Friday, 7 October 2005

"Spot the Terrorist"

USA-EU dual citizen and fellow CFP-er Wendy Grossman has more on the new demands for passenger information by the USA government and airlines, as well as the latest USA plans for a Ministry of Silly Walks , in her net.wars column here and here :

Spot the Terrorist

... Some of this, as travel data guru Ed Hasbrouck says in his blog entry on the subject, is silly. You've long been asked for a US address on customs forms, but there's nothing to stop you from lying or changing plans. Much more of it is simply invasive, the more so because you can't give the information directly to the government; instead it goes to several commercial organizations along the way: the airlines, the "Computerized Reservations Systems" who handle the airlines' data, travel agencies. Forcing EU citizens to supply personal data to companies that are not bound by EU data protection law or its equivalent ought to be a violation of EU principles....

Meantime, the TSA has also been asking the industry to suggest technologies for detecting suspicious behavior....

While the technology industry gears up to meet the challenge, I have some guidelines that might be of assistance to TSA personnel stationed at bus depots, train stations, and airports to play spot-the-terrorist:

...[At] airports, you should be suspicious of anyone who does not complain about the long lines, the questions, the wait, the rules, or the personnel. You show me someone who is docile, cooperative, and pleasant throughout, and I will guarantee that person is either drugged or has an ulterior motive. It's not normal to be bureaucratted for three hours and not get cranky.

See Wendy's full column and the Detecting Suspicious Behavior Request For Information (RFI) for more fact and fancy. The RFI is a disturbing indication of the TSA's continuing interest in more widespread use of discriminatory Israeli-style behavioral profiling of travellers, despite the ongoing lawsuit against its first major publicly-disclosed USA use at Logan Airport in Boston.

Link | Posted by Edward on Friday, 7 October 2005, 07:09 ( 7:09 AM) | TrackBack (1)
Comments

In various documents privacyinternational.org says
that the US now has ...

"On-line access to Airline databases
to 'pull' whatever information they wish.
Includes access to non-U.S. related travel."

I'd like your opinion about the meaning of "non-US".

Perhaps this merely refers to the non-US
segments of an itinerary which includes the US.

Is it known for a fact that the US has been given
the *technical* means (regardless of legalities)
to pull data (from non-US carriers) for travel
which includes *NO* flight over or through the US?

I'm trying to determine to what extremes
I have to contort my travel arrangements
in order to avoid being in a US database --
e.g., restricting myself to non-air transport,
or circuitous flights avoiding EU carriers
and airports, etc.

Is ALL the data in ALL of the Computerized Reservation
Systems at risk?


Posted by: , 19 October 2005, 12:28 (12:28 PM)

The previosu commenter asks:

"I'd like your opinion about the meaning of "non-US". Perhaps this merely refers to the non-US segments of an itinerary which includes the US."

Unfortunately, no.

"Is it known for a fact that the US has been given the *technical* means (regardless of legalities) to pull data (from non-US carriers) for travel which includes *NO* flight over or through the US?"

Yes, definitely. The USA has this ability, and uses it (although I don't know how often or how systematically).

"I'm trying to determine to what extremes I have to contort my travel arrangements in order to avoid being in a US database.... Is ALL the data in ALL of the Computerized Reservation Systems at risk?"

Mostly, yes. The USA has access to pull ANY data in any host system used by any airline that flies to the USA, or from any CRS based in the USA (3 of the big 4 are based in the USA; the exception is Amadeus). So the only data not accessible to the USA government would be data held by an airline that does not fly to anywhere in the USA, and that doesn't host its database in the USA.

Posted by: Edward Hasbrouck, 19 October 2005, 16:31 ( 4:31 PM)
Post a comment









Save personal info as cookie?