Ars Technica asks DHS for PNR data, but gets none of it
Cyrus Farivar, Senior Business Editor at Ars Technica, reports today on the initial response to his Freedom Of Information Act (FOIA) request to US Customs and Border Protection (CBP) for CBP’s records about his travel history, including CBP’s copies of airline Passenger Name Records (PNRs).
Nine months after making his request (seven months longer than the maximum allowed by law), Mr. Farivar received 72 pages from the CBP TECS database including a log of his exits and entries from the US for the last 20 years, beginning in 1994 when he was 12 years old. He also received one report of a “secondary inspection”. He didn’t even remember the incident, but one of the CBP agents who questioned him recorded in his permanent CBP file that he was a journalist, in apparent violation of the prohibition in the Privacy Act on keeping records of how US citizens like Mr. Farivar exercise rights protected by the First Amendment.
Most significantly, despite explicitly requesting “any and all Passenger Name Records,” Mr. Farivar received none of them, even though CBP requires all airlines operating flights to, from, or through the airspace of the US to provide them to CBP, in their entirety including any information collected by airlines or their agents for their own business purposes, or entered into PNRs by other travel companies for their business purposes.
CBP’s response to Mr. Farivar was typical. As we’ve noted previously, two New York Times reporters are suing the DHS (the parent department of CBP) for failing to provide records about their travel which they requested, including PNR data. CBP Every response we have seen to a request to CBP for its travel history records about an individual has been obviously incomplete, in one or another way. We’ve seen other CBP secondary inspection records recording a traveler’s profession, what book a traveler was reading, and other information about activities protected by the First Amendment. See the examples in our reports here and here and this presentation.
Mr. Farivar has filed an administrative appeal, as should anyone who receives such a response. CBP claimed to have lost all record of one of our appeals, and of the person who signed the certified mail receipt for it. We had to sue before we received much of our PNR data. While our request was pending CBP retroactively exempted most of the data in its “Automated Targeting System” from the access requirements of the Privacy Act, but some PNR data should still be available, albeit partially redacted, in response to a FOIA request.
If you’d like to find out some of what records CBP has about you, we’ve provided forms here. Please let us know if you’d like help interpreting responses.