KLM wants you to make the DHS your friend on Facebook

Getting the jump on airline "social seating" startups like SeatID.com, KLM launched a new Meet & Seat service last Friday that allows passengers on certain flights (including some to and from the USA) to make portions fo their Facebook and /or LinkedIn profiles available for viewing by fellow passengers -- who, presumably, might want to use that profile data to determine whether to sit (or avoid sitting) near a friend, enemy, target of identity theft, someone on whom they want to eavesdrop, someone they are stalking, or someone matching other criteria.

There's no mention in the terms and conditions for the "Meet & Seat" service of what data is actually imported into KLM's systems, or where it is stored.

I asked KLM's New York-based publicists about this on Friday when they sent me the launch announcement. They first referred me to this webpage (which doesn't mention privacy or data protection or answer our questions), then bounced my query to the p.r. department at their corporate headquarters in Amsterdam. They didn't respond to my e-mail messages or answer their phone by the close of business in Amsterdam or New York today.

Specifically, I asked KLM:

Does a passenger provide their password to KLM to retrieve info from their Facebook or LinkedIn profile, or authorize KLM to do so as a Facebook app? What's actually stored by KLM (Facebook user ID? password? authorization code for the app? data retrieved from Facebook), and where (e.g. in the PNR or departure control system)?

The problem is that any data stored in the PNR for a flight to or from the USA is sent to the DHS and included in the passenger's permanent secret dossier in the DHS Automated Targeting System, for use whenever they travel to or from the USA in the future and for many other purposes. When would-be visitors have already been denied entry to the US based on jokes posted on Twitter, is that what you want to "opt in" to?

PNRs for all KLM flights -- not just those to or from the USA -- can be retrieved by offices in the USA of KLM, its codeshare partners, and the computerized reservation systems that host those PNRs.

US laws would allow the DHS, FBI, and/or other Federal agencies to require those US offices to retrieve this data, hand it over to the US government, and keep the fact that they had done so secret. KLM has previously claimed, in response to requests for records of whether this has happened, that netiher KLm nor its primary PNR hosting provider Amadeus keep any logs of access to this data, and that it has no agreements with its agents and codeshare partners requiring them to keep such records or to provide them KLM.

If KLM is storing Facebook or LinkedIn data in its departure control system, it won't automatically be pushed to the DHS, but it will still be retrievable by the US offices of KLM, its codeshare partners, and its ground handling agents -- and hence by the DHS and FBI.

It's theoretically possible that none of this data is stored in PNRs or the DCS, but only in a separate database not accessible from the US.  Unlikely, I suspect, but possible. If so, KLM should say so, and make that an explicit contractual commitment.

Otherwise, anyone who uses "Meet & Seat" may find that whatever information you "share" with fellow passengers is also shared with the DHS, and your ATS file is permanently linked to your Facebook ID even if you later opt out of the KLM social seating service.

If anyone uses KLM's "Meet & Seat" and subsequently requests their records from KLM under Dutch data protection law, please let me know (in the comments or privately) what you find out. I'll be happy to help you try to decipher any response from KLM or its agents or contractors.

[Crossposted at PapersPlease.org.]

US State Dept. finalizes passport fee increases, continues to ignore human rights complaints

On February 2, 2012, the State Department published a final rule in the Federal Register setting fees for issuance and renewal of U.S. passports and related consular services.

Contrary to some press reports, this rule didn’t actually increase the current fees. It merely “finalizes” the fee increases that have already been in effect for the last 18 months since the publication of an interim final rule (don’t you love that bureaucratic doublespeak?) in June, 2010.

Details from the Identity Project

"Will American's Layoffs Add to Flier Grief?" (Yes.)

I'm quoted (briefly) in a story today by Jonnelle Marte in Dow Jones' "Smart Money" consumer financial advice blog:

American Airlines said Wednesday it wants to cut 13,000 jobs as part of its bankruptcy filing, a move analysts say could lead to shuffled or canceled flights, longer waits and poorer customer service.... It also plans to terminate employee pension plans....

These changes may result in longer lines for ticketing and checking in and more frequent exchanges with overworked, grumpy employees, experts say. “You could be in a real mess,” says Edward Hasbrouck, author of The Practical Nomad, a travel book series.

By far, however, the biggest risk for most fliers is that American might reschedule or eliminate their flights, analysts say....

For more of my advice on this, see my article about the American Airlines bancruptcy and my FAQ about Airline Bankruptcies.

Is the advertised price too good to be true? No. (Part 2 of 2)

Yersterday I analyzed a deceptive travel deal that was much less of a discount from the regular price than it was advertised to be.

Today I'll look at the flip side of the coin: What happens when you are offered a price that's much more of a deal than the company might have meant to offer?

Should you accept such an offer? Should you feel guilty if you do? Will a travel company honor a "deal" that turns out to be better than they thought it was? And what can you do, politely, to make sure that they will honor such a price?

Here's a case study of what happened to me with a recent hotel/resort reservation:

Is the advertised price too good to be true? Yes. (Part 1 of 2)

Sometimes an advertised "sale" price isn't as much of a deal as it's made out to be. Other times, the price you are offered turns out to be such a good deal that the seller doesn't want to honor it. This week, I have reports on recent examples of both sides of this "too good to be true" coin.

First, the advertisement that exaggerates the "regular" price and the discount being offered:

In December, Groupon advertised a one-day online sale on vouchers, each voucher redeemable for a package including:

• 2 airline tickets around the world;
• 3 excursions along the way with a "value" of up to $500 for each excursion; and
• miscellaneous bells and whistles including a steamer trunk(!), 2 safari hats, in-flight food and drink, and one piece per person of checked baggage on each of the flights.

You might think that the "Groupon" name implies that customers are getting a discount in exchange for a group purchase, but this was anything but a "group" deal: Two coach/economy-class vouchers (each good for a pair of tickets) were offered for US$10,000 per voucher, and one business-class voucher for US$20,000.

All three of the vouchers Groupon offered were sold, including a coach-class voucher bought by Melissa and Trevor, a couple in Santa Fe planning to use them for their honeymoon trip around the world later this year.

Neither the coach nor the business-class price of the Groupon package was a terrible deal compared to the regular prices of its components.

What's problematic are the claims on Groupon's Web site that the $10,000 coach-class voucher had a value of $20,000 and was an "Epic Deal" being offered at a 50% discount.

In fact, as discussed below, this was at best a US$15,000 (not $20,000 as advertised) value in coach class, and at best a 33% (not 50% as advertised) discount from the normal price.

How much would this package have cost without the Groupon?

Review of "The Practical Nomad" by Wayne Bernhardson

Southern Cone expert Wayne Bernhardson is one of the best guidebook writers I know: knowledgeable, observant, thoughtful, and opinionated -- in the fine tradition of personal voices of Moon Handbooks authors -- yet able to communicate enough of the basis for his opinions that I can tell from his description when I might dislike something he likes, or vice versa. (He's also unfailingly friendly and generous, although guidebook readers don't necessarily care about that.) Whenever I travel in, or write about, Argentina or Chile, my starting point is always Wayne's guidebooks, even if to pursue my own tastes I often diverge from his suggested itineraries. I follow his blog, and he follows mine.

I'm honored that Wayne has just posted a review of the new 5th edition of The Practical Nomad: How to Travel Around the World in his Southern Cone Guidebooks and Moon Over South America blogs. Wayne's review is worth reading as a general commentary on spontaneity in travel and the life of a working travel writer, but also has this to say about my book:

One person who’s adapted to the times is my travel-writing colleague Edward Hasbrouck, probably the best-traveled person I know, who’s just released a new fifth edition of The Practical Nomad: How to Travel Around the World.

The Practical Nomad is exactly what it says: a nuts-and-bolts manual on traveling abroad – not necessarily literally "around the world" - for extended periods of time. It is not destination-oriented; rather, it offers suggestions on how to get the best out of whatever destination you choose. I recall that, after renting our apartment in Buenos Aires, he and his companion Ruth Radetsky found plenty to see and do in muggy subtropical Posadas - a city that foreign air travelers rarely even see and most overlanders visit only long enough to change buses for Iguazú Falls. To quote a phrase from the classic People’s Guide to Mexico [one of my favorites as well - EH], "Wherever you go, there you are."

That said, The Practical Nomad offers informed tips that, given Edward’s background as a professional travel agent and right-to-travel activist, are far more reliable that the scuttlebutt rumors I used to get from other travelers whose paths I crossed. They are light years better than any crowd-sourced information on the Internet, even though I might quibble with some of his details....

The Practical Nomad focuses on topics such as getting time off for foreign travel and financing it, flights and other transportation options, the bureaucracy of documents, visas and border crossings, and especially tech suggestions. Edward also writes the informative blog of the same name, "The Practical Nomad", which focuses on freedom-of-travel issues but also provides perspective on topics such as The Amazing Race "reality" TV show.

Thanks, Wayne, and happy travels!

Watch for a check like this in the mail!

If you used a US-issued VISA or MasterCard, or a VISA or MasterCard-branded ATM card, to make purchases or withdraw cash in foreign currency between 1996 and 2006, look for a check like the one below in your mail this week.

Mine was delivered yesterday, so yours might have been delivered a few days ago, or might still be on its way. Check your recent mail. It's easy to mistake these postcards for junk mail. (Click the images below for a larger version.)

[outside of self-mailer postcard (unfolded)]

[inside of self-mailer]

These settlement checks being sent to credit, debit, and ATM cardholders are the final act in a legal drama that I first wrote about in 2008.

First rulings in my lawsuit over DHS travel records

I've been waiting since the oral argument I attended last September 15th for a decision from Federal District Judge Richard Seeborg in my Privacy Act and FOIA lawsuit against the DHS Customs and Border Protection (CBP) division for information about their records of my travels.

By a bizarre coincidence, I spent yesterday in Judge Seeborg's courtroom watching a jury be selected for an entirely unrelated Federal criminal trial in which I might be called as a minor witness for the defense. (One night several years ago, I was awakened by the sound of shots outside. I called 911 in case anyone needed medical treatment. I saw nothing, and that's all I know.)

I haven't, so far as I can tell, been properly served with a subpoena in that case, but I had been told by defense counsel that someone from the US Marshal's office had filed a false (and perhaps fraudulent and/or perjured) return of service.

This sort of sewer service is illegal but common. I showed up in court anyway, in an abundance of caution (as lawyers like to say), to make sure there was a record of my voluntary appearance and to bring the possibility of misconduct by the Marshal to the attention of Judge Seeborg and the U.S. Attorney.

I had to wait around until almost 2 p.m. before I got to tell my story to the judge, after which I came home -- leaving behind an FBI agent who followed me down the courthouse corridor calling out, "Mr. Hasbouck? Mr. Hasbrouck? I just want to ask you a few questions...." Right.

Imagine my pleasure and surprise a little later in the afternoon when one of my lawyers sent me a copy of Judge Seeborg's initial rulings in my own case. This was the decision I'd been waiting for since September, and was filed about an hour after I appeared before Judge Seeborg in the (unrelated) third-party criminal matter. Go figure.

Anyway, Judge Seeborg's order addresses some significant Privacy Act issues of first impression. The order grants some of my motions and some of CBP's, and orders us to confer on next steps including additional searches by CBP for responsive records.

I'm very grateful to the work of my lawyers and to the First Amendment Project interns who also worked on the case.

I've posted an analysis of the ruling and its implications in the Identity Project blog (PapersPlease.org).

Bicycle routes through Brisbane, California

I attended the Brisbane (CA) City Council this week to talk about some of the unintended consequences of the new bike lanes on Bayshore Boulevard. It was a promising discussion, and I hope it has opened the door to addressing some larger regional transportation issues.

These issues aren't limited to San Francisco. Wherever bicycles are banned from the main motor-vehicle highways -- which typically follow the straightest and most level routes -- it becomes even more critical to ensure good conditions and reasonable through routes for bicyclists on those roads that remain accessible to bicycles, especially the "old" highways and the "frontage" roads along Interstate highways, freeways, and railroad lines.

If you live in the San Francisco Bay Area and/or care about bicycle transportation, read on. (If not, you probably want to skip the rest of this article.)

TSA is expanding its "PreCheck" (pre-crime) traveller registration scheme

I'll be on the Patt Morrison show on KPCC (the main NPR station in greater Los Angeles) from 2-2:30 p.m. to talk about the expansion to LAX and more other airports of the TSA's PreCheck traveller registration program.

Listen (on the air or online) and call in with your questions and comments.

[click arrow icon at left of slider above to stream archived audio, or click here to download as MP3 podcast]

By way of background, the PreCheck (pre-crime?) program, formerly labelled with the ironic acronym "ESP", is the latest incarnation of a concept that just won't die. I've been writing about the registered traveller idea since the TSA and selected airlines rolled out its first predecessor in 2004, most recently when the private franchisee who operated another version of a traveller registration program went bankrupt in 2009.

Before you sign up, you might want to read the TSA's notice of the records it keeps about people in the PreCheck program and the regulations exempting the TSA's files about registered travellers from the requirements of the Privacy Act for accuracy, relevance, rights of access to files about yourself, and accounting for disclosures of these records to other government agencies or third parties.

(You can hear my previous interview with Patt Morrison from the same show on KPCC last year here.)