Homeland Security Watch

News and analysis of critical issues in homeland security

August 22, 2006

UK terror plot revives PNR info-sharing issue

Filed under: Aviation Security,Intelligence and Info-Sharing,Privacy and Security — by Christian Beckner on August 22, 2006

The New York Times has an important story today on the issue of the Passenger Name Record (PNR) and the role that it can play as a data input into the aviation screening system, in the wake of the foiled UK terror plot. The proposals discussed in the story seem to go beyond the currently-planned uses of PNR data, envisioning a broader system of data analysis using the PNR information, perhaps with a direct hook into the major Computerized Reservation Systems (e.g. Sabre, Galileo, Amadeus) that are the core information nodes of the global travel system:

A proposal by Homeland Security Secretary Michael Chertoff would allow the United States government not only to look for known terrorists on watch lists, but also to search broadly through the passenger itinerary data to identify people who may be linked to terrorists, he said in a recent interview.

Similarly, European leaders are considering seeking access to this same database, which contains not only names and addresses of travelers, but often their credit card information, e-mail addresses, telephone numbers and related hotel or car reservations.

….“Ideally, I would like to know, did Mohamed Atta get his ticket paid on the same credit card,” Mr. Chertoff said, citing the lead hijacker of the 2001 plots. “That would be a huge thing. And I really would like to know that in advance, because that would allow us to identify an unknown terrorist.”

Would there be direct security benefits from this type of analysis? Absolutely. Will the privacy loss from this outweigh its benefit? That depends, based upon different individual and national privacy values (and some people would object to the concept of even quantifying this). Are there ways to do this that are less invasive in terms of individual privacy? Definitely, including data anonymization and a system where individual countries and the reservation systems conduct data analysis themselves and share only the ‘hits’ against common watch list and indicators databases, without having to share the full stream of unwashed PNR data.

Update (8/23): More on this issue from Ryan Singel at 27BStroke6.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

1 Comment »

Comment by John Tieso

August 23, 2006 @ 10:11 pm

DHS is alreasdy in full media attack on the ‘absolute need’ for information on everybody and anybody that travels to aid in their analysis of trends, and also to provide the info to their ‘coalition partners.’

On the surface, this actually seems somewhat innocuous, and the DHS itself will argue that anybody not involved with terrorists has nothing to fear. Unlike the ACLU and other liberal wimps, i have no problem providing this info to the Government, if it is really required.

However, lets look for a second at the ‘requirement’ and why it exists. I will argue that DHS has no earthly idea of who the terrorists are, how to define a terrorist, or how to locate one if they walked into DHS headquarters–unless, of course, they were wearing traditional Middle Eastern clothing and were wearing a button that said ‘Death to the Jews.’ So, they take the next best step–they collect millions of bytes of information, and then spend a lot of money trying to see trends.

A far better way to develop such a database is to consult extensively with allies, and share commonly discovered information on names associated with active terrorist-leaning groups, actions, and investigations, then use the wants to collect from airlines and other sources to create associations around those already within the dragnet. Don’t just start requiring indiscriminate information.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>