Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« Hot Chat Gives Lazarus a Rise | Main | Quick Screenings »
August 03, 2005 | JetBlue Lawsuit Dismissed

I haven't kept up with the lawsuits filed against JetBlue et. al. for violations of their privacy policies even though I broke the initial secret data transfer story, but I did notice today that a New York City judge dismissed a class action lawsuit against the airline.

(I should note part of my laziness in following that news stems from a lack of conviction that automatic damages and huge lawsuits are always an appropriate remedy to privacy policy violations or security lapses.)

Some details of that can be found here in a vaguely accurate story by Martin H. Bosworth in ConsumerAffairs.com. (I think Bruce Schneier should have told more people he changed his name to Bill)

The saga of JetBlue secretly turning over its records to the government for an anti-terrorism data-mining study is mired in plot twists (such as the participation of the commercial data giant Acxiom) and acronyms, but everyone involved admits that JetBlue massively violated its stated privacy policy when it handed over its entire passenger database to a minor, Alabama-based defense contractor called Torch Technologies (née Torch Concepts) that was looking to cash in on post-9/11 anti-terrorism money.

So if class-action lawsuits can't go forward against a company that violated privacy promises made to 1.5 million people unless the plaintiffs can prove they were harmed, how should we enforce privacy policies?

The Federal Trade Commission?

Just today the FTC announced it had settled a case with Advertising.com, which the government caught secretly installed spyware on the computers of people who thought they were installing an anti-spyware application.

The company, which tried to scare users into installing its SpyBlast software through ads blaring that a customer's computer was broadcasting an IP address (the online equivalent of saying you are naked under your clothes), was not fined.

Instead, the FTC got Advertising.com, a company acquired by AOL for nearly a half a billion dollars, to agree to show future customers an end-user license agreement -- you know the other long legalese thing no one ever reads on their computer.

That's the same FTC that never made a move on JetBlue, perhaps because the company apologized and announced it had hired a big name accounting firm to audit its privacy practices.

The same FTC that didn't find out that JetBlue had also violated its privacy policies two other times by turning over passenger records to the government and its contractors.

That had to come out from sworn Senate testimony by Transportation Security Administration honcho David Stone.

The same FTC that never did anything after that revelation.

To this day, JetBlue has never admitted these other transfers occurred or that it lied in the aftermath of the original disclosure when company officials, including CEO David Neeleman, swore to me and dozens of other reporters, that the Torch transfer was a one-time mistake.

Now, I like flying in JetBlue's wide seats, eating their fine selection of snacks and watching Animal Cops re-runs at 32,000 ft.

But that doesn't mean they should get a pass on promises they make to their customers or false statements they make to the media.

Yet save for a short bit of intense media attention, the company has escaped closer scrutiny or any penalty.

So, I'm still wondering, who should be in charge of enforcing privacy policies?

Or should we just all admit that they are simply a corporate charade?

Let's be honest.

In reality, strongly-worded privacy polices don't mean anything since no one will enforce their terms.

And companies not interested in even tempting the FTC fates have their policies written by a team of overpaid mercenary lawyers so that anything that company does with your private info is legal, even though the fool who bothers to click through to read the policy mistakenly thinks the company has made a binding promise to them to treat their data well.

Posted by Ryan Singel at August 3, 2005 04:18 PM

 Trackback Pings

TrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/220

Post a comment

Ryan,

Martin Bosworth here from ConsumerAffairs. Thanks for the reference, and if there were any inaccuracies in the story, please let me know.

Oh, and if Schneier changed his name, someone needs to tell his blog, too. :)

Posted by: Martin Bosworth at August 10, 2005 11:32 AM
Powered by
Movable Type 3.2