New air security proposals on both sides of the Atlantic have raised red flags, including privacy concerns and fears over potential disruptions to business travel. Intending to impede terrorism and organized crime, the European Commission proposed to collect additional data on all airline passengers arriving in or departing from the European Union. In the United States, the National Business Travel Association urged security officials to consider potential obstructions for business travelers before proposing how to implement an "electronic travel authorization system" for certain inbound international passengers.
In Europe, EC said airlines would be required to transmit 19 data elements from passenger name records as part of new program similar to those enacted by the Canadian and U.S. governments for international flights. Based on those countries' programs--as well as a United Kingdom "pilot project"--EU officials have "been able to assess the value of PNR data and to realize its potential for law enforcement purposes" across all member states, according to EC's proposal.
Some EU member states have passed security laws regarding use of PNRs and EU airlines already provide some passenger data to member states as part of the Advance Passenger Information program. Though API data include number and type of travel document used, nationality, full names and date of birth, PNRs "contain more data elements and are available in advance of API data," and help "identify unknown people and develop risk indicators," EC said. PNR data elements include contact details and credit card information.
Specifically, EC wants each member state to designate a "passenger information unit" responsible for collecting, analyzing and transmitting to relevant authorities the 19 pieces of PNR data for each international airline passenger arriving in or departing from EU territory. Airlines would be obligated to provide the information "in advance--24 hours before the scheduled flight departure--and immediately after flight closure." EC proposes to enforce the new program "before 31 December 2010."
EC said it consulted with "associations of air carriers and representatives of computer reservation systems," as well as data protection authorities of member states.
Predictably, the proposal drew criticism. EC, for example, noted that "the Article 29 Working Party was not convinced of the necessity of such a proposal and is therefore opposed to the proposal." Privacy watchdogs and some government officials also objected, according to published reports
Noting that EC proposed a "decentralized" structure which could require airlines to "comply with 27 different national data collection systems," Association of European Airlines secretary general Ulrich Schulte-Strathaus said, "We are talking about an operational and technical nightmare, and the Commission totally ignores the financial implications for the airline industry, which we haven't even started assessing yet." AEA instead reiterated "the crucial need for a single point of contact between European carriers and the authorities who will conduct the analysis of our passengers' profiles."
The proposal, which needs approval from all 27 member states, was led by EC vice president Franco Frattini, serving as commissioner for freedom, security and justice.
In the United States, officials are working to determine how best to apply aspects of new security-related legislation. Signed into law this August by President George W. Bush, the "Implementing the Recommendations of the 9/11 Commission Act of 2007" includes "enhancements" to the U.S. Visa Waiver Program, which allows travelers from 27 countries to visit the United States without a visa.
The legislation requires the Secretary of Homeland Security to "implement a fully automated electronic travel authorization system (ETA) to collect such biographical and other information ... necessary to determine, in advance of travel, the eligibility of, and whether there exists a law enforcement or security risk in permitting, the alien to travel to the United States under the program." That system must be operational before any additional countries can participate in VWP.
"Before traveling, passengers will submit ETA applications via Internet, or other means, and will be told quickly whether they may travel on the VWP," according to a U.S. government fact sheet distributed in Europe.
NBTA expects the Department of Homeland Security to soon submit a Notice of Proposed Rulemaking that would spell out certain details of the VWP ETA, according to a spokesperson.
NBTA COO Bill Connors in an Oct. 17 letter to DHS Secretary Michael Chertoff said the department should first "envision some mechanism for last-minute travelers" before proposing a rumored requirement for VWP travelers to submit data 48 hours before flight departure. "Obviously, a significant portion of Visa Waiver Program travel, especially by business travelers, is scheduled with less than 48 hours notice," Connors wrote. "It would be quite unacceptable if there were a hard and fast requirement that VWP travelers submit an electronic travel authorization 48 hours in advance."
NBTA in July had said that "the robust security measures required under the reformed VWP has the potential to facilitate easier and more secure travel for millions of business travelers." The association said it expects "South Korea and other Eastern Europe nations will be considered for admission under the enhanced VWP."