EU Commission plots global travel surveillance system

Whatever made you think America was the privacy villain?

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Observers of the European Commission's negotiations with the US Department of Homeland Security over the transfer of airline passenger data might easily run away with the impression that the Commission has meekly capitulated to the US' extraterritorial and unilateralist demands. A report into the Commission's activities published this week by Privacy International however argues persuasively that the Commission has used the US negotiations as a Trojan Horse to aid the construction, first, of the EU's own surveillance and monitoring systems, and second, of a global system.

So actually, we're not talking about a battle between US Big Brother on the one hand and freedom and privacy loving Europe on the other; we are talking about a general, and effectively global, effort to neuter, circumvent or overthrow privacy protection legislation. As the Privacy International report says, "Starting with a simple law in the US, the European Commission has negotiated a global surveillance system tracking the movement of people."

Privacy International says the Commission "has engaged in a process of systematic deception and subterfuge... Not only has it allowed key privacy rights to be extinguished in a deal struck with the US last December, but it has also failed to disclose its own intention to establish a more extensive regime in the EU. The proposed EU surveillance system will be used not only for purposes of anti-terrorism, but also for immigration, law enforcement and customs."

The Commission certainly has not advertised its intentions broadly, but the processes whereby its initial apparent rejection of US demands were defanged, and it moved from the position of opponent to accomplice, are fairly clear. The EU cannot, Commissioner Bolkestein has argued, reasonably deny the US access to information in the fight against terrorism when member states themselves have such access. Having taken this somewhat dodgy (because actually, this is precisely what the law says the EU cannot and should do) premise on board, the Commission looks at the data requirements of the US, and concludes: "The list of data elements also seems broad enough to accommodate law enforcement needs in the EU. Nothing in the arrangements agreed with the US therefore seems to prejudice the development of an appropriate EU policy."

Which is...? The report lists the EU vested interests who have a need to perform radical surgery on Europe's data protection regime. "The Internal Market Commission argued for an EU policy on access to PNR so that it could ensure that it was not restricting access for the US to something that the EU member states would have access to; while also arguing for a centralized solution to filter out sensitive data. Meanwhile the Transport Commission wishes to establish an international solution through the ICAO for immigration controls, and the Justice and Home Affairs Commission aims to establish a centralized solution for access by EU member states for law enforcement purposes."

The process that will result in the construction of a centralised European PNR database system is particularly fascinating because of the way it's being pitched as a protection mechanism and a convenience, rather than the foundation of a travel surveillance system. Currently the US 'pulls' the data from European airlines' systems, i.e. its operatives can go into the airlines' systems and get it. This is clearly unacceptable from a privacy point of view, because the airlines' systems do not as yet differentiate between data that the US does not want or is not allowed to access, and data that it does want, and is allowed to access. So for example they could access free text data in the comments field*, and data on flights which neither go to nor come from the US, because that data is held on the system of an airline which flies to the US. The US is not of course going to do this.

Airlines will however be moving over to a 'push' system, where they send the required data to the US in the required format. But this is going to expensive, and matching up US requirements with the requirements of individual EU states will introduce confusions. So, it makes obvious sense for the EU to standardise PNR disclosure requirements, collate them in its own central database, filter them, then let the US have them. Cute, no?

ICAO, the International Civil Aviation Organization, is the chosen vehicle for taking the surveillance system international. The US and EU plan to take the issue to ICAO with a view to constructing an international regime, and this could then be ratified by the European Parliament "under the requirements of international co-operation." Privacy International argues that the Commission, by abandoning the protection of European privacy rights will remove Europe as an ally for other countries coming under pressure from the US to weaken their privacy regimes, and that the result will be "a race to the bottom for global privacy protection."

A commentary on the report produced by the American Civil Liberties Union says that "instead of the Europeans' civilized privacy regime rubbing off on the United States, it appears that our Wild West legal regime is instead rubbing off on them." But this seems to The Register to be unnecessary self-flagellation. It is in the nature of states everywhere to attempt to erode rights, which is why (in their occasional fits of altruism) they construct checks, balances, bills of rights, constitutions and the like. These then have to be defended when these states decide with hindsight that the fits of altruism were extreme, and should therefore be amended. Which, we reckon, is what we have here. ®

* Register readers passing through the BA terminal at LAX may care to check to see if this still works. Some years back The Register, and the rest of a planeload of Northwest passengers, missed its connection to London, and had to attempt to negotiate a place on the next flight (my, how the BA staff laughed at the distraught Virgin passengers whose next available flight was a whole 24 hours away...). We went for humble, polite, submissive, which is always best under these circumstances, but others were less wise, stamping, foaming, screaming - up to and exceeding the threshold that'd probably get you arrested these days. Now, while awaiting the wait-list verdict, The Register lounged by the partition just at the left hand end of the BA check-in desks. We noted, with increasing fascination, that from here we could clearly read the content of the free text section of the database BA staff were using as part of the wait-list collation process. "Africa correspondent of the Financial Times," one said (right, we thought, and I'm Lech Walesa...), while another pithily noted: "Hopelessly out of control." We're sure BA doesn't write these sorts of things today. Matter of fact, we're sure BA would never have invaded its passengers' privacy like this, and we therefore must have imagined the whole incident. Honest. But if you're passing and fancy a quick look, remember to be discreet, OK?

Top three mobile application threats

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.