[Infowarrior] - E.U. Seeks Data on American Passengers

[Richard Forno]

E.U. Seeks Data on American Passengers
Airlines Would Report Personal Details of Europe-Bound Travelers

By Ellen Nakashima
Washington Post Staff Writer
Sunday, November 4, 2007; A18

http://www.washingtonpost.com/wp-dyn/content/article/2007/11/03/AR2007110300
956_pf.html

American travelers' personal data would for the first time be exported to
all European Union states by airline carriers flying to Europe under a
proposal to be announced this week.

The data, including names, telephone numbers, credit card information and
travel itinerary, would be sent to E.U. member states so they could assess
passenger risk for counterterrorism purposes, according to a draft copy
obtained by The Washington Post. The European Commission proposal would
allow the data to be kept for 13 years or longer if used in criminal
investigations and intelligence operations. It would cover all passengers
flying into and out of Europe, not just Americans.

Airlines already share data with U.S. authorities on passengers entering the
United States. A handful of countries, including Canada and Australia, have
similar laws. The European proposal was apparently modeled after an
agreement signed in July between the United States and Europe dealing with
passenger data from European flights entering and leaving the United States.

Under the proposal by Franco Frattini, European commissioner for freedom,
security and justice, airlines or computerized reservation systems would
send at least 19 pieces of data on each passenger to data-analysis units set
up by each state. The data fields also would include e-mail addresses, names
of accompanying passengers and open ones for such special requests as meals
or medical service.

Under the proposal, no personal data that could reveal race, ethnicity,
political opinions, religion, trade union membership or health or sex-life
information could be transmitted. Any such data that was shared would have
to be deleted immediately by the data-analyzing units, the proposal says.

The proposal must be approved by all 27 E.U. states to become a Europe-wide
law, though individual states could introduce their own programs. It would
affect about 30 million people who fly from North America to Europe each
year.

The move is part of an effort to combat terrorism by sharing information
globally, and it is fueling concerns of loss of privacy and control over
personal data.

"It almost becomes an arms race with one country adopting a data-gathering
system without reflecting on whether or not the system is necessary," said
Allison Knight, staff counsel for the Electronic Privacy Information Center.

Frattini has made clear that he believes a policy requiring Passenger Name
Record data from airlines would be beneficial to combating terrorism in
light of terror attacks in Madrid and London.

"The Union is at least as much a potential target of a terrorist attack as
the United States, and the use and analysis of passenger name records is an
important law enforcement tool to protect our citizens," Frattini told the
European Parliament in September.

The U.S. is "definitely open to the idea," Department of Homeland Security
spokeswoman Laura Keehner said. "It would be fair of the Europeans to ask
the same information of us that we're asking of them. We are open to finding
ways to make our respective homelands secure."

The U.S.-E.U. pact was opposed by civil libertarians and liberal
politicians, many of whom have said they do not favor an E.U. equivalent.
But some have suggested retaliating with a mirror policy.

Sophie in 't Veld, a member of Parliament from the Netherlands, said
Frattini's proposal would "undermine the credibility" of the E.U., which
criticized the E.U.-U.S. pact. "We still do not have sufficient evidence of
how effective the use of these data are in the fight against terrorists,"
she said.

The European countries' units would analyze the data to identify people and
their associates who may be involved in terrorism or organized crime. It
would also create and update "risk indicators" for assessing them and
provide intelligence on travel patterns and other trends relating to
terrorist offenses and organized crime, according to the proposal. The data
could be used in criminal investigations and prosecutions.

James Harrison, a Sacramento attorney and director of the Identity Project,
a privacy organization, said that the prospect of analyzing the data to
create risk assessments is "alarming."

"Congress forbids the U.S. from conducting algorithms on passenger data
domestically," he said, referring to a ban on testing algorithms assigning
risk to passengers not on government watch lists. "That is exactly what they
are talking about here."

E.U. officials said that all non-Europeans would be protected under the
scheme by European states' data-protection laws, while U.S. privacy laws
apply only to U.S. citizens. In the case of passenger data, the United
States has extended administrative Privacy Act protections to non-U.S.
citizens. The Department of Homeland Security also has an online redress
site open to all.

But, in 't Veld said, "Even if there were 27 excellent data protection
schemes, if you are an American citizen, and travel around Europe for a
month, who will you turn to? Ask yourself: How good is your Hungarian?"

Another difference between the U.S.-E.U. pact and the European proposal
deals with sensitive information such as religion, sexual orientation and
union membership. Under the U.S.-E.U. deal, that information can be used in
exceptional cases, "where the life of a data subject or of others could be
imperiled or seriously impaired."

Douglas Lavin, regional vice president North America for the International
Air Transport Association, called the European proposal "a positive step" in
terms of harmonizing data-sharing policies, but said he is concerned about
an international patchwork dealing with passenger data. "We don't want to be
faced with conflicting laws in this area," he said.