (has) been provided to various contractors at various stages," said Hasbrouck.
Hasbrouck said the TSA has no authority to compel any airline to provide data, but even if JetBlue was ordered to provide data, the company should have told its customers.
"The ethical thing would be to reveal the transfer to passengers, so they can make a decision whether or not to fly JetBlue," said Hasbrouck. "Instead the company turned over what appears to be every reservation they've ever made."
It is unknown if the data has been destroyed or returned to JetBlue.