Battle Over EU Flight Passenger Data Rages on
Digital rights organizations have hit out at new agreements to transfer information about flight passengers in Europe to the U.S. and Australia.
Fresh negotiations on the so-called PNR (Passenger Name Register) 2007 deal are currently taking place and last week draft agreements on the transfer and retention of air passenger data were leaked.
The agreements, which would require airlines to send passenger information to the U.S. Department of Homeland Security and Australia's Customs and Border Protection, has provoked outrage among civil liberties groups.
This data would allow for profiling --- the use of data for sorting passengers into risk categories based on pre-defined and secret criteria -- without an initial suspicion or criminal lead, according to the European Digital Rights group EDRi.
Members of the European Parliament (MEPs) have also criticized the plan and refused to even vote on it in May 2010.
"We are skeptical about the absolute necessity of a European system of flight data storage," said German MEP, Manfred Weber. "So far, the U.S. and other countries using the PNR system have failed to convince us about its necessity."
The data, including credit card details, phone numbers and home addresses, could be stored for up to five and a half years in Australia and 15 years in the U.S. There are also provisions for onward transfer of the data to third agencies and countries.
Meanwhile, international data security company Imperva has warned that PNR data, in particular the Advanced Persistent Threats (APT), would be a target for hackers. Instead of stealing data, APT hackers could try to insert entries and give them "no need to check at all" clearance or try to gain information about a person and use it to create fake passports, said Tal Be'ery, Imperva's Web research team leader.
"Of course -- it doesn't have to be a digital attack," Be'ery said. "An attacker may convince some employee, even low ranking one, to give him some (or all) data. I'm not saying that this database shouldn't exist because of these reasons -- it should be closely defended and guarded as a prime target of APT."
The European Council of Justice and Home Affairs Ministers are due to discuss the draft agreement on June 9.