Feeds

House of Lords steps into US-EU data spat

UK ATS pilot still not catching terrorists

Choosing a cloud hosting partner with confidence

The House of Lords has called for some fair play in the homeland front of the "war on terror" after examining the massive data gathering exercises the US is using to build risk profiles of people travelling through its borders.

In weighing the balance between public security and private rights, the House of Lords EU Committee considered evidence used by America to justify its collection of Passenger Name Records (PNR) data and their use in the Automated Targeting System, its dragnet border surveillance programme.

The US has doubled the evidence it presents to allied nations who ask questions about its data gathering: it now has eight case studies that describe how 11 baddies were plucked out of the 400 million people who travel yearly through US border ports.

Lord Wright of Richmond, chair of the EU sub-committee on Home Affairs, said even those eight were of limited use: "We've only been given one piece of evidence that the collection of PNR has avoided any terrorist outrage," he said. And even then that suspected terrorist wasn't caught: he was turned away at the US border - his partial fingerprints were later found on the steering wheel of a car bomb that killed 132 people in Iraq.

The other examples noted how the system had been used to nab three suspected drug smugglers, five suspected terrorists, a drug user, and a corrupt ticket agent. The suspected terrorists were turned away, so it cannot be known if the intelligence was correct.

The Lords report gives its own example of how intelligence can be wrong: the case of Mahar Arar, a 34-year-old Canadian ICT consultant who just happened to live in Syria until the age of 17. In 2002, Arar was arrested at JFK airport in New York on route to Montreal. He was "chained, shackled, flown to Syria...held in a tiny 'grave-like' cell for ten months...beaten, tortured and forced to make a false confession". A Canadian judge "categorically" cleared him of all terrorism allegations last year.

The report is aimed at the UK government, which is running its own ATS clone, and EU negotiators who are trying to limit US demands for more data in a PNR agreement they hope to agree before an interim arrangement runs out in July.

Home Office minister Joan Ryan told the committee that 23 people had been nabbed at British borders in 2007 by Project Semaphore, the UK's pilot criminal PNR profiling system. The report said Semaphore had "resulted in some 900 arrests for crimes including murder, rape, drug and tobacco smuggling and passport offences" since it was established in 2004.

However, it noted: "Any increased detection of crimes or immigration offences is welcome, but we have yet to hear that the collection of this data has led to successes in combating terrorism or serious cross-border crime."

In seeking to find a balance between "public security and private rights", said Lord Wright, the committee has found the median rests on the point of purpose - that is, the reasons why the US collects PNR and other data to create risk profiles of the people who pass through its borders. The original purpose given for these systems was to catch terrorists, but there has been some project creep.

"You will have seen [from the report] that there is quite a lot of inconsistency between the various statements about what this is for," said Lord Wright.

"As the agreements have developed over the years it's become clear that the US authorities want it to cover much more. The problem is it departs from its original purpose of collecting PNR.

"The [PNR] agreement should have a clear definition about what all this is for. We are calling for much greater clarity - whether we will get it, I don't know."

The point of equilibrium the Lords have found is flexible, however, Lord Wright said. Should the authorities decide they want to build data profiles of people to determine how likely they are to be involved in serious crime, then "that's fine", but the US and EU would have to agree on a definition of serious crime.

Existing and evolving data protection laws should put a spanner into the US plans as well. And, the Lords committee is the second in two days to recommend the European Commission and German Presidency of the EU, which are conducting the PNR negotiations with the US, listen to the European Data Protection Supervisor.

EU law prevents data being sent to countries like the US that don't have equivalent data protection. The US's contempt for the interim PNR agreement, for which the Lords committee said there was "no justification at all", might be taken as an indication of what happens when people's personal data is shared with countries with an old-fashioned sense of fundamental rights. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.