Northwest Airlines Gave NASA Personal Info on Millions of Passengers; Disclosure Violated Privacy Policy
FOR IMMEDIATE RELEASE
JANUARY 18, 2004WASHINGTON, DC -- Documents obtained by the Electronic Privacy Information Center (EPIC) reveal that Northwest Airlines, in clear violation of its stated privacy policy, provided the National Aeronautics and Space Administration (NASA) with personal data about millions of its passengers. The federal agency retained the information for almost two years, and returned it to the airline only after the public outcry that followed the revelation that JetBlue Airways had made similar disclosures of passenger data.
NASA documents released to EPIC under the Freedom of Information Act (FOIA) show that agency officials met with Northwest representatives in December 2001 to discuss NASA research, including passenger screening technology. Soon thereafter, NASA asked Northwest for "system-wide Northwest Airlines passenger data from July, August and September 2001" to be used in NASA's "research and development work." In September 2003, NASA returned to Northwest the CDs on which the passenger records were provided. A NASA researcher noted in an e-mail message to the airline that, "you may have heard about the problems that JetBlue is now having after providing passenger data for a project similar to ours."
The massive disclosure, which likely involved information about more than 10 million Northwest passengers, clearly violated the privacy policy posted on the airline's website. That policy assures passengers that they will be in "complete control of . . . the use of information [they] provide to Northwest Airlines." The airline further assures customers that it has "put in place safeguards to . . . prevent unauthorized access or disclosure" of the information it collects.
While it is unclear how NASA may have used the passenger information, the data formed the basis of NASA research contained in a published study. The agency continues to withhold an unspecified number of documents detailing its receipt and use of the personal data.
This week, EPIC will file suit against NASA to seek release of the withheld material. EPIC will also file a complaint with the Department of Transportation alleging that Northwest's disclosure constitutes an unfair and deceptive trade practice, and requesting a formal investigation.
"The airline industry has been at the center of several recent privacy controversies," said EPIC General Counsel David L. Sobel. "The improper disclosures of personal data all involve government efforts to 'screen' passengers for security risks. The security benefits of these efforts are questionable, and there is a great deal of skepticism within Congress and the general public." Noting the controversy that has surrounded the development of the Transportation Security Administration's CAPPS II screening project, Sobel added that, "These systems must be debated and designed openly. We've seen too many backdoor transfers of personal information that seek to avoid justifiable public opposition."
Northwest's disclosure is likely to fuel concerns about passenger data privacy that have long been expressed by the European Union. According to EPIC Staff Counsel Marcia Hofmann, "The Department of Transportation has previously assured the EU that airline privacy practices would be closely monitored. DOT's response to the complaint we will submit this week will be the first test of those assurances."
The recently obtained NASA documents are the result of EPIC's ongoing use of the FOIA to examine aviation security initiatives and associated privacy issues. Earlier requests and litigation forced the release of information detailing problems with TSA's "no-fly" list and the early role of John Poindexter's now-defunct Information Awareness Office in the development of the CAPPS II program.
NASA documents concerning the disclosure of Northwest passenger data are available at: