Feeds

Got a ticket? Get a record. EU-US data handover deal leaks

Everything they want on you. Except they want much, much more...

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Statewatch has obtained a copy of the draft agreement on the transfer of EU airlines' passenger records to the US Department of Homeland Security. The text gives full details of the deal struck between the European Commission and the DHS, and leaves the strong impression that the Commission, rather than protecting (the ostensible purpose of the EU-US discussions) the personal data of its citizens, is an accomplice in its export.

Statewatch also notes that the Commission's intention to make a statement of "adequacy" for the agreement under the 1995 Data Protection Directive leaves the European Parliament with limited scope for intervention. It can only do so if it takes the view that the draft implementing measure "would exceed the implementing powers provided for in the basic instrument." Which would seem a fairly reasonable view to take, but the point is that the default is that the deal will go ahead, unless Parliament stands up and shouts.

The draft agreement (text here) gives a full list of the PNR (Passenger Name Record) fields required, and is (perhaps unintentionally) revealing regarding the DHS' pursuit of broader personal data. "Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels [well that's good to know...], and only for legitimate counter-terrorism or law enforcement purposes." The simple statement of "law enforcement purposes" here flags potential mission-creep; the rider specifying international crime only which the Commission had inserted seems to have fallen off already.

The document goes on to give credit card transaction information and email records as examples of the kinds of further information that might be sought on the basis of a PNR. This information will, it tells us, be obtained via US "lawful process", following "US statutory requirement" or "other processes as authorized by law." Us law, we presume.

So the data you have to give the airline in order to fly will be passed to the US authorities, and may be used as a trigger for further research by the US authorities into your habits. The deal makes reference to the possibility of the EU adopting a similar system, and as and when that happens we expect the two sides to resist the notion of pooling their databanks for, oh, a couple of minutes? Note also that the current enthusiasm for profiling, the idea being to identify possible threats from people who aren't known, and have no record, absolutely requires broad data capture, use and retention. Course we've got to compile records on people who're innocent - otherwise, how could we confirm they're innocent?

And anyway, innocent people have nothing to hide. Or they soon won't have... ®

Related stories:
Commission agrees US access to EU citizen personal data
Data on 10m Northwest fliers handed to NASA for 'testing'

Security for virtualized datacentres

More from The Register

next story
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.