Sat, 06 Jan 2007
Every time you fly from Europe to the USA, in addition to agree for the US
Department of Homeland Security to receive a long list of your passenger
information, you also accept that it may access your credit card records and all
your emails!
Following a Freedom of Information
request, the Department for Transport published in December the
Undertakings of the Department
of Homeland and Security Bureau of Customs and Border Protection (CBP)
to provide adequate protection for the purposes of air carrier
transfers of Passenger Name Record (PNR) data which may fall within the
scope of the European Commission Directive.
The ‘data requirements’ include:
‘Additional personal
information sought as a direct result of PNR data will be obtained from
sources outside the government only through lawful channels, including
through the use of mutual legal assistance channels where appropriate,
and only for the purposes set forth in paragraph 3 hereof. For
example, if a credit card
number is listed in a PNR, transaction information linked to that
account may be sought, pursuant to lawful process, such as
a subpoena issued by a grand jury or a court order, or as otherwise
authorized by law. In
addition, access to records related to e-mail accounts derived from a
PNR will follow U.S. statutory requirements for subpoenas,
court orders, warrants, and other processes as authorized by law,
depending on the type of information being sought;’
And here's the list of ‘PNR data elements required by CBP from
air carriers’:
- PNR record locator code
- Date of reservation
- Date(s) of intended travel
- Name
- Other names on PNR
- Address
- All forms of payment information
- Billing address
- Contact telephone numbers
- All travel itinerary for specific PNR
- Frequent flyer information (limited to miles flown and address(es))
- Travel agency
- Travel agent
- Code share PNR information
- Travel status of passenger
- Split/Divided PNR information
- Email address
- Ticketing field information
- General remarks
- Ticket number
- Seat number
- Date of ticket issuance
- No show history
- Bag tag numbers
- Go show information
- OSI information
- SSI/SSR information
- Received from information
- All historical changes to the PNR
- Number of travelers on PNR
- Seat information
- One-way tickets
- Any collected APIS information
- ATFQ fields
This document is dated
from May 2004; ‘these Undertakings shall apply for a term of
three years and six months (3.5 years), beginning on the date upon
which an agreement enters into force between the United States and the
European Community’.
I am thankful to the
Metropolitan Police and the US Department of State to
prevent
me from going back to the USA. Unfortunately, it has been
shown
that PNR data for flights between Europe and non USA destinations have
been transferred to the USA.
(via US 'licence to snoop' on British air travellers via "phantoms of lost liberty"?)
EDITED TO ADD (Jan 4): 27B Stroke 6 points out in
A Media Fight Over What Does and What Could Happen At The Border that a draft of these Undertakings had been published in February 2004 (by
Statewatch) and analysed in detail by the Practical Nomad in
"Undertakings" by the USA on use of reservation data
EDITED TO ADD (Jan 7): The
Observer reveals the DHS is moving to fingerprint all ten fingers of visitors to the USA, so the information is compatible wiht the FBI database: ‘
The information will be shared with intelligence agencies, including the FBI, with no restrictions on their international use.’