Commission did agree that PNR data can be used for CAPPS II testing, but the question is why?

- contrary to Mr Bolkestein's claim a whole host of US agencies will have access to the data
- lifetime travel dossiers to be created and held for 100 years on every traveller



Tony Bunyan, Statewatch editor, comments:

"It is very hard to see how the Commission can come to the conclusion that the safeguards on access to PNR data are "adequate" under Article 25 of the EC Directive on Data Protection. All the evidence coming out of the USA shows that this data will be: accessed by a multitude of agencies, is intended to be integrated into the US-VISIT and CAPPS II projects, and will be used to create lifetime travel dossiers on everyone flying to and travelling within the USA."



The record of the meeting of the European Parliament's Committee on Citizens Freedoms and Rights on 16 December 2003 shows that EU Commissioner Bolkestein told the parliament that:


"We have agreed to run a trial, to make a trial run on CAPPS II, but this data will be immediately destroyed and any further exercise involving CAPPS II will be subject to a new and separate agreement"

CAPPS II is the Computer Assisted Passenger Pre-Screening System. This corrects our earlier story (USA to use EU PNR data for CAPPS II testing despite assurances the agreement would not cover it). The confusion arose because until 16 December - the day the agreement was signed - Bolkestein had said that the agreement on the transfer of PNR data to the US was, in part, on the understanding that: "The arrangement will not cover the US Computer Assisted Passenger Pre-Screening System (CAPPS II)." Although the data collected during the "trials" may not be retained by the CAPPS II project or the US Department of Homeland Security it will be retained by the airline computer reservation systems indefinitely. The question remains as to why did the Commissioner agree to this and is a matter that the European Parliament may choose to raise when the formal agreement is put before it in February.

However, replies by two Commissioners to questions put by MEPs on the Committee reveal other, deeper, problems. Commissioner de Palacio made the extraordinary statement that "the United States actually have a data protection system as well as a system for the protection of privacy". The USA does not have a data protection law and its Privacy Law only protects US citizens' rights not those of foreigners.

Commissioner Bolkestein also told the Committee that:

"only the Department of Homeland Security, not other agencies"

would get access to passenger data unless there was a court order. This statement is incorrect. The US-VISIT Program, Increment 1, Privacy Impact Assessment (dated 18.12.03) says that the information will be accessed by:

"employees of DHS components - Customs and Border Protection, Immigration and Customs Enforcement, Citizenship and Immigration Services and the Transportation Security Administration"

The US-VISIT report adds that access will also be given to:

"consular officers of the State Department. Additionally, the information may be shared with other law enforcement agencies at the federal level, state, local, foreign or tribal level, who in accordance with their responsibilities, are lawfully engaged in collecting law enforcement intelligence information (whether civil or criminal)"

Thus numerous US agencies, at all levels, will "share" the information and add their own observations. During the negotiations on data protection clauses in the EU-USA agreements on extradition and judicial cooperation the US side admitted that they had no idea how many law enforcement agencies would have access to data collected from airlines computer reservations systems (CRS) in the EU.

The data to be collected under the US-VISIT programme is wider than the 34 categories of data which have to be supplied under the US PNR "requirements". It will also include "complete US address" and "for the first time, a photograph and fingerprints". Moreover, an individual who "declines to provide biometrics is inadmissible to the United States".

The US-VISIT system will "integrate" and allow for exchange of data between three existing US systems:

1. The Arrival and Departure Information System (ADIS)

2. The Passenger Processing Component of the Treasury Enforcement Communications System (TECS) - this has two components: the Interagency Border Inspection System (IBIS) that interfaces with Interpol and the US National Crime Information Center (NCIC) databases and second, the Advance Passenger Information System (APIS).

3. Automated Biometric Identification System (IDENT)

These systems are being changed to "accommodate additional data fields, to interface with other systems, and to generate various types of report based on the stored data" and interfaces to "facilitate the transfer of biometric information from IDENT to ADIS and from ADIS to TECS".

The data will be used to "enhance the security of American citizens, permanent residents and visitors" by identifying those "known to pose a threat or are suspected of posing a threat to the security of the US" or who "violate the terms of their admission to the USA" - it is unclear what these "terms" are.

CAPPS II will replace the existing system under which passengers to be subject to additional screening found "SSS" or "***" on both portions of their boarding ticket. Armed with the PNR (Passenger Name Record) of all passengers leaving the EU their data will be checked first against state records and commercial databases and then against wanted criminals and suspected terrorists in security and intelligence databases. The results will then be used to give all airline passengers, both travelling to and already inside the USA, a number and a colour ranking their perceived threat. "Red" will mean denial of boarding, "Yellow" additional screening, questioning or surveillance and "Green" for boarding.

CAPPS II and the US-VISIT programme will also access the biometric identifiers (fingerprints and photos) now taken on entry to the USA for all visitors requiring a visa to enter the country. Although EU citizens are currently exempt as from October 2004 all new passports will be required to carry biometric data.

Lifetime travel histories to be created and held for up to 100 years


From the USA Edward Hasbrouck comments that the impact of these systems is much more far reaching than generally realised. The Privacy Impact Assessment on the US-VISIT programme referred to above is silent on a number of key points. For example, the diagram on page 4 of the US-VISIT assessment shows that "biographic and biometric travel history" will be held on ADIS (Arrival and Departure Information System). How long these "travel histories" will be held is only shown by looking at the Federal Register of 12 December 2003 where the "System of Records Notice" shows that:

"Records will be retained for 100 years"

The Notice also shows that these records can be accessed without restriction by any law enforcement agency in the USA or any other country. In effect the:

"US-VISIT will be used to maintain a lifetime travel dossier for anyone who ever visits the USA, just as CAPPS-II will enable the maintenance of lifetime travel dossiers on anyone who ever travels by air to, from, or within the USA."

Hasbrouck says that these lifetime travel dossiers make "no sense as a security system, but a lot of sense as a surveillance system".

In addition there are no restrictions in the USA on the use of passenger data held by computerised reservations systems (CRS) who may use it for commercial purposes or give access to state agencies.

Officials in the USA say that negotiations with the EU have already started over the use of PNR data gathered in the CAPPS II system.

The next steps - a formal agreement has to be adopted by the Commission


The agreement signed on 16 December allowing the USA access to the PNR of air passengers leaving the EU has to be adopted as a formal decision by the European Commission. The procedure is that such an agreement is an implementing measure under the 1995 EC Directive on Data Protection. The relevant powers are under Article 25 (Transfer of personal data to third countries) which allow the Commission to decide that an "adequate" level of protection is being offered by the USA. The formal decision is taken by the Commission's Article 31 Committee comprised of representatives of each EU member state which decide by majority voting. The powers of the European Parliament to intervene are very limited, it can only pass a Resolution on the grounds that the draft implementing measure "would exceed the implementing powers provided for in the basic instrument". The EU's Article 29 Working Party on Data Protection also has to be consulted for its opinion - which is unlikely to be favourable as they have: "declined to adopt or approve the text, on the grounds that the transfer of PNR to the US are in any case illegal and nothing should be done to blur that fact". It is expected that the Commission will produce a draft at the beginning of February.

1. The US-VISIT Program, Increment 1, Privacy Impact Assessment (dated 18.12.03) (pdf)
2. See also Statewatch's Observatory on PNR


Statewatch News online | Join Statewatch news e-mail list | Download a free sample issue of Statewatch bulletin

Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author.
Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.