EU Commission betrays Passenger Name Record data privacy to USA despite EU Parliament
The European Union Commission bureaucrats have ignored the votes in the European Parliament and the warnings from European Union state Data Privacy authorities, and have signed an agreement with the United States about the unilateral transfer of airline Passenger Name Record data to the USA.
The political scheming and misleading public statements by those involved in the EU negotiations with the USA make sorry reading, and can be found in the Privacy and Travel category of the The Practical Nomad Blog by Edward Hasbrouck.
and by Statewatch and by Privacy International(.pdf)
c.f. the actual text of the agreement which was signed on May 28th 2004.
The Data Retention period is being spun as, for some unfathomable reason as 3 years and 6 months. In practice, the actual Data Retention period will be for at least 8 years, which is allowed for "records which have been manually accessed". Under what circumstances will a transatlantic flight record not be "manually accessed" by a US official ?
The 34 data fields in the Passenger Name Record that will be "pulled" or eventually "pushed" from the airline Computerised Reservation Services such as Galileo/Apollo, Sabre, Amadeus, or Worldspan etc. include:
"18
Attachment "A"
1. PNR DATA ELEMENTS REQUIRED BY CBP FROM AIR CARRIERS
1. PNR record locator code
2. Date of reservation
3. Date(s) of intended travel
4. Name
5. Other names on PNR
6. Address
7. All forms of payment information
8. Billing address
9. Contact telephone numbers
10. All travel itinerary for specific PNR
11. Frequent flyer information (limited to miles flown and address(es))
12. Travel agency
13. Travel agent
14. Code share PNR information
15. Travel status of passenger
16. Split/Divided PNR information
17. Email address
18. Ticketing field information
19. General remarks
20. Ticket number
21. Seat number
22. Date of ticket issuance
23. No show history
24. Bag tag numbers
25. Go show information
26. OSI information
27. SSI/SSR information
28. Received from information
29. All historical changes to the PNR
30. Number of travelers on PNR
31. Seat information
32. One-way tickets
33. Any collected APIS information
34. ATFQ fields"
The implications of collecting and forwarding these data which invade the privacy of passengers and their families and business associates (if they have not paid for a flight personally) are very worrying, especially as the aim of all of this seems to be Passenger Profiling, with all the scope for massive mistakes, racial harrassment and ineffectiveness against real terrorists, which plans like CAPPS II entail (thanks again to Edward Hasbrouck for his excellent online resources on this issue).
For those not in the travel industry, each of the main CRS systems differs, but, for instance SABRE defines:
26. OSI information = Other Supplemantary Information (information !) which does "not require action or a reply by the carrier. They are low-priority messages and are usually used for information purpose only."
27. SSI/SSR information = Special Service Request
"Use SSR messages when you require an action or a reply to your request for these service items:
Send Emergency Contact Information (PCTC)
Send OTHS for CC Holder to carriers
Send Passport Info (3PSPT)
Send Special Meal Request
Send Unaccompanied Minor Information
Send Wheelchair Request "
This obviously can include Credit Card and other information relating to connecting flights or to other passengers not even travelling to the USA.
Passport information is not mandatory for travel agents to demand, but it is often included.
33. Any collected APIS information - Advanced Passenger Information System
- "passenger manifests" including name, nationality, passport number, date of birth, etc. - why are they duplicating data on two systems ?
34. ATFQ fields = Automatic Ticket Fare Quote i.e. the price of the ticket and could be commercially sensitive
The SABRE system (and probably the other CRS systems) seems to have other hidden free text fields in the Passenger Name Record, which can be hidden from other airlines etc, but which are, presumably available to the US Deptment of Homeland Security
"Each 5HR- PNR remarks can contain up to 32,762 characters, with up to 70 characters per line. 5HR- remarks lines do not go to history if you delete, remove, or change them in the PNR."
The US government should not be allowed to trawl through this data speculatively.
Would any of this matter if the US Government employees could be trusted with the data ? No, it would not, but they simply cannot be trusted. They seem to be already abusing the CRS databases snooping on purely European Union only flights
The debacle over Christmas and the New Year, with the cancellation of Air France flights due to a passenger "no show" also demonstrates that the US authorities are already abusing their full and unrestricted access to the CRS systems.