There are insufficiently granular controls on PNR access, with no geographic or purpose limitations on access to any PNR by any CRS user, anywhere in the world. The network of CRSs was the first and remains one of the largest global, real-time, outsourced, “cloud” data storage and retrieval systems, connecting tens of thousands of travel companies and storing business records about hundreds of millions of individuals. The PNR data ecosystem was designed to maximize seamless, frictionless, real-time global availability of this information. PNRs are created by airlines, travel agencies, tour operators, and other travel companies, and are stored in databases of airlines and/or outsourced Computerized Reservation Systems (CRSs or GDSs) such as Sabre, Amadeus, Worldspan, and Galileo. Police are eager to get access to PNR data because they know how much sensitive and private information PNRs contain or can reveal. PNRs typically contain credit card numbers, telephone numbers, email addresses, and IP addresses, allowing them to be easily merged with financial and communications metadata. PNR data reveals our associations, our activities, and our tastes and preferences. Perhaps the best way to conceptualize PNR data is as “ metadata about the movements of our bodies.” As such, PNR data can be even more intimate than the metadata about the movement of our messages obtained through Internet or telephone surveillance, or the metadata about the movements of our money obtained from banks and other financial institutions. A single PNR can contain data about an entire family or tour group, and about all services for their trip from multiple providers: air and train travel, hotels, car hire, etc.
Passenger Name Records are commercial records used to store airline reservations and records related to other travel services. To answer this question requires understanding (1) what PNRs are, (2) how PNRs and other travel data are already being used by European governments, (3) how this would change if the proposed EU PNR directive is approved, and (4) why and how the provisions in the proposed directive that are supposed to protect individuals’ rights would be ineffective. What does this mean, why does it matter, and why should this proposal be rejected?
This week the European Parliament is scheduled to debate (Wednesday) and vote (Thursday) on a resolution ( PDF) to approve, with amendments, a proposed compromise on a directive “on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.”
0 kommentar(er)
