WIRED Staff
Security

Gov Now Wants More Air Flyer Data, Redux

Leveraging the arrests in Britain of 11 people who allegedly plotted to bring down airliners flying from the UK to the United States, the Department of Homeland Security is intending to renew its efforts to get deeper access to travel databases, both foreign and domestic. This story is getting old, perhaps as old as the […]

words wash rinse repeatLeveraging the arrests in Britain of 11 people who allegedly plotted to bring down airliners flying from the UK to the United States, the Department of Homeland Security is intending to renew its efforts to get deeper access to travel databases, both foreign and domestic.

This story is getting old, perhaps as old as the stories about babies, nuns, terror fighters and Congressmen being snagged by watchlists.

I wrote my first one of these in January 2003, nearly three and a half years ago. That one is not much different from today's New York Times story.

A proposal by Homeland Security Secretary Michael Chertoff would allow the United States government not only to look for known terrorists on watch lists, but also to search broadly through the passenger itinerary data to identify people who may be linked to terrorists, he said in a recent interview.

Similarly, European leaders are considering seeking access to this same database, which contains not only names and addresses of travelers, but often their credit card information, e-mail addresses, telephone numbers and related hotel or car reservations.[...]

The proposals, prompted by the recent British bomb-plot allegations, have inspired a new round of protests from civil libertarians and privacy experts, who had objected to earlier efforts to plumb those repositories for clues.

øThis is a confirmation of our warnings that once you let the cameløs nose under the tent, it takes 10 minutes for them to want to start expanding these programs in all different directions,ø said Jay Stanley, a privacy expert at the American Civil Liberties Union.

The United States already has rules in place, and European states will have rules by this fall, allowing them to obtain basic passenger information commonly found in a passport, like name, nationality and date of birth. American officials are pressing to get this information, from a database called the Advance Passenger Information System, transmitted to them even before a plane takes off for the United States.

But a second, more comprehensive database known as the Passenger Name Record is created by global travel reservation services like Sabre, Galileo and Amadeus, companies that handle reservations for most airlines as well as for Internet sites like Travelocity.

Each time someone makes a reservation, a file is created, including the name of the person who reserved the flight and any others traveling in the party. The electronic file often also contains details on rental cars or hotels, credit card information relating to travel, contact information for the passenger and next of kin, and at times even personal preferences, like a request for a king-size bed in a hotel.

Actually, PNRs aren't a database, they are entries in databases that are linked together. In fact, the travel database system is likely the second biggest interconnected set of computers in the world.

Very little is required in a PNR, though it can hold a lot, ranging from the credit card you used to buy the ticket, to the name of all of your travelling companions, your travel agents name and medical problems you may have.

What we are seeing in this New York Times story is the Department of Homeland Security laying the groundwork for the upcoming announcement of the newest version of a domestic internal passport check, called Secure Flight.

The program will likely:

  1. require you to provide your name, address, date of birth and telephone number, under penalty of perjury, whenever you book an airline reservation,
  2. use commercial data services such as ChoicePoint, Acxiom or LexisNexis to gather more information on you,
  3. explicitly require passengers to show identification, and
  4. seek to keep your travel history or be get it from the reservation services that host most airlines' records.

There's a whole host of reasons why this may be overkill, too expensive for airlines and the travel industry and likely ineffective at stopping a would-be terrorist (Carnival Booth, the Slate method and identity theft, (pdf)).

But the government will say their intention is simply to cross-check this data with terrorist watch lists and that it will be better than the current system.

At least that's what will publicly tell you that the program is intended for.

They may well have other plans to use the data or feed a copy to the FBI or NSA.

That's not paranoia, because the previous iteration of the program – killed off after the Transportation Security Administration admitted to misleading both Congress and the media about secretly using millions of travel records to test their theories – had a secret purpose.

I can't tell you what it is, but I can prove to you it existed.

Photo: Icathing