Wednesday, 28 September 2005
"International Perspectives on Privacy and Homeland Security"
Immediately preceding the presentation on Secure Flight by the USA Transportation Security Administration (TSA), the agenda includes a presentation on "International Perspective on Privacy and Homeland Security" from the office of the Privacy Commissioner of Canada .
That should be interesting, and I'm sorry I can't be there. On the one hand, the Canadian Privacy Commissioner's office has been strongly critical of a succession of Canadian government proposals, modelled on "Secure Flight" and other schemes introduced in the USA since 11 September 2001, to compromise Canadian airline passengers' privacy, and "share" their reservation data across the border with the DHS, in the name of homeland security (whether that of Canada or the USA remains unclear).
But Canadian law has been amended to create exemptions from standard Canadian privacy rules for certain travel data, and in August 2005 the government of Canada announced plans to move forward with a Canadian "no-fly list" on the (unpromising) USA model.
That plan was immediately denounced by Privacy Commissioner Jennifer Stoddart as, "a serious incursion into the rights of travelers in Canada, rights of privacy and rights of freedom of movement."
The latest official announcement is that Transport Canada would "consult with the Privacy Commissioner, airlines and other stakeholders". Today's presentation to the DHS Privacy Advisory Committee may give some clue as to how, or if, those consultations are proceeding.
Meanwhile, Bruce Schneier, who was a member of another DHS advisory body, the Secure Flight Working Group that submitted its report last week, has posted his comments on the working group, its report, and "Secure Flight".
Schneier says, "The TSA is not going to use commercial databases in its initial roll-out of Secure Flight."
I understand what Schneier and the TSA mean when they say this: they mean that the TSA won't use commercial databases other than the commercial databases of airline reservations (PNR's).
Without ever trying to issue an order excluding PNR's from the definition of "commercial data", and without making any attempt to justify such a definition (or to explain what reservation data is, if it isn't "commercial data"), the TSA and DHS have simply adopted such a definition by undeclared fiat.
But just because the government says green is red doesn't mean we should agree when they say "I see no green here" when they look at a lawn, or that we should adopt their usage and say, "No, this lawn isn't green." PNR's are commerical data stored in commerical databaes maintianed by airlines and computerized reservations systems (CRS's), also known as "Global Distribution Systems (GDS's). No matter what the TSA and DHS want to call them.
It's a testimony to the seductive power, and the danger, of the TSA/DHS sort of Doublespeak that it's made its way into the language of even such knowledgeable, critical, and generally plain-spoken analysts of TSA/DHS actions as Mr. Schneier.
[Addendum, 29 September 2005: Another member of the Secure Flight Working Group, Edward W. Felten -- whom I also respect as knowledgeable and generally plain-spoken, and who joined the Working Group not as a critic of "Secure Flight" but with an open mind -- has also posted his thoughts on the working group and its report. I hate to have to pick bones with people like Prof. Felten, and I agree with the criticisms he raises. But -- perhaps inadvertently or through oversimplification -- his description of how "Secure Flight" operates elides an additional important problem in its conception. Felten refers to programs that "vet air passengers against a no-fly list [and] against a watch list." But passnegers (i.e. people) aren't vetted. All that's actually vetted, or that would be under "Secure Flight", are names that appear in PNR's . The TSA and DHS have never made any attmept to obtain any data about the extent to which name information in reservations does or doesn't correspond to actual passengers' "real" names. If they don't, the system is worthless, even if it could succesfully "vet" the names in reservations.]Link | Posted by Edward on Wednesday, 28 September 2005, 07:40 ( 7:40 AM)