They know where you were last summer. And the summer before that, stretching back at least nine years. U.S. Customs and Border Protection retains a lot more than just names and travel dates, or routes and destinations of travelers, as This story by Ars Technica editor Cyrus Farivar reveals.
Mr. Farivar says he was surprised when a FOIA request for his own Passenger Name Records yielded the following:
76 new pages of data, covering 2005 through 2013… not just every mailing address, e-mail, and phone number I’ve ever used; some of them also contain:
- The IP address that I used to buy the ticket
- My credit card number (in full)
- The language I used
- Notes on my phone calls to airlines, even for something as minor as a seat change
The breadth of long-term data retention illustrates yet another way that the federal government enforces its post-September 11 “collect it all” mentality.
No detail about your trip is too insignificant. Fed Gov apparently keeps notes about seat changes, meal preferences, the number children along for the trip — even unencrypted credit card numbers with expiration dates.
These are the building blocks for personal profiling.
To those who shrug and say, “If I’m not doing anything wrong, why should I care?” — don’t forget that this information is discoverable during litigation. You needn’t be a criminal to find it disconcerting when a spotlight shines on your personal data trail.
It seemed reasonable after September 11 to require passengers to show identification before boarding a flight. Then, suddenly, our dates of birth were required to book the flight, because, we were told, an additional data set will help prevent law-abiding passenger John Doe from being confused with John W. Doe, who’s on the terrorist watch list.
(Yes. Imagine the public outcry if everyone whose name is one letter different from Umar Farouk Abdulmutallab were prevented from flying.)
Who knew the data collection was going this far? The effort is “facilitated” by travel booking websites, which use PNR software ostensibly and originally for the purpose of helping airlines and cruise lines track the needs of travelers with complicated itineraries. Multiple destinations on a tour, for instance.
It’s another sobering example of the way innocent-sounding information repositories are extended to uses not fully understood, or never approved, by people who agree to provide personal data for the sake of service or convenience.
And, by the way, is it too much to ask that Fed Gov, if it insists on retaining this data, encrypt the credit card numbers?