Traveling down the road to exposure

By Scott Bradner

At first the news was astonishing: Sabre Group Holdings, the people who run the Sabre system that deals with airline and other reservations for a good chunk of the travel industry, announced they were going sell your travel plans. On July 6th, two days after Independence Day, PC Week on-line reported that Sabre was planning service by which their customers could find out were travelers were going even before they traveled. Sabre CEO Michael Durham was quoted as having said "Think about how much companies would pay for [the names of] people who have reservations to go to specific places at specific dates and times,"

Think of the advantages. You could be inundated with offers from tour guides, limousine companies, restaurants, streetwalkers, and purveyors of tickets to shows and concerts even before you leave your house. As one who travels far too much, I can hardly wait. By the way, no where in the PC Week article was the word privacy mentioned.

Two days later the Sabre Group issued a statement saying that they "do not sell passenger names or other private information without the consent of the passenger, and have no intention of doing so in the future." So there seems to have been some misunderstanding that led to the original story.

What makes me particularly sad is that the first report was so believable since plans of this type do fit right into the norm for US business. The privacy of the individual is seen as an impediment to normal business operations. This contrasts starkly with the efforts now underway in the European Union (EU). Starting in October 1998 new regulations come into effect which place very strong limits on just what businesses can do with data they collect on their customers. Many of the most routine operations of US banks in dealing with the credit cards they issue would be illegal under these regulations. Sabre's statement specifically notes that they comply with EU privacy regulations.

The US Government is now engaged in a series of discussions with the EU with the apparent goal of preserving the freedom of US corporations to do as they see fit in this area. Their hope is that the US corporations will see fit to do the right thing to protect the privacy of your data by publicly saying what they will do and sticking to it. The Idea is that if you do not like their policy you do not do business with them. That is easy to do in theory unless they provide your electricity or some other hard to duplicate service.

Our government has a number of quite good reasons to say that laws that require the protection of information privacy are not a panacea. But I will say that I'd sure like to be able to point the cops at a US-based corporation that violates my privacy, rather than hope that come private consortium will slap their hand.

disclaimer: Harvard has been suspicious of panaceas for a rather long time but the above wish for cops is my own opinion.