Army Admits Using JetBlue Data
02:00 AM Sep. 23, 2003 PT
By Ryan Singel and Noah Shachtman
Millions of JetBlue passenger records were used in a military effort whose methods closely resemble those used in the notorious Terrorism Information Awareness überdatabase program, the Army confirmed Monday.
Last week, defense contractor Torch Concepts came under heavy scrutiny after Wired News revealed that the company had crunched fliers' private data without their knowledge.
On Monday, Army spokesman Maj. Gary Tallman said the information was used by Torch Concepts to test a prototype of a data-mining system designed to screen out terrorists who might want to infiltrate or attack Army bases worldwide.
Tallman emphasized that the Army itself never handled the raw passenger data and that it was interested in testing the pattern-matching technology, not accessing a list of JetBlue's customers.
It remains unclear whether the Army system for protecting military bases was put into effect, and if so, what kinds of data were used to detect terrorist attacks ahead of time.
According to a corporate press release from May 8, 2002, the Torch-built system would identify "abnormal events or activities that may include rebel actions before damaging events occur." To do this, the contractor would apply "intelligent pattern recognition in identifying latent relationships and behaviors that may help point to potential terrorist threats."
To privacy advocates, that sounds a lot like TIA's mission (PDF) of researching "data search and pattern recognition technologies ... based on the idea that terrorist planning activities or a likely terrorist attack could be uncovered by searching for indications of terrorist activities in vast quantities of transaction data."
"This looks and feels like the data Valdez," said Lee Tien of the Electronic Frontier Foundation.
"Look at how we found out about this, only because one company was foolish enough to speak publicly about it," Tien added. "We should put the brakes on all these data-mining programs, and have a serious national conversation, because travel data is just one example of the many kinds of data every data-mining operation wants to suck in from private businesses."
On Monday, the Electronic Privacy Information Center filed three Freedom of Information Act requests in an attempt to uncover how the government might have used JetBlue passenger data in the development of government databases.
Torch secured the job with the Army as a subcontractor to SRS Technologies, a company based in Newport Beach, California.
"Torch worked directly with the Army and had a specific mandate to ferret information out of data streams" to find the "abnormal behavior of secretive people," said Bart Edsall, who runs business development for SRS.
That's something SRS should know a thing or two about. The company bills itself as the "prime support contractor" for the Information Awareness Office of Darpa (Defense Advance Research Projects Agency) -- the Pentagon research division that spearheaded work on TIA.
SRS helped Darpa evaluate various technical proposals for TIA. The company also aided the agency in funding decisions related to the project.
Edsall denied that Torch had anything to do with these efforts.
Torch's corporate counsel, Richard Marsden, declined to comment.
Darpa's spokeswoman, Jan Walker, denied any connection between Darpa and the research involving the JetBlue passenger data.
"Torch Concepts does not hold a Darpa contract. They are not involved in any of our Information Awareness Office programs," she wrote in an e-mail.
JetBlue CEO and founder David Neeleman said on Sunday that the original request to help with the Torch study came from the Transportation Security Administration. The Army then verified for JetBlue that Torch was trustworthy.
"As far as we are concerned, the Army referred us to Torch," said Neeleman, who has been personally replying to irate customer's e-mails about the privacy breach by the discount airline.
But Neeleman said he was unaware of Torch's relationship as a subcontractor to SRS -- or to any other defense firm, for that matter.
He added, "I believe the data has been destroyed and I'm moving on."