Forgot your password?
typodupeerror
Privacy United States Your Rights Online

JetBlue Gives Away Passenger Info To TSA? 343

Posted by simoniker
from the eye-in-the-sky dept.
Old Ben Franklin writes "In September of 2002, JetBlue Airways secretly gave the Transportation Security Administration the full travel records of 5 million JetBlue customers. This sensitive travel data was then turned-over to a private security contractor for analysis, the results of which were presented at a security conference earlier this year and the analysis then posted on the Internet." This comes after Wired News's recent article on this matter, explaining that "...the proposed government system to prevent terrorism by color-coding airline passengers according to their risk level will be tested using old passenger itineraries from JetBlue", but quoting a TSA spokesman as saying that "currently only fake passenger data was being used."
This discussion has been archived. No new comments can be posted.

JetBlue Gives Away Passenger Info To TSA?

Comments Filter:
  • color (Score:5, Funny)

    by CGP314 (672613) <CGPNO@SPAMColinGregoryPalmer.net> on Thursday September 18, 2003 @03:07AM (#6992233) Homepage
    the proposed government system to prevent terrorism by color-coding airline passengers according to their risk level will be tested using old passenger itineraries from JetBlue

    So is blue good or bad?
  • That's nice (Score:5, Interesting)

    by PingXao (153057) on Thursday September 18, 2003 @03:07AM (#6992236)
    I flew them earlier this year. After already being on the plane 15 minutes at the gate a guy comes on board, calls my name, and escorts me off. Apparently they had marked me for the double-secret security scanning and failed to do it at the security checkpoint. No problems, really, and I was back on the plane about 10 minutes later in plenty of time for departure. Of course, my carry on bag was left in the overhead compartment the whole time I was off the plane.

    It was the security folks who failed to do the extra scanning at the checkpoint, but it was Jet Blue's guy who got me off the plane. He didn't know and didn't care that I might have already snuck something onto the plane. If Jet Blue wants to help fight terror in the skies they'd better re-think their priorities. Paying lip-service to security is a long tradition in commercial aviation. Just think about this: if there was no law passed mandating crash-proof cockpit doors, most airlines wouldn't have put them in.
    • by vor (142690) on Thursday September 18, 2003 @03:33AM (#6992337)
      Same thing happened to me at JFK. Ever since taking a one-way flight to Florida for a prolonged business trip, every flight I've been on I've been labeled "SSSS." I think it stands for Super Secret Squirrel Security.. I'm not sure. Anyway I get to cut the long lines at regular security so I don't care if they think I'm a terrorist.

      The usual procedure is to stamp the ticket and punch a hole into the ticket to prove that the SSSS security check was made. After my very thorough SSSS check which involved unzipping my carry on and looking under one shirt, I got my ticket stamped but no hole. I'm about to board the plane when they say I can't get on because I only have the stamp.. not the hole.

      Mind you, the hole IS A REGULAR CIRCULAR PUNCH HOLE CREATED BY A 1.99 STAPLES HOLE PUNCHER.

      Of course I had to walk 900 feet back to the checkpoint, as this magical punchhole proved I was clean and not a terrorist. Kinda scary, no?

      Also upon flying out of Burbank airport, flagged my usual terroristic SSSS, I asked which line is for SSSS security. To which the "guard" replied "Oh we don't do that here, just go through regular."

      Now of course I know that I am no terrorist, but what about others who may be? When I told a close friend who is a pilot for United about that, he freaked out and said theyd be in huge trouble if the FAA ever found out.

      Needless to say the whole airport security thing is a facade of false security, regulated by mystic punch holes, dimwitted workers, and innane flagged policies - He took a one-way flight!!! He's a terrorist lets do extra security on him for the next 30 flights!!" When of course anyone looking to cause trouble would just book round trip..
      • by kfg (145172) on Thursday September 18, 2003 @03:55AM (#6992428)
        You want to really mess with their heads?

        Fly to Florida one way, hitch-hike back, then fly one way to Florida again.

        Rinse and repeat.

        Smoke will probably come out of their tiny little ears before they figure out how you can do that.

        KFG
      • He took a one-way flight!!! He's a terrorist lets do extra security on him for the next 30 flights!!

        Oh great. I took a one-way fight out of the country. I'm going to be labeled a terrorist forever.
      • by vor (142690) on Thursday September 18, 2003 @04:04AM (#6992454)
        This is the icing on the cake, it's kinda late so I guess that's my excuse for forgetting to type it..

        While leaving Burbank my "friend" had purchased a kitchen utensil set. Upon packing the luggage my "friend" looked at the 8 inch chef knife and said.. "Damn I'm gonna have to ship this back or give it away cause there's no shot in hell this is getting let on the plane in my carry-on." His brother says Ah give it a shot, if its a no-go let security confiscate it.

        Needless to say, my "friend's" bag went through the X-Ray machine, and the attendant didn't even give it a glance. Remember he is flagged for extra security.. regardless of the 8 inch knife on the X-Ray, the bag has to be checked by FAA policy!!! His bag was never opened and he boarded the plane and landed with the obvious contraband aboard. But I dare the 90 year old woman to try to board with a nail clipper.

        So not only was he flagged as a security risk, but he sucessfully boarded the plane with an 8 inch chef knife without anyone giving him a second glance! Of course he had no mal-intents but the whole incident shocked my pilot friend and he was furious as it showed how really terrible airport security is, and how easy a terrorist can smuggle stuff in if a regular passenger (who was flagged a terrorist!!) can get by without trying to circumvent any security.
        • by Anonymous Coward on Thursday September 18, 2003 @06:47AM (#6992885)
          It's trivial to circumvent security at airports. If I wanted, I could get either a ceramic or a glass knife. Neither of those will be picked up by security scans whilst on my body (it's called a "metal detector" for a reason...). Either would be just as sharp as any regular metal knife -- possibly sharper. You wouldn't believe how sharp a glass knife can be.

          And if you think I'm giving people ideas, you obviously haven't read Snow Crash. Airport security isn't about true security. It's about giving people the appearance of security. True security is what they have at El Al airport: all passengers are asked a series of questions (usually brief and not very deep, sometimes very probing if the initial questions suggest you have something to hide); all baggage is put through decompression chambers, to simulate flight conditions in the baggage compartment; cockpits are heavily reinforced. The latter two, in particular, aren't visible to the public. But they work, and far more effectively than what we have in Australia (or, AFAIK, in the US.)

          Nail clippers? Sewing scissors? The effort in confiscating those, versus the security that doing so provides, is way out of proportion. Read Cryptogram [counterpane.com] for more detail on this subject than I can be bothered typing.

        • I carried a bag of computer parts, inc hard disks, onto a plane in Germany. Apparently they have no problem with people carrying small metal boxes with circuitry clamped on the underside. That was through 2 security checks w/scan too.

          They did hassle the hell out of the 12yr old girl infront for having a metal comb in her bag though.

          Makes ya feel so safe eh :)
        • I carried a Swiss army knife in my pocket through some five airports in Asia and Europe, for some six journeys in 1.5 years. Finally got caught in a prominent Asian hub, but that was only the fourth time I travelled through that airport.

          And to think, something like 10% of my ticket is for shit like this. :-)

      • by sigxcpu (456479) on Thursday September 18, 2003 @04:13AM (#6992476)
        The whole thing is a joke:

        Problem: someone with a knife took over a plane and crashed it.

        There were three places he could have been easily stopped :
        1. The knife might have been discovered while he was boarding the plane.
        2. An armed security guard could have stopped him while he attempted the takeover.
        3. The cockpit door should have been locked.

        I would have fixed 2&3.
        (but that requires thinking)

        This whole ssss business just shows that they are clueless, any perimeter defense can be circumvented or breached. If you want to protect something, focus on the inner layers of protection, investing in the outer ones is much less effective.
        • 1) The knives were boxcutters, and may have been smuggled aboard the plane on previous flights. What happens if they catch you taking a boxcutter through security? They take it away. Maybe: Once I took a pipe wrench (not a very large one) through security at RDU. They asked to see it, then told me it was contraband. I said, "Fine, take it," and they replied, "Oh, well never mind then. Enjoy your flight."

          2) There were no armed security guards aboard the planes.

          3) The cockpit doors were locked. Th

          • Since they had been screened in another state before getting to the airport that the crashed planes left from... This meant that on hitting ground, they were walked over to their next flight. No security involvement except a glanceover on the tarmac. It is (or was)a common procedure, which leaves the burden of security screening on the original flight- the first one that they got on. If you come in on an international flight (or even a regular flight) that has low security, the odds are still that you're go
      • by Anonymous Coward on Thursday September 18, 2003 @04:55AM (#6992575)
        Haha! Yeah, recently I flew out of SeaTac. I walk up to the ticket counter and start chatting up the counter people. They tell me that I've been flagged for the secret squirrel line. Heavy sighs and eye rolling, etc. So I get my ticket and meander over to the Starbucks booth to get a $5 airport mocha. I've got plenty of time and I'll hit the super secret security line in a little bit.

        Then it dawns on me... if I were a terrorist with a big ol' fruitcake bomb in my carryon or a plastic shiv down my sock, I'd just calmly walk out of there since they've told me that I'm slated to be searched. The only way they'll ever actually CATCH anyone with this stupid dual-line flagging approach is if they stop telling all those terrorists that they're going to search them ahead of time. Plus, once the CRAPPS II sticky status flag stuff is in place, all a terrorist has to do is fly once or twice without any boxcutters to get their status flag and know with high probability what they can expect on their next flight.

        What a bunch of feebleminded doughnut-chomping rentacop government bureaucracy maroons we've got running this show. The only domestic terrorists I'm afraid of at this point are John Ashcroft and Tom Ridge.
        • What a bunch of feebleminded doughnut-chomping rentacop government bureaucracy maroons we've got running this show.

          A better plan would have been to just replace the passenger cabin air with laughing gas.

          So simple, but did they even think about it?

          The only domestic terrorists I'm afraid of at this point are John Ashcroft and Tom Ridge.

          When fascism (or is it fashionism) is finally in place, you won't be given the chance to worry about them...you'll be much more worried about escaping your own home.
      • I easily passed thru security while wearing a slightly bulky jacket with a Beluga Whale tucked under my armpit. My friend got stopped for trying to bring on his 157mm howitzer though...
      • Unbelievable (Score:5, Interesting)

        by varjag (415848) on Thursday September 18, 2003 @05:16AM (#6992615)
        You have the actual label on your boarding pass effectively saying that you are suspect? Ubelievably cynical! Even in late Soviet Uinon, where I happened to live good part of my life, authorities avoided to humiliate the citizens so openly. (And mind you, USSR wasn't exactly the place where personal freedoms were flourhising).

        I sympathise you, and wish you best of luck. Hopefully your country will recover the freedoms and sanity that its dwellers were so proud of.
      • by ChaseTec (447725) <chase@osdev.org> on Thursday September 18, 2003 @05:26AM (#6992647) Homepage
        My fav of all time was what happened to me at the Atlanta airport(I think it was Atlanta, they all blur after so much traveling). I was there on a short lay-over. I stopped at a barbeque quick serve resturant right outside the metal detector on my way to my gate. I got a chopped beef sandwitch wrapped in aluminum foil and it was placed in a plain brown paper bag. Without even thinking I walked thru the metal detector which of course was set off by my sandwitch I was carrying. The security guard asked for the brown paper bag and had me walk back thru the scanner. Since the scanner didn't go off I wasn't a threat so I was given back my sandwitch. The kicker is that no one every bothered to look in the plain brown paper bag that set off the metal detector.

        Another time,in Minnesota, I forgot that I had a long small head screw driver in my carry on bag that I used to change out laptop hd's. The extra machine tech saw it and handed my bag to a security officer. I was asked about it and admitted to being absent minded and leaving a screw driver in the bag. They tell me they'll have to take it so they start to search the bag. They can't find the damn thing and it's not some complicated bag, it's a cloth laptop bag from Sun's Java store. I offer to reach in the bag and get it for them, nope that's not allowed. They end up xraying the bag a second time still seeing the screw driver there but even though I'll telling them there is one they conclude that it's a fantom screw driver being caused by several pens in my bag.

        As for the security profiling that airports do, some do the "he looks like a bad guy" approach. Sadly if you get behind someone that isn't white you have a much better chance of avoiding searches. Other airports have profiling systems in place that will flag you if you do things like switch your flight to a different time, ignoring the fact that you have a million frequent flyer miles.
      • by I8TheWorm (645702) on Thursday September 18, 2003 @07:51AM (#6993076) Journal
        As a semi-retired musician, I fly to gigs once in a while, and never trust the baggage folks with my basses, so I carry on. This always makes me a super high risk, for some reason.... I suppose the electronics. No big deal.

        After 9/11, I flew for a show and went through the usual motions. Upon returning home and clearing out my luggage carry on, I noticed a full sized pair of scissors in a side pocket... EASILY detected by the scanners. But it got through two of them. So I called security at the airport here, just to let them know they seem to have a problem with their employees at the checkpoints. The person I spoke to got terribly defensive, and I kept saying "I'm just calling to help." She wouldn't have any of it, and eventually hung up on me.

        Security is a joke... and we're talking about major airports here.... IAH was my departure airport.
      • I've been labeled "SSSS."

        So do you get a chuckle when you go up to security and say, "I'm one of those guys with four ess-es." I would be tempted to put a slight accent on the thing and make the "e" in "ess-es" sound more like an "a".

  • by Ratface (21117) on Thursday September 18, 2003 @03:08AM (#6992239) Homepage Journal
    Typical - the first step probably seemed perfectly reasonable to JetBlue - I mean what could be safer than a Security Administration huh?

    But then the records get given to a private firm and like Chinese Whispers, the privacy implications are completely forgotten.

    I notice the exact same effect at work. I explain the ethical implications of not spamming to my boss. He then exlpains to clients that it's fine for them to send information to existing client lists. They then come and ask us to send mail to a list they have bought in from a 3rd party supplier!

    I guess that problems like this are going to crop up more and more as we give up more and more of our personal data to large companies.
  • I dunno... (Score:5, Interesting)

    by morganjharvey (638479) on Thursday September 18, 2003 @03:16AM (#6992268)
    I don't know about this -- this seems a little specious to me.

    I'm not saying that I don't beleive that it's impossible that JetBlue gave/sold their passenger list, but the article doesn't give any corroborating evidence other than the old "they deny it, it must be true." The file they linked to as a copy of data put up on the web also seems to be empty, so I couldn't look at what this data was. Regardless, how did they figure out that this was JetBlue's data? I'm also wondering if JetBlue even has had 5 million customers -- perhaps they meant 5 million transaction records?

    I'm all for privacy, free speech, blah blah blah, but this seems pretty alarmist and reeks of, what's the term... conspiracy theory. This just doesn't add up.

    Just my two cents, go ahead and flame me.
    • Okay, let's see. One airplane [jetblue.com] has 60 windows (meaning 60 rows), 6 seats per row for 300-400 seats, and we might guess that a typical flight is 2/3 full, so you might estimate 200 people per flight. I see [jetblue.com] about 25 routes, and we might guess that there are 2 flights per route per day, so that would be about 10000 people flying JetBlue per day.

      Now, there are about 350 days in a year, so that makes 3 500 000 flights per year.

      So yeah, order of magnitude, 5 million flights is probably 1 or 2 years' wort

  • by GISGEOLOGYGEEK (708023) on Thursday September 18, 2003 @03:19AM (#6992278)
    Actually the new coding system will have two labels:

    1. Has No WMD's - safe passenger

    2. Has No WMD's but with no evidence or any link whatsover to recent terrorism, we want you to think he has WMD's so lets haul him off the airplane for a near nuclear anal probing where we will find no WMD's and call in the UN to clean up after us when we can't handle the mess we made anymore. - safe Arab passenger

    My father in law was branded as number 2 recently - with his tan from working in africa for months, they thought he was middle eastern, when he pulled his shirt open to expose his untanned white skin, the guards laughed at their 'mistake', stopped searching him and let him carry on.

    Now if you Americans would stop pissing off people around the world, you wouldnt need all these colour schemes.
  • JetBlue Passenger (Score:5, Insightful)

    by JWSmythe (446288) * <jwsmythe@[ ]mythe.com ['jws' in gap]> on Thursday September 18, 2003 @03:21AM (#6992283) Homepage Journal
    As one of JetBlue's first passengers, when the seats were still new and the TV's weren't working yet, I'm upset by this. I flew them in the first weeks they were flying, and then frequently afterwards, because the planes were nice, the service was good, and the rates were cheap. Now I'm even more screwed than normal, I'm deep in the belly of the CAPPS II system. Bastards.

    It was very nice of them to include the SS#, address, and date of birth. I recognize some of the addresses on pg 20 of the PDF, it would be almost trivial to find out the names to go with those, and use them in identity theft.

    I wouldn't do it, but I might anonymously mail a printout of the pdf to them.

    • JetBlue has clearly stated that they never consented to the data being used in this manner.

      quote: "Yesterday [Wednesday], ANN got a call back from jetBlue's Vice President, Corporate Communications, Gareth Edmundson-Jones, who wanted to go on the record, in the wake of the lousy publicity his airline had gotten yesterday. He wanted us to know, in no uncertain terms, that, "jetBlue is not entered into an agreement to participate in CAPPS II.""

      Link to article [aero-news.net]
  • by dmon (133360) on Thursday September 18, 2003 @03:21AM (#6992286)
    "The United States has long pressured European airlines to submit passenger information in order to prevent the arrival of terrorists in the country."

    "This information will include names, travel routes, credit card numbers, and possible special meals."

    full article [helsinki-hs.net]
  • just a question (Score:5, Interesting)

    by jlemmerer (242376) <xcom123@nOSpaM.yahoo.com> on Thursday September 18, 2003 @03:24AM (#6992301) Homepage
    if you color code the passanger's in the traffic light way (green for "too stupid to be a terrorist"; yellow for "suspect" and red for "oh my god, he has a beard and even more, he wears a turban") and there is a suspected terrorist threat in a location of the u.s. will you deny the "red" passengers transportation? And how do you classyfy the color system? Would be interessting what happens when sombody say's there will be an attack on the white house and 5 planes with "red" passengers are on it's way to Washington DC. will they be rerouted to a save location (Nevada for instance, or maybe even Guantanamo)
    • Re:just a question (Score:3, Interesting)

      by sasha328 (203458)
      I hope you don't get mod down for this post. I am soo to go to a trip to Canada, and I would like to go to the US for a couple of days to visit a relative in Boston. My mum is trying to convince me not to go because I'm of middle eastern background and she worries I might be hassled when I get there. I try to convince her that that is not the case. People don't go around racial profiling any one. I certainly look middle eastern, and I have never been hassled (or singled out) because of the way I look. Certa
    • Has anyone at TSA ever heard of checks and balancces? Judicaial Oversight? What hapens if somone is classified a RED and denied transportation? What if its the CEO of a multimillion dollar company who was born in the US and happens to be a muslim of arabic decent? My question is: How do I get off the list if ive been wrongly flagged or worse, If I have the same name as somone who has been correctly flagged not to travel? This has already hapened with the current system. Apparently somone with a name li
  • by Anonymous Coward on Thursday September 18, 2003 @03:24AM (#6992303)
    If the idea is to test whether CAPPS II can accurately determine the risk level of a potential flyer, I don't see how they can accomplish this with data from old passengers. Don't they also need data on how much each of those passengers ended up BEING a RISK?

    I don't know how you'd even begin to come up with such data. But if you can't figure out how much of a risk each passenger actually was, how can you see whether this correlates with the risk score CAPPS spits out? As far as I can see, this massive breach of passenger confidentiality will do nothing to test the efficacy of CAPPS.

    (As far as I know, no terrorist acts have been committed on JetBlue, so all passengers who have flown on JetBlue should have been given the "Green" CAPPS rating. Hence once they feed this passenger data through CAPPS, it better spit out low risk for everybody. Otherwise, this profiling obviously isn't working.)
    • Well, just filter the list for the words "mohammad" and "mohammed" and "abdul" and "bin" and flag the male (sorry to sound sexist, but that's the way it goes) passengers whose names contain those "words of terror" and assign a higher risk to said passengers, and that's all that's really necessary. Anyone signing up for a "muslim meal" should also be flagged as high-risk. It's really simple, even though it seems politically incorrect at the same time. There should also be information about beard (boolean
    • by rpjs (126615) on Thursday September 18, 2003 @04:12AM (#6992474)
      Don't they also need data on how much each of those passengers ended up BEING a RISK?

      Seems to me that the dataset they should be testing this against is UA and AA's passengers for September 11th, 2001. If the system doesn't spot the hijackers, it isn't working properly.
  • Always a downside (Score:5, Insightful)

    by panurge (573432) on Thursday September 18, 2003 @03:25AM (#6992308)
    Identity theft.

    All schemes like this increase the chance that evil people will target low risk travelers for identity theft.

    Scenario: terrorists identify suitable target in fairly remote location. Break in, force target to purchase tickets over the internet, disclose PIN numbers to credit cards etc., kill target and catch plane. It takes a bit more organisation and time, but these people seem to have plenty of that. You can't even rely on those sneaky people to be darker shades of brown: the white English-speaking world has shown an ability to produce home-grown bombers, in the US, Northern Ireland and the UK.

    If this is going to be a substitute for airport security (and I suspect it will be) all I can say is, fortunately I rarely need to travel by plane nowadays.

  • by Raindeer (104129) on Thursday September 18, 2003 @03:25AM (#6992309) Homepage Journal
    Known Airline Terrorists Appear Readily Distinguishable from the Normal jetBlue Passenger Patterns

    Can anyone tell me why they let known Airline Terrorists fly at all??

    There is some interesting data-mining being done in the document. Correlating several databases together gives you a good profile of the people on the plane, but it doesn't give you an idea if someone is a terrorist. Like the presentation sais, Find a needle in a haystack, without knowing what the needle looks like If you don't know what it looks like you won't find it. What you do find is anamolous behaviour that points to interesting people to check.

    Finding these people largely depends on how much they differ from the ordinary profile. Ordinary here is middle income suburbanite. So low income ghetto dwellers get singled out time and time again. Yes they might be out of the ordinary, but it doesn't mean that they will blow up the plane.

    • Correlating several databases together gives you a good profile of the people on the plane, but it doesn't give you an idea if someone is a terrorist. Like the presentation sais, Find a needle in a haystack, without knowing what the needle looks like If you don't know what it looks like you won't find it.

      Actually it's an even worst problem since needles are inanimate objects which don't try to hide or disguise themselves as something else.

      What you do find is anamolous behaviour that points to interesti
    • If you said, "find a geeble in the haystack", I certainly don't know what a geeble looks like, but I do know what hay looks like. I would present to you the first non-hay thing that I found.
  • by Enigma Deadsouls (700792) on Thursday September 18, 2003 @03:34AM (#6992342)
    How To Fly Without ID. [permanenttourist.com] I wonder if this will still work... and if so for how much longer.

  • Ah yes... the Big Brother mega watch list in full swing...

    The Bush administration's plan to merge a dozen anti-terrorist "watch lists" into a single database overseen by the FBI is being called long overdue by Congress.

    But some critics see the potential for a giant blacklist.

    "Having a single watch list is counterterrorism 101," said Sen. Charles Grassley, R-Iowa, a frequent FBI critic. "Now it's up to the FBI to demonstrate the technical savvy needed to maintain" and share the list.

    Under the plan un

  • Don't worry... (Score:2, Interesting)

    by hazman (642790)
    Anybody can have your [microsoft.com] passenger info if they really want it.
  • Nothing new... (Score:2, Interesting)

    by Anonymous Coward
    Foreign airlines flying to US destinations have had to turn over their passenger manifests, incl. credit-card details and special food requirements ("No pork means....") to US authorities for months now. If they don't do so they lose their landing-right, can get fined etc.

    This isn't just for "scary/suspicious countries", but for all countries. Even those allied with the US.
    • "Foreign airlines flying to US destinations have had to turn over their passenger manifests, incl. credit-card details and special food requirements ("No pork means....") to US authorities for months now."

      Not entirely true. Some airlines are complying, but some are refusing and so far landing permission has yet to be denied. The EU is currently kicking up a stink about this violating EU law on data protection.

      I'm quite amused that they think that a suicidal terrorist might want a halal meal on the pla
      • I'm quite amused that they think that a suicidal terrorist might want a halal meal on the plane.

        Indeed, remember the letter that the hijackers left behind? It told them to blend in, so that sort of shit would probably not come up.

        This whole deal is just creating a false sense of safety -- in the public and in the minds of the idiot bureaucrats. 9-11 was a one shot idea, if it worked, they got away with it and there was no way it could be repeated. Thanks to the idiocy of the Bush Administration, it worke
  • by Anonymous Coward on Thursday September 18, 2003 @04:13AM (#6992479)
    Top secret fact! CAPPS is actually only based on whether you have any medical history of any kind.

    The data includes your SSN and dates of service for medical conditions and general location. Thats it.

    All this fluff that is being studied by the document the contractor did is not what the FBI uses.

    Basically... you need to create a fake limited medical history in the major databases sold by blue cross and others for favors to the gov.

    If you have a valid passport and credit card adn back acct but absolutely no medical history tied to your SSN then you are flagged for SSSS sec line treatment.

    Its that goddamned simple.

    MEDICAL HISTORY this limited 5 million record jetblue database is nothing but the tip of the iceberg.

    The us thought of everything but the only thing that works best is medical histories. Any history at all is "clean" and no history is suspect.

    BTW : the 19 saudi nationals had no us insurance based medical histories... but then again they had other signifying traits that were indicative of being a foreigner.

    I wonder why no one gets the mediacl history angle.

    its 90% of the weight of CAPS II profle.

  • the proposed government system to prevent terrorism by color-coding airline passengers according to their risk level will be tested using old passenger itineraries from JetBlue

    Ok, so no JetBlue planes were hijacked in recent memory (ever?) so, by extrapolating the data from that, the people who should be colored GREEN (no threat) are.... everyone.
  • as terrorists are likely to be using fake data themselves!
  • by clambake (37702) on Thursday September 18, 2003 @05:09AM (#6992600) Homepage
    You are ignorant. I'm not being rude, I'm being honest. Profiling is less secure then random sampling. It's mathematical FACT.

    The reason it is less secure is because it's hackable. By that I mean, if you can reverse engineer the algorithm they use to determine who is to be searched, you can break it. All you would have to do is go a few hours early for your next flight with a pen a paper and sit in front of the gate. As you sit there you tally who gets searched (what do they look like, what are they wearing, etc.) and who doesn't. Do that for a month and you now have all the data you need to find the "perfect" terrorist.

    For example, if you see that white teenage girls almost never get searched, then your next recruit will be a naive white girl you meet at a sorority mixer. She'll bring in the weapons for you and boom, you have your next terrorist attack, and it's much less probable that you'll get caught.

    A random sample, even despite the 12 year olds and grandmothers, is inherantly more secure becuase you can't find a way to guarantee that you won't be searched with the right racial candidate. It is impossible to reverse engineer.
    • An Irish terrorist found a dim English girlfriend some years back.
      • by clambake (37702) on Thursday September 18, 2003 @05:46AM (#6992715) Homepage
        And, your dupe doesn't even really have to aware that he/she is involved in a terrorist act. The real red-flag guy can walk on the plane with no bags whatsoever to search, and just grab the real goods out of the dupe's bags (secretly stashed in the handle of the bag she "won" along with her free trip to Hawaii from the "radio station" last week (pre set up, of course) when he/she goes to the rest-room.
  • What kind of information do they really have that they could abuse? I'm thinking all they know is my name and adress, my travel history, cc number and any special diet I may have?

    So if I have a record of flying to "rouge" states every now and then, plus I don't eat pork I'm guessing I get the "red" or whatever color means I'll get a plastic fork whereas John next to me gets the tiny metal fork (both which are still inferior to a shoelace for hijacking a plane).

    But this kind of information is already use

  • The data was "the proposed government system to prevent terrorism by color-coding airline passengers according to their risk level will be tested using old passenger itineraries from JetBlue..."

    How can this possibly be "tested?" Were any people now known to be terrorists flying on JetBlue during that time period? If not, how does anyone know whether the high-risk coding was valid?

  • by morcheeba (260908) on Thursday September 18, 2003 @08:57AM (#6993469) Journal
    Using past data to predict future events has always been a tricky situation, but the more dangerous trap is beleiving that if your model works with a set of past-data, that it is good. An excellent comparison is the stock market and people who try to predict it - sure, you can do a super-duper model that fits well with the data that fed it, but it ultimately fails when handed new data. If it worked, there would be a whole lot of very rich people out there.

    Stock market modeling seems like it would be much easier: you've got daily data on every single company going back 100 years, plus a whole lot more detailed financial information than you could ever get out of passengers (what's your book-to-bill ratio?). To top it off, performance can be measured in one absolute indisputable figure - profit - that is an attribute of most companies, whereas security has a fuzzy performance measurement(*) and few examples of what officials are looking for.

    Another thing that concerns me is that, AFAIK, the jet blue travel database contains precisely zero hijackings, so it seems to me that -- according to any possible model that could be generated -- the old system worked perfectly and could not be improved. Nail-clipper weilding maniacs, sure - plenty of those, but no actual hijackers.

    (* Pop quiz. Who killed more people, 9/11 or the airline "security" procedures that followed? If you added the expected life expencties of the people who died that day and got an hour number, that number is on the same order of magnatude of the extra time wasted in airports every year)
  • On sort of a non-outraged point, how do you backtest data when there are no positives? Were there serious security incidents on JetBlue that I didn't hear about? If there weren't, wouldn't you then just have to classify all people with the characteristics of those 5 million flyers as 'safe'?

    But, then again, stats was never my strong point.
  • by Bruha (412869) on Thursday September 18, 2003 @09:58AM (#6994045) Homepage Journal
    I recently took a flight the other day and the passenger before me with his laptop only had to open the bag and show it to him. They however made me take off my shoes, open my case and take my laptop out and used a pair of forceips to wipe some sort of cloth around my laptop. Even over the screen which I was none too happy with.

    Who's to say that they have not already started testing this system on actual travelers.

    Also international travelers will not have any sort of credit profile so WHY do they have to include OURS as part of the system. It makes me sick how it's acceptible to discriminate on people becuase of poor credit.

    As an example I have a score right above 650 but am currently a State Farm customer for my Truck's insurance. I decided to shop around to see if there were alternatives that were cheaper.

    Geico and Progressive both quoted double my current premiums. When I asked a manager of the similarities at Progressive he responded both companies set your rates based in part on your credit profile. I asked what difference does it make on my driving and he said people with poor credit tend to drive worse.

    I'd say that's bull since I know people that are well off and they drive like a bat out of hell. I had though that by being a responsible driver I would be rewarded but that's obviously not the case.

    The point here is that credit ratings have nothing to do with how dangerous people are. I would question the Unibomber's credit rating if he had one at that time and what it really was.

    I'm also sure that Tim McVeigh had good credit also.
  • by swb (14022) on Thursday September 18, 2003 @10:03AM (#6994095)
    If you thought misleading or incorrect credit information was hard to change, just wait until the credit people and insurance people get ahold of our "security color coding information" and start using it to alter^H^H^H^H^Hjack up our rates.

    There's already been a flap in Minnesota about insurance companies using credit scores to influence auto insurance; they claim a correlation, which is probably there, but someone wisely called "bullshit" and took them to task for using criteria other than someone's actual driving record.

    Further ironies abound, since those of us who don't carry a lot of debt and pay of our credit early get reduced credit scores -- and I thought responsibility was rewarded! (Yes, I'm aware that those of us that pay off early fubar the economic plans and machinations of the credit industry, since they plan to make all that interest income off of me).

    But just wait until you apply for a loan and find out your interest rate is sky high or your insurance has gone through the roof because you're mistakenly labeled a "security threat". I've already read plenty of horror stories about people that couldn't fly and who spent months fighting the national insecurity apparatus trying to understand why they were considered risks and getting it changed.

    I used to think that the foil hat crowd was a little off the deep end with most of their complaints about the collection of information, but now I'm starting to agree -- its gone too far, there are no controls, and its clear that Bu$h and A$hcroft have no compunction about giving this information away to their corporate allies.
  • by imnoteddy (568836) on Thursday September 18, 2003 @10:59AM (#6994600)
    JetBlue has admitted it according to this article [wired.com].

    Quoting:

    JetBlue Airways confirmed on Thursday that in September 2002, it provided 5 million passenger itineraries to a defense contractor for proof-of-concept testing of a Pentagon project unrelated to airline security -- with help from the Transportation Security Administration.

    The contractor, Torch Concepts, then augmented that data with Social Security numbers and other sensitive personal information, including income level, to develop what looks to be a study of whether passenger-profiling systems such as CAPPS II are feasible.

    Note that JetBlue has a privacy policy [jetblue.com] on their website that includes this statement:

    The financial and personal information collected on this site is not shared with any third parties, and is protected by secure servers.

  • by ninejaguar (517729) on Thursday September 18, 2003 @11:36AM (#6995013)
    Due to the permament tan I carry, the last couple of years travelling by plane have been rather trying. This article doesn't improve my opinion on the next couple of years. While the government and quasi-governmental agencies control the fastest and most convenient method of travel long distances, they exert unacceptable control over the citizenry.

    Maybe, it's time for an alternative [moller.com]?

    = 9J =

  • by Anonymous Coward on Thursday September 18, 2003 @07:20PM (#6999110)
    OK, I wrote a letter to David Neeleman and recieved this in response. I thought it was a nice gesture, and personally I like JetBlue. Every airline has its weakness' - most don't make a big fuck up like this though.

    CUT CUT CUT

    Thank you for writing to me so that I have an opportunity to apologize
    to you personally and set the record straight.

    Most importantly, JetBlue has never supplied, nor will supply, customer
    information to the Transportation Security Administration, or any
    government agency, unless we are required to do so by law -- not for
    CAPPS II or for any other purposes, whatsoever.

    However, I regret that, more than a year ago, we responded to an
    exceptional request from the Department of Defense to assist their
    contractor, Torch Concepts, with a project regarding military base
    security. This project had no connection with aviation security or the
    CAPPS II program and no data files were ever shared with the Department
    of Defense or any other government agency or contractor.

    We provided limited historical customer data including names, addresses
    and phone numbers. It DID NOT include personal financial information,
    credit card information, or social security numbers.

    Torch further developed this information into a presentation, without
    JetBlue's knowledge, for a Department of Homeland Security symposium.
    We regret that this presentation included the personal information of
    one customer -- although the customer's name was not used. Again, we
    had no knowledge of this presentation until two days ago and we were
    deeply dismayed to learn of it.

    The sole set of data in Torch's possession has been destroyed; no
    government agency ever had access to it. With Torch's help, we are
    continuing to make every effort to have the Torch presentation with the
    one customer's information removed from the internet.

    This was a mistake on our part and I know you and many of our customers
    feel betrayed by it. We deeply regret that this happened and have taken
    steps to fix the situation and make sure that it never happens again.

    I am saddened that we have shaken your faith in JetBlue but I assure you
    personally that we are committed to making this right.

    Sincerely,

    David Neeleman

    Chief Executive Officer

"I have just one word for you, my boy...plastics." - from "The Graduate"

Working...