Tuesday, 21 August 2007

German press on airline reservation privacy

I'm quoted at some length in this article in "heise" online (with audio) on the lack of privacy protection for PNR's (airline reservation data), especially when they are stored or processed in the USA. The article notes the problems that result when European airlines "share" data with agents, contractors, and computerized reservation systems (CRS's) in the USA, and includes comments from Dutch airline KLM's privacy officer regarding KLM's claim that they aren't responsible for the actions of their agents and contractors. (Heise has previously reported on on the form letters I've posted for travellers to request their personal data from airlines, CRS's, and travel agencies, and which I used for my own request to KLM.)

I don't know German (I was interviewed in English by Internet phone from Argentina), and the details of the article were unclear from a machine translation. If anyone can send me a good English translation of the article, I would appreciate it.

Link | Posted by Edward on Tuesday, 21 August 2007, 08:54 ( 8:54 AM) | TrackBack (0)
Comments

I'm a german native speaker, so please ask if a paragraph or sentence is unclear. (I used google translate to have a quick foundation, so feel free to fire away ;-)

The opaque channel of PNR's

The process of delivery of Passenger Name Records (PNR) to the US-American department for Homeland Security (DHS) is very intransparent to travelers from Europe. The new, intensely controversial Agreement on the Passing on of the Passenger Name Records to the DHS when travelling to the USA became effective on August 1st. A PNR contains 19 data fields that are passed on.

The airlines themselves do not transmit the data, but large computer reservation systems (CRS) they utilize. However CRS Providers (Sabre, Worldspan, Galileo in the USA and Amadeus for many European airlines) are not included as part of the PNR agreement, warns Edward Hasbrouck, one of the organizers of the Identity Project and "practical nomad". He recently made a request to KLM Royal Dutch Airlines to access records of his PNR data stored with KLM.

"In most cases," commentated Hasbrouck on request of heise online, "data circumvents the PNR agreement, by way of CRS." He did not manage to reconstruct the data trail completely, as KLM only sent him part of an PNR entry. What could be reconstructed is the fact that his PNR was available at Amadeus, Sabre and Worldspan. Hasbrouck assumes the path the data took leads not from the airline to the DHS, but in the case of KLM from the dutch airline line to Amadeus and from there to Worldspan and then to the DHS.

The answer from KLM to Hasbroucks inquiry shows how intricate the path is the PNR data travels. Known (and undisputed) is the delivery of the data via the CRS providers. heise online has a confirmation of this fact from Amadeus in Madrid. Used by many European airlines, this CRS also developed the new Push-System for data transfer to the US - the push system is ready since beginning of 2006 but has yet to be used. Currently US authorities have direct access to all data in the Amadeus system.

Amadeus and/or KLM were however not the first (Data Controllers) to do the data processing [in Hasbroucks case]. Since Hasbrouck booked his flight San Francisco - Amsterdam with the US offerer Mill Run Tours, Mill Run Tours and/or their partner Airline Northwest were the first PNR collectors, explained the commisioner for data protection of KLM, Klaas Bruin, to Hasbrouck.

In an interview with heise online K. Bruin referred to the fact that the airlines themselves had only reduced PNRs, if the initial responsibility for the travel data lies with a Partner or a "Zubringer" {g.: couldn't find the appropriate term, google suggests feeder or loader}. "according to the PNR agreement we are also not obligated to collect more data on the traveller after we take him over", said Bruin. Thus it is written in the Abstract of the PNR agreement. Amadeus forwards the existing, reduced PNR data to the Customs Border Protection Office with the US-American DHS.

Additionally APIS data (Advanced Passenger Information System) has to be handed over, this is data registered in the Passport of the traveler - the APIS data is present as an element specified into the PNR which must be handed over. "It is often overlooked that PNR and APIS data are two different things", avowed Bruin. PNR and APIS data differ between EU and US airlines, APIS data is transferred over different systems and has been for a much longer time than PNR data. "Only the [APIS] data permits an unambiguous identification of a person", says Bruin. Apart from surbooking and cancelled journeys, different ways of writing names do not make identification easy. Also the unification of the [sets from the two data banks] is difficult.

Bruin stressed, that European airlines agreed that the passing on of PNR data should be done completely between the customers and the DHS. The USA also obviously plans to expand the direct data inquiry over online form to the whole of the EU, which is currently only realized for European Union member countries not released from the Visa Obligation. The procedure used in the passenger traffic with Australia plans that citizens register themselves two days before takeoff. Bruin thinks the [worries over? not clear from source] misuse of the PNR data would become unnecessary. unfortunately the abandonment of PNR data submission is not in current US plans. [When the online form procedure is implemented] European airlines think PNR dissemination could again become a case before the European Court of Justice.

From Hasbroucks view the passing of PNR data to the US authorities is only the peak of the iceberg. As soon as the data arrives at a non-european entity, e.g. an american CRS, US authorities have a walk-over. In his opinion KLM cannot think of itself as not being responsible even if data processing of the reservation is taking place in the USA. Even if the Travel is booked via US contractors, the actual reservation nevertheless requires a confirmation from KLM.

In all other respects Hasbrouck takes the view that KLM must take either the responsibility for the data processing within the partner enterprises, since they are contractually bound to KLM. "Or KLM does have to admit that it passed data onto a third party, which is independent and there is no control possible over this third partys data security level." If KLM would be serious about data security, Hasbrouck said, more transparency would be in their interest. It would become clear to travelers a reservation with an European Union airline, which uses a CRS in the USA, opens the floodgates for their data to be used by US authorities. Amadeus has a subsidiary in the USA too. A processing of the data of European Union customers does not take place there, according to Amadeus.

Posted by: g., 21 August 2007, 13:40 ( 1:40 PM)
Post a comment









Save personal info as cookie?