Schneier on Security
A blog covering security and security technology.
« Electronic Voting in Ireland |
| Physical Access Control »
December 22, 2004
Airline Passenger Profiling
From an anonymous reader who works for the airline industry in the United States:
There are two initiatives in the works, neither of which leaves me feeling very good about privacy rights.
The first is being put together by the TSA and is called the "Secure Flight Initiative." An initial test of this program was performed recently and involved each airline listed in the document having to send in passenger information (aka PNR data) for every passenger that "completed a successful domestic trip" during June 2004. A sample of some of the fields that were required to be sent: name, address, phone (if available), itinerary, any comments in the PNR record made by airline personnel, credit card number and expiration date, and any changes made to the booking before the actual flight.
This test data was transmitted to the TSA via physical CD. The requirement was that we "encrypt" it using pkzip (or equivalent) before putting it on the CD. We were to then e-mail the password to the Secure Flight Initiative e-mail address. Although this is far from ideal, it is in fact a big step up. The original process was going to have people simply e-mail the above data to the TSA. They claim to have a secure facility where the data is stored.
As far as the TSA's retention of the data, the only information we have been given is that as soon as the test phase is over, they will securely delete the data. We were given no choice but had to simply take their word for it.
Rollout of the Secure Flight initiative is scheduled for "next year" sometime. They're going to start with larger carriers and work their way down to the smaller carriers. It hasn't been formalized (as far as I know) yet as to what data will be required to be transmitted when. My suspicion is that upon flight takeoff, all PNR data for all passengers on board will be required to be sent. At this point, I still have not heard as to what method will be used for data transmission.
There is another initiative being implemented by the Customs and Border Protection, which is part of the Department of Homeland Security. This (unnamed) initiative is essentially the same thing as the Secure Flight program. That's right -- two government agencies are requiring us to transmit the information separately to each of them. So much for information sharing within the government.
Most larger carriers are complying with this directive by simply allowing the CBP access to their records directly within their
reservation systems (often hosted by folks like Sabre, Worldspan, Galileo, etc). Others (such as the airline I work for) are opting to
only transmit the bare requirements without giving direct access to our system. The data is transmitted over a proprietary data network that is used by the airline industry.
There are a couple of differences between the Secure Flight program and the one being instituted by the CBP. The CBP's program requires that PNR data for all booked passengers be transmitted:
- 72 hours before flight time
- 24 hours before flight time
- 8 hours before flight time
- and then again immediately after flight departure
The other major difference is that it looks as though there will be a requirement that we operate in a way that allows them to send a request for data for any flight at any time which we must send back in an automated fashion.
Oh, and just as a kick in the pants, the airlines are expected to pay the costs for all these data transmissions (to the tune of several thousand dollars a month).
Posted on December 22, 2004 at 10:06 AM
• 10 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Why is there "no way of verifying this information" if wired.com reported it on already november 24?
"U.S. airlines turned over a month's worth of passenger data Tuesday to Homeland Security officials, who want to test a massive, centralized passenger-screening system.
The Transportation Security Administration ordered America's 72 airlines to turn over their June 2004 domestic passenger flight records by Tuesday afternoon. The airlines had initially questioned the order because of privacy concerns, but they all complied.
The agency wants the records -- which can include credit card numbers, phone numbers and health information -- to test a system called Secure Flight. Currently, passengers are screened by the airlines, which check itineraries against a set of watch lists provided by the government. The TSA hopes to reduce the number of people flagged incorrectly by performing the checks itself using an expanded, centralized terrorist watch list.
Privacy advocates contend that the list-based system is ineffective and that passengers with names similar to suspected terrorists would still be snagged under the new system.
The TSA plans to evaluate the system over the next 90 days in hopes of rolling out the system in the spring.
Congress, however, has barred the system from airports until the Government Accountability Office certifies that the system is effective and not overly invasive.
This is not the first time airlines have turned over passenger data to help test an antiterrorism screening system, but it is the first time that the transfers were not secret."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.