St. Paul, Minn. — In December 2001, a team from the NASA Ames Research Center in California paid a visit to Northwest Airlines headquarters in the Twin Cities. In their presentation to the Northwest security manager, among others, they pitched their 25-year history of research for the airline industry, including the development of the "Aviation Safety Reporting System." Since 1975 the NASA system has collected information about airplane safety incidents and used them to spot future risks.
They hoped to develop a new program that did much the same thing with passengers -- an "Aviation Security Reporting System." Richard Bloom, director of Terrorism, Intelligence, and Security Studies at Embry Riddle Aeronautical University in Prescott, Arizona doesn't know the specific program, which may no longer exist. But he knows the concept.
It's about "developing profiling and threat assessment models," he says. "What kinds of information, what kind of models can be developed so we have the best idea possible of who may present the greatest threat to violating aviation security?"
NASA requested and received Northwest passenger data for the three summer months of 2001. The only evidence of its use is a dense paper called "Near Linear Time Detection of Distance-based Outliers." The paper concludes that the data is actually not much use for the particular technique they had in mind.
The Electronic Privacy Information Center says Northwest violated federal regulations, European law, and its own privacy guidelines by sharing the information without telling passengers. EPIC's lawyer, David Sobel, says the group is trying to get additional information from NASA to see if the Northwest data found other uses.
"It's not at all clear that that was the full extent of the use of the information or what it ended up contributing to in the way of research," Sobel says.
In a statement on Sunday, Northwest said the action was appropriate at the time, though it no longer shares such information. Northwest did not issue a direct response to EPIC's complaint.
Privacy and travel groups may be incensed, but some experts in aviation security say they don't see anything unusual or insidious. And they're surprised by the backlash against NASA and Northwest.
"In this instance I have to defend them, because it's really 'whoop-de-do,'" says Kathleen Sweet, a retired Air Force Colonel and author of two books on aviation security. She says Northwest was hardly out-of-line to think that cooperating with NASA research was appropriate. Sweet says airlines have intermittently shared the same information with government agencies for decades.
"This has been going on for years, and it's really data that is just so public in other means anyway," she says. "It's just the accumulation of it in a format that is usable to someone who knows what they're looking for, to find someone who is suspicious."
Sweet cites a federal information program called CAPPS I, and its revamped, post-9-11 successor, CAPPS II. The Transportation Security Administration hopes to roll out CAPPS II this summer.
Just because the program exists doesn't mean it's not controversial. Airlines have been reluctant to participate in testing CAPPS II -- New York-based jetBlue is facing lawsuits and an investigation after news of its participation leaked this summer.
But Richard Bloom of the Embry Riddle Aeronautical University says it's common knowledge in security circles that the government has access to names, addresses, itineraries, and credit card information.
"I certainly don't think Northwest or any other airline that could be involved has done anything amazingly unusual," Bloom says. "I think the whole thing could have been handled better, but what you're really dealing with are people who are trying to support aviation security and keep people safe."
Bloom and others say the big problem is not so much that passenger data wound up in government hands. It's that the public needs better information about just how active those hands are.