DHS Report shows lack of compliance with the EU-US PNR agreement

By EDRi · January 14, 2009

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The Privacy Office of the U.S. Department of Homeland Security (DHS)
released in the second part of December 2008 a report regarding the
Passenger Name Record (PNR) information from the EU-US flights.

Even though the official conclusion of the authors is that DHS handling of
PNR data “is in compliance with both US law and the DHS-EU agreement on USA
access to, and use of, PNR data related to flights between the EU and the
USA.” In reality the report shows a number of major disfunctionalities that
proves the DHS did not comply with the EU agreement or with the US
legislation in its use of PNR, that includes data from Europeans that travel
to US.

According with the second PNR agreement between US and EU, there should have
been periodic joint US-EU reviews of compliance. But the present report is
just an unilateral internal review conducted within the DHS, which did not
include EU representatives or any outside experts in PNR data.

A detailed analysis by the Identity Project in the US shows the specific DHS
compliance failings resulted from the report:

– Requests for PNR data have typically taken more than a year to
answer – many times longer than the legal time limits in the Privacy Act and
Freedom of Information Act;

– When individuals have requested “all data” about them held by the DHS,
often they have not been given any of their PNR data;

– Because of this, the vast majority of requesters who should have
received PNR data did not;

– PNR data has been inconsistently censored before it was released;

– A large backlog from the initial requests for PNR data remains
unanswered, more than a year later.

The results of the report are in line with the findings of the earlier
reports of the Identity Project that revealed the practical problems in
accessing your PNR data with the DHS. These problems are the same that the
European citizens might face in getting access to their data from DHS

A clear example is the last year request from MEP Sophia In ‘t Veld to get
her PNR information – a request which received a first false claim from DHS
that they didn’t have any record of her trip.The MEP finally received her
PNR data after EFF lawyers filed a Federal lawsuit on her behalf, but the
data was late, clearly incomplete, and inconsistently and inappropriately
redacted, according with a well-known PNR expert, Edward Hasbrouck .

A report concerning Passenger Name Record Information derived from flights
between the US and the European Union (18.12.2008)
http://www.dhs.gov/xlibrary/assets/privacy/privacy_pnr_report_20081218.pdf

DHS admits problems in disclosing travel surveillance records (24.12.2008)

DHS admits problems in disclosing travel surveillance records

Can you really see what records are kept about your travel? (30.12.2008)
http://hasbrouck.org/blog/archives/001595.html

European Lawmaker Sues U.S. Agencies to Obtain Travel-Related and Other
Personal Information (1.07.2008)
http://www.eff.org/press/archives/2008/07/01

EDRi-gram: Final agreements between EU and USA on PNR and SWIFT (4.07.2007)
http://www.edri.org/edrigram/number5.13/eu-us-pnr-swift