JetBlue Airways may have to admit to more than an "error of judgment" for violating its own privacy rules after handing over travel records on more than a million passengers to a Pentagon contractor.
Consumers once inclined to forgive and forget are increasingly fed up with businesses secretly messing with their personal privacy. JetBlue had promised its passengers it wouldn't share such data with outsiders.
The airline's confidentiality blunder is just the latest from the U.S. business community. The discount airline apologized last week after disclosing it gave Army contractor Torch Concepts computer files containing the travel records of about 1.1-million passengers in 2001 and 2002. Torch cross-matched JetBlue's data with another database to capture each passenger's Social Security number, occupation and family size - all in an experiment intended to identify potential terrorists.
Come to think of it, I am probably listed among those passengers, courtesy of my one-and-only flight with the 3-year-old airline en route to my college reunion.
Thanks, JetBlue, for turning personal data - information I assumed you would safeguard - into Swiss cheese.
If I seem a bit steamed, I'm hardly alone. In a post-9/11 world where some in government and business seem extra-eager to sift personal data for hidden terrorists, a major shift in the privacy attitudes of consumers toward business is under way. So say survey results compiled in the past three years by privacy pioneer Alan Westin and polling firm Harris Interactive.
Westin, a professor of public law and government at Columbia University since 1959 and the newsletter publisher of Privacy & American Business, and Harris surveyed consumers and placed them in one of three categories: privacy fundamentalist, privacy pragmatist or privacy unconcerned.
Privacy fundamentalists are those folks who are passionate about what they see as business threats to their consumer privacy. They are the ones who push for government rules to control business information practices. Privacy pragmatists balance the risks and rewards of sharing their personal information with businesses. They favor a mix of government regulation and private solutions. A third and smaller group, the privacy unconcerned, are those people with little or no concern about consumer privacy issues.
Since 2000, there's been a big change in these three categories.
In 2000, 25 percent of the public scored in the Westin/Harris survey as privacy fundamentalists. But in 2003, clearly charged-up fundamentalists had shot up 11 percentage points to 36 percent of the public.
In 2000, privacy pragmatists made up the majority - 63 percent - of the public. But in the 2003 survey, pragmatists had declined by 10 percentage points to 53 percent. Finally, those who are privacy concerned, making up 12 percent of the survey population in 2000, remained largely unchanged in 2003.
These are hefty swings in attitudes in a short period.
Concludes Westin's Privacy newsletter: 56 percent of the public now see most businesses as inappropriate handlers of consumers' personal information. And 59 percent do not think the existing mixed public-private system of protecting consume privacy provides a "reasonable" level of assurance.
Translation? When companies like JetBlue swear they won't but still cough up customer records for government ID tests, business credibility suffers.
After JetBlue provided passenger data, Torch Concepts analyzed the names using Social Security numbers and other personal financial information, then combined it with data on passenger demographics purchased from Acxiom Corp. Acxiom is a provider of customer data integration software. Then Torch, on behalf of the Pentagon, tried to rate each passenger's security risk level by analyzing the merged databases.
JetBlue's involvement in this project sounds eerily similar to the federal government's planned passenger profiling system even though they are not connected. Called the Computer-Assisted Passenger Prescreening System, or CAPPS II project, the fed's profiling system will assign one of three colors - red, yellow or green - to airline passengers based on personal information related to finances or travel history, among other criteria.
Fliers will not know their color code but will be screened according to their perceived threat. Travelers who are flagged code red, likely a small percentage of fliers, will not be allowed to fly. Those assigned a yellow code will face extra screening. Watch for this to take effect later this year.
CAPPS II, in turn, should not to be confused with a program originally called Total Information Awareness. That Pentagon program, conceived under the supervision of John Poindexter, was designed to use software to flag potential terrorists by mining a broad array of public and private databases for information such as airline ticket purchases, passport applications, visas, work permits, drivers' licenses, car rentals, arrests and other personal details.
The Total Information Awareness program was derailed by critics who found it too aggressive in its pursuit of private personal data.
You'll recall that Poindexter, a Reagan administration official who went to jail for his role in the Iran-Contra affair, also backed another controversial Pentagon antiterrorism idea this year. Called FutureMAP, the project involved creating a futures market that would let investors bet on the likelihood of terrorist attacks and other turmoil around the world. Those who bet accurately would reap financial rewards.
The concept was to use market forces to help gain access to more accurate information, in advance, on terrorism. That plan, too, dissolved in a firestorm of bad publicity. Poindexter has since resigned.
Not that the feds hold a monopoly on aggressive profiling programs.
A database project called Matrix has been in use for a year and a half in Florida that allows law enforcement officials to cross-reference the state's driving records and restricted police files with billions of pieces of public and private data, including credit and property records.
Matrix was built to track terrorists. But as more states sign up to pool their files with Florida's, Matrix is increasingly touted as a tool for everyday police work. California and Texas dropped out of Matrix after complaining sensitive files are kept in the hands of a private Florida company.
Why bring up all these government-inspired and arguably draconian antiterrorist projects? Because the sharp outcry against JetBlue's decision to provide private passenger information was amplified in the wake of multiple, controversial database profiling systems recently pursued by federal and state government.
It did not help that some of the information JetBlue gave to Torch leaked out earlier this year in a presentation made by contractors at an air security conference.
Well, here's a suggestion for all businesses: Keep private what you promise to keep private. Share records only in times of true emergency, and not just to indulge some experiment in database fishing.