Joi Ito's Web

Joi Ito's conversation with the living web.

Donna Wentworth @ EFF Deep Links
Army Okays Computer Spying

JetBlue ignited a huge privacy scandal when the news broke that the airline secretly provided more than 5 million passenger records to Torch Concepts, a military contractor. Yet the Army Inspector General Agency concluded [PDF] that JetBlue did not violate the Privacy Act. The reason: Torch never looked up individuals by name, but instead used a computer to dig through and analyze their private information.

This is quite disturbing. I guess this means that taking massive amounts of data and crunching through them to create "profiles" is OK. I wonder how small the clusters can be? Can they, for instance, profile companies, race, occupation, address or other kind of groupings for profiling?

There was a case in Japan where the Japanese government kept a list of Freedom of Information Act requesters in a list on a network with their backgrounds and this was found to be "legal".

I don't know enough about the JetBlue case to make a judgment on just how bad I think it is, but it seems to be part of a larger trend pushing the limits of the law.


I wasn't able to follow the link to the PDF, but it reads to me like the issue might have been that the records were separated from their name identifiers before the actual crunching took place. This means that the information wasn't actually 'personal information' because there wasn't any person attached to it when they displayed it. They didn't actually know who the person they'd identified as a risk was. It was just an exercise. Now, this could be just a technicality because it might be possible to join the information together again to find out about individuals.

The real issue I see in the US is the availability of information through privately-owned databases like Acxiom. There are lots of controls on government information-collecting activities in the US, but almost no control over what private companies do. This makes the whole notion of privacy in the US a joke. The only people who have privacy in America are bums who have never had a bank account or dealt with a loan-shark. It's not a question of 'pushing the law'. There is basically no law in America to protect privacy.

The sort of racial or group profiling you mention is a no-no in American law, as far as I know. You can't go round arresting black people because you think they might be dealing drugs, or Asian people because they might be involved in triads. Not allowed.

It is worrisome to think how much information companies have on typical consumers. In "theory of justice" John Rawls thesis states that privacy is a necessity for a properly functioning democracy. If companies share info synchroneously, I could see a problem. More than ever people need to push corporations into becoming transparent. Everyone would benefit from that.