Inside the black box of predictive travel monitoring

In March 2020, Frank van der Linde entered the immigration line for EU citizens at Amsterdam’s Schiphol International Airport. Linde, a Dutch citizen and human rights defender, was returning home from outside the European Union, and an immigration officer asked him a series of questions about his trip. Lindy thought it was a random check. After a few minutes, he was allowed in. But without Linde’s knowledge, his answers were recorded and shared with the Dutch public prosecutor, who was collecting information on Linde’s movements.

The officer was informed of Lindh’s arrival that day by a seemingly innocuous procedure that occurs when you board a flight in the United States, much of Europe, and increasingly anywhere in the world — the sharing of detailed personal data about each passenger between airlines and governments. The data, which is kept for years, has become increasingly valuable to technology companies that are experimenting with algorithms that can determine who is allowed to cross international borders.

Linde, who speaks out for homeless rights, anti-racism and pacifism, was secretly flagged by Dutch police for the first time in 2017 as a person of interest under the Amsterdam municipality’s anti-terrorism programme. In July 2018, Lindy had a “strange feeling” that he was being watched; He would eventually sue the government more than 250 times under freedom of information laws to uncover the extent of the surveillance. Although Lind was removed in 2019 from the city’s watch list, and later received a personal apology from the mayor of Amsterdam, scrutiny continued. When Lindy learned that the police had put his name on Dooley’s Travel alertHe wondered if they were also using his travel data to track him.

In October 2022, Linde asked the government for his flight records. The data, called Passenger Name Record (PNR), is a digital trail of information related to the purchase of an airline ticket. PNRs are sent by most commercial airlines to the destination country about 48 to 72 hours before departure. While PNR records may seem harmless, they contain highly sensitive personal information, including the traveler’s address, cell phone number, flight reservation date, where the ticket was purchased, credit card and other payment information, billing address, and baggage information. and frequent flyer information. , general notes related to the traveler, intended travel date, complete itinerary, names of accompanying passengers, travel agency information, historical changes to the ticket, and more.

In December 2022, more than two years after Linde passed through Schiphol Airport, the Dutch PNR office, called the Passenger Information Unit, handed over 17 travel records to Linde. They stated that they did not share his data with others, but Lindy was skeptical. He quickly filed an appeal. In March 2023, the Dutch government admitted that it had in fact shared Linde’s PNR details three times with border police, including before the March 2020 flight, when an immigration officer was instructed to secretly extract the information. (They also shared seven additional flight logs that they claimed to have only discovered in a second search.)

When Lindy reviewed his PNR records, he was surprised to discover that some of the travel data the government had on him was incorrect – some flights were missing, and in four cases, the government had records of flights he had never taken. For example, one PNR from 2021 stated that Lindy traveled to Belfast, Northern Ireland; Lindy says he booked the ticket, but changed his plans and never got on the plane. “What do companies do with data?” Lindy asked as he leafed through copies of the PNR records on his laptop. “If you help businesses analyze bad data, you can draw all kinds of conclusions.”