Delta Airlines still doesn't like to talk about CAPPS II [priv]

[Declan McCullagh <declan () well com>]

---

Date: Mon, 17 Nov 2003 09:22:56 -0800 (PST)
From: M Grossmann <m_w_grossmann () yahoo com>
Subject: CAPPS II: Delta doesn't like to talk about it
To: declan () well com
MIME-Version: 1.0

Declan,

In case anyone is wondering, Delta is still playing
along, and they don't like to talk about it. Here's my
mail thread with their "customer care" department
(personal information edited out). I can forward the
original thread if you want to ensure this is verbatim
text.

Their mail response time is similar to their on-time
departures, except that they can't push E-Mail two
feet back from the gate, wait on the tarmac for 45
minutes and claim on-time departure.

Flying other airlines is about 40% more expensive,
considerably less convenient, and doesn't allow me to
use my various Medallion awards, including business
check-in, seat upgrades and increased mileage bonuses.
My privacy and dignity are worth it.

The site www.boycottdelta.com was helpful in preparing
my letters to them.

Cheers,
M W Grossmann

#######

Date: Sun, 16 Nov 2003 22:40:52 -0500
To: "M Grossmann" <m_w_grossmann () yahoo com>
Subject: Re: Re: Re: Other - Current or Future
(KMM5134796V39305L0KM)
From: "Customer Care" <Customer-Care () delta com> | Add
to Address Book


Dear Mr. Grossmann,

This will acknowledge your additional comments
concerning the Computer
Assisted Passenger Pre-Screening System II (CAPPS II).

CAPPS II is not a Delta product, but rather a federal
government
program administered by the Transportation Security
Administration
(TSA) as a result of the heightened threat of
terrorism to our country.
 Delta was selected by the TSA to participate in
tests, during the
pilot phase of the program, and we are sorry you
disapprove.  Our
primary concern is to ensure that our customers and
crew are provided
with a safe and reliable transportation network.

As previously indicated, you may direct your inquiries
to the TSA by
calling their Consumer Response Center at
1-866-289-9673.

Thank you for the opportunity to offer our final
comments.

Sincerely,

Cliff Sanders
Online Customer Support Desk
http://www.delta.com


Original Message Follows:
------------------------
Once again, you have failed to answer the questions I
raised. You have also continued to send me canned
responses
(http://algorhythm.org/archives/2003/03/08/delta_and_capps_ii.html).

CAPPS II is a program PROPOSAL in which only Delta has
taken part, other airlines seemingly realising both
the uselessness of it and the extreme violations of
their customers' privacy, customers they can
ill-afford to lose. The TSA has not given Delta any
CAPPS II orders to implement the proposal; they can't.
The TSA can't order any airline to test or implement
CAPPS II until 30 days after the comment and
rulemaking process is completed.
As an MIT study has shown
(http://www.swiss.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm),

CAPPS II is not only easily defeated but actually
makes terrorist activities easier, because once you
have green-lighted a passenger, he can move with
relative impunity.

> Delta is not running credit or background checks on
> customers.
This is not true, since CAPPS II *requires* background
checks on all airline passengers when they book a
ticket, including checking credit reports, banking and
criminal records. Delta has publicly stated it is
implementing the full CAPPS-II program in (at least)
three airports. Nobody has said *how* any of this
information will be used to spot terrorists, but many
have explained how intrusive and insecure storing such
information *FOR UP TO FIFTY YEARS* is. Since ATL and
JFK are Delta's primary international gateways, it's a
fair assumption that Delta has implemented CAPPS II in
at least one of these airports.

I've been the victim of identity theft already, and
that despite my work in computer security and my
having safeguarded all personal information, from my
SSN to my mother's maiden name, which I never give out
but substitute with a secret word. I'm paid to find
security holes, among other things, and I've never
found software I couldn't break, save for the BSD-fork
UNIX and Linux kernels. The CAPPS II program alone
threatens to undermine any personal security, simply
with a consolidated database which has no oversight
and ha not been opened for public critical review.
"Security through obscurity" has never been effective
and never will be.

The first thing one learns in the most basic First Aid
course is that it is NOT better to do "something"
rather than nothing. The post-9/11 reactions have not
made flights the slightest bit safer, but they have
resulted in angered and alienated passengers,
resulting in continually decreasing numbers of air
travelers -- passengers who are tired of being treated
as criminals.

I have been forced to wait until 1700GMT Monday,
17NOV03 to book my tickets. I have seen that I would
save at least $700 by flying with Delta, based on my
expected schedule, in addition to being able to use my
upgrades. However, my privacy, my security and my
dignity are worth considerably more than $700.
I will only fly with Delta ? in full expectation of
often surly service and condescending FA blabbering --
with the following information:

1)      A list specifying exactly what data concerning me
are stored by Delta;
2)      A list specifying exactly what data concerning me
are shared;
3)      A list specifying with whom any data concerning me
are shared;
4)      A list specifying how long any data concerning me
are stored, both with Delta and any third party;
5)      An acknowledgement that my credit record will not
be accessed in any way, not even to see if I indeed
have one;
6)      An acknowledgement that my bank records will not be
accessed in any way, not even to see if I indeed have
any;
7)      An agreement to pay US$5,000,000 (five million
dollars US funds) within three months of discovery
should I find that Delta did, in fact, access, store
and/or share information about me it has said through
its agents that it would not.

While I understand point 7 may seem a bit excessive,
if Delta is truly not accessing, storing or sharing
such information, then Delta could promise ten billion
dollars for this point and it would still be moot.

For the record, Lufthansa, USAir, Northwest and
British Airways have already provided such
acknowledgement that they are not taking part in
CAPPS-II and that they are not attempting to access
any personal records, contact any third party about
me, and are not sharing any personal information about
me with any third party.

Please don't waste my time with another cut-and-paste
response. Either answer my questions or respond with
"We have nothing further to say on the matter" and
consider me a "former passenger". You can also reach
me by telephone at +xx xxxxxxxxxx.

Sincerely,
M W Grossmann (DL FF# xxxxxxxxxx)

--- Customer Care <Customer-Care () delta com> wrote:
> Dear Mr. Grossmann,
>
> Thank you for your e-mail to Delta Air Lines.
>
> CAPPS II is a federal program administered by the
> Transportation
> Security Administration (TSA) as a result of the
> heightened threat of
> terrorism to our country. Delta's role in the CAPPS
> II program will be
> limited to providing data to the TSA that Delta
> already collects from
> passengers as part of our normal reservations and
> ticketing process.
>
> Delta is not running credit or background checks on
> customers. The
> security of Delta's passengers and safeguarding
> passenger information
> remains a top priority.
>
> You may direct any additional questions to the TSA's
> Consumer Response
> Center at 1 (866) 289-9673.
>
> Sincerely,
>
> Heide Starr
> Online Customer Support Desk
> http://www.delta.com
>
>
> Original Message Follows:
> ------------------------
> Dear Ms. Happel,
>
> You have utterly failed to answer all but the first
> question I raised. Because the costs of tickets
> increase daily as the dates of my flights approach,
> I am in a rush to purchase them.
>
> CAPPS II is not a requirement but rather a poorly
> thought-out program *proposal* hastily
> thrown-together
> in a knee-jerk reaction to 9/11. It is beyond
> intrusive, and Delta's previous statements to the
> effect of contacting credit bureaus have, to the
> best of my knowledge, not been rescinded.
>
> Contacting credit bureaus provides not one iota of
> additional "security", and does this at the cost of
> the passenger's credit record, which is damaged by
> constant accesses.
>
> Because I have flown Delta for so long, and because
> Delta is the most convenient for my travel, I am
> willing to wait until the end of business today
> (Thursday) for a response which clearly answers the
> rest of my concerns to my satisfaction (see below).
> At stake are the following tickets, which I will
> otherwise book with airlines that show a little more
> respect for my privacy and dignity (dates
> approximate):
>
> 08DEC-11JAN: xxx-xxx
> 09DEC:       xxx-xxx
> 10DEC-24DEC: xxx-xxx (or other nearby airports such
> as xxx, xxx, xxx)
> 21DEC-24DEC: xxx-xxx
> 22DEC-23DEC: xxx-xxx (possible)
> 03 JAN:      xxx-xxx
> 04JAN-09JAN: xxx-xxx
>
> Even with discounts and early purchase, this is
> easily
> $2000 in tickets. I look forward to your response so
> that I can book my travel. I can be contacted by
> telephone at +xx xxxxxxxxxx (Germany).
>
> Sincerely,
> M W Grossmann
>
>
>
> --- Customer Care <Customer-Care () delta com> wrote:
> > Dear Mr. Grossmann,
> >
> > Thank you for your e-mail to Delta Air Lines.
> >
> > At check-in all passengers age 18 and over must
> > present positive
> > identification.  Accepted ID is:
> >
> > 1. One form of unexpired and valid photo ID issued
> > by a local/state or
> > federal government agency (ie: drivers
> > license/passport/military ID)
> >
> > -or-
> >
> > 2. Two forms of unexpired and valid non-photo ID
> one
> > of which must have
> > been issued by a local/state or federal government
> > agency (ie: birth
> > certificate/ voters registration/ medicare card/
> > social security card)
> >
> > Note: passengers without proper ID may be denied
> > boarding.
> >
> > Thank you for your inquiry regarding the Computer
> > Assisted Passenger
> > Pre-Screening System II (CAPPS II). Your concerns
> > about privacy are
> > certainly understandable.
> >
> > As noted by the Transportation Security
> > Administration in a recent news
> > release, CAPPS II is an enhanced system to confirm
> > the identities of
> > passengers, and to identify foreign terrorists or
> > persons with
> > terrorist connections, before they can board a
> U.S.
> > aircraft. The
> > carefully limited system is being developed, in
> > compliance with the
> > Aviation and Transportation Security Act, which
> > Congress passed in
> > response to the terrorist attacks on September 11,
> > 2001.
> >
> > Delta, as well as every US commercial carrier,
> will
> > be limited to
> > providing data to the TSA that all airlines
> collect
> > from passengers as
> > part of the normal reservations and ticketing
> > process.  As TSA news
> > releases indicate, the TSA asked Delta to provide
> > assistance during the
> > early development of the system's infrastructure,
> to
> > be certain that
> > the TSA can obtain the necessary passenger
> > reservations and ticketing
> > data from airlines.  Delta has no role in
> directing
> > or supervising the
> > CAPPS II program, nor is it conducting any sort of
> > background checks on
> > behalf of the TSA.  The security of Delta's
> > passengers and safeguarding
> > passenger information, remains a top priority.
> >
> > Although we cannot comment further, you may direct
> > your questions to
> > the TSA by calling their Consumer Response Center
> at
> > 1-866-289-9673.
> >
> > We appreciate your interest in Delta Air Lines.
> >
> > Sincerely,
> >
> > Patricia Happel
> > Online Customer Support Desk
> > http://www.delta.com
> >
> >
> > Original Message Follows:
> > ------------------------
> >
> > Name           : Mr M W Grossmann
> > Email Address  : m_w_grossmann () yahoo com
> > SkyMiles Number: 2042643623
> >
> > Comments:
> > I am booking tickets today for flights in December
> > and January. Before I
> > book a ticket with Delta, I need the following
> > information:
> >
> > * type(s) of identification required at
> > check-in/boarding
> > * personal information kept on file besides name,
> > address and flight
> > history
> > * companies and agencies with which you share my
> > personal information
> > * whether Delta contacts credit agencies in any
> way
> > concerning PAX (the
> > dumbest idea ever, and one guaranteed to alienate
> > your frequent fliers
> > whose credit records you will destroy due to
> > repeated access)
> > what other "security measuers and policies" Delta
> > has in effect which
> > may affect my privacy
> >
> >
> > Your immediate response is necessary; I need to
book
> > my flights. Despite
> > the often surly flight attendants who are of the
> > opinion that having a
> > PA system demands the constant use of it in an
> > incredibly condescending
> > manner, Delta's schedules best fit mine.
> >
> > Sincerely,
> > M W Grossmann
> >
> > Would you like a reply to your e-mail? : yes

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)