Aug 10, 2007  |  By: LOU CHIBBARO J  | COMMENTS     

Under a security agreement reached July 26 between the United States and the European Union, the U.S. Department of Homeland Security (DHS) could obtain personal information about airline passengers flying into the U.S. from Europe, including information about a passenger’s “health or sex life.”

The agreement restricts the collection and use of such information to “exceptional” cases, where the “life of a data subject or of others could be imperiled or seriously impaired,” potentially due to the threat of a terrorist attack.

Similar to an earlier agreement, the new pact pertains only to airline Passenger Name Record or “PNR” data, which includes the information that airline employees or travel agents obtain from passengers or clients when they book a flight or join a frequent flyer program. Usually, this information is limited to a passenger’s name, address, phone number and destination, along with other logistical information such as his or her ticket, seat and check-in status.

But airline industry observers say some personal information potentially could get into a PNR data file through routine conversations between passengers and airline reservations clerks or travel agents about special travel needs or services, such as requests for a wheel chair, dietary needs, hotel lodging or contact information for a traveling companion.

“I am pleased to have signed an important agreement with the European Union today that will allow the Department of Homeland Security to continue using Passenger Name Record (PNR) data as an essential screen tool for detecting potentially dangerous transatlantic travelers,” said Michael Chertoff, secretary of the DHS, in a July 26 statement.

“Our frontline personnel did not have this tool on September 11,” Chertoff said. “Investigations after the attacks showed that PNR data would have, within a matter of moments, helped to identify many of the 19 hijackers by linking their methods of payment, phone numbers and seat assignments.”

Airline industry observers have said reservation clerks may enter any information a passenger may volunteer to give them during the reservation process in an “open field” section on the clerk’s computer terminal, but this information is usually limited to special needs or requests of the passenger.

The Washington Post created a stir in gay circles when it reported on July 27 that the U.S. European Union agreement included a passenger’s “sexual orientation” as part of the personal data collection category.

In fact, the term “sexual orientation” does not appear in the seven-page agreement or in accompanying letters of understanding from the U.S. and the European Union, which are considered part of the agreement.

Some gay activists are likely to consider the term “sex life,” which does appear in the document, to potentially pertain to someone’s sexual orientation, whether gay or straight.

Privacy rights groups have raised concerns that information about a passenger’s “health or sex life” or other personal characteristics — such as someone’s religion or political beliefs — could open the way for potential government abuse of such information, even if the information is intended to be used only rarely.

“The real story here is we do not use that type of information and we automatically filter out personal information with our computers,” said DHS spokesperson Laura Kechner.

“The only possible exception is if we learn of a possible threat,” Kechner said.

Under the agreement, the DHS will continue its current process of electronically accessing the PNR data from an air carrier’s reservation system before a plane takes off from Europe and begins its flight to the U.S. Beginning in January 2008, European air carriers will be required to send the PNR data in their reservations systems to the Department of Homeland Security through a so-called “push” system, under the terms of the new agreement.

A seven-page letter from the U.S. government that accompanies the agreement lists 19 categories of information that the DHS plans to routinely acquire and store from the PNR data. The 19 categories pertain to logistical and name-related information, including travel itinerary, reservation and ticket codes, and all available contact information.

The letter states that, “To the extent that sensitive EU PNR data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning the health or sex life of the individual), as specified by the PNR codes and terms which department has identified in consultation with the European Commission, are included in the above types of EU PNR data, DHS employs an ...