The Amazing Race 7, Episode 5

Vicente Casares (Argentina) - Johannesburg (South Africa) - Soweto (South Africa) - Gaborone (Botswana) - Francistown (Botswana) - Gweta (Botswana) - Makgadikgadi Pans (Botswana)

Road travel is the most dangerous part of most trips -- whether a trip to the next town, across the country, or around the world.

Travellers occasionally, although rarely, get so ill (most often with malaria or drug-resistant dysentery) that they come home earlier than they had planned, but most of the time when something happens to one of my clients that forces them to cut short their trip, that "something" is a road accident. (Despite fears of travel-related illnesses and injuries, the most common reason to abort an extended overseas trip is an injury or illness affecting a family member back home, typically a parent, rather than anything that's happened to the traveller.)

So it should be no surprise that the most serious injury that we've been shown to date in The Amazing Race was to one of the (usually invisible) camera operators accompanying the teams in the reality television race around the world, when one of the race teams' truck ("sport utility vehicle") rolled over on a dirt track in the desert in Botswana.

Sometimes the most effective way to teach a lesson is by negative example, and that's definitely the case here. Both the producers of the television show, and the racers themselves, did pretty much everything possible to maximize the likelihood of exactly such a predictable "accident" as in fact occurred:

They were driving as fast as possible, in top-heavy rollover prone trucks, on the opposite side of the road from what they were accustomed to, off pavement, in the desert, in a remote area where help could have been a long time coming or a long way to reach on foot once their vehicle was disabled (if they were real travellers not accompanied by a television production crew and its support and medical staff), while poorly rested and still severely jet lagged after flying across five time zones.

That's a great lesson in what not to do, if you don't want to end up like them, wondering if their eagerness for a television hit (in the case of the producers) or a million-dollar prize (in the case of the racers) might have led them to risk their own or someone else's life.

Don't try to drive or do other dangerous tasks requiring uninterrupted concentration, clear thinking, and quick physical reactions when you are tired (such as from a long flight) or, more importantly, when your body and is at the low point in its daily cycle of alertness -- as it may be, even in the middle of the day, if you are suffering from "jet lag".

At home, if you had to wake up and start driving at 3 a.m., you'd probably realize that you weren't at your peak, and as a result would (I hope) drive more slowly and with more care, if you drove at all.

But if, like the racers, you've just traveled from Argentina to South Africa, your body's internal clock could think it's the middle of the night when it's the middle of the day where you are. It could take as much as a week for your body's cycles to catch up with your own rapid flight around the planet, and the racers had only one 12-hour "pit stop" to try to rest between their intercontinental flights and their off-road race across the desert. In "The Amazing Race" around the world in a month, or course, much less in a trip around the world in eight days , your body clock might never catch up with your body until after you got back home.

Normal circadian rhythms reduce your alertness, reaction time, and ability at that hour of night (or, if you are jet lagged, day) as much as a fairly heavy dose of alcohol or other performance impairing drugs. You should pay at least as much attention to whether you are feeling "down" from jet lag as you would to whether you've been drinking too heavily. If you are feeling jet lagged, you should avoid driving and other suchlike activities as much as you would if you were feeling more than a little drunk or drugged.

Most so-called jet lag "remedies" are pure quackery, so far as I can tell. The most important thing you can do about jet lag is not to try to eliminate or "conquer" or "cure" it (that would require some means of resetting your body's internal clock or alertness cycle), but (1) to recognize when your mental and physical functioning, alertness, and reaction time are impaired by jet lag, and, (2) to act on that recognition by avoiding or postponing activities like driving or, if they are unavoidable, minimizing them and taking extra care (such as by going more slowly than you otherwise might).

For more on jet lag, see Wide Awake at 3:00 a.m. , by Richard M. Coleman, which in my humble opinion is the best book available for understanding and dealing with jet lag.

Special care, concentration, and quick reactions are also required when you are driving on the opposite side of the road than what you are accustomed to, especially if you've never driven on the "wrong" side of the road before. The worst time to learn to drive on the other side is when you have just gotten off a long, tiring flight from another time zone -- which, of course, is exactly when most people do attempt it, whether arriving in South Africa, the UK, Ireland, Australia, New Zealand, or Japan (among places where they drive on the left) from the Americas (where, with a few small exceptions, they drive on the right), or in the opposite case when arriving in America from any of those drive-on-the-left places and immediately driving off in a rental car to explore the great American road. In either case, do yourself a favor: get a hotel at the airport, or reachable by public transportation, and give yourself a few days to rest and for your body clock to catch up before you try driving (in a parking lot for practice, please) on the "wrong" side for the first time.

The racers aren't just given cars, or required to drive them on paved roads (and on the opposite side). They are given SUV's, and required to race them on unpaved desert tracks. Former soldier Ron claims that he's the only one of the racers to have previous experience in high speed off-pavement Humvee driving in the desert. He's probably right -- several of the other racers speak openly of their inexperience at such driving -- and experience does make a difference.

The fact that local people do something all the time doesn't mean (as travellers sometimes falsely infer) that it's safe for them, for you, or for anyone else. But the fact that they do it all the time, and you don't, means that they are likely to be much more skilled at it than you are, and that you should take proportionately greater care than you see them exercising, and go more slowly.

Even on pavement, SUV driving requires special skill. Boosters of "SUV's" (Exactly what sort of "sport" is it to drive such a truck in city or suburban traffic? And exactly what "utility" do they have for the paved highway driving for which most of them are used?) admit in their current joint ad campaign that, "SUV's handle like trucks, not cars" and recommend that, to reduce rollover accidents, SUV drivers should "Slow down and avoid abrupt maneuvers". In their own words, "SUV's require special handling. Riding an SUV travelling at high speeds is dangerous. 40% of fatal rollovers involve excessive speed."

And that's on pavement! SUV advertising gives the impression that driving an SUV on a dirt track, or even across roadless country (especially flat desert, a common setting for SUV ads), is just like driving a car on pavement. But it's not. Driving safely on dirt or sand is at least as much about technique and practice as it is about the vehicle.

Some of the smallest cars, such as the Volkswagen Beetle and the Citroën 2CV, have been preferred off-road vehicles successfully used for decades in some of the world's worst conditions. Among other things, they have the advantage over "modern" SUV's that, being smaller and lighter, they are much easier to lift over or out of obstacles. Not for nothing was The People's Guide to Mexico (now published by Avalon Travel Publishing, the same people who publish my Practical Nomad books) the second book published by John Muir after his own "How to Keep Your Volkswagen Alive".

I've driven and ridden hundreds of miles -- slowly and carefully -- on dirt and other unpaved roads in a variety of "subcompact", low-clearance, small-tired cars, most recently en route to and from Alaska in a narrow-tired gas-electric hybrid Toyota Prius optimized for fuel efficiency rather than off-road performance. Given the choice of a riding in an off-road rally with a novice off-road driver in a truck or SUV, or an experienced off-road driver like my friend Russell in the battered and beloved little Beetle in which he lived while exploring the desert Southwestern USA , I'd choose the latter without hesitation. (Not that Russell can't drive trucks too, mind you.)

The racers and their crews, of course, had people watching (and filming them), and medical support and backup transportation standing by -- even in the African bush. That won't be true for you, and neither health nor medical evacuation insurance are likely to reduce the amount of time it takes the first responder to arrive if you are injured while travelling in such a place. But if you want to be sure you would be able to return home for any follow-up treatment (reconstructive surgery, rehabilitation, etc.) once your condition has been stabilized, rather than having it locally wherever you end up after getting hurt, you might consider medical evacuation insurance or a prepaid medevac program like those offered by Medjet Assistance .

CBS describes what happened to Greg, Brian, and the passengers in their race vehicle as an "accident", but in reality (as opposed to reality-TV), it was an entirely predictable consequence of the danger-maximizing set of choices imposed on the racers by the producers. The racers, presumably, had to sign waivers of liability assuming the risks of the race, but one wonders if that was also true of the camera and sound technicians accompanying them, whose lives were placed equally in danger but without the lure of a million-dollar prize.

Auditors question TSA use of airline reservations

Two reports by different sets of internal USA government auditors have questioned the appropriateness and legality, and revealed more details, about past, present, and proposed uses by the USA Transportation Security Administration (TSA) of airline reservation data for "passenger screening" and other purposes.

On Friday, 25 March 2005, the (acting) Inspector General of the USA Department of Homeland Security (DHS), which includes the TSA, released a redacted (i.e. censored) version of their Review of the Transportation Security Administration's Role in the Use and Dissemination of Airline Passenger Data .

There aren't, on first reading, any bombshells in this report, but it does provide by far the most comprehensive list released to date of airlines, Computerized Reservation Systems (CRS's), and reservation data aggregators who have turned over Passenger Name Records (PNR's), or data extracted from them, to the TSA. It's worth reading, and will remain a useful reference.

The report reveals that these disclosures to the TSA (almost all of which violated European Union laws and the EU Code of Conduct for Computerized Reservation Systems, if not necessarily in all cases laws of the USA) were more extensive than has even previously been confirmed by any agency or official of the government of the USA, and puts the lie to a series of denials by TSA spokespeople and officials to reports of these disclosures, especially the reports by, and denials to, members of Congress, myself, and Ryan Singel of Wired News . Ryan's stories on this, with links to more background, are here and here ; further comments by Bruce Schneier, security expert and member of the TSA's advisory committee on "Secure Flight", are here .

Because this report was focused exclusively on the TSA, it doesn't discuss the more than 250 million PNR's obtained, aggregated into a data warehouse, indexed, and still held by the USA Federal Bureau of Investigation (FBI). Nor does it discuss whether the TSA had access to that data or any of the FBI's analysis of it, which could be significant to whether the TSA knew that the FBI had discovered that PNR's contain personally identifiable data on non-passengers such as travel agents and airline staff, which could be critical to whether TSA officials committed criminal violations of the Privacy Act in setting up databases of PNR data without notice to those non-passengers as data subjects.

On Monday, 28 March 2005, the USA Government Accountability Office (GAO) released a report commissioned and mandated by Congress as a precondition to deployment and/or testing of the TSA's Secure Flight airline passenger surveillance and monitoring system, Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed . (Comments on the GAO report from Ryan Singel , Bruce Schneier , the ACLU , and EPIC .)

The initial focus on the GAO report has been on whether it constitutes the certification required by Congress before the TSA can proceed with "Secure Flight" deployment (clearly not) or testing with commercial data such as PNR's. With respect to testing with PNR's, I don't think so, but the report says the TSA has already conducted such testing, and recent reports such as this and this suggest that the TSA intends to continue and expand both testing and deployment of "Secure Flight" (perhaps defining the initial deployment as merely a very large scale "test") without waiting for the requires GAO certification. The TSA seems to assume that travel data such as PNR's is sui generis and thus exempt from all Constitutional, statutory, or regulatory requirements applicable to other categories of commercial data, just as it seems to think airline security in general is sui generis and outside normal constraints on search, seizure, or freedom to assemble. (Whether travel is, or should be considered, sui generis is a larger question I hope to address in a future article).

The GAO report seems to confirm, although it doesn't emphasize, the likelihood that the "Secure Flight" testing already conducted (or, more specifically, the handover of PNR data by airlines and CRS's for "Secure Flight" testing) was not authorized by any agreement with the EU, and thus that it may have violated EU laws.

It's clear from reading the GAO report that the TSA has defined the "success" of "Secure Flight" testing by the ability to match entries in PNR's with entries in watch lists. Difficult though that has proven in past tests, that's the (relatively) easy part. And that begs the more difficult questions of the degree to which PNR data matches "real identities" (or ever could, even if the First and Fourth Amendments to the Constitution of the USA were modified to authorize compulsory production and display of identity credentials as a precondition to exercising the right to travel), or the degree to which entries on watch lists correspond to threats sufficient to warrant restrictions on the exercise of Constitutional rights (especially in the absence of a judicial finding in each case of sufficient basis for such a restraining order).

But while the GAO report is damning, it still seems to me on first reading that the GAO auditors were entirely too credulous in several respects. Perhaps that's because, while they talked to (some) privacy advocates and some airline and CRS representatives, that don't appear to have talked to any travel agents -- the people who work with PNR's on a constant basis, and would have to do most of the "heavy lifting" of data collection and data entry for "Secure Flight" (the GAO does confirm that this would be difficult and expensive to a degree it can't yet quantify because the TSA still hasn't decided what data it will require, or in what format) -- or any independent experts on PNR data and associated business practices.

In particular, the GAO report consistently and repeatedly adopts the TSA's false categorization of data in PNR's as "passenger provided" information. This is more than a semantic error.

By describing PNR data as "passenger provided", the TSA is trying to imply -- falsely --- that the subjects of data in PNR's are limited to passengers, that the data was voluntarily provided by the data subjects, and that their "consent" can be inferred from their having provided it and by their subsequently seeking to board flights. But PNR's contain personally identifiable data on people other than passengers, obtained from and through sources other than the data subjects themselves.

The GAO seems to have adopted the TSA's simplistic, and wrong, conception of a unitary transaction, engaged in directly between the airline and the passenger (who never subsequently changes or cancels their reservations), in which a reservation (PNR) is created, all PNR data is entered, and a ticket is issued, at the same time and place and by the same person. Any reservation agent, and especially any travel agent, would find this over-simplification laughably inaccurate.

The GAO misunderstanding is most clear in its statement that, "even a wholly domestic U.S. flight could involve European Union data if the passenger purchased the ticket in the European Union." Actually, this has little -- possibly nothing -- to do with where the ticket was purchased, and everything to do with where the data was collected from the original source for entry into the reservations. It's clear that the GAO didn't understand that distinction, and assumed that the making of reservations, purchase of a ticket, and issuance of the ticket necessarily occurred as part of a single transaction. But it's possible to collect data for one PNR in different places and at different times. It's possible to make reservations without buying a ticket, and it's possible to buy an "open" ticket without making any reservations.

A PNR is, in industry lingo, "built" by a series of entries, often over a considerable period of time, in which different bits of data (much of which the prospective passenger(s) never see), originating with different parties, are entered through different intermediaries. At Airtreks.com where I work with complex around-the-world itineraries, the audit trail or "history" for a single PNR routinely contains more than 100 distinct entries, each identified uniquely with its source. As I've discussed previously, "Most PNR data is provided to airlines by a chain of between two and four intermediaries: (1) the travelling companion who makes the travel arrangements for the typical travel party of more than one person, (2) the travel agency they deal with (online or offline), (3) the CRS used by that travel agency, and (4) the CRS that hosts the airline's PNR database." Their role (and the necessity for them to obtain and document consent for onward personal data transmission) remains unacknowledged by the TSA.

The GAO report describes a "Secure Flight" process in which the TSA would obtain all PNR's containing reservations for each flight (it's silent on whether this would include only confirmed reservations, all confirmed or waitlisted reservations, or all reservations including cancelled ones) 72 hours before scheduled departure. At this point, or any point prior to "wheels up" (and then only if the TSA limited itself to PNR's of those who actually boarded), names in PNR's correspond not to "passengers" but to a vastly larger class of what might more accurately be called "prospective passengers". In many cases, a prospective passenger has made reservations not just for themselves but for their travelling companion(s), who may not even know they have done so, and from whom no consent to anything can be inferred.

A large percentage of reservations are cancelled, or expire unticketed. Airlines can't always tell which reservations have been ticketed, and don't necessarily cancel them, so there are always some confirmed reservations for prospective passengers who fail to "materialize", as we say in the industry, and present themselves for boarding. That's why airlines overbook. There are no-shows on every flight, and for every no-show there is PNR data on a non-passenger in a confirmed, possibly even ticketed, PNR. And that's at departure time: 72 hours in advance, there are even more live, confirmed PNR's for prospective passengers who won't actually become "passengers".

Aside from all that, every PNR -- as the FBI found out -- contains a unique "agent sine" for the travel agent or airline staff person who made each manual entry. This is clearly "personally identifiable information" that can't be described as "passenger" information.

Aside from the degree of TSA ignorance this reveals, it's significant because the TSA's Privacy Act notices for CAPPS-II and Secure Flight, for which it has received entire PNR's, claim -- falsely and, since I had pointed out their mistake in my comments , knowingly falsely -- that the only people about whom those PNR's would contain personally identifiable information would be airline passengers. No mention of prospective passengers who did not actually travel (cancellations, no-shows, etc.) and no mention of travel agents or airline staff.

In its response to my comments , the TSA said it was "rare" for PNR's to contain personal data on non-passengers. This claim is obviously false, and I don't find it credible that anyone competent at the TSA could believe it to be true, even if they hadn't read my comments. It's rare to cancel or change reservations? It's rare to no-show? These things happen on every flight. And every PNR contains the unique agent sine of the person who first created it, as well as the history of who made each subsequent entry.

PNR's contain personally identifiable information on at least four obvious categories of people, not just the single category of "passengers" admitted by the TSA and GAO: (1) airline passengers, (2) prospective passengers in whose names reservations are made (whether or not they are ever ticketed or flown), (3) travel agents, and (4) airline staff members. They also contain information about a variety of other, possibly less obvious, classes of people, such as the holders of credit cards used to pay for other people's tickets.

Knowingly creating a Federal government database of personal information without formal notice of all the categories of people with respect to whom it will contain personal information is a Federal crime in the USA, under the Privacy Act. Those TSA personnel responsible for the creation of the PNR database used for "Secure Flight" testing are criminals. Their only possible defense to such a charge would be an implausible degree of ignorance (including failure to read the comments calling their attention, in advance, to this crime), amounting to gross incompetence.

[Addendum, 29 March 2005: In my first posting of this article, I neglected to mention another item of unwarranted GAO credulity: the GAO report repeats without question the TSA claim that, "in its order requiring airlines to provide historical PNR data for Secure Flight testing, TSA allowed air carriers to exclude from the June 2004 PNR submission any European Union flight segments." That's not true: the TSA's Final Order a much narrower category: "PNRs which include any flight segments between the EU and the United Sates." The difference between what the TSA actually ordered, and what it told the GAO (and the GAO repeated), is that the order actually included flight segemnts within the EU, and between the EU and places other than the USA. It's unclear whether the TSA and GAO are so USA-centric that it has never occurred to them that airlines based in the USA operate flights between points outside the USA (including within the EU, and between the EU and other places), or if this was a knowing (and successful) attenpt by the TSAislead the GAO. They can't plead ordinary ignorance, since I had explained this point in detail in my comments to the TSA on the proposed order.]

Deadlines loom for RFID tracking chips in USA passports

There's still time for USA citizens to get a new passport without an embedded RFID remote tracking chip -- but if you want one, you should apply at once. The Department of State is moving as fast as it can (slowed down only by technical difficulties -- RFID chips are proving more difficult to manufacture, more fragile, and less reliable than their boosters have claimed) toward the rollout of the new "electronic passports". And there's still no plan to encrypt any of the information on the RFID chip. Each chip will be digitally "signed" by the State Department, but that's for authentication, not as a control on access to the data.

Anyone who gets close enough to your passport with an RFID reader will be able (without your knowing the chip has been read) to determine your nationality, name, gender, date of birth, place of birth, passport number, etc. as well as receive a digital copy of your passport photo, for the convenience of identity thieves in forging a duplicate passport (with a clone of the RFID chip, including the digital signature) or other identity documents in your name and with your image, but perhaps with a signature in their handwriting (the signature, which might be slightly harder to forge, won't be digitized or digitally signed) for the use of criminals, terrorists, or anyone else who resembles your appearance.

RFID chips in passports would also be available for use by merchants, marketing companies, and commercial data aggregators who could use them (secretly and remotely) at entrances and exits to commercial establishments, checkin and checkout counters, cash registers, etc.) as unique personal identifiers to compile logs of consumers' (travellers') movements, purchases, and other behavior. Since international travellers almost always have to carry their passports, embedding RFID chips in passports would effectively remove any possibility to opt-out of such tracking (especially in jurisdictions, such as the USA, where such data collection, usage, and "sharing" is unregulated), much less to require consent or "opt-in".

The USA State Department is currently accepting public comments through Monday, 4 April 2005, on new proposed regulations related to passports with RFID chips, which they are referring to as "electronic passports".

These are not the regulations to establish the inclusion of RFID chips in passports. That requires no change in regulations, and has already been decided. But the new regulations are critical to enforcing the requirement that holders of passports issued with RFID chips allow themselves to be tracked. The crucial element of the new regulations is a new clause which would allow the State Department to invalidate any passport issued with an RFID chip if the chip was no longer functioning for any reason. The point of this rule is to prevent citizens from defeating the tracking function of the RFID chip embedded in their passport. Use of any "technical fix" to prevent reading of the passport would, under these proposed regulations, invalidate the passport (in the same way that physical mule or alteration of the photo or any other essential element of the passport currently invalidates it).

A new Web site, RFIDkills.com , offers more information about the proposed regulations, including links to denunciation so of them by the Association of Corporate Travel Executives and the Business Travel Coalition .

Anyone can submit comments on the proposed regulations. Comments must be received by 5 p.m. Washington, DC, time on Monday, 4 April 2005. You can either send your comments by e-mail to PassportRules@state.gov or use the form on the RFIDkills.com Web site . (All submitted comments will become part of the public record, but you don't have to give any further information than your e-mail address and perhaps a name.)

[Addendum, 20 August 2005: The format doesn't make them easy to navigate or browse, but the State Department has posted more than 2000 of the comments they received on their Web site. I didn't read them all, but all those of the comments I sampled were opposed to the RFID passport proposal.]