Ryanair’s reservation system and “Safe Harbor” illegality

Impetus

Ryanair has an outsourced reservation system to the New Skies system operated by Navitaire, which is owned by Accenture. While Accenture is an Irish headquartered company (nominally), Navitaire is based in Minneapolis.

The declaration by the ECJ that the Safe Harbor arrangement between the EU and the US is invalid under EU law, implies that Navitaire will have problems transferring data outside of the EU. While Amadeus (an European CRS) has agreed to buy Navitaire, both companies have agreed to outsource infrastructure, etc to Accenture. Three data centres are used, located in Minneapolis, Salt Lake City and Sydney. These three countries are in the “five eyes” state sponsored data snooping zone.

In addition, Ryanair is in breach of EU legislation in that it demands data, which is in excess of that required to operate most flights operated by Ryanair. This excess data includes the passenger’s passport/id number, date of birth, country of birth, id expiry date, etc. The requirement to obtain and record ID/passport details only legally pertains to flights to Spain from non-Schengen countries. Even the right of Spain to treat citizens of non-Schengen EU as potential terrorists might fail, if this Spanish law was looked at under an “EU microscope”.

There is no need for any transfer of data to the US for airlines such as Ryanair, which exclusively operate in the EMEA zone.

One wonders when the Irish Data Protection Commissioner will deal with this unsafe and unlawful arrangement – which is exposing the personal information given by Europeans and others to the largest, and most customer abusive airline in Europe, which in turn exposes it to be past on to states that systematically engage in hacking human beings and their personal info?

http://www.datacentres.com/dc-news/amadeus-acquire-navitaire-us830-million

https://en.wikipedia.org/wiki/Navitaire

https://en.wikipedia.org/wiki/Amadeus_CRS

https://www.dataprotection.ie

BoB_BoT

I do have to laugh that the recent ruling fell to Ireland's data protection commissioner to investigate. They don't have the resources or the power to investigate the likes of the Facebook's, Google's, Data storage companies etc.... They can just about handle the existing workload if even that.

If I was a conspiracy theorist, I'd say the ruling was allowed to occur under it's circumstances that there would be no bite behind it.

Impetus

I notice that during the reservation process on ryanair.ie, one is taken to bookryanair.com to complete an online reservation, an address whose details are hiding behind a domain secrecy company called PERFECT PRIVACY, LLC of 12808 Gran Bay Parkway West , Jacksonville, FL 32258-4468. One suspects that this is attempting to conceal the Accenture division that provides outsourced reservation, check-in, and tracking services to Ryanair (and probably the latter to nsa.gov, among others, either directly or indirectly)? Why else would a corporation use domain privacy, aside from trying to conceal the tracks to where it sends personal information?

Mr O’Leary has serious questions to answer in relation to the data privacy of Ryanair passengers, as does the Dept of Foreign Affairs who issues Irish passports (and every other EU passport and ID card issuing agency), (Ryanair do not accept Irish ID cards issued by the same Dept of Foreign Affairs for some reason – (probably doziness). This has mega data leak risks for every one of the approx.. 100 million Ryanair passengers the company carries in the EMEA area every year.

Safe Harbor is no more. It was a brand name of illusion to fool European consumers into thinking that their personal information could be exported safely to third world countries (as far as respect for privacy is concerned).

http://perfectprivacy.com

Domain Name: BOOKRYANAIR.COM
Registry Domain ID: 8303702_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2015-01-28T23:27:16Z
Creation Date: 1999-07-22T12:22:16Z
Registrar Registration Expiration Date: 2019-07-22T04:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: [IMG]file:///C:\Users\mvv\AppData\Local\Temp\msohtmlclip1\01\clip_image002.png[/IMG]
Registrar Abuse Contact Phone: +1.8003337680
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Parkway West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.5707088780
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: hx6kb53e7zz@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 12808 Gran Bay Parkway West
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32258
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: hx6kb53e7zz@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 12808 Gran Bay Parkway West
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.5707088780
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: hd2cw6jh2sp@networksolutionsprivateregistration.com
Name Server: NS1.P29.DYNECT.NET
Name Server: NS2.P29.DYNECT.NET
Name Server: NS3.P29.DYNECT.NET
Name Server: NS4.P29.DYNECT.NET
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

timmywex

Did we ever fully get down to the bottom of what your problem with Ryanair is?

Impetus

timmywex wrote: »

Did we ever fully get down to the bottom of what your problem with Ryanair is?

If you are so inclined, you can start off with these:

1) Lack of respect for travel guest (PAX in Ryanair lingo) personal ID privacy - stealing ID numbers, DoB, place of birth, etc when no legal requirement to do so. Putting customer at risk of hacking and neadless rogue state theft of info. No acceptance of Irish ID card - must have passport if Irish citizen. Multiple checks of ID - at check-in, and again at gate (against EU regulations), and show boarding pass when entering aircraft. Lufthansa has none of this crap - aircraft therefore board faster. (As an aside Ryanair seems to have stolen Lufthansa's external paint design - just changing the logo and font).
2) Dirty aircraft interiors
3) Appalling cabin design and colour schemes
4) Probably the worst runway landings of any airline - thump down even in low wind conditions with 99 km visibility.
5) Dishonest pricing on website
6) Time wasting website - while it has changed from the original website done by primary school kids, you still have to waste time and clicks to make a reservation.
7) Crap unhealthy food on trolleys. No mean pre-ordering online.
8) Tight seat pitch - little legroom - Vueling charge similar prices - but offer more legroom and a clean aircraft interior, with comfortable leather seats, as opposed to FR rock hard seats.
9) Lack of formality and respect for customer of FR cabin staff
10) Design - Ryanair designs each aspect of its service to be downmarket - even where it costs zero EUR to do a better job.

While most of these have little to do with info security (aside from 1), one might regard these as the top 10 hates, of the moment.

dbit

My own peeve left a bitter taste in my mouth , missed a 6 am flight to Barcelona last Monday . Called to transfer - was told if i make it to the airport i can pay 100 euro to transfer to the next flight (Also advised only one seat left) . I had to make that flight as i was presenting in VMwolrd . So then came the real bad news - if i am to transfer the flight over the phone the grand total was 320 euro - I had to pay it out of my own pocket as per missing the company paid for flight. The original return flight cost was 170 , the transfer to a later flight going out then is €320 . Yes low cost airlines provided you dont get caught out by dirty tricks airline costings . Agreed , awful bloody company , I will never fly with them again . Interesting interface node connectors on those flights too.

Impetus

dbit wrote: »

My own peeve left a bitter taste in my mouth , missed a 6 am flight to Barcelona last Monday . Called to transfer - was told if i make it to the airport i can pay 100 euro to transfer to the next flight (Also advised only one seat left) . I had to make that flight as i was presenting in VMwolrd . So then came the real bad news - if i am to transfer the flight over the phone the grand total was 320 euro - I had to pay it out of my own pocket as per missing the company paid for flight. The original return flight cost was 170 , the transfer to a later flight going out then is €320 . Yes low cost airlines provided you dont get caught out by dirty tricks airline costings . Agreed , awful bloody company , I will never fly with them again . Interesting interface node connectors on those flights too.

Ryanair is a rip-off, and is heading for 25% of the European air travel market - taking advantage of 12.5% Irish corporate income tax rates (as against 35% odd paid by most of their competitors on the Continent), and tiny Irish social protection contributions, and "deals" with small airports which are local government subsidies in reality. They are also riding on the low interest rate Euro, and using it to buy foreign aircraft (ie Boeing) when the USD is weak. Unlike other low cost airlines such as Vueling (who use European made aircraft) and who do not offer connections* - (Ryanair is avoiding responsibility for baggage transfers and delays braking connections). Their staff have no respect for the customer. Unlike Vueling where one is treated in a civil manner.

Vueling do not have direct flights from Rome (FCO) to Madrid - but if you use their website http://www.vueling.com/en it will work out the connections for you end to end. An idea totally alien to Ryanair. And when one makes a reservation on Vueling, a minute or two after one receives the email confirmation, it is followed by another email with the boarding pass. No messing about with your DoB, place of birth, passport expiry date etc a la Ryanair. Because Vueling are not interested in selling customer information to generate extra money from their website - unlike Ryanair.

It used to be a pleasure to fly in Europe. Ryanair and the "terrorism obsession" have totally changed the travel experience. And it is no cheaper, because if Ryanair don't catch you, as you were caught on the flight to BCN, you will probably end up wasting money on a hotel room and dinner because you used Ryanair who have awkward flying times and have no interest in connections. No different to CIE group - who have a clueless approach to travel connections door to door.

BoB_BoT

I think we get it, Ryanair bad. Every other company who isn't Ryanair, good.

For someone who seems to detest Ryanair, do you still fly with them?

Despite your worries about how they handle your data, do you still fly with them?

You blame Ryanair for making travel in Europe bad, I can't see the correlation. Fly with someone else.

I could understand your concerns about your data and what they do with it, but at this stage you're just Ryanair bashing.

Impetus

BoB_BoT wrote: »

I think we get it, Ryanair bad. Every other company who isn't Ryanair, good.

For someone who seems to detest Ryanair, do you still fly with them?

Despite your worries about how they handle your data, do you still fly with them?

You blame Ryanair for making travel in Europe bad, I can't see the correlation. Fly with someone else.

I could understand your concerns about your data and what they do with it, but at this stage you're just Ryanair bashing.

While I am not suggesting that every other airline in Europe is good, I am happy to keep the thread focused on computer security issues - and the negligence of the data protection authority in its regulation of Ryaniar.

I don't fly with Ryanair unless there is no other choice available to me for the journey in question.

Hotblack Desiato

none of this whinging is relevant. Should be in the travel forum

KoolKid

Not relevant to information security.

Closed.