Papers, Please!

Getting the jump on airline “social seating” startups like SeatID.com, KLM launched a new Meet & Seat service last Friday that allows passengers on certain flights (including some to and from the USA) to make portions of their Facebook and /or LinkedIn profiles available for viewing by fellow passengers — who, presumably, might want to use that profile data to determine whether to sit (or avoid sitting) near a friend, enemy, target of identity theft, someone on whom they want to eavesdrop, someone they are stalking, or someone matching other criteria.

There’s no mention in the terms and conditions for the “Meet & Seat” service of what data is actually imported into KLM’s systems, or where it is stored.

We asked KLM’s US-based publicists about this on Friday when we got the launch announcement. They first referred us to this webpage (which doesn’t mention privacy or data protection or answer our questions), then bounced our query to the p.r. department at their corporate headquarters in Amsterdam. They didn’t respond to our e-mail messages or answer their phone today.

Specifically, we asked KLM:

Does a passenger provide their password to KLM to retrieve info from their Facebook or LinkedIn profile, or authorize KLM to do so as a Facebook app? What’s actually stored by KLM (Facebook user ID? password? authorization code for the app? data retrieved from Facebook), and where (e.g. in the PNR or departure control system)?

The problem is that any data stored in the PNR for a flight to or from the USA is sent to the DHS and included in the passenger’s permanent secret dossier in the DHS Automated Targeting System, for use whenever they travel to or from the USA in the future and for many other purposes. When would-be visitors have already been denied entry to the US based on jokes posted on Twitter, is that what you want to “opt in” to?

PNRs for all KLM flights — not just those to or from the USA — can be retrieved by offices in the USA of KLM, its codeshare partners, and the computerized reservation systems that host those PNRs.

US laws would allow the DHS, FBI, and/or other Federal agencies to require those US offices to retrieve this data, hand it over to the US government, and keep the fact that they had done so secret. KLM has previously claimed, in response to requests for records of whether this has happened, that netiher KLm nor its primary PNR hosting provider Amadeus keep any logs of access to this data, and that it has no agreements with its agents and codeshare partners requiring them to keep such records or to provide them KLM.

If KLM is storing Facebook or LinkedIn data in its departure control system, it won’t automatically be pushed to the DHS, but it will still be retrievable by the US offices of KLM, its codeshare partners, and its ground handling agents — and hence by the DHS and FBI.

It’s theoretically possible that none of this data is stored in PNRs or the DCS, but only in a separate database not accessible from the US.  Unlikely, we suspect, but possible. If so, KLM should say so, and make that an explicit contractual commitment.

Otherwise, anyone who uses ”Meet & Seat” may find that whatever information you “share” with fellow passengers is also shared with the DHS, and your ATS file is permanently linked to your Facebook ID even if you later opt out of the KLM social seating service.

If anyone uses KLM’s “Meet & Seat” and subsequently requests their records from KLM under Dutch data protection law, please let us know (in the comments or privately) what you find out. We’ll be happy to help you try to decipher any response from KLM or its agents or contractors.

U.K. authorities have apparently detained an Italian citizen disembarking from a trans-Atlantic cruise ship at Southampton on the basis of his inclusion on the U.S. “no-fly” list.

It’s the latest in a steady series of expansions of the extra-territorial reach of U.S. travel surveillance and control, and should raise a red flag as to the dangers of the proposed intra-EU system of PNR-based travel surveillance and control.

According to news reports and a press release from his U.S. lawyer with the Council on American-Islamic relations, Michael Migliore is a 23-year-old dual citizen of the USA and Italy. He’s been trying to return to Italy, to live with his mother there. But when he tried to board a flight in Portland, Oregon, he was refused passage and eventually told he was on the U.S. “no-fly” list.

Undaunted, he took a train to New York (as of now, the DHS only applies “no-ride” controls to international Amtrak trains to and from Canada, not domestic trains) and then a cruise ship to England.

The U.S. APIS rules require cruise lines, like airlines, to get permission from CBP before allowing each passenger to board. But for some reason, they let Migliore board a ship even though they wouldn’t let him on a plane. It’s hard to see a rational reason why, if they really thought he was a terrosirt threat, unless they had an unusually precise “pre-crime” vision of what they thought he intended to do. A cruise ship crossing the Atlantic is at sea for a week, and carries thousands of passengers. Unlike airline passengers, who are reported to the FBI for detention and questioning and their flight escorted by fighter jets if they spend an unusually long time in the toilet (trying to join the Mile High Club?), cruise passengers aren’t under constant scrutiny.  It would be much easier and do much more damage for a terrorist to sabotage a cruise ship than an airliner.

But whatever their reasons, U.S. authorities allowed Mr. Migliore to board the ship departing from the U.S., but apparently alerted U.K. authorities who detained him on arrival. (His U.S. lawyer presumes he’s been detained since he hasn’t been heard from since he disembarked, but nobody has yet gotten  any formal confirmation of who is holding him, where, or why.)

Presumably, mr. Migliore would have sought to enter the U.K. as an Italian citizen. We invite our European readers to speculate in the comments as to what EU laws and rights may have been violated by the U.K. in detaining an  EU citizen on the basis of secret derogatory information from the U.S., what due process Mr. Migliore is entitled to, and what basis the U.K. will need to continue to detain him or to prevent him from returning to Italy, the country of his citizenship.