By Paul Lewis and Spencer S. Hsu
Washington Post Staff Writers
Friday, July 27, 2007
The United States and the European Union have agreed to expand a security program that shares personal data about millions of U.S.-bound airline passengers a year, potentially including information about a person's race, ethnicity, religion and health.
Under the agreement, airlines flying from Europe to the United States are required to provide data related to these matters to U.S. authorities if it exists in their reservation systems. The deal allows Washington to retain and use it only "where the life of a data subject or of others could be imperiled or seriously impaired," such as in a counterterrorism investigation.
According to the deal, the information that can be used in such exceptional circumstances includes "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership" and data about an individual's health, traveling partners and sexual orientation.
Airlines do not usually gather such data, but officials say it could wind up in passenger files as a result of requests for special services such as wheelchairs, or through routine questioning by airline personnel and travel agents about contacts, lodging, next of kin and traveling companions. Even a request for a king-size bed at a hotel could be noted in the database.
The data now stored includes names, addresses and credit card information as well as telephone and e-mail contacts, itineraries, and hotel and rental car reservations.
The deal, signed yesterday by the United States and approved Monday in Europe, provoked alarm from privacy and civil-liberties groups on both sides of the Atlantic. "What Americans should be concerned about is it is now here in black and white: The government will maintain a database of all travelers -- including travelers of U.S. citizenship, including people who are believed to be no risk or threat . . . the government will maintain that and data-mine it," said Jim Dempsey, policy director for the Center for Democracy and Technology, a Washington-based advocacy group.
Peter Hustinx, the E.U.'s privacy supervisor, expressed "grave concern" over the plan, which he said is "without legal precedent." He wrote to E.U. officials on June 27, "I have serious doubts whether the outcome of these negotiations will be fully compatible with European fundamental rights."
U.S. Homeland Security Secretary Michael Chertoff praised the pact as an "essential screening tool for detecting potentially dangerous transatlantic travelers." If available at the time of the Sept. 11, 2001, attacks, Chertoff said, such information would have, "within a matter of moments, helped to identify many of the 19 hijackers by linking their methods of payment, phone numbers and seat assignments."
U.S. customs officials began collecting Passenger Name Record data in 1992 for inbound international flights and enforced the requirement after the 2001 attacks. The government now stores data on nearly all 87 million passengers who arrive in the country by air each year, most of them from Europe, in a master border security database, Homeland Security officials said.
The government combines such information with terrorist watch lists, other databases and sophisticated computer algorithms to detect high-risk travelers, in ways that watchdog groups say it has not adequately explained.
The agreement announced yesterday extends and expands a 2004 arrangement between the United States and the European Union. That pact was struck down on a technicality in May by Europe's highest court, which gave both sides until July 31 to negotiate a new deal. The United States had threatened to turn back flights otherwise.
Paul Rosenzweig, Homeland Security's deputy assistant secretary for policy, said sensitive information that is subject to extensive restrictions in Europe, such as data on religious beliefs and sex partners, is routinely filtered out by U.S. computer systems. To his knowledge, he said, the U.S. government has never invoked its authority to use such information.
On the other hand, Rosenzweig said, such data might be important if U.S. authorities learn of an alert about passengers who request wheelchairs hiding bombs in leg casts, or a warning about a threat to a political gathering, or a health emergency affecting people with communicable diseases such as tuberculosis.
Mostly, Rosenzweig said, it is threats that authorities have not thought about that worry them. "We are just not going to bind ourselves not to have full access to information that might be in Passenger Name Records if there is a severe predication and reason to do that," he said.
Under the new accord, which will take effect in August and continue through July 2014, Europe allowed the United States to extend how long it can store data -- to 15 years from 3 1/2 years. Beginning in January 2008, airlines will be required to send, or "push," data from their reservation systems to the Homeland Security Department 72 hours before a flight departs, expanding an existing "pull" system in which the department retrieves information from carriers.
Washington won the authority to share data liberally within the government and with third countries at the discretion of Homeland Security officials, but agreed to E.U. demands to limit its uses to counterterrorism, probes of serious crimes, public health emergencies and flights from custody.
The United States reduced the number of fields from which it will collect information about each passenger, from 34 to 19, but expanded the amount of data covered by some fields. Washington assured the European Union that its citizens will continue to have the same administrative protections as Americans to obtain information collected about them and to seek to correct errors.
Although Homeland Security has said it will move passenger information to "dormant" status after seven years and "expects" to erase it after 15 years, it notified the E.U. that expiration of data will be subject to "further discussions."
Dutch lawmaker Sophia in't Veld, the European Parliament's standing rapporteur on Passenger Name Records, said the agreement gives a green light to U.S. authorities to use confidential information for unstated purposes. Stavros Lambrinidis of Greece, vice chairman of the parliament's civil liberties, justice and home affairs committee, warned that it allows extra data collection not just in counterterrorism cases but for "a vast and in some cases unidentified number of crimes. So we have function creep."
U.S. officials said the agreement with Europe -- which has stronger data-protection laws than many countries, including the United States -- is likely to serve as a template for similar U.S. agreements covering travelers from Asia, South America and other regions, and for Europeans to set up their own, similar system.
Staff writer Ellen Nakashima contributed to this report.