Why should I care about PNR?

September 7th, 2011 § 3 comments


By Edward Hasbrouck

A “PNR” is a “Passenger Name Record” in the database of a travel company such as an airline, travel agency, or tour operator.

A single PNR can contain information about airline and hotel reservations
and other travel services for one person or for a group of people
traveling together. PNRs can include contact and identifying information
(home address, mobile phone number, date of birth, credit card number,
passport number, etc.) and personal details about your travel preferences
and your associations with other people: Did you ask for a halal meal or a
kosher meal on your flight? Did you ask for one bed or two in your hotel
room? Did someone else pay for your ticket? If so, who?

A PNR can contain much more information than is shown on an e-ticket
confirmation. Most people have never seen a PNR. Travelelers don’t know
what’s in their PNRs, and can’t control what travel companies put in their
PNR databases. Governments like to say that PNRs contain only information
voluntarily provided by travelers. But that’s not true. Airlines, travel
agencies, and tour operators use PNR data as their customer relationship
management system. Travel companies can, and do, include all sorts of
information in PNRs, such as what you said to customer service staff.

All of this information is available to governments and travel companies
around the world. There are no geographic limits on access to PNR data.
Most European travel agencies, tour operators, and airlines outsource the
hosting of their PNR databases to Computerized Reservation Systems (CRSs)
based in the USA. In most cases, even if you are flying *within* Europe,
your reservation is stored on servers in the USA!

The one major CRS based in Europe, Amadeus, has offices in the USA (and
other countries around the world) with unrestricted access to all Amadeus
PNRs, including PNRs for flights within Europe.

Any office of the travel agency or tour operator, or the airline, or CRS,
anywhere in the world, can retrive the entire PNR. No logs are kept of
which CRS users, in which countries, have retreived your PNR data. Even
the airline or CRS doesn’t know to which countries your PNR data has been
transferred, or which governments around the world may have obtained it.

Governments can obtain your PNR data by ordering an airline or CRS office
in their country to retrieve your PNR and give it to the government. In
the USA, for example, the government can use an administrative “National
Security Letter” to to order a CRS to hand over PNR data. A judge does not
have to approve or review the NSL. The CRS can be ordered to keep secret
from the airline or the traveler the fect that it has received an NSL
given your PNR data to the government. There is no way to know how often
this happens.

All of this violates EU data protection rules. Because of the lack of
geographic access controls or access logging in CRSs, travel companies
couldn’t comply with EU data protection laws, even if they wanted to.

But that’s not enough to satisfy governments in the USA or the EU. The US
Department of Homeland Security has ordered airlines to give the DHS
complete copies of all PNRs for all flights to or from the USA, or passing
through US airspace between other countries (such as flights from Europe
to Mexico, Japan to South America, or Canada to Cuba). Other countries
including Australia are making similar demands. And a similar system has
been proposed for flights to, from, and within the EU.

Once the US government gets your PNR data, it adds it to the lifetime
travel history in your dossier in the “Automated Targeting System”. This
is used by the DHS to decide whether or not to give the airline permission
to allow you to board your flight. the decision is made in secret, not by
a judge, and is based on this secret dossier.

Under US law, there are no restrictions on what data the government can
keep about you, how long it can keep it, how it can use it, or who else it
can give it to. You have no right to see what is in this dossier about
you, even when it is used against you.

The US has no data protection law applicable to PNR data or other
commercial records. The US Privacy Act applies only to US citizens and
residents, not to foreigners. When US citizens requested their PNR data
from the DHS, the DHS responded by issuing new rules exempting PNR data
from the Privacy Act. The DHS now argues that all PNR data for everyone is
exempt from the Privacy Act.

None of this would be changed by the proposed EU-US “agreement” on access
to PNR data. The “agreement” would not be a treaty, and would not be
enforceable by any US court. It would provide no levgal protection to PNR
data. Its only effect would be to grant immunity form EU dasta protection
laws to travel copmpabnies that give PNR data to the US government.

Of course, the current transfers of PNR data to the USA violate European
and international law. Airlines could have challenged DHS demands for PNR
data in US courts, and defended their customers’ rights. Instead, they
have chosen to sell out their passengers and give the DHS whatever access
to PNR data it wants. No airline has made any legal challenge to demands
for PNR data by the USA or any other government.

Airlines, CRSs, and the US government believe that European data
protection authorities are “paper tigers” who will never enforce their
laws in the face of US opposition.

Unless European authorities hear from European citizens, they are likely
to (1) continue to allow travel companies to violate EU data protection
law, and (2) follow the bad example of the USA by requiring airlines to
give European governments access to PNR data.

Let your representatives know that you care about your rights. Exercise
your right to access your PNRs. (They are going to be used to make
decisions about you, so you need to know what’s in them.) Demand that
travel companies comply with EU law, starting by adding access logs to
PNRs, so that at leats you will know who has gotten your data. Complain to
national data protection authorities and the European Commission that
travel companies aren’t complying with current data protection laws. Ask
your MEPs to reject the propsoed PNR agreements with the USA, Australia,
and other countries.

Follow Edward Hasbrouck on Twitter: @ehasbrouck

5th edition of “The Practical Nomad: How to Travel Around the World”
in bookstores worldwide in October 2011, available now for pre-order:

§ 3 Responses to Why should I care about PNR?"

  • […] It’s the latest in a steady series of expansions of the extra-territorial reach of U.S. travel surveillance and control, and should raise a red flag as to the dangers of the proposed intra-EU system of PNR-based travel surveillance and control. […]

  • Turiyan gold says:

    Yes BUT I have found a potential chink in the armor of the system. In the hasbrouck article it mentions FORMER “federal regulations”. We can find that its not only de-regulation its UN-regulation. Here is what my research has uncovered: The GDSs interface with UN/EDIFACT to process you as customs goods by entering in your API. Read that again. EDIFACT is used at various times by the GDSs and by the CRSs (the distinction between the two is really if it is a back-end or front-end interface) and the airline employee to enter in information from your e-ticket or other source into EDIFACT to process you as a “customs good” using the fields appropriate for your API data. Uh huh. Now, we have some issues. One, according to the law, there is a license needed to be a customs agent. There is another distinction of customs broker. But ANYONE working for an airline, using a CRS front-end interface to access the GDSs or anyone working at the GDS is free to enter information into EDIFACT without license or regulation or oversight? R-e-a-l-l-y? How nice that they are able to use electronic filing of customs forms while most everyone has to do it by hand. And its a given that all the rules and regulations are being adhered to. Taxes and duties are being paid. Somehow I am not buying this. Lets keep picking this GDS-EDIFACT link scab.