In an effort to shield themselves from potential lawsuits, American Airlines and one of its technology providers are pointing fingers at each other over who allowed some 1.2 million passenger records to be shared with four companies doing aviation security research for the government.
AMR Corp., the parent of American Airlines, disclosed late Friday that it authorized Airline Automation Inc., to share the passenger data with the Transportation Security Administration in June 2002.
However, the Fort Worth, Texas-based airline said it never gave Airline Automation the authority to share the data with the four research companies — HNC Software Inc., Infoglide Software Corp., Ascent Technology Inc. and Lockheed Martin Corp.
Airline Automation, a provider of revenue-management technology based in Tucson, Ariz., disputes that claim.
American Airlines “understood fully what was going to be happening,” David Coburn, a Washington-based lawyer for Airline Automation said Sunday. “The TSA wasn’t doing the research itself. The TSA was using contractors. There’s really no issue.”
A nationwide computer system aimed at screening all airline passengers is being developed by the TSA.
The Computer Assisted Passenger Prescreening System, known as CAPPS II, ordered by Congress after the Sept. 11 attacks, will check such things as credit reports and consumer transactions and compare passenger names with those on government watch lists.
Congress has barred implementation of CAPPS II until the TSA meets certain standards on security, accuracy and privacy.
Both AMR and Airline Automation are nervous about the possibility of becoming embroiled in the scrutiny and legal action that JetBlue Airways and Northwest Airlines faced after earlier admissions that they, too, allowed passenger data to be shared with the government and, in JetBlue’s case, government contractors.
Those revelations — as well as Friday’s announcement by AMR — have resulted in recriminations from privacy groups, class-action lawsuits and investigations by federal agencies, including the Federal Trade Commission, the Department of Homeland Security and the Defense Department’s inspector general.
Privacy advocates allege the government is using commercial data to skirt the 1974 Privacy Act, which prohibits routine data collection on ordinary Americans.
“Our concern is that without permission up front it could be a potential liability,” American Airlines spokesman Roger Frizell said Sunday. “We’re not pleased that AAI shared it without our approval.”
Before Airline Automation agreed to the TSA’s request to share the data with other companies, “perhaps they should have circled back with us,” Frizell said.
On Friday American Airlines said it agreed to provide the TSA with the information “because of the heightened interest in aviation security at the time and American’s desire to ensure its passenger and crew safety” following the Sept. 11, 2001, attacks, in which two of its planes were hijacked.
The carrier had previously denied releasing passenger records. However, an internal review was prompted by the disclosures of JetBlue in September 2003 and Northwest Airlines in January, as well as by a private reminder from Airline Automation about its work.
New York-based JetBlue gave 5 million passenger itineraries to a Defense Department contractor that used the information as part of a study seeking ways to identify “high risk” airline customers.
Northwest, based in Eagan, Minn., gave passenger records covering October to December 2001 to the National Aeronautics and Space Administration for a study on passenger screening.
David Sobel, general counsel with the Electronic Privacy Information Center in Washington, said these incidents reflect a pattern of behavior that signals “a privacy crisis within the airline industry.”
In its defense, Airline Automation noted that it required the companies to whom it provided the passenger data to sign nondisclosure agreements.
“Each of the companies has either returned the data to AAI or confirmed that the data and any related materials were destroyed,” the company said in a statement.