Cyrus Farivar is an editor for Ars Technica, a technology blog, who decided to figure out exactly how much information the NSA had been collecting about his travels in May. He was hunting down his Passenger Name Records, or PNR, which are created by airlines, hotels and cruise ships whenever someone books a trip.
Their original report wasn't the information that he wanted. It was basic information on travel dating back to 1994. He appealed, and the full PNR information they sent next shocked him.
He reports the information available in his PNRs dating from 2005 to 2013 in the Ars Technica blog.
- The IP address that I used to buy the ticket
- My credit card number (in full)
- The language I used
- Notes on my phone calls to airlines, even for something as minor as a seat change
Most surprising, however, was the notes that call center employees were allowed to enter into his PNR. Edward Hasbrouck, a travel writer with extensive research into the world of PNRs, had this to say when Farivar asked him about the notes he found in his file.
“There’s no sense on the airline call center staff that they may or may not be aware that anything they put in may be in your permanent file with the Department of Homeland Security,” Hasbrouck said. “There’s no training in data minimization. They are empowered to put things in people’s files with the government. I think that’s pretty disturbing.”
So employees of an airline or travel agency are keeping detailed notes on their passengers' personal information without an understanding of where that information may be going. Sounds fishy to me.