Hasbrouck authors travel and technology books, writes The Practical Nomad blog and is a longtime consumer advocate and privacy activist.
The suit [pdf],¬†filed by the First Amendment Project on Hasbrouck’s behalf in U.S. District Court in the Northern District of California, at its heart attacks post-September 11 security measures, characterized as “the warrantless, suspicionless, dragnet collection and maintanance of Federal government records of the travel, activities, and other personal information concerning U.S. citizens not accused of any crime.”
The suit says Hasbrouck, “as a member of the news media and a consultant to the Identity Project,” has been trying unsuccessfully since 2007 to obtain his own travel records which CBP obtained from airline reservations and passenger name records as is “his right of access under the Privacy Act.”
Hasbrouck recieved a “manifestly incomplete” response from CBP, appealed and “almost three years later, he has received no acknowledgment or response to that appeal,” the lawsuit claims.
Hasbrouck seeks to have the court declare that CBP violated the Privacy Act and FOIA; order the CBP to release all of his non-exempt travel records, some of which allegedly were improperly processed solely under the FOIA instead of the Privacy Act; as well as award Hasbrouck “costs and reasonable attorneys’ fees.”
He is not seeking damages.
A CBP spokeswoman declined to comment on the particulars of Hasbrouck’s suit, citing his privacy concerns.
The CBP spokeswoman added that passengers “voluntarily” give airlines permission to collect their travel data and personal information, and the CBP culls that information and performs a risk assessment for possible enforcement action.
In an interview, Hasbrouck said it’s false that passengers freely give airlines the right to collect personal information because failing to do so if travelers withhold that information from airlines or travel agencies they may not be able to board a plane or leave the country.
Hasbrouck argues that in the post-Sept. 11 environment the government took numerous data collection actions, including implementing the Automated Targeting System [pdf], allegedly without providing prior notice, and that these steps leaped over existing law-enforcement methods, such as obtaining subpoenas or barring someone from flying via court order.
Hasbrouck notes that the travel industry, including global distribution systems and travel agencies, “understandably” complied with government information requests post-Sept. 11 and did so at great expense because much development work had to take place to accommodate authorities’ data demands.
The blogger and privacy advocate, who is a consultant for the First Amendment Project, which filed the suit for him, says one reason he decided to bring the litigation at this time is because the European Parliament will continue a debate next month about whether to grant the U.S. Dept. of Homeland Security direct access to airline data, which lives in the GDSs.
“This would plug the government into the reservations systems at the root level,” Hasbrouck says.
Hasbrouck claims there is “a growing awareness in Europe” that such access would violate European data protection laws.
He also warns that U.S.-based GDSs and travel agencies should be aware that if they go along with such data requests that they could be risking legal action by European individuals or governments and could face substantial liabilities.
“This should be a wake-up call to travel intermediaries in the U.S. that they can’t escape liability for [releasing] personal information when they are part of the conveyor belt,” Hasbrouck says.
Hasbrouck says he is all for the government maintaining airline security, but it should do so using pre-existing law enforcement methods such as subpoenas and court orders.
Asked whether airline security requires more nimble methods than subpoenas and court orders, Hasbrouck says there are only a few thousand people on no-fly lists and existing enforcement mechanisms are adequate.
Says Hasbrouck: “It doesn’t justify dragnet surveillance of everyone whenever they fly.”