Data on 10m Northwest fliers handed to NASA for ‘testing’

And brainscans planned to nail shifty thinkers


Documents obtained by EPIC (Electronic Privacy Information Center) under the US Freedom of Information Act reveal that a second US airline, Northwest, handed over passenger data to the feds without the passengers' knowledge. The agency in question, NASA, was given data covering a three month period covering passengers travelling in July, August and September 2001, and held it for two years. EPIC estimates that there could be in excess of 10 million PNRs (Passenger Name Records) involved, on top of approximately a million that, it was revealed back in September, had been handed over by Jetblue.

One airline passing over data could have been an exception, but one of the major US airlines also doing so suggests there may be a pattern. The European Commission only recently agreed to airlines passing PNR data on EU citizens to the US, on the basis that there would be adequate safeguards on the use of that data, and it has also agreed to the data's use for 'testing' purposes, again because the US can be trusted. Well, as privacy class actions roll against the US airline industry, one does rather begin to wonder about that, and feels that Frits Bolkestein maybe ought to start wondering too.

Aside from the strong likelihood that any US airline involved in this and similar exercise is about to be dipped in ordure by outraged US passengers, and the (slight) possibility that the Commission will remember where it put its false teeth, or the (stronger) one that the European Parliament will toss the deal, the nature of NASA's activities are of interest.

EPIC, here, hosts a clutch of FOIA documents on the matter. The email correspondence is entertaining, particular as it slowly dawns on NASA that, Houston, we might have a privacy problem here, but take a look at the Northwest Airlines briefing presentation.

This shows that NASA was working on data mining, that this work had relevance to CAPPS follow-ups, and that it envisaged a system using biometrics to check both with a central database and to match the booked passenger with the flying passenger (page 12). So far, so fairly prosaic, but the requirement "must detect people who may pose a threat but are unknown" is a tricky one. So, what about "non-invasive neuro-electric sensors"? The NASA presentation says it is working on this interesting technology in collaboration with an unnamed commercial partner. Such a system, if deployed, would likely work in conjunction with data mining and biometric screening in order to kick up people who might be having suspicious thoughts, or seem suspiciously nervous.

That's the kind of notion that makes you suspiciously nervous just thinking about going to the airport - there goes your holiday, friend...

NASA has claimed that it terminated the research programme in late 2002 on the basis that data mining was not a viable line of investigation. However, it has denied EPIC the release of other records, on the basis that these are "inter-agency or intra-agency memorandums or letters which would not be available by law to a party other than an agency in litigation with the agency." So it's not currently clear how far this went, and what other agencies were involved.

The approach and objectives match those of CAPPS II and similar too closely for us to view this as an abandoned project. It must address privacy and Big Brother issues "to the extent possible", and it must recognise that some agencies may be unwilling to release sensitive data on known threats, but "they may be willing to do red-light/green-light processing on passenger biometric, UID or name."

This is recognisable as one of the ways the planned all-singing, all-dancing, all-surveying US systems of the future are intended to operate. All of the people with nothing to hide get checked out and green-lighted, hence they speed through the system (no, we don't believe this bit either). The feds can then concentrate on the amber and red lists, which we suspect will generate a whole new class of innocent but redlisted passengers who only fly when they're sufficiently desperate to face taking three days (or who knows, three years) to check in. ®

Related links:
Washington Post report of the Northwest disclosure
Commission agrees US access to EU citizen personal data
Congress threatens two hi-tech Gestapo programs


Other stories you might like

  • 'Prolific' NetWalker extortionist pleads guilty to ransomware charges
    Canadian stole $21.5m from dozens of companies worldwide

    A former Canadian government employee has pleaded guilty in a US court to several charges related to his involvement with the NetWalker ransomware gang.

    On Tuesday, 34-year-old Sebastien Vachon-Desjardins admitted he conspired to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer. 

    He also agreed to forfeit $21.5 million and 21 laptops, mobile phones, gaming consoles, and other devices, according to his plea agreement [PDF], which described Vachon-Desjardins as "one of the most prolific NetWalker Ransomware affiliates" responsible for extorting millions from dozens of companies worldwide.

    Continue reading
  • City-killing asteroid won't hit Earth in 2052 after all
    ESA ruins our day with some bad news

    An asteroid predicted to hit Earth in 2052 has, for now, been removed from the European Space Agency's list of rocks to be worried about.

    Asteroid 2021 QM1 was described by ESA as "the riskiest asteroid known to humankind," at least among asteroids discovered in the past year. QM1 was spotted in August 2021 by Arizona-based Mount Lemmon observatory, and additional observations only made its path appear more threatening.

    "We could see its future paths around the Sun, and in 2052 it could come dangerously close to Earth. The more the asteroid was observed, the greater that risk became," said ESA Head of Planetary Defense Richard Moissl. 

    Continue reading
  • Why Wi-Fi 6 and 6E will connect factories of the future
    Tech body pushes reliability, cost savings of next-gen wireless comms for IIoT – not a typo

    Wi-Fi 6 and 6E are being promoted as technologies for enabling industrial automation and the Industrial Internet of Things (IIoT) thanks to features that provide more reliable communications and reduced costs compared with wired network alternatives, at least according to the Wireless Broadband Alliance (WBA).

    The WBA’s Wi-Fi 6/6E for IIoT working group, led by Cisco, Deutsche Telekom, and Intel, has pulled together ideas on the future of networked devices in factories and written it all up in a “Wi-Fi 6/6E for Industrial IoT: Enabling Wi-Fi Determinism in an IoT World” manifesto.

    The detailed whitepaper makes the case that wireless communications has become the preferred way to network sensors as part of IIoT deployments because it's faster and cheaper than fiber or copper infrastructure. The alliance is a collection of technology companies and service providers that work together on developing standards, coming up with certifications and guidelines, advocating for stuff that they want, and so on.

    Continue reading
  • Intel demos multi-wavelength laser array integrated on silicon wafer
    Next stop – on-chip optical interconnects? Plus it's built with 300mm tech, meaning potential volume production

    Intel is claiming a significant advancement in its photonics research with an eight-wavelength laser array that is integrated on a silicon wafer, marking another step on the road to on-chip optical interconnects.

    This development from Intel Labs will enable the production of an optical source with the required performance for future high-volume applications, the chip giant claimed. These include co-packaged optics, where the optical components are combined in the same chip package as other components such as network switch silicon, and optical interconnects between processors.

    According to Intel Labs, its demonstration laser array was built on the company's well-established 300mm wafer manufacturing technology which is already used to make optical transceivers, paving the way for high-volume manufacturing in future. The eight-wavelength array uses distributed feedback (DFB) laser diodes, which apparently refers to the use of a periodically structured element or diffraction grating inside the laser to generate a single frequency output.

    Continue reading
  • Ex-Uber security chief accused of hushing database breach must face fraud charges
    Company execs and their lawyers are paying close attention to this one

    A US judge yesterday threw out an attempt to dismiss wire fraud charges against a former Uber employee accused of trying to cover up a computer crime.

    Former Uber security chief Joseph Sullivan is set to face criminal charges after US District Judge William Orrick yesterday [PDF] rejected his claim that prosecutors did not "adequately" allege that the goal of the claimed misrepresentation of the security breach was to get Uber's drivers to stay with the platform and continue paying service fees.

    In December last year, a federal grand jury handed down a superseding indictment adding wire fraud to the list of charges pending against Sullivan for his role in the alleged attempted cover-up of the 2016 security breach at Uber. The incident led to around 57 million user and driver records being stolen.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading
  • US seeks exascale systems 10 times faster than current state-of-the-art computers
    China claims to have 10 in the pipeline and may pull ahead in HPC arms race

    The US Department of Energy is looking to vendors that will help build supercomputers up to 10 times faster than the recently inaugurated Frontier exascale system to come on stream between 2025 and 2030, and even more powerful systems than that for the 2030s.

    These details were disclosed in a request for information (RFI) issued by the DoE for computing hardware and software vendors, system integrators and others to "assist the DoE national laboratories (labs) to plan, design, commission, and acquire the next generation of supercomputing systems in the 2025 to 2030 time frame."

    Vendors have until the end of July to respond.

    Continue reading

Biting the hand that feeds IT © 1998–2022