Mustapha Rex
5th Jan 2008, 10:46
Etihad Airways when questioned about its privacy policies said it would not "entertain any further discussions", and failed to answer direct questions put to it.
Mathaba News has learnt that the Emirates government airline 'Etihad Airways' is in violation of the privacy standards required to ensure the security of its passengers.
The airline receives and forwards its passengers medical records via insecure Email and without solicitation, we can reveal.
Already passengers are advised to avoid bookings via several airlines, who have secure web sites for making bookings online, but which then forward all the travel details via insecure open email, without passengers being able to opt out.
Privacy and security conscious airlines such as Germany's international carrier Lufthansa, on the other hand, take great care to passengers privacy and therefore security.
It is well known that terrorists and criminals are easily able to obtain and copy email communications, as email is similar to a post card passing through post offices and postmens hands.
The breaches of privacy rights of passengers by airlines such as Etihad raise serious security concerns because of these issues, and documents viewed by Mathaba News show a clear disregard and failure to respond to passenger complaints and inquiries on this matter.
The airline industry itself has failed to self regulate itself on the issues of privacy and therefore of the security of its passengers who could be targeted or taken advantage of by business adversaries. As a result there is a clear call for international civil society organisations, privacy watchdogs and e-security bodies to draw up a list of airlines and larger travel agencies, and rate them according to their privacy policies and practices.
Correspondence with Etihad Airlines shows the airline evaded questions on these issues and replied to concerns raised by passengers by saying they would not "entertain any further discussions" on the matters raised. Passengers who have had to undergo medical checks on the request of the airline, also have their records forwarded unsolicited via open email.
Naturally passengers will need to draw their own conclusions about what the priorities of various airlines are, and choose their carriers accordingly. A good place to start would be an internet based service made available by privacy organisations such as Privacy International, that could present results of investigations into policies and practices of airlines.
There are several points at which passengers safety and security can be compromised by lax e-security, open communications, or the passing on of information via inappropriate channels and to those without a need to know: from the point of online booking, to the receipt of confirmations, and the conduct of correspondence and communications with passengers.
The Emirates currently also performs iris scans on passengers entering into the United Arab Emirates, and those scanned are not informed what is to be done with the data, how long it is to be preserved, which foreign agencies it is shared with, and what security guarantees, if any, are in place to prevent current or future abuse of data obtained.
Mathaba News has learnt that the Emirates government airline 'Etihad Airways' is in violation of the privacy standards required to ensure the security of its passengers.
The airline receives and forwards its passengers medical records via insecure Email and without solicitation, we can reveal.
Already passengers are advised to avoid bookings via several airlines, who have secure web sites for making bookings online, but which then forward all the travel details via insecure open email, without passengers being able to opt out.
Privacy and security conscious airlines such as Germany's international carrier Lufthansa, on the other hand, take great care to passengers privacy and therefore security.
It is well known that terrorists and criminals are easily able to obtain and copy email communications, as email is similar to a post card passing through post offices and postmens hands.
The breaches of privacy rights of passengers by airlines such as Etihad raise serious security concerns because of these issues, and documents viewed by Mathaba News show a clear disregard and failure to respond to passenger complaints and inquiries on this matter.
The airline industry itself has failed to self regulate itself on the issues of privacy and therefore of the security of its passengers who could be targeted or taken advantage of by business adversaries. As a result there is a clear call for international civil society organisations, privacy watchdogs and e-security bodies to draw up a list of airlines and larger travel agencies, and rate them according to their privacy policies and practices.
Correspondence with Etihad Airlines shows the airline evaded questions on these issues and replied to concerns raised by passengers by saying they would not "entertain any further discussions" on the matters raised. Passengers who have had to undergo medical checks on the request of the airline, also have their records forwarded unsolicited via open email.
Naturally passengers will need to draw their own conclusions about what the priorities of various airlines are, and choose their carriers accordingly. A good place to start would be an internet based service made available by privacy organisations such as Privacy International, that could present results of investigations into policies and practices of airlines.
There are several points at which passengers safety and security can be compromised by lax e-security, open communications, or the passing on of information via inappropriate channels and to those without a need to know: from the point of online booking, to the receipt of confirmations, and the conduct of correspondence and communications with passengers.
The Emirates currently also performs iris scans on passengers entering into the United Arab Emirates, and those scanned are not informed what is to be done with the data, how long it is to be preserved, which foreign agencies it is shared with, and what security guarantees, if any, are in place to prevent current or future abuse of data obtained.