Skip to main content

EFFector - Volume 17, Issue 1 - Airlines and Government Violate Your Privacy Again

EFFector       Vol. 17, No. 1       January 20, 2004

A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

In the 276th Issue of EFFector:


Airlines and Government Violate Your Privacy Again

Call for Hearings Now!

Only four months ago, the news broke that JetBlue secretly handed over personal data on millions of air travelers to a government contractor. Now, Northwest Airlines has admitted to doing the very same thing, violating the privacy of more than ten million people by secretly providing NASA with passenger records that include names, addresses, itineraries, credit card information and more. But the bad news doesn't stop there: last week, the Transportation Security Administration (TSA) announced plans for "live testing" and implementation of CAPPS II, a passenger-profiling system that would make privacy violations of this kind routine for air travel. To top it off, TSA has threatened to issue a government "security directive" forcing the airlines to use their passengers as guinea pigs for the system.

Enough is enough. Congress must halt all current CAPPS II testing and hold public hearings to find out who is providing American travelers' personal data to the government and exactly what the information is being used for. Send this letter and urge Congress to get the answers now!

Links:


Update on CAPPS II: What's Next?

As noted in the Action Alert above, the Transportation Security Administration (TSA) last week confirmed plans to test and implement CAPPS II, a controversial passenger-profiling system that uses information in government and commercial databases to "tag" each passenger with a color-coded score indicating the level of security risk that he or she appears to pose.

EFF strongly opposes CAPPS II and is working to stop both testing and implementation. In addition to sounding the call for a Congressional investigation and hearings on CAPPS II, we will be monitoring developments in the next few months that may prove pivotal to the program's future:

  • TSA will shortly issue its third Privacy Act notice on CAPPS II.
  • The General Accounting Office (GAO) is scheduled to report on the privacy impacts of CAPPS II on February 15, as required by Section 519 of H.R. 2555, Department of Homeland Security (DHS) Appropriations Act of 2004, Public Law 108-90.
  • The DHS Under Secretary for Border and Transportation Security is expected to "certify" that CAPPS II has adequate privacy protections under Section 607 of H.R. 2115, Federal Aviation Administration (FAA) Reauthorization Act of 2004, Public Law 108-176. The GAO is scheduled to report (again) on the privacy impacts of CAPPS II within 90 days of this "certification." Unfortunately, there is no deadline for the "certification," so we do not know when it will be be issued.
  • Finally, the DHS is also scheduled to produce its own privacy impact assessment of CAPPS II around March 12, as required by Section 608 of the FAA Reauthorization Act.

"The JetBlue and Northwest scandals have given us a glimpse of what the future would be like with CAPPS II in place," said EFF Attorney and Equal Justice Works/ Bruce J. Ennis Fellow Kevin Bankston. "Millions of people have already been stripped of their privacy without even knowing it. If we don't stop CAPPS II now, that's only the beginning."


Guest Op-ed: "Your Bank Account, Your Liberties"

By George Paine

(Note: this op-ed was previously published in a longer form on January 2 at Warblogging.com)

On New Year's Eve, my debit and ATM card stopped functioning. When I got in touch with my bank the following Saturday I was told that it was disabled due to "possible fraud" and that I would have to visit the bank personally to review my account history and certify that no fraud occurred before my card could be reactivated.

I went to the bank that day and met with my banker, who greeted me by name as I arrived. He pulled up my account on his computer and scrolled through my financial history for the past several months. Together we set out to find anything suspicious. As the pages - the days - rolled by on-screen, I realized that these transactions brought back memories.

I mentioned this to him and he gave me a knowing smile. He began to extrapolate details of my life from the transactions. "So, here, on December 13th, you got a cup of coffee with a friend. Then you guys got some sushi...Is that place good? You took in a show. Had a couple of drinks afterward..."

He was right. That was exactly what I'd done that day. Eventually we got to my Christmas purchases. He asked if someone had liked a particular gift. I said that she did. He gave me a friendly wink.

It struck me then that this man knows where I eat, where I get my coffee, when and where I drink, when and where I travel. He knows where I buy books. He knows what political campaigns I've contributed to, and how much.

After we ruled out fraud, he reactivated my ATM card and I thanked him for the service. It was then that I noticed a small sign on his desk, an advertisement from a banking services company. It was designed to appear as patriotic as possible, right down to the American flag in the background. It read "USA PATRIOT Act compliance by..."

While I don't remember the name of the company that provided the advertisement to my banker, a quick Google search reveals many such companies. One of them is Aquilan, which offers a product called Aquilan Patriot Manager (APM). The APM tagline: "Know Your Customers. 'Red Flag' Suspicious Activity. Prevent Money Laundering."

My time with the banker was innocuous. But the PATRIOT Act requires banks to report any "suspicious activity" to the government. According to the Aquilan website, the complexity of the banking business these days makes correctly identifying such activity "nearly impossible," so banks use software like APM to make the impossible possible. But is it?

APM probably works much the same way as the fraud detection software that prevented me from accessing my own bank account. This means that it's just as likely to be flawed, just as likely to yield false positives. And just as likely to bring the FBI to my door as the fraud detection software was to bring me to the bank.

On December 13th, President Bush signed into law the "Intelligence Authorization Act for FY 2004." This bill contains a section that expands the FBI's power to access our bank records, and our interactions with most other businesses, without first obtaining permission from a judge.

No longer can a judge say, "You're on a fishing expedition. You can't see George Paine's banking information."

If this doesn't concern you, it should. Think back to the skeleton or two in your closet. Think about all the information that your bank records share about you.

The Fourth Amendment is written as it is for a reason - to prevent the abuse of power. The Constitution's framers understood that "power corrupts, and absolute power corrupts absolutely."

If you don't take the threat of abuse seriously, you need look no further than the FBI itself. Take, for example, COINTELPRO, a program conceived "to neutralize political dissidents" by "discrediting and publicly destroying" them.

Or consider the DEA's Kevin Tamez, Associate Special Agent in Charge of the New York office. On December 15th, Tamez was indicted for "illegally obtaining information from law enforcement [databases]" and using it to conduct his own private investigations.

It isn't wise to imagine that your status as a loyal and law-abiding citizen will protect you from having your personal records used against you. Dr. Martin Luther King was a loyal American citizen, yet was a target of COINTELPRO.

When the rubber hits the road things like loyalty and good citizenship don't matter. What matters is whether the people in power have been given the tools to abuse that power. Under PATRIOT and the Intelligence Authorization Act for FY 2004, they have them.


George Paine is the founder of Warblogging.com, a website "providing another voice in the chorus of Americans calling for a balanced and reasonable foreign policy and a domestic policy that respects the United States Constitution and the rule of law." For further details, see http://www.warblogging.com/about/.


Nominate a Pioneer for EFF's 2004 Pioneer Awards

EFF established the Pioneer Awards to recognize leaders on the electronic frontier who are extending freedom and innovation in the realm of information technology. This is your opportunity to nominate a deserving individual or group to receive a Pioneer Award for 2004.

The International Pioneer Awards nominations are open both to individuals and organizations from any country.

All nominations are reviewed by a panel of judges chosen for their knowledge of the technical, legal, and social issues associated with information technology.

This year's award ceremony will be held in Berkeley, California, in conjunction with the Computers, Freedom and Privacy conference (CFP), which takes place in mid-April.

How to Nominate Someone for a 2004 Pioneer Award:

You may send as many nominations as you wish, but please use one email per nomination. Please submit your entries via email to pioneer@eff.org.

We will accept nominations until February 1, 2004.

Simply tell us:

  1. The name of the nominee,
  2. the phone number or email address at which the nominee can be reached, and, most importantly,
  3. why you feel the nominee deserves the award.
For more details, see our Pioneer Awards website.

Deep Links

Deep Links features noteworthy news items from around the Internet.


EFF Court Docket

  • February 3 - MGM v. Grokster
    U.S. Court of Appeals
    Pasadena, CA.
    9:00 a.m.
  • February 9 - OPG v. Diebold
    U.S. District Court, Northern California
    280 South 1st street
    San Jose, CA.
    Courtroom 3
    9:00 a.m.

Staff Calendar

For a complete listing of EFF speaking engagements (with locations and times), please visit: http://www.eff.org/calendar/

  • January 22- Fred von Lohmann speaks at "Washington in the West" Conference
    Long Beach, CA.
    - 11:40 a.m. - 12:40 p.m.
    http://laipla.org/
  • January 26- Lee Tien speaks on privacy, presenting to W.K. Kellogg Foundation
    Battle Creek, MI
    10:00 a.m. - 11:00 a.m.

Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
 http://www.eff.org/

Editor:
Donna Wentworth, Web Writer/Activist
  donna@eff.org

To Join EFF online, or make an additional donation, go to:
  https://secure.eff.org/

Membership and donation queries: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements and articles may be reproduced individually at will.

To change your address or other information, please visit: http://action.eff.org/subscribe/

If you have already subscribed to the EFF Action Center, please visit: http://action.eff.org/login.asp/

To unsubscribe from the EFFector mailing list, send an email to alerts@action.eff.org with the word "Remove" in the subject.

(Please ask donna@eff.org to manually remove you from the list if this does not work for you for some reason.)

Back issues are available at:
  http://www.eff.org/effector/

You can also get the latest issue of EFFector via the Web at:
  http://www.eff.org/effector/

Back to table of contents

Return to EFFector Newsletters Index


Please send any questions or comments to webmaster@eff.org

JavaScript license information