EU and US Reach Deal On Airline Data

gambit3 writes "According to the BBC, the EU and the US have struck a new deal for sharing airline passenger data. It will replace a deal struck down by the European Court of Justice in May, which allowed the US its own access to passenger data. Under the deal, the EU will 'push' the data — 34 pieces of information per passenger — to the US, replacing the current 'pull' system. The new deal will expire at the end of July 2007."

What are the 34 data items?

[pelago]

What are the 34 data items?

Re:What are the 34 data items?

[Savage-Rabbit]

What are the 34 data items?

I don't know but I am sure US customs will make sure that retrieving at least one of them will involve a large and cold hand, a latex glove and a rectal search.

Re:What are the 34 data items?

I don't know but I am sure US customs will make sure that retrieving at least one of them will involve a large and cold hand, a latex glove and a rectal search.

It is only for health purposes. US Customs doesn't want anyone coming into the country with hiccups. It's really just a public service.

Re:What are the 34 data items?

[TheRaven64]

I bet "Passenger is wearing a turban?" is in there.

Yup. Got to watch out for all those Sikh terrorists...

Re:What are the 34 data items?

[bogie]

How about "Passenger is wearing a t-shirt is another language so he must be threat."?

It's certainly an effective means of distinguishing potential terrorists. If you don't look, act, and think just like you MUST be a terrorist or terrorist supporter. I never thought I'd see the day when my president said that.

So what's changed?

[jimicus]

Old system: US pulls 34 items of data about each passenger.
New system: EU pushes 34 items of data about each passenger.

Unless the data itself has dramatically changed, I really can't see any functional difference. So how is this any better?

Re:So what's changed?

nothing, it's just that they did not get their wish for even more data granted.

personally I'd like to see proof that ANY effect has come out of this other than of course a massive breach of privacy.

jacquesm posting on the road as AC

Re:So what's changed?

[Richard+Steiner]

Well, the US can't go rummaging around for unrelated information in the second case -- they only get what they're given.

Re:So what's changed?

[Decado]

RTFA Please

The new system is better from an EU standpoint because the data is sent to a single secure source. They no longer have to worry about it being pulled from an untrusted source. There is no longer an external logon to the EU system that could potentially reveal private information. Instead it is pushed securely to a trusted homeland security site which is then responsible for distributing it within the US. Because the EU is no longer a risk for distributing private information it is OK within the EU. If there is a privacy breach it won't be the fault of the EU and that makes the EU authorities happy. From the standpoint of the consumer the same data still flies around but that was never the issue, the issue was that there was potential for the EU system to leak sensitive data which was unacceptable.

34 data fields (missing from article)

[digitalderbs]

The data fields can be found from this earlier article.

• Information about the passenger: name; address; date of birth; passport number; citizenship; sex; country of residence; US visa number (plus date and place issued); address while in the US; telephone numbers; e-mail address; frequent flyer miles flown; address on frequent flyer account; the passenger's history of not showing up for flights
• Information about the booking of the ticket: date of reservation; date of intended travel; date ticket was issued; travel agency; travel agent; billing address; how the ticket was paid for (including credit card number); the ticket number; which organisation issued the ticket; whether the passenger bought the ticket at the airport just before the flight; whether the passenger has a definite booking or is on a waiting list; pricing information; a locator number on the computer reservation system; history of changes to the booking
• Information about the flight itself: seat number; seat information (eg aisle or window); bag tag numbers; one-way or return flight; special requests, such as requests for special meals, for a wheelchair, or help for an unaccompanied minor
• Information about the passenger's itinerary: other flights ticketed separately, or data on accommodation, car rental, rail reservations or tours.
• Information about other people: the group the passenger is travelling with; the person who booked the ticket

Does this violate the EU's data protection law?

[kcbrown]

Once the data leaves the hands of the EU, it is beyond the control of the EU. DHS can (and will, I'm sure) give it to anyone they want to. I have little reason to believe that won't include corporations that are willing to pay off the right people.

So, really, how is this any better than what the U.S. was demanding to begin with, other than the fact that the EU gets to decide ahead of time whose data gets sent to the U.S.? For ordinary people, it seems to me that this is no different. Only people with "special" standing within the EU (i.e., those who have special connections to the people who decide what data goes out) will be protected.

The actions of all governments with respect to the rights, liberties, and protections of the people have become so predictable that it's depressing. :-(

Frankly

[Timesprout]

We should just tell the US to go fuck themselves over the data and not travel there. If anything US airline security has been shown to be so poor we should be the one imposing the ridiculous restrictions on them coming here.

Re:Frankly

[dmatos]

Troll? Maybe. Insightful? I think so.

I'm personally boycotting any travel to the US for this and a myriad of other reasons. Apart from all the risks to my own personal liberty and freedom if I do happen to go there, there's the added fact that it's faster to fly to Europe than to the US (from Canada).

When you add the four hours spent getting through security to the four hour flight, that pretty much equals the 1h security + 7h flight to Europe. And, you get to spend more of that time sitting down, rather than standing in line on a hard concrete floor.

Re:Frankly

[RexRhino]

While I agree that the U.S. should drop all the security requirements it has on planes traveling to the U.S. (it doesn't improve security, and frustrates visiters to the U.S.), I think you must not be very well traveled if you think that U.S. security restrictions are very difficult to deal with, or U.S. security is bad. No-one is going to boycott the U.S. when E.U. citizens are treated far worse in other places. You are simply used to getting your news from U.S.-centric news sources (like Slashdot), and are probably a bit U.S.-obsessed, so you are more aware of U.S. security issues than say those of Burma, or Belarus, or some other non-EU country.

You are also missing the point that if European airlines refuse to fly to the United States, that U.S. airlines still can. It would be a boon to the U.S. airline industry.

Re:Frankly

[ev0l]

I don't know where you live but I live in Toronto and fly to the states five or six times a year.

In the Toronto Airport (YYZ) it usualy takes under thirty minutes to clear through both US customs (yes you clear through US customs while still in Canada) and security. A direct flight to Florida takes about 2 and a half hours.

To be safe I usualy show up 90 minutes before my flight departs and usualy have about an hour wait when I get to the terminal.

I don't know where you fly out of by 4 hours is absurd and I am not sure you have ever actually experienced that sort of delay or were embellishing to make a point.

In fact the YYZ web site states that you should show up 2 hours early for flights with both international and US destination.

So that puts you at at most 5 hours to fly from Toronto to Florida or 9 hours or more to fly to Europe.

Re:Frankly

[chicago_scott]

I would probably agree with you about boycotting travelling to the US if I lived outside the US.

But regarding your point about risks to your personal liberty and freedom if you come here; I have to point out that the EU is the one that collects this data on it's citzens in the first place.

Isn't the EU also infringing on on their personal liberty and freedom?

What about Canada? They have to do the same thing. Here's Air Canada's policy. Isn't your government infriging on your personal liberty and freedom as well?

http://www.aircanada.com/en/travelinfo/APIS/apis.h tml

Air Canada (like all other airlines) is required to adhere to the Advance Passenger Information System (APIS), which requires the collection of specific information from every passenger travelling to Canada, to/from the U.S. and other countries. This information is required for the purposes of ensuring aviation safety and security.

Travellers must supply Advance Passenger Information at time of check-in or they will be unable to travel.

Following is a list of information required:

      1. Full name (last name, first name, middle name if applicable)
      2. Gender
      3. Date of Birth
      4. Nationality
      5. Country of residence
      6. Travel document type (normally passport)
      7. Travel document number (expiry date and country of issue for passport)
      8. Destination address in the U.S. (Not required for U.S. nationals, Legal Permanent Residents, or Alien Residents of the U.S. entering the U.S.)

Re:Frankly

Good point. I'ld wish more Europeans would realize the fault here lies not with the Americans asking for that data - it lies with European governments bending over when Bush tells them to. I second what someone posted above - the EU should tell the U.S. to go fuck itself and refuse to hand over any data. In fact, we should tell the U.S. to go fuck itself on general principles until the American public decides to return into the community of civilized nations and runs their insane moron in chief and his fuckwit friends out of office. Who knows, that might inspire the citizens of Europe to get rid of that corrupt abomination known as the EU commission (hey, a man can still dream !).

Re:Push?

[Richard+Steiner]

Who says they're using the internet? There are many other technologies (Tux, MQ, X.25, MATIP, P1024, etc.) to choose from when exchanging data between remote hosts, and one can use IP technology and still not use the public internet. Some companies have their own internal IP networks, and dedicated point-to-point data lines are still very common in some industries.

Commercial airlines and governments use "push" technology heavily, as they have been since the mid-1960's (and maybe even before). That's what an unsolicited data feed is by definition. Airline weather is sent that way, all airline ACARS messages are sent that way, FLIFO data is sent that way internally between internal airline systems and between airlines, passenger data is sent that way between reservations systems and the recipients of said data, bag information is sent that way, etc.

It went something like this

[thefirelane]

US: Hey EU, we need to talk about your Pieces of Information
EU: Oh, is there a problem, I thought I was giving you the right number, 34 is the minimum right?
US: Oh, yes, 34 is the minimum number of pieces of information, if you just want to do the minimum
US: Look at Bulgaria over there, they give 54 pieces of information, don't you want to be like Bulgaria?
EU: Look, if you want 54 pieces of information, just make the minimum 54
US: I just want you to want to do more than the minimum


Sorry, I forget the actual script, that's off the top of my head.

What about US citizens?

[miffo.swe]

If the EU gets the same access to US databases im a ok with this. Somehow i suspect the US would never bend over and take it like that. Only the EU is so cowardly bent over for their new puppet lors.

Huge difference in privacy rights

[viking80]

Just some background info.
Europe and US has a huge difference in privacy rights. In Europe the individual owns his own data. In the US the entity (read corporation) owns whatever they can collect (And sell).

In Norway, for example, if you are unhappy with your credit rating, you just call them and tell them that they have to erase all data they have on you. (This will of course not result in a good score of course). Companies can not keep any information other than what is needed to complete a customer transaction. They can not sell it. The information belongs to you. A patchwork of laws are added to create "holes" in this "firewall" of privacy. Like credit reporting agencies

In the US, Corporations owns whatever they can get, and can sell it as they like. There is no "Privacy firewall" A patchwork of laws is applied in an attempt to plug the glaring errors in this system.

Re:So basically what are looking for is

[Fred_A]

It's rather pointless anyway. Don't you have to say if you're a terrorist (and an ex-nazi, and if you came to attack the US government) on those little forms you get before landing in the US ? Seems much simpler to get it straight from the horse's mouth than trying to extrapolate from seating preferences. :)

Why on Earth does the USA need all this info?

[Panaqqa]

So, the USA thinks the following information will help them determine if I am a terrorist or not:

• Whether or not I order a vegetarian or Kosher meal
• My email address
• The fact that I occupy a window or an aisle seat
• The fact that I might want to go on a museum tour
• That I missed a connecting flight in 2002

Funny, but I don't see terrorists these days showing up to the airport to buy a one way ticket in cash, ordering a Halal meal, and pre booking a tour of The White House and The Capitol.

IMHO they are demanding this data because they need to be seen to be doing something, and because the current US government has had a good deal of success with bullying tactics. So tell me: if I paid for my ticket with a credit card issued to an online gambling company, will I be arrested? Will I come under suspicion if one of the other members of the group I am travelling with is on the infamous "No Fly" list? Will the fact that I have dual citizenship and two passports, and that I use either passport depending on destination, raise flags? Let's say my visa was issued on one passport, but somehow the record shows the other one?

This is just an excuse for a massive fishing expedition, and I fully expect the information they get to be misused. The current US government has demonstrated repeatedly that it cannot be trusted, and will do whatever it wants to regardless of international agreements, common sense, or fair play.

It is too bad that the EU knuckled under on this. America can apply American law all it wants in America, but it has to get over this thinking that its laws supercede those of other sovereign nations.

Re:Maybe America is right???

[scsirob]

Well, hi there, Aaron.

Don't you think that with this as public knowledge, people with bad intentions will make sure they order their ticket including return flight from a reputable travel agency (who couldn't care less who they sell their ticket to), using a pristine 'John Smith' passport showing no irregularities whatsoever? It's pretty easy to hijack the identity of any John Smith so the passport and records would be just peachy. No problem traveling with well-known airlines either, and I'm sure they won't tick the 'kosjer' box in the food selection box either. They may be scary backward folks, but they are *not* stupid.