The study, produced by Torch Concepts of Huntsville, Ala., was titled “Homeland Security: Airline Passenger Risk Assessment” and was intended to be a proof-of-concept analysis for a project on military base security.
“This was a mistake on our part,” JetBlue chief executive David Neeleman said in an apologetic e-mail sent to angry customers.
Neeleman insisted the data JetBlue provided was not shared with any government agency and that Torch has since destroyed the passenger records. New York-based JetBlue said it has taken steps so the situation will not happen again.
Details of the study and JetBlue’s involvement were reported Thursday by Wired.com, which credited privacy activist Bill Scannell for bringing attention to the issue on his Web site, Don’t Spy On.Us.
Rotenberg said his organization was contemplating filing a complaint with the Federal Trade Commission.
JetBlue “really should have known better,” said Richard M. Smith, an Internet security and privacy consultant based in Cambridge, Mass. Smith said the content of the study raises serious questions about whether it was really aimed at military base security.
“It’s basically a prototype for CAPPS II,” Smith said, referring to the nationwide computer system being developed by the Transportation Security Administration. The Computer Assisted Passenger Prescreening System, ordered by Congress after the Sept. 11 attacks, will check such things as credit reports and consumer transactions and compare passenger names with those on government watch lists.
The TSA, the federal agency in charge of airline and airport security, said Friday it was not involved in the study.
Torch contacted the TSA last summer for airline industry contacts and the agency complied with the request, but “that was the extent of our involvement,” TSA spokesman Nico Melendez said.
The Torch study analyzed the records JetBlue provided in September 2002, as well as other demographic data collected about the passengers, including Social Security numbers and information about their finances and families.
The apparent goal of the study, which was presented at a technology conference in February, was to determine the usefulness of combining passengers’ travel and personal information in order to create a profiling system that would make air travel more safe.
One conclusion of the study was that “data elements have been identified which best distinguish normal JetBlue passengers from past terrorists.”
Neeleman’s e-mail said Torch “developed this information into a presentation, without JetBlue’s knowledge, for a Department of Homeland Security symposium” and that he was “deeply dismayed to learn of it.”
Neeleman said JetBlue provided passengers’ names, addresses and phone numbers to Torch after an “exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security.”
Torch referred calls to its attorney, Richard Marsden, who did not immediately return a call seeking comment.