So there was a great article today on De Correspondent, in Dutch only (here is a crude GTranslate version) which outlined exactly what data is collected when the average EU citizen goes on a trip to the US. Here's the gist of the story, because I think it is worth discussing.
It starts when you book your flight. As soon as you're through the process, the airline creates what's called a Passenger Name Record, PNR. The airline has to provide all the PNRs of a flight 72 hours before it departs. If an airline refuses this policy, they are banned from landing on U.S. soil. The EU Parliament tried to stop this on grounds of violating privacy, but they sadly failed to stop it.
The PNR holds not just all the information you enter when you book your flight, but also your creditcard / payment information and the IP address of where you booked from. The guy in the introduction of the article got questioned three times during his flight because his internet provider, Vodafone, accidentally passed a Jordanian IP address to the PNR.
After Homeland Security checks your PNR to see if you are a threat, they connect it to an even larger system of information called the Automated Targeting System - Passengers, or ATP-S. Here's the startlingly long list of information that is in there, from this HS pdf:
• Name
• Alias
• Address
• Phone number
• License Registration
• Date of Birth
• Country of citizenship
• Country of birth
• Payment/Billing information (e.g., Credit Card or Debit Card Numbers as available)
• Gender
• Travel Document type and number, issue date, city, state, country
• Visa type and number, issue date and location
• Employment occupation code
• Fingerprint Number (FIN), where available
• Person’s Physical Characteristics (height, weight, eye color, hair color, etc.)
On top of that, because there's also the ESTA waiver program and the PNR information, they also have:
• Marital Status
• Social Security Number
• Photo of your face
• Fingerprints of all ten fingers
• Alien number
• Income records
• Credit card reports
• Records of all your flights of the past years
If you've booked a hotel with your flight, they also have
• Hotel reservation details (how many beds, what nights, where)
• Information of who's in the same room as you
And then there's the icing on the cake. When I enter the airport, my license plate is registered. While waiting for my flights, cameras analyze my behaviour in hopes of finding 'unusual behaviour' that might classify me as a terrorist.
I know there was a large amount of data being collected, but this is much more than I'd expected. I mean, I can hardly change anything about it, but at least now I realize to what extent my data is being used. What do you guys think about this? Did you know about this?
When it comes to mass surveillance, nothing surprises me any more. When I hear a helicopter flying above my city at night, I just assume that they're doing aerial recoinnassance using a thermographic camera. The fact that this is a military zone doesn't help to soothe my paranoia.
When I pass in front of a camera, whether it's a laptop or a smartphone or a cheap-looking security camera, I instinctively try to behave as though someone, somewhere is watching me and recording my every move.
Right now I'm thinking that this comment will probably be archived by a few agencies and could be used against me at some point in the future. Sounds crazy, right? Until you learn that something as simple as using encrypted communications is enough to attract the attention of the NSA, which means I'm probably on some kind of list already.
My first reaction after reading your comment was simply "just another good reason not to use airplanes or visit the USA". How much attention has this article received in the Dutch media? Part of me still clings to the hope that people will start caring... eventually...