You may want to boycott JetBlue.
I thought the constant threat of thrombosis was reason enough.
Aww, fuck. And I liked those bastards and their cheap -- yet dismayingly evil -- airline.
along with boycotting, any helpful suggestions on how to ferret out potential terrorists sitting in the seat next to you?
crap. I really liked JetBlue. Consistently cheapest fares to where I go most, and a direct redeye to DC. I think it's too late to do anything affordable about the reservation I have next weekend...
Interesting, this decision will probably have increased negative stigma with the very target group JetBlue caters to, young and technically trendy/aware, compared with other groups (such as old and the non-technically trendy/aware).
I emailed JetBlue to inform them of my decision to boycott based on http://www.dontspyon.us/jetblue.html . They replied, basically, that the reports have been false. I forwarded this on to someone at dontspyon.us, who replied flat-out that they were lying and said that a "major smoking gun has been located and will come out tomorrow" (which is to say, September 17). In the meantime, I've asked JetBlue to explicitly refute the claims in the above URL. We'll see what they say. I'm interested in how all of this will play out.
I don't remember hearing about Delta Airlines boycotts when they were participating in CAPPS II. Why's that? Why now JetBlue?
According to that dontspyon.us URL, there was a Delta boycott when they participated in CAPPS II, but I never heard about it. Perhaps the JetBlue decision is just getting more press. This weblog and BoingBoing have both publicized it, which are two pretty big places for the news to appear. If Slashdot posts it, then I suspect JetBlue's goose is cooked.
You're seriously going to boycott an airline because of a short story on the Internet? Wow, I've never seen such a large room full of suckers.
Not just because of a short story on the Net. I've taken the time to contact JetBlue and verify the assertion of the boycotters. My mind is open until I get pretty reliable evidence.
Some guy: I don't have any links or independent sources to back up the story I published, but I'm going to count on the fact that people will believe that I am more likely to be somehow privvy to the meeting minutes of a top-secret, off-the-record, unverifiable TSA meeting than to be just another guy making things up on the internet.
The Internet: This guy really seems to know his stuff! Let's boycott!
Well, I may be one in a million here, but I don't think CAPPS II is as evil as eveyone is making it out to be. I've carefully read through Homeland Security's guidelines. (http://www.dhs.gov/interweb/assetlibrary/CAPPSII_PRIVACY_ACT.doc)
What exactly am I missing here? I have no problem giving airlines the information they request through CAPPS II. I have nothing to hide.
Huh. I emailed JetBlue to ask if it's true and I haven't gotten any response.
Brian, what alarms me about CAPPS II is not necessarily the information sought, but the fact that it's a private company that administers it, not the government. How do I know that company (Galileo) is not going to share its info about my travel and purchasing habits with other companies?
Brian, if it stopped there then it would be fine but governments don't always like to hold back. That said, the only thing that would keep me flying jetBlue is if they turned off the DirectTV. Nothing helps pass the time between Long Beach and NYC than television.
Joanna, I understand what you are saying. And your point is very valid. There is a provision in their guidelines about not sharing or retaining information. However, how do we know? Good point.
Greg, I've never flown JetBlue, but DirectTV? Being someone who is not crazy about flying, that would definitely be something that would entice me to hop on a plane.
joanna wrote How do I know that company (Galileo) is not going to share its info about my travel and purchasing habits with other companies?
You mean companies sell my information? It's a good thing I always pay cash for all my transactions. And I don't shop online. And I've never answered a questionaire or signed up for a mailing list. Come to think of it, I've never, ever received a telemarketing phone call.
Wired reported this yesterday: JetBlue Data to Fuel CAPPS Test
To its credit jetBlue has long opposed the brain-dead policy to arm pilots with gun instead opting to install stronger cockpit doors. Their planes are already equipped with cabin cameras that record every passenger as they board and what they do while in flight. Those tapes are kept in archives for an as yet undisclosed amount of time. All of their tickets are booked via their central database and web interface. They already have your name, phone no. credit card no. and all other information including travel patterns in their central database. Of all the airlines they are the most technically equipped to participate in any big brotheresque scheme in partnership with the government.
That said, they do offer very cheap fares in exchange for all that information.
Joanna et al.: I would be just as concerned about this if it were a private company as I would if it were the government. The point is that centralization is bad, all else being equal. Also, what security does CAPPS II buy us? Once you've taken away the passengers' weapons, and secured the cockpit doors, and put an air marshal on board, what more security do you get from profiling passengers? I can see the argument that CAPPS II will just help focus screeners' attention on the most likely suspects, but basic laws of probability suggest that the rate of false positives will be quite high. It's the standard question from elementary probability about a highly accurate test, in the sense that if you have a disease, the test will have a high probability of coming up positive. So if the test comes up positive, what is the probability that you have the disease? Quite low, assuming the disease is rare. The same applies to terrorism: assuming terrorists are rare, and assuming the probability model is highly accurate, the test will most likely return a high rate of false positives. That's even assuming the probability model is highly accurate, which we have little reason to believe it will be. And the people most likely to fake their IDs are terrorists. And once people know what the probability model is, they'll know how to spoof it. So the whole system depends on a probability model that stays secret. Yet there will be an enormous incentive -- if you're a terrorist -- to find out the model. The whole system is so contingent that it's likely a tremendous waste of money, as well as harming our civil liberties. (I blogged about this a few days ago, if you're interested.)
In re "Long Time Kottke Reader and jetBlue Flyer"'s statement that JetBlue "offer[s] very cheap fares in exchange for all that information": I've heard this argument before - namely, that people are willing to trade their privacy just like any other economic good. The trouble with this is that it gives the privacy advantage to the wealthy. The wealthy will trade their privacy away much less often than the poor, because the wealthy can afford to keep it. Fundamental liberties shouldn't be traded like commodities. I don't mean to set up a straw man, but would you trade away the Fourth Amendment for any amount of money? Should that question even be on the table? I put "trading privacy rights" in the same category.
I don't use a bank - they'd capture extensive information about my personal finances and spending habits, and could sell that information.
I don't have a credit card - they'd capture extensive information about my personal finances and spending habits, and could sell that information.
I don't have a telephone or cell phone - they'd capture extensive information about my personal finances and spending habits, and keep track of who I'm calling and when, my travel habits, and where I am when I'm making those calls (either at home or in a specific calling zone) and could sell that information.
I don't have power at my residence - they'd capture extensive information about my personal finances and energy use habits and could sell that information, or notify authorities if my energy consumption is conspicuously high - a la hydroponic basement plant growing.
I don't have water at my residence - they'd capture information about my personal finances and water usage habits and could sell that information.
I don't travel via airlines - they require proof of identity, my departure and destination cities, and are highly suspicious of my cash transactions. They'd capture extensive information about my travel and residence and could sell that information.
All these basic services typically require a customer name, phone number, address, and many times social security number. Those items are all anyone needs to get extensive information on any consumer. Said information is used as a commodity (yes, even your social security number). If you use any of those basic services, you've already traded your 'privacy rights.'
Any company is free to purchase and amass that information in their own database (ie: transunion, expedian, etc), unless you have specifically contacted each of those institutions and expressly forbid them to sell your personal information. In many instances, that company can still sell your information - when you became their customer you implicitly agreed to their service agreement which allows them to use your information however they see fit.
Specifically, what "private" information is being given up here that isn't already in use?
The CAPPSII use of that information may be flawed, but the so-called "private' information which some seem to think is so safely guarded has already been out there and in use for a long, long time.
It's one thing to give a number of separate companies information about yourself. It's quite another to give one company -- or one government -- all of this information. I let my credit-card company keep a record of my transactions, but privacy laws -- whose weakening I fight every step of the way -- forbid them from giving out a lot of that information. I object to government pen-register laws that don't require a warrant in order to see whom I've called and how long we talked. I object to the use of a Social Security Number as anything other than a device for obtaining Social Security benefits. I object to the use of a driver's license as a de facto domestic passport, or as anything other than a way for the police to make sure that safe drivers are on the road. Such misuse of identification makes centralization a lot easier.
This information may already be widely in use, but that doesn't mean it should be. I am fighting needless centralization every step of the way. And indeed it is needless: what possible security benefit does presenting your driver's license to board a plane bring to this country? I support Dan Gilmore's attempts to roll back this requirement, under the banner of a "right to anoynmous travel."
And no, I don't think that my personal information has been safeguarded well. If it had been, CAPPS II would be impossible to implement, because the diverse information sources wouldn't be so easy to aggregate.
I agree with Steve. It's not that I'm giving up any additional "private" information, but I do object to making the information that's already out there more readily available and transferable.
I'm also bothered by the fact that I can relatively easily check the privacy policies of websites I order from or my credit card companies, but the whole point of CAPPS II is that you can't find out exactly what information is being shared or how it's being evaluated. And as long as you want to travel on commercial airlines, there's no way to opt out of it; as opposed to my credit card company, which just sent me a form the other day which allows me to choose how much information about me they share and with whom.
Correction: I meant "John Gilmore," not "Dan Gilmore."
Brian, jetBlue provides 24 channels of DirectTV during the entire flight. They also give their headphones away for free and take your drink order every hour. It's like being in a mile high lounge.
Jut in case anyone's interested, here's the response I got back from JetBlue when I wrote them in protest:
We understand and regret the anxiety you feel concerning the CAPPS II program. Let us assure you, as air travelers ourselves, we share your concerns regarding customer privacy issues.
JetBlue respects and supports the important work of the Transportation Security Administration and, like other US carriers, we are proud to have a close working relationship with them. However, contrary to current reports, we have not entered into an agreement to implement the CAPPS II program with the TSA. Further, no JetBlue customer information has been provided for purposes of testing the CAPPS II program currently under design.
Thank you for the opportunity to clarify the speculation surrounding our ongoing work on improved security. We hope, in light of this
information, that you will have a change of heart, and choose to
continue to fly JetBlue Airways.
JetBlue Customer Commitment
Greg, too bad it doesn't have service in my area. Hopefully one day it will.
I've seen this elsewhere - JetBlue needs to send out a company press release denying involvement.
Bill Scannell has posted evidence that JetBlue was involved in earlier stages of CAPPS II. There's less-strong evidence about JetBlue's current involvement, but that link does call into question JetBlue's adherence to the truth.
Again, I've emailed JetBlue to ask them to specifically deny the charges contained in that URL. More specifically, Scannell linked to a document produced by Torch Technologies that suggests JetBlue's involvement in CAPPS II planning.
I'm not convinced, but I'm getting there. For those who doubted the reliability of this: many of us are doing our due diligence.
Steve L. - I don't know of any telecommunications company that doesn't require your social security number to open an account. Same goes for your credit card. And opening a bank account. And getting a loan. If you’re using those services and have given out your social security number, you’re haven’t [b]objected[/b], you’ve conceded (or maybe you’re just an average everyday consumer).
You stated: I let my credit-card company keep a record of my transactions, but privacy laws -- whose weakening I fight every step of the way -- forbid them from giving out a lot of that information. Exactly what part or parts of the information they collect are they forbidden to give out? And you let them keep a record of your transactions? Is there a credit card company out there that doesn’t keep a record of your transactions, or has an option that allows me to erase my transaction history? If there is, show me where to sign up (they’re probably the same cc company that doesn’t require your social security number to open an account).
Credit card companies may not sell information on the specific purchase you made when you bought that mp3 player at Best Buy. But they could certainly make a case for it if they wanted to. It is public information: the clerk knows what you bought, the store (and a number of its employees) know what you bought, your credit card company knows where and when you bought something, perhaps including the actual item, and anyone in the store who wanted to know what you were buying could have easily (and legally) followed you through the store to the checkout lane.
This is but a small example using one industry. I fail to see how CAPPS II’s aggregation of basically the same public data (that has already been combined in one form or another in a variety of private enterprises) is causing such a reaction merely because it is being used in a different fashion.
sorry - missed a closing [b] tag above...
Bob: I think the main difference for a lot of people is that CAPPS II is explicitly combining data from these disparate sources, where before it was just possible that they could be combined. Indeed, I wonder whether CAPPS II is a blessing for civil libertarians, because it finally shows many people what a lot of us have known all along: that it's easy to get all these databases in one place.
Credit-card data are not public, in the sense that what you do in a park is public. My understanding is that they may not sell individual CC transactions -- only statistical data. (Even the latter is rather risky: having worked with a statistics professor on confidentiality issues, I'm amazed at how much you can discern by combining a few matrices.)
Just because you choose to reveal bits of information in multiple places does not mean you consent to having those bits of information combined. Yes, an intelligent attacker could combine all of this rather easily; I don't dispute that. That's why a lot of us are trying to stanch the flow of our privacy, and end the practice of combining these sources of information. It's hard, and we'll probably lose. I don't dispute that.
I blogged about the other issues you raised today -- particularly SSNs being used by the bank. Needless to say, I object to this policy also.
Back on the topic of the JetBlue boycott, I've had a really positive conversation with the airline today over email. I'm going to go back and forth a few times between the accuser and JetBlue, and will publish the full conversation on my weblog once it's finished, if y'all are interested.
I'm a bottom-level JetBlue crewmember. I must say, this is the first I've heard of all of this. I believe the available information is too sketchy for me to make up my mind. Therefore, I am resolved to keep it open.
I love JetBlue, and I'm proud to wear the uniform and badge. To be honest, I find this highly unrepresentative of our values (Safety, Caring, Integrity, Fun, and Passion), particularly Caring and Integrity. I have no doubt the truth will come out, and it will not be as scary as some have made it out to be.
However, I would expect nothing less from DHS and TSA. It seems their policies have less to do with actual security than perceived security. Of course, I'm forbidden from discussing the topic further. Typical.
At this point, I feel I must plead with you. Please don't harass airport or reservations agents about this. We know only as much, if not less than you do. If I learn any new information, I will share it with you here. Thanks.
Blue skies and tailwinds,
CEO David Neeleman wrote me an email in response to the one I sent JetBlue. Until I see something more concrete against JetBlue's actions, what he said convinced me. I'd post it here but it's long. Here's the link to the post on my blog.
Yep, I got the same one -- four times, actually, because they just replied en masse to every email they got from anyone on the topic. Since I've had a fair bit of back and forth with them, their database software was a little overactive.
I too have been mostly convinced by what JetBlue has said. I forwarded Neeleman's response to the accuser, and absent any more compelling evidence I won't be boycotting JetBlue.
According to Wired News today, JetBlue isn't going to participate in CAPSII but did give 5 million passenger records (without passengers' permission) to, "to a defense contractor investigating national security issues." Article here: JetBlue 'Fesses Up, Quietly.
Handing over the records should not have been done and, when it did so, it should have been truthful.
Ok, Jet Blue - Goodbye.
Too bad, this is like Google, um, becoming non-Google.
I wish it was someone I would consider flying anyways, but at least I can still boycott Delta...
UPDATE: JetBlue Target of Inquiries by 2 Agencies -- Department of Homeland Defense and the Federal Trade Commission.
Plus EPIC is suing them.
A person never tells you anything until contradicted.
This thread is closed to new comments. Thanks to everyone who responded.
About + contact
You can follow kottke.org on Twitter, Facebook, Tumblr, Feedly, or RSS.
Hosting provided EngineHosting