E.U. Satisfied With Data Sharing

By Ellen Nakashima
Washington Post Staff Writer
Friday, January 12, 2007

European Union officials said yesterday that the U.S. government had allayed their concerns about a homeland security program that creates and retains risk assessments on millions of air travelers to the United States.

But privacy advocates here and in Europe this week sent a letter to E.U. privacy commissioners charging that the Department of Homeland Security's Automated Targeting System "directly contravenes" a European-U.S. agreement on air-passenger data sharing.

The computerized screening program was designed to help U.S. Customs and Border Protection identify potential terrorists and prevent them from entering the United States. The system is used on about 90 million air passengers, cruise-ship passengers and some automobile drivers and passengers entering the country each year, Customs officials said. Those it flags are further scrutinized.

An E.U. spokesman in Washington, Telmo Baltazar, said Homeland Security officials assured the Europeans that the screening system observed privacy protections called for in the data-sharing agreement.

"A risk assessment is a normal law enforcement tool," Baltazar said yesterday. "The alternative to risk assessments is to consider everyone alike."

But in a letter to the chief privacy officials of 27 countries, the American Civil Liberties Union and London-based Privacy International said the Automated Targeting System violated the October data-sharing accord, U.S. law and European data-protection laws.

The system's creation of terrorist risk assessments on all passengers, the storing of profiles for as long as 40 years, and the fact that passengers have no right to see, modify or correct the information violates the agreement, the groups said.

"The ATS is a clear threat to privacy and human rights," Simon Davies, the director of Privacy International and Barry Steinhardt, the ACLU's Technology and Liberty Project director, said in the letter.

Jarrod Agen, a Department of Homeland Security spokesman, said the program did not violate the requirement that European passenger data be stored for 3 1/2 years at the most. He said the U.S.-E.U. agreement stipulates that some information may be kept for less than 40 years.

The air-passenger profiling program has been operating for about 10 years, Customs officials said, but its existence was not widely known until November, when it was described in the Federal Register

Under the U.S.-E.U. agreement, up to 34 types of information can be collected, including names, credit card data and flight itineraries. Sharing and use of the information is restricted. The agreement is due to be renegotiated this summer.

Concerns also have been raised in Congress and by privacy advocates that information can be shared with a wide range of federal, state, and local government agencies for purposes other than border security and that the passenger assessments violated a congressional ban on developing such programs.

© 2007 The Washington Post Company