Sat, 06 Jan 2007

All your base are belong to US

Every time you fly from Europe to the USA, in addition to agree for the US Department of Homeland Security to receive a long list of your passenger information, you also accept that it may access your credit card records and all your emails!

Following a Freedom of Information request, the Department for Transport published in December the Undertakings of the Department of Homeland and Security Bureau of Customs and Border Protection (CBP) to provide adequate protection for the purposes of air carrier transfers of Passenger Name Record (PNR) data which may fall within the scope of the European Commission Directive.

The ‘data requirements’ include:
‘Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels, including through the use of mutual legal assistance channels where appropriate, and only for the purposes set forth in paragraph 3 hereof. For example, if a credit card number is listed in a PNR, transaction information linked to that account may be sought, pursuant to lawful process, such as a subpoena issued by a grand jury or a court order, or as otherwise authorized by law. In addition, access to records related to e-mail accounts derived from a PNR will follow U.S. statutory requirements for subpoenas, court orders, warrants, and other processes as authorized by law, depending on the type of information being sought;’
And here's the list of ‘PNR data elements required by CBP from air carriers’:
  1. PNR record locator code
  2. Date of reservation
  3. Date(s) of intended travel
  4. Name
  5. Other names on PNR
  6. Address
  7. All forms of payment information
  8. Billing address
  9. Contact telephone numbers
  10. All travel itinerary for specific PNR
  11. Frequent flyer information (limited to miles flown and address(es))
  12. Travel agency
  13. Travel agent
  14. Code share PNR information
  15. Travel status of passenger
  16. Split/Divided PNR information
  17. Email address
  18. Ticketing field information
  19. General remarks
  20. Ticket number
  21. Seat number
  22. Date of ticket issuance
  23. No show history
  24. Bag tag numbers
  25. Go show information
  26. OSI information
  27. SSI/SSR information
  28. Received from information
  29. All historical changes to the PNR
  30. Number of travelers on PNR
  31. Seat information
  32. One-way tickets
  33. Any collected APIS information
  34. ATFQ fields
This document is dated from May 2004; ‘these Undertakings shall apply for a term of three years and six months (3.5 years), beginning on the date upon which an agreement enters into force between the United States and the European Community’.

I am thankful to the Metropolitan Police and the US Department of State to prevent me from going back to the USA. Unfortunately, it has been shown that PNR data for flights between Europe and non USA destinations have been transferred to the USA.

(via US 'licence to snoop' on British air travellers via "phantoms of lost liberty"?)

EDITED TO ADD (Jan 4): 27B Stroke 6 points out in A Media Fight Over What Does and What Could Happen At The Border that a draft of these Undertakings had been published in February 2004 (by Statewatch) and analysed in detail by the Practical Nomad in "Undertakings" by the USA on use of reservation data

EDITED TO ADD (Jan 7): The Observer reveals the DHS is moving to fingerprint all ten fingers of visitors to the USA, so the information is compatible wiht the FBI database: ‘The information will be shared with intelligence agencies, including the FBI, with no restrictions on their international use.

websiteblogblog archivenews feedfeedback