My letter to American Airlines ("Why did you ask for a dossier on my friends?"): http://craphound.com/aadossierletter.txt American Airlines' initial reply: ("We didn't plan on keeping it"): http://craphound.com/aadossierresponsereply.txt My followup to American Airlines: ("You aren't answering my questions"): http://craphound.com/aadossierresponse.txt American Airlines' reply: ("A deprecated agency requires our secrecy"): http://craphound.com/aadossierblamesthefaa.txt My reply to American airlines: ("Tell me more about this regulation, please"): http://craphound.com/aadossierwhatfaa.txt -- Cory Doctorow XXXX London, UK XXXXX doctorow@craphound.com +44.xxx.xxx.xxxx Tim Rhodes American Airlines Customer Relations P.O. Box 619612 MD 2400 DFW Airport, TX 75261-9612 April 10, 2005 Dear Mr Rhodes: Thank you for your letter of March 22. Unfortunately, you continue to raise more questions than you answer. In your letter of the 22nd, you say, "Federal Aviation Administration regulations prohibit us from discussing the details of security measures so as to avoid compromising the purpose and integrity of the process." This came as a surprise to me: I was under the impression that the FAA had basically ceded security administration to the TSA. Indeed, it was the TSA which the AA representatives at Gatwick cited when they asked me for a written dossier on my friends' names and addresses. It's good to hear that this is the FAA and not the TSA. However, I have never heard of an FAA regulation that prohibits airlines from sharing details of their security procedures with the public. Which leads me to ask: * What is the name, number or reference for this regulation, please? Further, many of the questions I raised in my letter of the 4th had nothing to do with sensitive security procedures, but rather with the inconsistencies in the accounts of my trip from Gatwick. Namely: * If this indeed was an isolated incident caused by a single screener's inadequate training, why did the screener's supervisor affirm that her request was both AA policy and an (unspecified) Transport Security Agency regulation? * What is the AA privacy and data-retention policy? British law requires that you have such a policy and that you make it available on demand, so I'm quite surprised that in our months-long correspondance you have not been able to produce it. * Is there a TSA regulation that requires you to gather this information? What is the number or name of that regulation and where can I get a copy of it? I was told by the screeners that there was such a regulation; now you tell me that a separate FAA rule forbids disclosure of security screening practices. Surely if you can disclose the existence of these rules, you can likewise disclose their names, numbers, references or text. Thank you for your continued attention in this matter: I look forward to a response that substantively addresses these very specific, non-security-sensitive questions. Thank you, Cory Doctorow AAdvantage Platinum Number: XXXXXX