Feeds

House of Lords steps into US-EU data spat

UK ATS pilot still not catching terrorists

Secure remote control for conventional and virtual desktops

The House of Lords has called for some fair play in the homeland front of the "war on terror" after examining the massive data gathering exercises the US is using to build risk profiles of people travelling through its borders.

In weighing the balance between public security and private rights, the House of Lords EU Committee considered evidence used by America to justify its collection of Passenger Name Records (PNR) data and their use in the Automated Targeting System, its dragnet border surveillance programme.

The US has doubled the evidence it presents to allied nations who ask questions about its data gathering: it now has eight case studies that describe how 11 baddies were plucked out of the 400 million people who travel yearly through US border ports.

Lord Wright of Richmond, chair of the EU sub-committee on Home Affairs, said even those eight were of limited use: "We've only been given one piece of evidence that the collection of PNR has avoided any terrorist outrage," he said. And even then that suspected terrorist wasn't caught: he was turned away at the US border - his partial fingerprints were later found on the steering wheel of a car bomb that killed 132 people in Iraq.

The other examples noted how the system had been used to nab three suspected drug smugglers, five suspected terrorists, a drug user, and a corrupt ticket agent. The suspected terrorists were turned away, so it cannot be known if the intelligence was correct.

The Lords report gives its own example of how intelligence can be wrong: the case of Mahar Arar, a 34-year-old Canadian ICT consultant who just happened to live in Syria until the age of 17. In 2002, Arar was arrested at JFK airport in New York on route to Montreal. He was "chained, shackled, flown to Syria...held in a tiny 'grave-like' cell for ten months...beaten, tortured and forced to make a false confession". A Canadian judge "categorically" cleared him of all terrorism allegations last year.

The report is aimed at the UK government, which is running its own ATS clone, and EU negotiators who are trying to limit US demands for more data in a PNR agreement they hope to agree before an interim arrangement runs out in July.

Home Office minister Joan Ryan told the committee that 23 people had been nabbed at British borders in 2007 by Project Semaphore, the UK's pilot criminal PNR profiling system. The report said Semaphore had "resulted in some 900 arrests for crimes including murder, rape, drug and tobacco smuggling and passport offences" since it was established in 2004.

However, it noted: "Any increased detection of crimes or immigration offences is welcome, but we have yet to hear that the collection of this data has led to successes in combating terrorism or serious cross-border crime."

In seeking to find a balance between "public security and private rights", said Lord Wright, the committee has found the median rests on the point of purpose - that is, the reasons why the US collects PNR and other data to create risk profiles of the people who pass through its borders. The original purpose given for these systems was to catch terrorists, but there has been some project creep.

"You will have seen [from the report] that there is quite a lot of inconsistency between the various statements about what this is for," said Lord Wright.

"As the agreements have developed over the years it's become clear that the US authorities want it to cover much more. The problem is it departs from its original purpose of collecting PNR.

"The [PNR] agreement should have a clear definition about what all this is for. We are calling for much greater clarity - whether we will get it, I don't know."

The point of equilibrium the Lords have found is flexible, however, Lord Wright said. Should the authorities decide they want to build data profiles of people to determine how likely they are to be involved in serious crime, then "that's fine", but the US and EU would have to agree on a definition of serious crime.

Existing and evolving data protection laws should put a spanner into the US plans as well. And, the Lords committee is the second in two days to recommend the European Commission and German Presidency of the EU, which are conducting the PNR negotiations with the US, listen to the European Data Protection Supervisor.

EU law prevents data being sent to countries like the US that don't have equivalent data protection. The US's contempt for the interim PNR agreement, for which the Lords committee said there was "no justification at all", might be taken as an indication of what happens when people's personal data is shared with countries with an old-fashioned sense of fundamental rights. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.