Feeds

Got a ticket? Get a record. EU-US data handover deal leaks

Everything they want on you. Except they want much, much more...

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Statewatch has obtained a copy of the draft agreement on the transfer of EU airlines' passenger records to the US Department of Homeland Security. The text gives full details of the deal struck between the European Commission and the DHS, and leaves the strong impression that the Commission, rather than protecting (the ostensible purpose of the EU-US discussions) the personal data of its citizens, is an accomplice in its export.

Statewatch also notes that the Commission's intention to make a statement of "adequacy" for the agreement under the 1995 Data Protection Directive leaves the European Parliament with limited scope for intervention. It can only do so if it takes the view that the draft implementing measure "would exceed the implementing powers provided for in the basic instrument." Which would seem a fairly reasonable view to take, but the point is that the default is that the deal will go ahead, unless Parliament stands up and shouts.

The draft agreement (text here) gives a full list of the PNR (Passenger Name Record) fields required, and is (perhaps unintentionally) revealing regarding the DHS' pursuit of broader personal data. "Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels [well that's good to know...], and only for legitimate counter-terrorism or law enforcement purposes." The simple statement of "law enforcement purposes" here flags potential mission-creep; the rider specifying international crime only which the Commission had inserted seems to have fallen off already.

The document goes on to give credit card transaction information and email records as examples of the kinds of further information that might be sought on the basis of a PNR. This information will, it tells us, be obtained via US "lawful process", following "US statutory requirement" or "other processes as authorized by law." Us law, we presume.

So the data you have to give the airline in order to fly will be passed to the US authorities, and may be used as a trigger for further research by the US authorities into your habits. The deal makes reference to the possibility of the EU adopting a similar system, and as and when that happens we expect the two sides to resist the notion of pooling their databanks for, oh, a couple of minutes? Note also that the current enthusiasm for profiling, the idea being to identify possible threats from people who aren't known, and have no record, absolutely requires broad data capture, use and retention. Course we've got to compile records on people who're innocent - otherwise, how could we confirm they're innocent?

And anyway, innocent people have nothing to hide. Or they soon won't have... ®

Related stories:
Commission agrees US access to EU citizen personal data
Data on 10m Northwest fliers handed to NASA for 'testing'

Internet Security Threat Report 2014

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.