Evidence of meeting #37 for Transport, Infrastructure and Communities in the 40th Parliament, 3rd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was airlines.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Edward Hasbrouck  Airline Reservation Data Expert, The Liberty Coalition
Mark Salter  Associate Professor, School of Political Studies, University of Ottawa
Ihsaan Gardee  Executive Director, Canadian Council on American-Islamic Relations
Toby Lennox  Vice-President, Corporate Affairs and Communications, Greater Toronto Airports Authority
Khalid Elgazzar  Member of the Board of Directors, Canadian Council on American-Islamic Relations

11:05 a.m.

Conservative

The Chair Conservative Merv Tweed

I call the meeting to order.

Good morning, everyone. Welcome to meeting number 37 of the Standing Committee on Transport, Infrastructure and Communities. The orders of the day are that pursuant to the order of reference of Tuesday, October 26, 2010, we are examining Bill C-42, an act to amend the Aeronautics Act.

Joining us today are several witnesses. From the University of Ottawa, we have Mr. Mark Salter; from the Canadian Council on American-Islamic Relations, Ihsaan Gardee and Khalid Elgazzar; from the Greater Toronto Airports Authority, Toby Lennox; and via video conference in, I'm hoping, sunny San Francisco, on behalf of the Liberty Coalition, Mr. Edward Hasbrouck.

Can you hear us all right, Mr. Hasbrouck?

November 30th, 2010 / 11:05 a.m.

Edward Hasbrouck Airline Reservation Data Expert, The Liberty Coalition

Yes, sir, thank you.

11:05 a.m.

Conservative

The Chair Conservative Merv Tweed

Thank you.

I will just review the process. We'll have presentations of seven to ten minutes by our guests and by Mr. Hasbrouck. Then the committee will move to questions and answers.

I'm not sure who wants to start.

Mr. Salter, would you want to start us off? Thank you. Please begin.

11:05 a.m.

Dr. Mark Salter Associate Professor, School of Political Studies, University of Ottawa

First of all, let me thank the committee for this hearing and for my invitation.

I will make my presentation in English, but I can answer questions in French.

At least, I hope so.

I want to make two primary points about the current legislation before this committee. The first is that this act deals with two kinds of data and with the destinations of those data. The two kinds are API and PNR data. API is “advance passenger information”. That is the normal information that occurs on your passport: your name, your date of birth, your gender.

However, PNR information, which would also be required to be disclosed by airlines if this bill is passed, is much more far-reaching. PNR was originally a commercial system designed by the airlines to facilitate travel. It includes not only one's name and identification, but also fields for payment information, such as your credit card details; contact details, such as your phone number or home address; frequent flyer information; in some cases age, if the passenger is either young or elderly; special service requests, such as a meal request or a seating preference; special instructions; and blank fields that airlines and travel agents are able to fill in as they wish.

Governments want this information so that they can build profiles of not just risky passengers but safe passengers as well. Research clearly demonstrates that in the United States and the U.K., government agencies are trying to collect as much data about travellers as possible. Government agencies such as the UK Border Agency try to develop very sophisticated algorithms that predict not which individuals are dangerous, but what kinds of itineraries are dangerous.

For example, if there were a sudden death or illness of a Canadian citizen and a person rushed to the Ottawa airport and bought a ticket to Colombia, paid in cash, and had no baggage, that profile itself would be considered risky because of the reaction to the “underwear bomber” or to Richard Reid, who also arrived at the airport with no luggage for a long flight and paid in cash that day.

What worries me about this particular legislation is that the data not only go to the destination country but may go to all states that the airline might fly over. That, I feel, is the significant change that this legislation brings, and it worries me a great deal.

Flights that use the polar routes from Vancouver to Hong Kong would have to go over Russia and China. Are we suggesting that they are reasonable destinations for the passenger data of Canadian citizens? Flights that go to Colombia or Brazil must overfly any number of Latin American countries. Flights to Dubai must overfly most European countries and some Middle Eastern countries. Is the Government of Canada confident that the destination for their data can provide adequate protection? Are Air Canada and other air providers confident of that as well?

I understand that one of the reasons for this legislation is to get around the requirements of PIPEDA for Air Canada to provide such data. What worries me is that neither the government nor other agencies have put protection in place for data that will now go abroad.

I'm very heartened by the serious and complex debate in the House of Commons on this legislation, but while I don't want to contradict the parliamentary secretary to the Minister of Public Safety, it seems to me that on October 19 he refers to the ACLU's—the American Civil Liberties Union's—endorsement of the secure flight program. I assume from my own research that he is referring to a news release from 2005 that refers specifically to the change in the secure flight program in 2005 when they decided not to use commercial data services for the processing of PNR data. I would just like to point out that the ACLU has since changed its 2005 position and no longer endorses the secure flight program in the way that seemed to be implied on October 19.

The ACLU has argued, as I think we would all argue, that the no-fly list of the secure flight program in the United States is at best a very blunt instrument. There are more than one million names on the U.S. no-fly list, to the best of our knowledge. What the secure flight program does is automatically compare the names that are entered through API data against the multiple watch lists.

What concerns me is that PNR data adds a lot of extraneous data. It adds a great deal of cost, but provides us with no security benefit.

Let me make three points in conclusion.

First, I think it is dangerous to sacrifice our privacy and our freedoms for the dream of zero risk or perfect security. This particular measure does not provide additional security for the aviation sector, and it places an additional burden on Canadian citizens who are flying.

Second, Canada has set a high global standard for the use of PNR, in particular with the Canada-EU agreement relating to PNR matters. This agreement is praised by both Canadian and European data protection authorities because it has specific time periods for the disposal of data, it limits the data's use, and it limits in particular the individualization of that data. The information is rendered anonymous, which allows the security services to build up the profile without attaching it to any one individual. This has become one of the global standards for international treaties on PNR agreements, and we are moving away from that high standard with the passage of this legislation.

Third, the use of this commercial data, because it is created by airlines for their use, poses clear risks to privacy and no clear benefit. There is no reciprocity among any of the other countries. We are simply making Canadians more vulnerable to the security services of other nations, and we are doing so for countries that may not have the same robust privacy legislation or commitment that we have in Canada.

Canadians' data should not be hostage to the most paranoid regime that an air company chooses to fly over. The proposed change to these data protection regulations to include overflight states dramatically increases the vulnerability of Canadians' data while offering no means of redress or appeal.

We can assume that citizens know when they travel to a particular country that they are consenting. They know they go through a visa process and a border process, so they know their data is being evaluated. However, Canadians would have no way of knowing which of the countries they flew over would get their data, what would happen to their data, or how to appeal the use of that data. I think this is a dangerous change that poses clear costs but offers no benefit.

Again, thank you very much for the opportunity. I look forward to your questions.

11:10 a.m.

Conservative

The Chair Conservative Merv Tweed

Thank you very much.

Who is going to go next?

Go ahead, sir, please.

11:10 a.m.

Ihsaan Gardee Executive Director, Canadian Council on American-Islamic Relations

Good morning. Bonjour.

I'd like to thank the committee for the invitation to appear before you today about Bill C-42, an act to amend the Aeronautics Act. I am joined today by Khalid Elgazzar, a member of the board of directors of the Canadian Council on American-Islamic Relations, or CAIR-CAN. CAIR-CAN is a national not-for-profit grassroots organization that continues to work, as it has for over 10 years now, to empower Canadian Muslims in the fields of human rights and civil liberties, education and outreach, and public advocacy.

Since the tragic events of 9/11, Canada has understandably placed a greater emphasis on public safety and national security. However, in some circumstances those measures were implemented at the expense of fundamental human and privacy rights.

For reasons we will explore, many Canadian Muslims have particular concerns regarding how the introduction of new security regimes seems to have had a disproportionate impact on members of our communities.

On its surface, Bill C-42 appears innocuous enough, consisting as it does of only two clauses with a single purpose: to permit airlines flying over a foreign country to share certain information with that country when required to do so by its laws, an act that is currently prohibited under Canadian privacy laws.

However, in our view Bill C-42 raises a number of serious concerns that we hope this committee and Parliament will address. Chief among these concerns is the potential impact that the secure flight program will have on Canada's sovereignty and on the protection of the privacy and human rights of its citizens. We've all seen from past cases how the lack of controls, caveats, or protections set on information shared with the United States has had disastrous consequences on the lives and livelihoods of Canadian citizens.

Finally, we are also concerned that the regime Bill C-42 would have airlines feed information into is one that lacks an adequate system of redress in the case of error or abuse.

With respect to the potential impact on sovereignty, Bill C-42, as it is currently written, will effectively cede the right of Canada to determine who is or is not permitted to travel to and from this country. An internal Public Safety document obtained under the Access to Information Act and publicized in January of this year stated: It is possible that Canadians overflying the United States could be denied boarding based on U.S. no-fly lists that were developed based on a lower U.S. risk tolerance.

In essence, many Canadians who wish or may be required to travel for personal, work, or emergency reasons will only be allowed to do so with the express permission of a foreign state, in this case the United States. U.S. government sovereignty, which extends over its airspace as indicated in international law, allows it to implement its secure flight program; however, the job of the Canadian government is or should be first and foremost to do its utmost to protect the rights of Canada's citizens.

With respect to the potential impact on privacy and human rights protection, aside from the issue of sovereignty, CAIR-CAN is concerned about the lack of consideration the existing legislation grants to the issues of privacy protection and potential human rights violations.

Under the Bill C-42 regime, airlines overflying American territory would be obliged to share personal data with the U.S. government, an act that is currently prohibited by PIPEDA. This comes without any guarantees regarding how or with whom the U.S. might, at its own discretion, choose to use or share that data. These concerns are shared by officials in Canada's own Public Safety department, as was discovered through an Access to Information Act request.

As we know from cases such as that of Maher Arar, the unfettered sharing of information without any safeguards or adequate redress mechanisms can have disastrous and irreversible consequences. Given the price paid by Canadians such as Mr. Arar, who have suffered as a result of the indiscriminate sharing of information with foreign governments, it is imperative that this Parliament do everything possible to mitigate potential mistreatment abroad by third countries, some of which, as we know, do not share Canada's respect for human rights and civil liberties to the same extent.

Finally, with respect to an adequate redress system, as the Department of Homeland Security's own privacy impact assessment suggests, information that is harvested can be disclosed and used for purposes other than aviation security--for example, for immigration or law enforcement purposes.

Significantly, not only will airlines be required to provide DHS with basic information—date of birth, name, and gender—but also with other “if available” information linked to passengers, including meal selection, passport, and itinerary information. This could potentially open the door to racial or religious profiling.

Experts in security fields have testified that religious and racial profiling simply does not work, nor does it our enhance security. Without any assurances or agreements in place to prevent this kind of abuse, it can create or enhance the very real sense of fear felt by potentially targeted communities, such as Arabs and Muslims.

The mandate of the International Civil Liberties Monitoring Group's clearinghouse project is to document the impacts of no-fly lists, including so-called false positives. It has noted that “Many of the travelers who have been delayed are members of Middle Eastern or Muslim communities”. Furthermore, the ineffectiveness of the DHS travel redress inquiry program, or TRIP, is acknowledged in a 2009 report by the U.S. DHS inspector general, who confirmed that in most cases the program has done little to improve the situation of those who have been the victims of false positives and misidentification.

The lack of a robust redress system within the watchlists upon which the secure flight rules will rely is illustrated today by the plight of citizens such as Adil Charkaoui and Abdullah Almalki. Deemed by Canadian courts or commissions of inquiry not to pose a risk to the national security of Canada, they still find themselves unable to fly as a result of being on U.S. watchlists.

In conclusion, Canadian Muslims remain unequivocally committed, like our fellow citizens, to finding the necessary balance between ensuring that the public safety and national security of our country and its allies is maintained while protecting Canada's sovereignty and the cherished privacy and human rights of her citizens.

Thank you for giving us the opportunity to comment on this legislation. We will be happy to take your questions.

11:20 a.m.

Conservative

The Chair Conservative Merv Tweed

Thank you very much.

Mr. Lennox is next.

11:20 a.m.

Toby Lennox Vice-President, Corporate Affairs and Communications, Greater Toronto Airports Authority

Good morning.

My presentation will be in English, but you can ask me questions in French.

My name is Toby Lennox. I am vice-president of corporate affairs and communications for the Greater Toronto Airports Authority. I first would like to thank you very much for the opportunity to appear before you today to provide our perspective on Bill C-42, an act to amend the Aeronautics Act.

As many of you know, the GTAA is the private not-for-profit corporation that operates Canada's largest airport, Toronto Pearson International Airport. Toronto Pearson is truly a global gateway connecting our country with the rest of the world. We handle approximately one-third of Canada's air traffic in any year, and about 50% of all Canada's air cargo. This activity fuels Toronto Pearson's role as a critical economic engine for southern Ontario and, indeed, for Canada. We generate tens of thousands of jobs and billions in annual economic output, wages, and taxes.

In the past, Mr. Chairman, I have appeared before your committee on behalf of both Toronto Pearson and the Canadian airport community, and one consistent message that we have brought forward is that aviation security is critically important to our business. The security of North America's skies and the global air transportation system profoundly impacts the operations and financial health of Toronto Pearson, as well as all of Canada's economic and social interests. It is for this reason alone that we're presenting to you today.

While Canada's airports are not involved in the development or maintenance of no-fly lists and we do not gather, hold, or transmit the personal information identified in Bill C-42, we do support both your consideration and passing of this proposed legislation. We believe this legislation is consistent with international law, which explicitly outlines the right of any country to regulate foreign carriers entering that country's airspace, but in addition to this, we recognize the importance of this bill for two reasons.

First, as you have heard from our Canadian airline customers, inaction would result in significant operational hardships for airlines, and by extension and perhaps more importantly, this impact would reduce the selection of routes, services, and access for Canadians.

Canada was built upon air and aviation links. A large number of flights that depart Toronto Pearson every day are required to overfly the United States. If this bill is not passed, air services that currently overfly American territory--for example, flights to South America and the Caribbean--would no longer be feasible. For Canadian-sourced flights, it is simply not commercially viable, or indeed operationally viable, in some cases, to fly around American airspace. The impact on Canadian air carriers' passengers and the resulting negative impact on the economy is a very compelling reason to support Bill C-42.

The second reason for our support of this bill is that we believe it strengthens aviation security globally. As we have discussed with this committee before, Toronto Pearson believes that collectively we must find enhanced and efficient ways of identifying, assessing, and mitigating threats to security through holistic means. One of the key operational initiatives that we support is the enhancement of collaboration and intelligence-sharing. If we have learned anything from the cargo-bomb plot originating in Yemen and from the events of last December 25, it is that intelligence is one of our best defences against security threats. Bill C-42 provides one means for Canadian air carriers to work with our American neighbours to identify, detect, and deter terrorist threats.

When discussing aviation security, we believe it is important to frame the discussion not in terms of specific airports or even national terms, but in terms of the shared threats to our continent. We support the continued efforts of the Government of Canada and the United States to address common threats of terrorism while ensuring the free flow of travel and trade across the border.

Mr. Chairman, most will agree that the threat to aviation is real. We take this threat very seriously because we recognize that a security incident originating at our airport would likely result in crippling economic consequences. These consequences would surely extend beyond the borders of the Greater Toronto Area and would take years to remedy. We cannot afford to be reactive. We would like to ensure that security legislation and policies in Canada are developed from a proactive strategic perspective.

There are significant policy directions we feel the government should pursue to strengthen the effectiveness and coordination of aviation security, and Bill C-42 is at least a step in the right direction. We emphasize that this bill represents merely one step in a more comprehensive approach to aviation security.

We do acknowledge the privacy concerns raised by some with respect to the implementation of this amendment. In addition, we commend the committee for encouraging open debate on the merits of this bill.

We believe it is important to protect the civil rights of Canadians, and as such, we agree the information that is collected and disclosed to foreign governments should be handled carefully and only be used for the stated purpose of aviation security.

In conclusion, Toronto Pearson considers the safety and security of our passengers and air carriers to be of the highest priority. It is a key element in all we do, and we work diligently with our stakeholders to ensure Canada's aviation security program is holistic, integrated, and world class.

We encourage the committee to support Bill C-42 to ensure these very important amendments are enacted to support global efforts to combat terrorist threats to the North American aviation system. The bill will allow air carriers to continue to operate over U.S. airspace, which is critical to their operations as well as to the economic development potential for the Greater Toronto Area and for Canada as a whole.

I would be pleased to answer any questions the committee may have, both at this session and at any member's convenience.

Thank you.

11:25 a.m.

Conservative

The Chair Conservative Merv Tweed

Thank you very much.

Mr. Hasbrouck, if you can hear us, you can present, please.

11:25 a.m.

Airline Reservation Data Expert, The Liberty Coalition

Edward Hasbrouck

Good morning and thank you. Please excuse me, my French is very limited.

I'm sorry I can't be with you in Ottawa, but I'm very grateful for the opportunity to contribute a U.S. perspective to the deliberation in this House.

I'm here on behalf of the Liberty Coalition, which coordinates public policy activities on civil liberties and basic rights in conjunction with more than 80 partner organizations from across the political spectrum. The Liberty Coalition does not, however, speak on behalf of those organizations, and my testimony today does not reflect the position of any single coalition partner.

My own particular expertise in airline reservation data is derived from more than 15 years of experience working with PNRs—passenger name records—in the travel industry and more recently working as an investigative journalist and an activist with the Identity Project, researching and documenting both what information is collected about travellers and how that information is used by both the government and private entities in the United States.

The U.S. government, which is to say the Department of Homeland Security, wants the information that would be made available by Bill C-42 for two purposes: for surveillance and for control of travellers. With respect to control, of course, this data would be part of the basis for the making of no-fly decisions and the issuance of secret no-fly orders to airlines.

Unlike the case in Canada, where someone denied travel is given formal notice of that decision and has rights to appeal it, those no-fly orders in the U.S. are entirely extrajudicial. No one in the U.S. has yet obtained court review by any U.S. court of a no-fly order. It is U.S. government policy not even to admit that they have issued such an order, and that includes those denying passage on flights overflying the U.S. that were not scheduled to land. Former Secretary of Homeland Security Michael Chertoff is on the public record as saying that he believed that no-fly decisions should not be subject to judicial review, and the current U.S. administration has done nothing to repudiate that perspective.

While the consequences for anyone are very serious, including for those U.S. citizens trapped abroad who are currently unable to return home because they are not allowed to fly and have no other way to get back to the U.S, they are perhaps most draconian for refugees and asylum seekers. You should be very clear that the enactment of Bill C-42 would grant to the U.S. government de facto veto power over the ability of virtually anyone to obtain sanctuary in Canada, since in most cases it's impossible to get to Canada to make a claim for political asylum or refugee status without overflying the U.S., and that power of the U.S. would be exercised at the worst possible point: while a refugee is still on the soil of and subject to the persecution of the regime they are trying to flee.

While the U.S. is a party to the International Covenant on Civil and Political Rights, article 12 of which guarantees freedom of movement, it ratified the ICCPR with reservations that make it impossible to invoke or enforce it through any U.S. court. In the only instance in which the U.S. DHS has even acknowledged the formal complaints of the Identity Project that its policies, including no-fly and secure flight policies, violate the freedom of movement guaranteed by the ICCPR—the only time it's been acknowledged at all—the TSA took the formal position that the ICCPR does not apply at all to any measure undertaken for reasons of national security.

You should be clear that you are dealing here--unfortunately, I have to say--with a rogue state whose declared position is that its actions in this sphere are exempt from the norms of international human rights law and even from the treaties that it has ratified.

These data are also used for purposes of surveillance of travellers. It is not the case that the information is simply used to make a one-time decision about whether to let you fly. All of your PNRs, even if you are not deemed suspicious and are allowed to fly, will be added to the lifetime travel history and compilation of data already being kept about you as part of the automated targeting system. This includes, as Professor Salter alluded to, a wide range of information. We've been coordinating efforts by individuals in the U.S.—at least, by U.S. citizens, who have some rights in this regard—to request these records. They include, for example, such things as your IP address, who paid for someone else's ticket, what friend's phone number you gave because you were staying at their house when you reconfirmed your reservations, or, in the case of two people travelling together who made their same hotel reservations in the same PNR with their flight reservations, codes indicating whether, behind the closed doors of their hotel room, they asked for one bed or two.

So we're looking literally at data down to the level of intrusiveness of who is sleeping with whom, and of course there is also the opportunity to insert into these records free-text remarks—derogatory comments by a customer service representative who didn't like your attitude, and these sorts of things—that become part of your permanent dossier with the U.S. government.

Because of their secrecy, we have only a partial idea of what data are actually included in these records and an even less complete view of how they are used. As you probably know, the Privacy Act in the U.S. grants no rights whatsoever to foreigners, so there is no legal entitlement for Canadians to find out where these data have gone. Even for U.S. citizens, the DHS has been, I regret to say again, stonewalling requests. I have been obliged, after three years of attempts to get my own dossier and an accounting of the third parties to whom it was given, to bring a federal lawsuit, which is now pending, to find out what those records are.

So far as I know, nobody has actually obtained an accounting of the third-party disclosures of their PNR data by DHS, not even U.S. citizens. While some privacy impact assessments and diplomatic assurances have been offered, it's very important to understand that those are not embodied in any treaty or in any U.S. statute or regulation. They are not enforceable and they have no more weight than any other press release.

All that said about the uses of data by governments, Bill C-42 would authorize airlines to provide these data to the U.S. and other governments. However, this may not actually be necessary, because in most cases the data are already stored in the U.S. and are already accessible to the U.S. government, with or without the permission, or even the knowledge, of the airline.

The vast majority of travel agents and tour operators in Canada, as around the world, do not store their own data. Even if you make a reservation with a Canadian travel agency to travel on a flight that doesn't overfly the U.S., or even within Canada, in the vast majority of cases that reservation is, from the moment of its creation, stored in a computerized reservation system or global distribution system based either in the U.S. or in Europe, but with offices in the U.S. from which all of that information is available.

So it's already possible for the U.S. to go to that CRS or GDS with a national security letter, order them to disclose the entirety of the PNR, order them to conceal the fact that this has happened, and even order them to deny it if asked by the airline, the travel agency, the tour operator, or the individual to whom these data pertain.

You're not being asked to provide this personal information directly to the U.S., Canadian, or any other government; you're required to provide it to an airline, which is going to provide it to other commercial partners or outsourcing providers, so it's also important to understand that these commercial entities that have the data in the U.S are subject to no privacy law whatsoever, absolutely none. They are utterly free to sell this data, use it for any purpose, or transfer it to any third party anywhere in the world. They are not obligated to obtain permission or even to disclose it to the data's subject.

I think there are grave questions as to whether the outsourcing of PNR storage to CRSs and GDSs in the U.S. by Canadian travel agencies and tour operators complies in any respect with PIPEDA, and nothing in Bill C-42 addresses this problem.

While it is not for me as someone speaking to you from San Francisco to tell Canadians what laws you should enact in your country, I certainly hope you will not follow the bad example set by the United States in turning the commercial infrastructure of the airline industry and the travel industry into a permanent infrastructure of surveillance and control of our movements, but that you will use this opportunity to take a much closer look at whether the existing norms and data flows of the industry--particularly the routine and systematic outsourcing to utterly unregulated data aggregators in the form of the CRSs and GDSs in the US—comply with existing law or require further legislation or enforcement action.

I'd be happy to answer any questions from the members.

11:35 a.m.

Conservative

The Chair Conservative Merv Tweed

Thank you very much.

Mr. McCallum, you have seven minutes.

11:35 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

Thank you, Mr. Chair, and thank you all for being with us today.

I think we're living in a kind of “two solitudes” world. We get the airlines and their representatives saying it would be an unmitigated economic disaster if the law is not passed, and they make passing reference to privacy concerns. Then we have the converse: that privacy or human rights are the issue, and there is little reference to the economic side.

What I've been trying to do is think of possible amendments to the bill that would not produce an economic disaster but would, at the same time, address some of the privacy concerns. One of them—and this is in reference to Professor Salter—would go some way in addressing your concerns. If the addition of third countries other than the U.S. to the list—none has asked, I believe, so far—were to require parliamentary approval rather than be done by order in council, I think that would go some way.

Now, having listened to you and Mr. Hasbrouck, I see that there is the issue of the two kinds of data. There is advance passenger information, which is minimal, and there is PNR, or passenger name records, which are extensive. I understand that the bill right now would allow or permit airlines to hand over the PNR data. Am I correct in my understanding?

Also, what would you think if we could somehow amend the bill so as to limit the information transferred to the more minimal advance passenger information?

11:40 a.m.

Associate Professor, School of Political Studies, University of Ottawa

Dr. Mark Salter

Thank you.

I think you are correct in pointing to the U.S. as the one who demands that information now. I think also that Canada has shown itself capable of negotiating well, both with the United States and with the EU, on PNR and other matters relating to aviation security. For example, the way that Canada checks its hold baggage is radically different from the U.S. standard, yet we still manage to maintain our independent way of checking our own bags, so there is clearly space within the aviation field to negotiate with the United States.

It seems to me that you have pointed to a very productive amendment, which is to say explicitly that API information is minimal and meets the requirement of secure flight, whereas PNR is large, open-ended, and superfluous, and could lead to the kind of profiling or misuse of data about which we are all so concerned.

11:40 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

Would you comment, Mr. Hasbrouck?

11:40 a.m.

Airline Reservation Data Expert, The Liberty Coalition

Edward Hasbrouck

I'd like to speak to that.

Unfortunately, API data include the record locator for the PNR, and as long as the U.S. government gets the record locator, they can go to the CRS or GDS and retrieve the entirety of the PNR in secret, without the airline even knowing and without any recourse. In effect, regardless of whether the U.S. retains or gets all or any part of the PNR, as long as they have the API data with the record locator, they have in effect access in perpetuity to the entirety of PNR. For that reason, I don't think that amendment would have the effect you might desire for it.

11:40 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

Well, that's unfortunate.

I'm not well versed in these technical matters. Would they necessarily get the record locator, or could they be deprived of it?

11:40 a.m.

Airline Reservation Data Expert, The Liberty Coalition

Edward Hasbrouck

Even without it, it requires only a trivial amount of extra computer processor time to retrieve the PNR from the reservation system through a name and flight number or other information. I don't think it's possible to separate it out. As long as the CRS is in the U.S., the data already reside in the US. I don't think it's possible to separate out the API data from the ability of the U.S. government to get the entirety of the PNR.

11:40 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

Maybe I could ask Professor Salter a question about Mr. Hasbrouck's testimony. Again, this is something I had not heard of. Are you saying that with the data outsourced by Canadian travel agencies to U.S. entities, the U.S. government can get their hands on all of this anyway?

11:40 a.m.

Associate Professor, School of Political Studies, University of Ottawa

Dr. Mark Salter

That's right.

Air Canada and all travel agents make their reservations through global distribution systems such as Galileo or Sabre. When you access Expedia or other online travel sites, you're getting into that system. Those systems are housed, I'm going to say, in Colorado, but perhaps Mr. Hasbrouck can correct me. They are housed in the U.S., so they will be subject to the U.S. Patriot Act and will be subject to searches in the U.S.

11:40 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

Does that mean these travel agencies are violating Canadian privacy law, if not necessarily knowingly ?

11:40 a.m.

Associate Professor, School of Political Studies, University of Ottawa

Dr. Mark Salter

I am not a lawyer. I could not make that determination. I would say that--

11:40 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

I mean the effect of it.

11:40 a.m.

Associate Professor, School of Political Studies, University of Ottawa

11:40 a.m.

Liberal

John McCallum Liberal Markham—Unionville, ON

Mr. Hasbrouck has something to say. Yes, Mr. Hasbrouck?

11:40 a.m.

Airline Reservation Data Expert, The Liberty Coalition

Edward Hasbrouck

I am not a lawyer and I'm not a Canadian, but I am very concerned about whether Canadians and the Privacy Commissioner of Canada are aware of this. I think there is deep need for serious investigation of potential PIPEDA violations in this routine industry practice.