Subtitle 
Is system open to spooks and crooks?

Air-travel data puts Europeans at risk of identity theft

19.10.2011 - 15:23

The debate over the sharing of European air passenger records with the US has been controversial, but a leading expert says that Passenger Name Records (PNR) can be accessed anywhere in the world and no logs are kept, meaning that nobody will ever know who has seen or copied the information.

Edward Hasbrouck has been a travel agent and is now a leading author and expert on independent travel -  he spoke to New Europe concerning how PNRs are actually being used and how they can compromise not only civil liberties but the safety of passengers.

“Since 9/11, governments have become interested in access to this existing cloud of airline reservation data, but the debate in Europe has been based on a false assumption, that we have a system that European travel data is stored in Europe and protected by European data protection law and that transferring this information to the US and other governments is breaking this firewall. But that’s not what’s happening,” he warns. “The data is already in the US and is accessible globally.”

He explained that airlines do not host their own PNRs, but send them onto a third party Computerised Reservation System (CRS). There are four such systems; three are based in the US. The fourth is the German Amadeus system, but that also has offices in the US, where the data can be accessed. He insists that all flight data can be accessed anywhere, even, travel on European airlines, within the EU.

Hasbrouck says that this breaches EU data protection law and regulations of computerized records systems.

The US Dept of Homeland Security can ask any travel agent or airline to provide them with data, from the CRS and not inform their head office, or the EU that the data has been accessed. In addition, the CRS do not log access to PNR details, so it is impossible to discover who, if anyone has copied any records.

While some may say that this is not a problem "because I have nothing to hide", this fails to appreciate two important issues, Hasbrouck explains.

Firstly, as no logs are kept, it is easy for anyone at all to access the data if they can find or bribe a travel employee to obtain it without leaving an ‘electronic trail’ of their unauthorised access. This also includes crooks, perhaps looking for empty properties to burgle, identity thieves who can find all the information they need in a PNR and hostile governments. Who knows what information a travel agent, say in Pyongyang, is passing on? Who is following company executives? Information about the movements of key personnel in business could provide valuable information for those involved in corporate espionage.

Secondly is the matter of the actual data. With his experience in the industry and understanding of the various information storage systems, Hasbrouck knows exactly what information can be found in a PNR.

These contain all the information an identity thief could want; name, date of birth, address, telephone, passport, credit card details and so on. But there’s more. They can also contain information that many would regard as potentially sensitive, such as if you chose halal or kosher food, where you’ve stayed, and staying, who else was with you and how many beds your rooms had.

The travel expert showed New Europe examples of his own PNRs, where details like, what book he was reading, the purpose of his visit and future plans are recorded.

The biggest challenge, a daily occurrence according to Hasbrouck, is of stalkers trying to use agencies to find out details of their target’s movements. Possessing a PNR could provide information that could endanger people.

The author also has examples of how repressive regimes use PNR access to stifle opposition. He says that, pre 9/11, he booked a group of human rights representatives to a Latin American country with a horrendous record of abuses. Noting the potential dangers, he kept a close eye on the PNR of his clients, who flew out to the country. The next thing he saw was that the record had been changed and their return flight was changed.

The activists were detained at the airport and flown home. Hasbrouck says that this could only have happened because the government could see the PNR and wait for the group to arrive and that simply changing the record meant that they could be ejected from the country without the usual deportation process.

So, why is Europe looking to make a deal with the US over PNR? Hasbrouck points to testimony by the Department of Homeland Security to the US Congress on 5 October, where their representative explained why: “To protect US industry partners from unreasonable lawsuits, as well as to reassure our allies, DHS has entered into these negotiations.”

Any agreement on PNR will not address the deeper concern, of the access to this data, not only by security services, but by anyone who can persuade any employee of a travel agency or similar organization, by fair means or foul, to let them look at anyone’s details, whoever they are, wherever they are travelling.

Hasbrouck says that customers should pressure the companies about how their details are stored and accessed, and complain if there is no log of who and where  has accessed their data.