The Washington Post reports that the United States and the European Union signed an agreement this week detailing the amount of private information the U.S. can obtain on EU citizens traveling to and from the United States, what kinds of information can be gathered, and for how long the data may be stored.
Privacy advocates in the U.S. and the E.U. immediately questioned the agreement's sweeping expansion of data mining of travelers’ private information, including such data fields as medical history, religious affiliation, trade union membership, sexual orientation, and sexual partners.
According to WaPo:
U.S. Homeland Security Secretary Michael Chertoff praised the pact as an "essential screening tool for detecting potentially dangerous transatlantic travelers." If available at the time of the Sept. 11, 2001, attacks, Chertoff said, such information would have, "within a matter of moments, helped to identify many of the 19 hijackers by linking their methods of payment, phone numbers and seat assignments."
Paul Rosenzweig, Homeland Security’s deputy assistant secretary for policy, explained that the broad categories of information gathered are due to U.S. authorities' fears of risks they haven't yet imagined. Rosenzweig justified the unusual data fields if, for example, U.S. officials learned of an alert about passengers who request wheelchairs hiding bombs in leg casts.
While the Washington Post article offers some history on the agreement and the nature of data to be collected, VNUnet.com offered some different details:
Information will be used only for preventing terrorism and "other serious offences that are transnational in nature", according to a statement from the Commission. But it will be accessible by any US law enforcement agency in pursuit of " serious crimes".
The agreement has been accompanied by an Exchange of Letters wherein the DHS sets out to the Commission how the data will be handled.
However, procedures for monitoring the agreement to ensure that the US is not misusing the data will not be proposed by the Commission until October.
"I can't see any valid reason why [DHS] would need to retain PNR data for that length of time," said Graham Titherington, principal analyst at Ovum. "But the primary concern is not the length of time but that the data is being exchanged at all."
"This information will be hacked; it will leak at some point," Titherington warned.
The Center for Democracy and Technology policy director, Jim Dempsey, told the Post:
The agreement does not yet include limitations on the use or sharing of the data, although there are some general guidelines:
Although Homeland Security has said it will move passenger information to "dormant" status after seven years and "expects" to erase it after 15 years, it notified the E.U. that expiration of data will be subject to "further discussions."
Dutch lawmaker Sophia in't Veld, the European Parliament's standing rapporteur on Passenger Name Records, said the agreement gives a green light to U.S. authorities to use confidential information for unstated purposes. Stavros Lambrinidis of Greece, vice chairman of the parliament's civil liberties, justice and home affairs committee, warned that it allows extra data collection not just in counterterrorism cases but for "a vast and in some cases unidentified number of crimes. So we have function creep."
The Electronic Privacy Information Center has more on the development of the agreement between the E.U. and the U.S. here.