egarrard
07-28-2004, 08:21 AM
http://www.securityfocus.com/columnists/257
A decision by a federal court in Minnesota may have profound repercussions for the ability of consumers and others to rely upon promises of security and privacy made on corporate or governmental websites -- and that's just for starters.
On June 21, 2004, the United States Senate Governmental Affairs Committee was told that a number of U.S. airlines had routinely collected data about travelers on their flights. This information included dates of travel, origin and destination, credit card and payment data, seat preference, and even whether they wanted a kosher, low-fat, vegetarian, or Atkins-friendly meal on the flight.
You see, Northwest customers sued the airline for revealing their data, and on June 6th, 2004, U.S. District Judge Paul Magnuson, in Northwest's home turf of Minnesota, dismissed the case (PDF) without a trial. First, the court held that when the U.S. Congress deregulated the airline industry, it didn't want the states to tell the airlines what to do, and prohibited states from passing laws related to the "service of an air carrier." Thus, if an airline commits fraud, deception, larceny, theft, invasion of privacy, or any other civil or criminal wrong, the state can't prosecute the airline under ordinary consumer protection or theft laws (or torts) that would apply to other entities. The airlines as an industry are free to deceive without fear of accountability under state law.
A decision by a federal court in Minnesota may have profound repercussions for the ability of consumers and others to rely upon promises of security and privacy made on corporate or governmental websites -- and that's just for starters.
On June 21, 2004, the United States Senate Governmental Affairs Committee was told that a number of U.S. airlines had routinely collected data about travelers on their flights. This information included dates of travel, origin and destination, credit card and payment data, seat preference, and even whether they wanted a kosher, low-fat, vegetarian, or Atkins-friendly meal on the flight.
You see, Northwest customers sued the airline for revealing their data, and on June 6th, 2004, U.S. District Judge Paul Magnuson, in Northwest's home turf of Minnesota, dismissed the case (PDF) without a trial. First, the court held that when the U.S. Congress deregulated the airline industry, it didn't want the states to tell the airlines what to do, and prohibited states from passing laws related to the "service of an air carrier." Thus, if an airline commits fraud, deception, larceny, theft, invasion of privacy, or any other civil or criminal wrong, the state can't prosecute the airline under ordinary consumer protection or theft laws (or torts) that would apply to other entities. The airlines as an industry are free to deceive without fear of accountability under state law.