Surveillance in the Skies

Every so often, you come across a data security story that hits hard, that really stirs the ire.  A story where a company displays such contempt for the customer and their privacy that one can’t suppress the disgust.  Such is sadly what we’re seeing with Cathay Pacific, the Hong Kong airline.

In the aftermath of Cathay Pacific’s 2018 data breach, which exposed the personal information (including passports) of 9.4 million customers and passengers, Hong Kong regulators hit them with penalties designed to improve privacy practices and transparency about data sharing.

Judging by the new policy, Cathay Pacific appears to have learned a very wrong lesson from the ordeal.  Oh, it’s transparent alright: they make no effort to hide how little care they have for your personal information and your actual privacy.  Recording passengers in their seats through cameras, image collection aboard the planes and at airport gates, information about in-flight entertainment preferences, passenger hobbies and activities, travel itineraries; basically any and all bits of data you can imagine.  It’s all quite beautifully dystopian.  Or, as Cathay higher ups have said in the past, “about remaining competitive in the high-end VIP air passenger marketplace.”  Tomato, tomah-to.  Some might praise the transparency here, but I wouldn’t any more than I’d laud the robber telling you that they’re stealing from you as they do it.

While there may be arguments about the advantages this invasive data collection provides—personalization, premium services for VIP flyers, etc.—none of them negate the very cavalier attitude Cathay Pacific has for cybersecurity.  Even after their previous breach, they still claim, with something sounding like pride, about the potential insecurity of their data transmissions, or how they will only ensure the most “commercially reasonable” security measures.  Now that’s a business that values the well-being of its customers.  And by values I mean disdains.  A quote like that truly shows that they just don’t care.

At a time when emphasis should be given on entities restraining their big data accumulations, Cathay’s apparent disregard is troubling.  Critics of the overreaching privacy plan have been plentiful, but I would not expect anything less to cause change than severe, crippling penalties after their next breach, or mass customer effort of some sort.


By: Jonathan Weicher, post on August 22, 2019
Originally published at:
Copyright: NetLib Security