[Infowarrior] - Data the US is collecting on air travellers

[Richard Forno]

(c/o D)

<http://news.bbc.co.uk/2/hi/europe/5390074.stm>

  What the US knows about visitors
By Stephen Mulvey
EU reporter, BBC News

A deal on the transfer of data about air passengers leaving the
European Union for the US has run out, following the collapse of
talks on its renewal.

The need to renegotiate the deal came as a result of a European Court
of Justice ruling in May, and there have been repeated warnings since
then that chaos would ensue if the talks failed.

Airlines have been threatened with fines of $6,000 per passenger or
withdrawal of landing rights if they fly to the US without supplying
the data, which American officials use to try to identify potential
terrorists.

But the airlines could face prosecution under national data
protection laws in EU member states if they do hand over the
information.

Passengers on any flights that failed to supply the data to the US
authorities would also risk being held up for hours at US immigration.


SOME THINGS US CUSTOMS KNOWS
Your history of missing flights
Your frequent flyer miles
Your seat location aboard
Your e-mail address
 From 2004 onwards an agreement was in force allowing US Customs and
Border Protection (CBP) to access European airline reservation
databases and pull out up to 34 pieces of information about each
passenger.

However, this agreement was annulled by the European Court of
Justice, which ruled that European officials had not given it an
appropriate legal basis. The judges gave them until midnight on 30
September to correct the mistake.

The negotiations between the EU and the US on renewing the agreement
were expected to centre on legal technicalities rather than issues of
substance - however, they appear to have strayed in to controversial
territory and become bogged down.

One EU official told BBC News that generally speaking the EU wanted
to give away less data, while the US wanted more.

 US demands for information are going to go up not down
Hugo Brady
Centre for European Reform

In future, the EU also wants to go over to a system where airlines
"push" the data across to the US, rather than allowing the CBP to
continue "pulling" it.

Additionally, European privacy authorities want the US to give
legally binding guarantees regarding the protection of the data
concerned, instead of the existing non-binding undertakings.

On the other hand, US Secretary of Homeland Security Michael Chertoff
has said the CBP needs to be able to share the data more freely with
other government departments, such as the FBI.

Now that the talks with the EU have run into difficulty, the US has
the option of doing bilateral deals with each of the EU's 25 member
states, but it is likely to regard this as a last resort.

Passenger profile

The Passenger Name Record (PNR) data that has been transferred up to
now, falls into 34 overlapping fields, some of which contain very
little information, for example the passenger's name, while others
contain a lot, including the passenger's name (again), date of birth,
sex, citizenship and so on.

Some of this information is collected when the ticket is booked, some
of it at check-in, and some is information about the passenger's
travelling history, which can be gleaned from the reservation
database. Not all the fields will necessarily be filled in.

The data can be broken down into the following categories

     * Information about the passenger : name; address; date of birth;
passport number; citizenship; sex; country of residence; US visa
number (plus date and place issued); address while in the US;
telephone numbers; e-mail address; frequent flyer miles flown;
address on frequent flyer account; the passenger's history of not
showing up for flights

     * Information about the booking of the ticket : date of
reservation; date of intended travel; date ticket was issued; travel
agency; travel agent; billing address; how the ticket was paid for
(including credit card number); the ticket number; which organisation
issued the ticket; whether the passenger bought the ticket at the
airport just before the flight; whether the passenger has a definite
booking or is on a waiting list; pricing information; a locator
number on the computer reservation system; history of changes to the
booking

     * Information about the flight itself : seat number; seat
information (eg aisle or window); bag tag numbers; one-way or return
flight; special requests, such as requests for special meals, for a
wheelchair, or help for an unaccompanied minor

     * Information about the passenger's itinerary : other flights
ticketed separately, or data on accommodation, car rental, rail
reservations or tours.

     * Information about other people : the group the passenger is
travelling with; the person who booked the ticket

The CBP system has been built in such a way that some "sensitive"
information is filtered out.

Protected data

According to the undertakings on data protection provided by the US,
this includes "personal data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, trade union
membership, and data concerning the health or sex life of the
individual".

This means that Halal or Kosher meal preferences will not show up,
while requests for a vegetarian meal will.

The PNR data is not used simply to check names against blacklists of
known suspected terrorists, but to find new suspects with suspicious
patterns of behaviour

"You can be sure that the US will construe whatever they can from the
information provided. You can construe a lot from someone's name,"
says Hugo Brady of the Centre for European Reform.

The PNR data is not used simply to check names against blacklists of
known suspected terrorists, but to hunt for people with suspicious
patterns of behaviour.

"They have compiled a number of scenarios which they believe amount
to suspicious activity and the data is screened for a match. Did the
passenger pay cash, did he have baggage? And so on," says Hugo Brady.

He adds: "US demands for information are going to go up not down and
we are going to have to find a way of aligning security and privacy
to a mutually satisfactory end."