Feeds

Got a ticket? Get a record. EU-US data handover deal leaks

Everything they want on you. Except they want much, much more...

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Statewatch has obtained a copy of the draft agreement on the transfer of EU airlines' passenger records to the US Department of Homeland Security. The text gives full details of the deal struck between the European Commission and the DHS, and leaves the strong impression that the Commission, rather than protecting (the ostensible purpose of the EU-US discussions) the personal data of its citizens, is an accomplice in its export.

Statewatch also notes that the Commission's intention to make a statement of "adequacy" for the agreement under the 1995 Data Protection Directive leaves the European Parliament with limited scope for intervention. It can only do so if it takes the view that the draft implementing measure "would exceed the implementing powers provided for in the basic instrument." Which would seem a fairly reasonable view to take, but the point is that the default is that the deal will go ahead, unless Parliament stands up and shouts.

The draft agreement (text here) gives a full list of the PNR (Passenger Name Record) fields required, and is (perhaps unintentionally) revealing regarding the DHS' pursuit of broader personal data. "Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels [well that's good to know...], and only for legitimate counter-terrorism or law enforcement purposes." The simple statement of "law enforcement purposes" here flags potential mission-creep; the rider specifying international crime only which the Commission had inserted seems to have fallen off already.

The document goes on to give credit card transaction information and email records as examples of the kinds of further information that might be sought on the basis of a PNR. This information will, it tells us, be obtained via US "lawful process", following "US statutory requirement" or "other processes as authorized by law." Us law, we presume.

So the data you have to give the airline in order to fly will be passed to the US authorities, and may be used as a trigger for further research by the US authorities into your habits. The deal makes reference to the possibility of the EU adopting a similar system, and as and when that happens we expect the two sides to resist the notion of pooling their databanks for, oh, a couple of minutes? Note also that the current enthusiasm for profiling, the idea being to identify possible threats from people who aren't known, and have no record, absolutely requires broad data capture, use and retention. Course we've got to compile records on people who're innocent - otherwise, how could we confirm they're innocent?

And anyway, innocent people have nothing to hide. Or they soon won't have... ®

Related stories:
Commission agrees US access to EU citizen personal data
Data on 10m Northwest fliers handed to NASA for 'testing'

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.