May 18 2010

USA presses travel surveillance and control agenda at ICAO

The International Civil Aviation Organization (ICAO) has been holding another round of meetings this week at its headquarters in Montreal.  As we predicted, the US delegation has been pressing its vision of an integrated and standardized global system of surveillance and control of air travel, in which government access would be built into airline reservation systems (think, “CALEA for CRSs and PNR data”, worldwide) and government permission would be a prerequisite to boarding any flight on what used to be considered a “common carrier” required to transport all comers.

It’s hard to know what’s going on at ICAO meetings if you aren’t there (think of other international bodies like the WTO and WIPO), and no privacy or civil liberties group was in attendance. But outsiders can get some sense what’s in ICAO’s pipeline from its own recently-published Vision 2020 10-year plan and from the working papers submitted by participants in last week’s sessions of the facilitation panel, including these:
Read More

May 18 2010

TSA still has no answers to key questions about “Secure Flight”

The procedures and timeline for implementation of the TSA’s Secure Flight scheme for identity-based surveillance and control of airline passengers are spelled out not in laws or published regulations but in secret Security Directives to airlines.  So we noted with considerable interest this report today by travel journalist Charlie Leocha of a relatively rare public appearance by the head of the Secure Flight program (emphasis added below):

Paul Leyh, TSA Director Secure Flight Program, claimed that all U.S. airlines will be enrolled in Secure Flight within a month and that all foreign carriers will be working in the program by the end of 2010.

Speaking at U.S. Travel Association’s Pow Wow conference to encourage foreign tourism, Leyh noted that TSA is about to complete their mission of … performing the [watchlist] matches prior to allowing passengers to board….

The system sounds simple, however, there were significant IT hurdles to be overcome. Expanded data field requirements for online travel agents such as Expedia, Travelocity, Orbitz and Priceline were more complex than originally thought. The new data collection by brick and mortar travel agents meant internal profile systems to accommodate the storage of this very valuable and confidential information had to be developed…

Foreign journalists attending the press conference asked whether there is a judicial process to use should the normal DHS TRIP process not result in having your name cleared. Leyh didn’t have an answer for that question….

Leyh didn’t have an answer about privacy issues regarding the GDS [Global Distribution Systems, also known as Computerized Reservation Systems], airline reservation systems or travel agents who are allowed to keep all passenger information indefinitely and who fall under no privacy legislation.

Leyh may not have had answers today, but the TSA can’t avoid those questions forever, especially when they are being raised from abroad.  Last month, the European Parliament voted to include both judicial review of no-fly orders and a review of US government access to CRS/GDS data in its conditions for any agreement to give the DHS access to data about passengers on flights between the EU and the US.