Feeds

EU Commission plots global travel surveillance system

Whatever made you think America was the privacy villain?

  • alert
  • submit to reddit

New hybrid storage solutions

Observers of the European Commission's negotiations with the US Department of Homeland Security over the transfer of airline passenger data might easily run away with the impression that the Commission has meekly capitulated to the US' extraterritorial and unilateralist demands. A report into the Commission's activities published this week by Privacy International however argues persuasively that the Commission has used the US negotiations as a Trojan Horse to aid the construction, first, of the EU's own surveillance and monitoring systems, and second, of a global system.

So actually, we're not talking about a battle between US Big Brother on the one hand and freedom and privacy loving Europe on the other; we are talking about a general, and effectively global, effort to neuter, circumvent or overthrow privacy protection legislation. As the Privacy International report says, "Starting with a simple law in the US, the European Commission has negotiated a global surveillance system tracking the movement of people."

Privacy International says the Commission "has engaged in a process of systematic deception and subterfuge... Not only has it allowed key privacy rights to be extinguished in a deal struck with the US last December, but it has also failed to disclose its own intention to establish a more extensive regime in the EU. The proposed EU surveillance system will be used not only for purposes of anti-terrorism, but also for immigration, law enforcement and customs."

The Commission certainly has not advertised its intentions broadly, but the processes whereby its initial apparent rejection of US demands were defanged, and it moved from the position of opponent to accomplice, are fairly clear. The EU cannot, Commissioner Bolkestein has argued, reasonably deny the US access to information in the fight against terrorism when member states themselves have such access. Having taken this somewhat dodgy (because actually, this is precisely what the law says the EU cannot and should do) premise on board, the Commission looks at the data requirements of the US, and concludes: "The list of data elements also seems broad enough to accommodate law enforcement needs in the EU. Nothing in the arrangements agreed with the US therefore seems to prejudice the development of an appropriate EU policy."

Which is...? The report lists the EU vested interests who have a need to perform radical surgery on Europe's data protection regime. "The Internal Market Commission argued for an EU policy on access to PNR so that it could ensure that it was not restricting access for the US to something that the EU member states would have access to; while also arguing for a centralized solution to filter out sensitive data. Meanwhile the Transport Commission wishes to establish an international solution through the ICAO for immigration controls, and the Justice and Home Affairs Commission aims to establish a centralized solution for access by EU member states for law enforcement purposes."

The process that will result in the construction of a centralised European PNR database system is particularly fascinating because of the way it's being pitched as a protection mechanism and a convenience, rather than the foundation of a travel surveillance system. Currently the US 'pulls' the data from European airlines' systems, i.e. its operatives can go into the airlines' systems and get it. This is clearly unacceptable from a privacy point of view, because the airlines' systems do not as yet differentiate between data that the US does not want or is not allowed to access, and data that it does want, and is allowed to access. So for example they could access free text data in the comments field*, and data on flights which neither go to nor come from the US, because that data is held on the system of an airline which flies to the US. The US is not of course going to do this.

Airlines will however be moving over to a 'push' system, where they send the required data to the US in the required format. But this is going to expensive, and matching up US requirements with the requirements of individual EU states will introduce confusions. So, it makes obvious sense for the EU to standardise PNR disclosure requirements, collate them in its own central database, filter them, then let the US have them. Cute, no?

ICAO, the International Civil Aviation Organization, is the chosen vehicle for taking the surveillance system international. The US and EU plan to take the issue to ICAO with a view to constructing an international regime, and this could then be ratified by the European Parliament "under the requirements of international co-operation." Privacy International argues that the Commission, by abandoning the protection of European privacy rights will remove Europe as an ally for other countries coming under pressure from the US to weaken their privacy regimes, and that the result will be "a race to the bottom for global privacy protection."

A commentary on the report produced by the American Civil Liberties Union says that "instead of the Europeans' civilized privacy regime rubbing off on the United States, it appears that our Wild West legal regime is instead rubbing off on them." But this seems to The Register to be unnecessary self-flagellation. It is in the nature of states everywhere to attempt to erode rights, which is why (in their occasional fits of altruism) they construct checks, balances, bills of rights, constitutions and the like. These then have to be defended when these states decide with hindsight that the fits of altruism were extreme, and should therefore be amended. Which, we reckon, is what we have here. ®

* Register readers passing through the BA terminal at LAX may care to check to see if this still works. Some years back The Register, and the rest of a planeload of Northwest passengers, missed its connection to London, and had to attempt to negotiate a place on the next flight (my, how the BA staff laughed at the distraught Virgin passengers whose next available flight was a whole 24 hours away...). We went for humble, polite, submissive, which is always best under these circumstances, but others were less wise, stamping, foaming, screaming - up to and exceeding the threshold that'd probably get you arrested these days. Now, while awaiting the wait-list verdict, The Register lounged by the partition just at the left hand end of the BA check-in desks. We noted, with increasing fascination, that from here we could clearly read the content of the free text section of the database BA staff were using as part of the wait-list collation process. "Africa correspondent of the Financial Times," one said (right, we thought, and I'm Lech Walesa...), while another pithily noted: "Hopelessly out of control." We're sure BA doesn't write these sorts of things today. Matter of fact, we're sure BA would never have invaded its passengers' privacy like this, and we therefore must have imagined the whole incident. Honest. But if you're passing and fancy a quick look, remember to be discreet, OK?

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.