Feeds

Got a ticket? Get a record. EU-US data handover deal leaks

Everything they want on you. Except they want much, much more...

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Statewatch has obtained a copy of the draft agreement on the transfer of EU airlines' passenger records to the US Department of Homeland Security. The text gives full details of the deal struck between the European Commission and the DHS, and leaves the strong impression that the Commission, rather than protecting (the ostensible purpose of the EU-US discussions) the personal data of its citizens, is an accomplice in its export.

Statewatch also notes that the Commission's intention to make a statement of "adequacy" for the agreement under the 1995 Data Protection Directive leaves the European Parliament with limited scope for intervention. It can only do so if it takes the view that the draft implementing measure "would exceed the implementing powers provided for in the basic instrument." Which would seem a fairly reasonable view to take, but the point is that the default is that the deal will go ahead, unless Parliament stands up and shouts.

The draft agreement (text here) gives a full list of the PNR (Passenger Name Record) fields required, and is (perhaps unintentionally) revealing regarding the DHS' pursuit of broader personal data. "Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels [well that's good to know...], and only for legitimate counter-terrorism or law enforcement purposes." The simple statement of "law enforcement purposes" here flags potential mission-creep; the rider specifying international crime only which the Commission had inserted seems to have fallen off already.

The document goes on to give credit card transaction information and email records as examples of the kinds of further information that might be sought on the basis of a PNR. This information will, it tells us, be obtained via US "lawful process", following "US statutory requirement" or "other processes as authorized by law." Us law, we presume.

So the data you have to give the airline in order to fly will be passed to the US authorities, and may be used as a trigger for further research by the US authorities into your habits. The deal makes reference to the possibility of the EU adopting a similar system, and as and when that happens we expect the two sides to resist the notion of pooling their databanks for, oh, a couple of minutes? Note also that the current enthusiasm for profiling, the idea being to identify possible threats from people who aren't known, and have no record, absolutely requires broad data capture, use and retention. Course we've got to compile records on people who're innocent - otherwise, how could we confirm they're innocent?

And anyway, innocent people have nothing to hide. Or they soon won't have... ®

Related stories:
Commission agrees US access to EU citizen personal data
Data on 10m Northwest fliers handed to NASA for 'testing'

The essential guide to IT transformation

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.