A closer look at an airline passenger data-sharing agreement between the U.S. government and European Union airlines put on hold earlier this week reveals a document that, while carefully crafted, may not clear the EU's high bar when it comes to privacy.
The European Court of Justice Tuesday annulled a two-year-old agreement between the Homeland Security Department's Customs and Border Protection agency and the Commission of European Communities to share data on European flights into the United States.
The court questions the legality of a requirement for European airlines to send the Customs and Border Protection agency personal data contained within airline computer reservation systems about passengers within 15 minutes of a departure for the United States under penalty of fines or denied landing rights. European Commission lawyers have until Sept. 30 to draft a data-sharing agreement that's more acceptable to the European Parliament.
In addition to European airlines' obligation to provide Customs and Border Protection with passenger record data--including name, method of payment, special meal requests, and itinerary--the U.S. Center for Disease Control has requested that international airlines store passenger emergency contact information for six months in the event of a bird flu outbreak, says David Henderson, manager of information for the Association of European Airlines. "This requires still more manpower and more costs," he adds.
While some of the Europe Union's airlines complied with Homeland Security's demands, others didn't, a situation that forced the EU to make a decision as to whether or not cooperation was mandatory. Although the European Parliament initially dubbed the 2004 agreement "adequate," Parliament ultimately brought its data protection concerns before the court, saying the European Commission had made an end-run around proper legal channels in its effort to accommodate the U.S. government's demands for data.
Under the May 2004 EU decision, very specific guidelines were provided regarding the type of information Customs and Border Patrol could have, when they could have it, how they could retrieve it, and how long they could retain the data. The original decision stipulated that passenger record data would be used strictly for purposes of preventing and combating terrorism or other serious crimes. As a general rule, this data would be deleted after a maximum of three years and six months, with exceptions for data needed for specific investigations. No other agency has direct electronic access to passenger name record data held in Customs and Border Patrol's databases.
The agreement further indicates that passengers are entitled to a copy of their records if they feel the data is inaccurate. Customs and Border Patrol was expected to pull passenger information from EU air carrier reservation systems until those air carriers were able to implement a system to push the data to the agency. At that time the agency would implement an automated system that filters and deletes sensitive passenger information, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and data concerning the health or sex life of individuals.
Unauthorized access by Customs and Border Patrol personnel to air carrier reservation systems or the agency's computerized system that stores personal records could get an offender fired, fined, and/or thrown in jail for up to a year.
The European Union's agreement with Homeland Security is spelled out far better than the Homeland Security's Secure Flight program, which has been kicked around for the past few years. Secure Flight has been plagued by poor planning on the part of the Transportation Security Administration and a lack of enthusiasm on the part of airlines and their passengers stemming from technical and privacy concerns. The TSA admitted last October that Secure Flight's plan to include a data comparison engine--one that would match real-time transactional data, such as passengers with boarding passes, with historical information, such as terrorist watch lists--would be difficult to integrate with many airlines' current IT systems without major upgrades.
Meanwhile, some airlines have been publicly chastised for not doing more to protect their customers' privacy. Jet Blue found itself in hot water with passengers when it was revealed that in September 2002 the airline allowed Acxiom Corp., acting as a contractor for Jet Blue, to transfer 5 million records for more than 1.5 million passengers to Torch Concepts, which was developing a data mining tool to analyze the personal characteristics of people seeking access to military installations. Jet Blue agreed to participate after a written request from the TSA.
The airline industry understands it will have to participate in any government-mandated data sharing initiative, but industry spokesmen in both the United States and Europe are urging the U.S. government to better organize its efforts. Airlines don't want to be subject to both TSA Secure Flight as well as CBP's Advanced Passenger Information program, which requires passenger information to be communicated with the government one hour prior to a flight's travel to or from the United States.
"Both should be designed to function through coordinated information feeds and avoid unnecessary duplication of communications, programming and information requirements," James May, president and CEO of the U.S.-based Air Transport Association, and Ulrich Schulte-Strathaus, secretary general of the Association of European Airlines, wrote in an October 2005 letter to Homeland Security Secretary Michael Chertoff.
May and Schulte-Strathaus further requested that Secure Flight and Advanced Passenger Information should supersede the government's "no-fly" lists and reduce the amount of redundant data required from the airlines. In addition, response time for a "board/don't board" message for any given passenger should take no longer than two seconds per passenger in order to avoid additional delays at check-in and boarding.
The programs should also be compatible with other travel systems, such as Australia's Advanced Passenger Processing. And overall development costs should be born by the government, and technical specifications must not result in major overhauls of airlines' IT systems at their own expense.