Northwest Airlines provided information on millions of passengers for a secret U.S. government air-security project soon after the Sept. 11, 2001, terrorist attacks, raising more concerns among some privacy advocates about the airlines' use of confidential customer data.
The nation's fourth-largest airline asserted in September that it "did not provide that type of information to anyone." But Northwest acknowledged Friday that by that time, it had already turned over three months of reservation data to the National Aeronautics and Space Administration's Ames Research Center. Northwest is the second carrier to have been identified as secretly passing travelers' records to the government.
The airline industry has said publicly that it would not cooperate in developing a government passenger-screening program because of concerns that the project would infringe on customer privacy. But the participation of two airlines in separate programs demonstrates the industry's clandestine role in government security initiatives.
In September, JetBlue Airways said that it turned over passenger records to a defense contractor and apologized to its customers for doing so.
Northwest said in a statement Friday that it participated in the NASA program after the terrorist attacks to assist the government's search for technology to improve aviation security. "Northwest Airlines had a duty and an obligation to cooperate with the federal government for national security reasons," the airline said.
Records included personal information
The carrier declined to say how many passengers' records were shared with NASA from the period offered, October to December 2001. More than 10.9 million passengers traveled on Northwest flights during that time, according to the Transportation Department.
NASA documents show that NASA kept Northwest's passenger name records until September 2003. Such records typically include credit card numbers, addresses and telephone numbers.
NASA said it used the information to investigate whether "data mining" of the records could improve assessments of threats posed by passengers, according to the agency's written responses to questions. At the time the agency also was exploring other possible projects aimed at improving air security, it said. NASA said no other airlines were involved in the project and that it did not share its data with other parties. The agency said it did not pay for the data.
The carrier tells passengers visiting its Web site that "when you reserve or purchase travel services through Northwest Airlines nwa.com Reservations, we provide only the relevant information required by the car rental agency, hotel, or other involved third party to ensure the successful fulfillment of your travel arrangements."
The Northwest and NASA documents were released in response to a Freedom of Information Act request filed by the Electronic Privacy Information Center, a nonprofit organization that advocates privacy rights and open government. The organization, which provided the documents to The Washington Post, said it plans to take legal action this week in an effort to force the government to disclose more information about NASA's secret security project and to investigate Northwest's actions.
"We strongly believe aviation security programs should be developed publicly," said David L. Sobel, general counsel for the group. "While the airline in this case might have thought the action appropriate, the public at large sees it as a serious violation of personal privacy."
Northwest's sharing of information with the government could have implications in the European Union, where officials have balked at providing passenger data to the U.S. Transportation Security Administration as part of that agency's computer passenger-screening program, known as CAPPS II. The EU has said that turning over passenger records to the TSA would violate its privacy laws.
NASA officials did not seem concerned about potential privacy violations until last fall, when JetBlue's cooperation with the Pentagon was disclosed.
In an e-mail written on Sept. 23, 2003, to Northwest's security manager, a NASA official indicated that he wanted to return the airlines' passenger data, which was stored on compact discs.
"As you probably have heard by now, our 'data mining for aviation security' project did not receive any FY2003 funds. My interpretation is that NASA management decided that they did not want to continue working with passenger data in order to avoid creating the appearance that we were violating people's privacy," NASA engineer Mark Schwabacher wrote to Northwest Airlines security manager Jay Dombrowski. "You may have heard about the problems that JetBlue is now having after providing passenger data for a project similar to ours."
In its written responses, NASA said it terminated the program in late 2002 because data mining was not a "viable line of investigation."
The e-mail to Northwest included a link to a news report about the JetBlue matter.
Northwest publicly denied disclosure
On the same day as the NASA e-mail, news media quoted Northwest officials responding to the JetBlue incident. "We do not provide that type of information to anyone," Northwest spokesman Kurt Ebenhoch was quoted as saying in the New York Times on Sept. 23.
An article in the following day's St. Paul (Minn.) Pioneer Press said: "Northwest Airlines will not share customer information, as JetBlue Airways has, Northwest chief executive Richard Anderson said Tuesday in brief remarks after addressing the St. Paul Rotary."
The Electronic Privacy Information Center said it originally filed a Freedom of Information Act request in 2002 with the TSA as part of an effort to obtain details of CAPPS II development. The TSA responded to the request by providing NASA documents that indicated NASA was involved with the "data mining" system with Northwest Airlines. The CAPPS II system, scheduled to be introduced this summer, seeks to identify all U.S. passengers using commercial databases and then rate the security risk posed by each passenger.
The Electronic Privacy Information Center and other privacy advocates have argued for years that CAPPS II is being developed under strict secrecy and they believe that plans disclosed so far violate personal privacy.
The organization said it plans to file a complaint about the Northwest incident this week with the Transportation Department, which oversees the airline industry's compliance with rules guarding private consumer information.
The group said it also plans to sue NASA in U.S. District Court in San Jose this week, because, the organization said, the space agency did not disclose enough information in its response to the FOIA request.
The group seeks to know more about the NASA program, including whether the agency shared the information with other parties and whether any other airlines were involved.
"There doesn't seem to be a classic space exploration endeavor here," said Barry Steinhardt, director of the American Civil Liberties Union's technology and liberty program.
The TSA has said it is developing CAPPS II to better identify people who might be terrorists. But the program will also be used by law enforcement officials to identify and question people suspected of violent crimes.
Steinhardt said the Northwest and JetBlue incidents provide people with another reason to be wary about CAPPS II. "What this makes plain is that we cannot believe the assurances we've received that this passenger data will only be used for limited purposes," he said. "Inevitably, it will leak out for other uses."
Researcher Margaret Smith contributed to this report.