U.S.-European Union pact aims to halt would-be airline bombers

Despite riders safeguarding personal data, many EU officials still disapprove of the information swap.

The Homeland Security Department and the European Union have clinched an elusive counterterrorism pact to exchange reservation information from airline passengers, despite significant opposition from foreign civil liberties groups.

The European Parliament on Thursday ratified an agreement hammered out in December 2011 that reflects more than eight years of debate in a region accustomed to more stringent privacy laws. So-called passenger name records are the details that travelers register with airlines when booking flights, such as itineraries, payment methods and phone numbers. The regulations approved Thursday, by 409 votes in favor, 226 against and 33 abstentions, replace a 2007 edict that Europeans panned for sidestepping privacy controls.

Supporters on both continents say the new policy better protects individuals, for instance, by capping at one month the opportunity for authorities to review certain manifest details included in the passenger name records and described as "sensitive" -- information that could indicate religious beliefs, mental health status and sexual orientation. The passenger records do not explicitly state whether a flier is, for example, a Jew or a homosexual, but authorities could look at a lunch request or tour group arrangements to infer such data, DHS officials told Nextgov.

In announcing the seven-year pact, European Parliament officials stated, "sensitive data such as those revealing the ethnic origin, religious beliefs, physical or mental health or sexual orientation of a passenger could be used in exceptional circumstances when a person's life is at risk. This data is most frequently tied to a religious meal choice or requests for assistance due to a medical condition. This data will be accessed only case-by-case and will be permanently deleted after 30 days from receipt, unless it is used for a specific investigation." Furthermore, the sensitive information is to be housed in a separate database from the other recorded information.

Homeland Security Secretary Janet Napolitano called the passenger records an "indispensable tool" for preventing terrorism that has aided in almost every high-profile investigation. "The [passenger name record] agreement reaffirms our commitment to extend essential security arrangements and protect individual liberty across the breadth of the U.S.-EU relationship," she said in a statement. "In an era of transnational threats, we should all be proud of this strong international partnership."

But not all EU parliamentarians are pleased with the deal.

Sophie In't Veld, a Dutch member deputized to evaluate the measure, urged fellow lawmakers to reject it. "Unfortunately, it still falls short of the high standards of data privacy and legal protection that our citizens expect," she said. The Alliance of Liberals and Democrats for Europe, her political party, contends the data retention periods are disproportionate and judicial redress is inadequate. "Apparently, the European Parliament believes transatlantic relations are more important than the fundamental rights of EU citizens," In't Veld said in voting down the agreement.

Except for the 30-day limits on accessing a record's sensitive data, the framework permits authorities to search the records for up to five years before the records are moved to a "dormant" repository that could be tapped only for specific investigations.

Records in this restricted database would remain available for up to 10 additional years for terrorist cases, meaning a passenger's files can be accessible for at most 15 years total. Unless a passenger is the subject of a probe, the record then will be stripped of identifying information, according to European officials.

In addition, six months after authorities receive the record from an airline -- which occurs 96 hours before takeoff -- the flier's personal information, such as the individual's name and contact data, is coded so that staff managing the system cannot read it.

EU passengers now will have the right to correct, and if appropriate, delete their data and seek judicial redress in accordance with U.S. law.

When pressing for the renewed information-sharing agreement, DHS officials often emphasized that transatlantic flight data led to the capture of failed subway bomber Najibullah Zazi and would-be Times Square bomber Faisal Shahzad.

The EU Justice and Home Affairs ministers are expected to formalize the accord April 26.