Thursday, 14 September 2006

USA-EU dispute over PNR access escalates

While I was at the ICAO symposium on RFID passports (more on that anon — and yes, I did get back to San Francisco well before yesterday’s tragedy in downtown Montréal, just a few blocks from where I’d been), the ongoing trans-Atlantic debate on the use of data from airline Passenger Name Records (PNRs) for “security” and surveillance finally came into the center of the public spotlight on the 5th anniversary of the events of 11 September 2001.

As I’ve mentioned before, this is a dispute as much or more within the European Union (as evidenced by the successful lawsuit by the legislature, the European Parliament, against the executive, the European Commission and Council) and within the USA (here primarily between the public and civil libertarians on the one hand, and government and industry on the other) as the dispute “between the USA and the EU” that is has often been made out to be.

In the USA, however, government and the travel industry (which wants a free license to use data provided under government mandate for its marketing and other commercial purposes) have largely drowned out the voice of civil society, which in any event has no seat at the table of inter-governmental negotiations. In the EU, where both sides are represented at the highest levels of different branches of government, the differences have been more visible.

So where do things stand?

The terms of debate in the USA were perhaps most clear in an exchange of op-ed columns in the Washgton Post between USA Secretary of Homeland Security Michael Chertoff and Dutch Member of the European Parliament (MEP) and rapporteur on the latest Europarl resolution on PNR data Sophie in’t Veld .

As in his testimony to Congress on the 5th anniversary of 11 September 2006 , Chertoff’s op-ed identifies the most comprehensive possible data about people’s movements — everyone’s movements, whether or not they are a fugitive, a suspect, or the subject of particularized surveillance — as the information the USA government and its allies most want to have, but don’t.

This is (or should be) scary. And it’s not just hyperbole or a temporary tactical position. My impression is that as “total information awareness” has come to seem politically and practically unachievable, “total travel information awareness” has become the central short-term goal.

Communications data can be scanned in real time, but there’s too much of it for even the NSA to retain in full. Only full message data identified in close to real time as having some special interest can be retained, limiting its value for ex post facto investigation of those who only later become of interest. Travel records present the ideal balance: intimately revealing and “granular” (especially if they include mass transit and toll-road use as well as travel by long-distance common carrier) but still providing a volume of data capable of indefinite total retention, so that they can be used for retrospective investigation and profiling of past behavior of anyone, even if they weren’t being individually monitored or spied on at the time of the actions (movements) in question.

Chertoff and the USA government aren’t alone in their prioritization of travel monitoring, as was evident from the importance given to access to PNR data by the President of the European Commission, Jose Manuel Barroso, in his official message to the USA on the anniversary of 9/11.

Unmentioned in Barroso’s message, however, is the fact that just 4 days earlier, at its plenary session on 7 September 2006, the European Parliament adopted a resolution calling for a direct role of the Europarl in negotiations with the USA on PNR data access, respect for EU principles of data protection and privacy, a joint session of the Europarl and the U.S. Congress before any permanent or long-term agreement is finalized, and approval of any such agreement by both the USA (specifically Congress, that is, the U.S. Senate) and EU members as a legally binding treaty.

The resolution also adds a reference to “the need to strictly comply with Article 6(d) of Regulation (EEC) No 2299/89 of 24 July 1989 on a code of conduct for computerized reservation systems , which requires the previous consent of the passenger for any transfer of personal information”. This is the first time that the EU Code of Conduct for CRS’s has been mentioned formally in the PNR debate.

CRS’s should be central to this discussion, and the EU Code of Conduct for CRS’s clearly has been, and continues to be, violated, as it would have been even if the previous USA-EU PNR “agreement” had been upheld, and will be even if a new one is concluded. Let’s hope that MEP’s continue to put pressure on the EC to enforce the Code of Conduct for CRS’s, and monitor closely what are likely to be renewed efforts by the CRS’s and their allies to get the EC to repeal the Code of Conduct and deregulate the CRS’s in the EU, as they’ve long sought and as they’ve already been successful in getting them deregulated in the USA.

Franco Frattini, the European Commissioner responsible for the ongoing EC negotiations with the USA Departments of State and Homeland Security, appeared before the Europarl this Tuesday, in response to the resolution it had adopted last week. Frattini faced sharp questions from Ms. in’t Veld and other MEP’s, particularly about the exclusion of the Europarl from the current discussions with the USA. and the need for ratification of any agreement on access to PNR data in order for it to have legally binding effect.

What happens next?

No one wants to ground all direct USA-EU flights. So the Europarl will probably acquiesce, under duress (not of its doing — it’s the USA and the EC, over objections from the Europarl, that concluded the original invalid agreement, failed to prepare for a ruling overturning it, and have dragged their feet on dealing with the import of the ruling), to a one-year extension of a non-binding, unratified extension of essentially the status quo: effectively unlimited direct access by the DHS to “pull” data from the reservation systems of all airlines that fly to and form the USA.

But the Europarl, on unassailable legal ground, is likely to stand firm in its demand that any longer-term or permanent agreement be properly ratified and legally binding. That means we could see, within the next year, an actual treaty to govern access to travel records presented to the U.S. Senate for ratification. Such a proposed treaty might well be substantially worse than the non-binding “undertakings” invalidated by the European Court of Justice, but it would provide the highest-profile opportunity for public debate on travel privacy, civil liberties, and human rights in the USA in the last 5 years.

Link | Posted by Edward on Thursday, 14 September 2006, 10:07 (10:07 AM)
Post a comment

Save personal info as cookie?

Bio | Blog | Blogroll | Books | Contact | Disclosures | Events | FAQs & Explainers | Home | Newsletter | Privacy | Resisters.Info | Search | Sitemap | The Amazing Race | The Identity Project | Travel Privacy & Human Rights | Twitter

"Don't believe anything just because you read it on the Internet. Anyone can say anything on the Internet, and they do. The Internet is the most effective medium in history for the rapid global propagation of rumor, myth, and false information." (From The Practical Nomad Guide to the Online Travel Marketplace, 2001)
RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris