Battle over EU flight passenger data rages on

Groups say plans to give E.U. citizens' data to the U.S. and Australia breaches civil liberties and is a security threat

Digital rights organizations have hit out at new agreements to transfer information about flight passengers in Europe to the U.S. and Australia.

Fresh negotiations on the so-called PNR (Passenger Name Register) 2007 deal are currently taking place and last week draft agreements on the transfer and retention of air passenger data were leaked.

The agreements, which would require airlines to send passenger information to the U.S. Department of Homeland Security and Australia's Customs and Border Protection, has provoked outrage among civil liberties groups.

This data would allow for profiling --- the use of data for sorting passengers into risk categories based on pre-defined and secret criteria -- without an initial suspicion or criminal lead, according to the European Digital Rights group EDRi.

Members of the European Parliament (MEPs) have also criticized the plan and refused to even vote on it in May 2010.

"We are skeptical about the absolute necessity of a European system of flight data storage," said German MEP, Manfred Weber. "So far, the U.S. and other countries using the PNR system have failed to convince us about its necessity."

The data, including credit card details, phone numbers and home addresses, could be stored for up to five and a half years in Australia and 15 years in the U.S. There are also provisions for onward transfer of the data to third agencies and countries.

Meanwhile, international data security company Imperva has warned that PNR data, in particular the Advanced Persistent Threats (APT), would be a target for hackers. Instead of stealing data, APT hackers could try to insert entries and give them "no need to check at all" clearance or try to gain information about a person and use it to create fake passports, said Tal Be'ery, Imperva's Web research team leader.

"Of course -- it doesn't have to be a digital attack," Be'ery said. "An attacker may convince some employee, even low ranking one, to give him some (or all) data. I'm not saying that this database shouldn't exist because of these reasons -- it should be closely defended and guarded as a prime target of APT."

The European Council of Justice and Home Affairs Ministers are due to discuss the draft agreement on June 9.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags legalU.S. Department of Homeland SecurityEuropean Digital Rights

More about APTEUEuropean ParliamentImperva

Show Comments
[]