2004 05 01 NYT Airlines Gave F.B.I. Millions of Records on Travelers After 9/11 – New York Times
Airlines Gave F.B.I. Millions of Records on Travelers After 9/11
In the days after the Sept. 11 terrorist attacks in 2001, the nation’s largest airlines, including American, United and Northwest, turned over millions of passenger records to the Federal Bureau of Investigation, airline and law enforcement officials acknowledged Friday.
A senior official with the F.B.I. said the airlines cooperated willingly. Some, like Northwest, provided as much as a year’s worth of passenger records, which typically include names, addresses, travel destinations and credit card numbers.
”There was no reluctance on the part of anybody,” added the senior F.B.I. official, who said that bureau rules required him to speak anonymously.
The official said the requests were made under the bureau’s general legal authority to investigate crimes and that the requests were accompanied by subpoena, not because that was required by law or because the bureau expected resistance from the airlines, but as a ”course of business” to ensure that all proper procedures were followed.
Airline industry officials said they could not remember another such sweeping request. In the past, airlines have routinely provided data to the F.B.I., but typically requests concerned the passengers on a single flight, or the travel patterns of an individual passenger.
”It was an extraordinary event,” the bureau official said. ”People wanted to cooperate with the F.B.I. because of the events that had just occurred — and particularly the airlines, because airplanes were the tool by which the attacks were carried out.”
The F.B.I. official said that the purpose of the data dragnet was to detect attacks in the making through patterns in the travel records.
”They developed a model of what these hijackers were doing,” he said, ”and went back and looked, based on that model, to see if we could find associates, conspirators or other groups out there, particularly in the time immediately following 9/11.”
There is no indication that the passenger data produced any significant evidence about the plot or the hijackers, the F.B.I. official said.
The sharing of airline passenger data with the government has sparked some of the most contentious conflicts underlying the uneasy balance between privacy and security in the post-Sept. 11 world. Three airlines, Northwest, American and JetBlue, have acknowledged sharing weeks or months’ worth of data with government researchers or contractors as part of an effort to help develop new methods to spot terrorists.
But the disclosure that airlines had handed over such an enormous trove of data directly to government criminal investigators, 6,000 CD-ROM’s full of digital records from Northwest alone, raised red flags among privacy advocates, who played a role in uncovering the information transfer.
”It certainly takes the airline privacy issue to a new level, because it’s much more material than we’ve ever seen disclosed,” said David Sobel, the general counsel for the Electronic Privacy Information Center, a high-tech policy and advocacy group in Washington.
The group discovered that airlines had handed over personal information through the results of a Freedom of Information Act request on a related matter.
”The F.B.I. has adopted a vacuum cleaner approach to investigations involving information on the lawful activities of millions of citizens,” Mr. Sobel said.
But a former privacy official for the Clinton administration, Peter Swire, said the request and the cooperation should be viewed in the context of the terror attacks and might qualify as the kind of ”hot pursuit” of criminals that temporarily gives law enforcement greater leeway.
”This is probably the tip of the iceberg of what companies gave the government right after Sept. 11,” said Mr. Swire, who is now a law professor at Ohio State University.
Tim Wagner, a spokesman for American Airlines, said the company ”cooperated fully” with the F.B.I. in the days and weeks after the attacks, in which it lost two planes.
United Airlines also responded to inquiries with a statement.
”United, committed to assisting the F.B.I. with its criminal investigation into the 9/11 terrorist attacks, complied with the government’s subpoenas for information following the events of 9/11. United provided the F.B.I. with information in a manner that is consistent with our corporate policy on privacy.”
Delta Air Lines, the nation’s third largest, declined to comment on whether it had given passenger records to federal investigators.
”We continue to cooperate with the government in ongoing security investigations,” a spokeswoman said, ”but we do not comment on the subject of those investigations.”
The first hint of the large-scale data hand over came in January during hearings of the 9/11 commission. Andrew Studdert, the former chief operating officer of United Airlines, testified that United set up extensive facilities for F.B.I. agents in its headquarters near Chicago and had made available ”thousands of pages of records.”
But that disclosure was overlooked because of dramatic testimony the same day from Gerard J. Arpey, American’s chief executive, who played a tape of a call from a flight attendant, Betty Ong, to a reservations center from aboard the hijacked Flight 11.
Some records, including financial information and health records, have strong privacy protection under federal and state laws, but the data in passenger records do not fall under the protected areas, the F.B.I. said.
The F.B.I. has not destroyed or returned the records and cannot legally do so, in case they fall under a legal discovery order in a criminal case. ”We didn’t want to retain the data ourselves,” the F.B.I. official said, adding that the data is not being used ”for any other investigative purpose.”
Last September, a privacy advocate uncovered evidence that JetBlue shared more than five million passenger records with a Pentagon contractor one year earlier. This year, Northwest acknowledged that it had given three months’ worth of 2001 passenger data to NASA’s Ames Research Center for a research project into passenger profiling. On April 9, American admitted that it, too, had quietly passed along passenger data to government contractors, as well.
Stewart Baker, an expert in privacy issues who was general counsel for the National Security Agency, said that the incident, because of the vast scale of the information given to the government, ”is clearly something that is going to be, at minimum, a public embarrassment.”
”Probably there will be litigation” against the airlines, he added.
But unless the companies directly violated their own privacy policies, he said, legal action against them by customers is unlikely to succeed. Most airline policies include a provision explaining that they have the right to comply with law enforcement requests without violating any privacy restrictions.