Feeds

House of Lords steps into US-EU data spat

UK ATS pilot still not catching terrorists

Security for virtualized datacentres

The House of Lords has called for some fair play in the homeland front of the "war on terror" after examining the massive data gathering exercises the US is using to build risk profiles of people travelling through its borders.

In weighing the balance between public security and private rights, the House of Lords EU Committee considered evidence used by America to justify its collection of Passenger Name Records (PNR) data and their use in the Automated Targeting System, its dragnet border surveillance programme.

The US has doubled the evidence it presents to allied nations who ask questions about its data gathering: it now has eight case studies that describe how 11 baddies were plucked out of the 400 million people who travel yearly through US border ports.

Lord Wright of Richmond, chair of the EU sub-committee on Home Affairs, said even those eight were of limited use: "We've only been given one piece of evidence that the collection of PNR has avoided any terrorist outrage," he said. And even then that suspected terrorist wasn't caught: he was turned away at the US border - his partial fingerprints were later found on the steering wheel of a car bomb that killed 132 people in Iraq.

The other examples noted how the system had been used to nab three suspected drug smugglers, five suspected terrorists, a drug user, and a corrupt ticket agent. The suspected terrorists were turned away, so it cannot be known if the intelligence was correct.

The Lords report gives its own example of how intelligence can be wrong: the case of Mahar Arar, a 34-year-old Canadian ICT consultant who just happened to live in Syria until the age of 17. In 2002, Arar was arrested at JFK airport in New York on route to Montreal. He was "chained, shackled, flown to Syria...held in a tiny 'grave-like' cell for ten months...beaten, tortured and forced to make a false confession". A Canadian judge "categorically" cleared him of all terrorism allegations last year.

The report is aimed at the UK government, which is running its own ATS clone, and EU negotiators who are trying to limit US demands for more data in a PNR agreement they hope to agree before an interim arrangement runs out in July.

Home Office minister Joan Ryan told the committee that 23 people had been nabbed at British borders in 2007 by Project Semaphore, the UK's pilot criminal PNR profiling system. The report said Semaphore had "resulted in some 900 arrests for crimes including murder, rape, drug and tobacco smuggling and passport offences" since it was established in 2004.

However, it noted: "Any increased detection of crimes or immigration offences is welcome, but we have yet to hear that the collection of this data has led to successes in combating terrorism or serious cross-border crime."

In seeking to find a balance between "public security and private rights", said Lord Wright, the committee has found the median rests on the point of purpose - that is, the reasons why the US collects PNR and other data to create risk profiles of the people who pass through its borders. The original purpose given for these systems was to catch terrorists, but there has been some project creep.

"You will have seen [from the report] that there is quite a lot of inconsistency between the various statements about what this is for," said Lord Wright.

"As the agreements have developed over the years it's become clear that the US authorities want it to cover much more. The problem is it departs from its original purpose of collecting PNR.

"The [PNR] agreement should have a clear definition about what all this is for. We are calling for much greater clarity - whether we will get it, I don't know."

The point of equilibrium the Lords have found is flexible, however, Lord Wright said. Should the authorities decide they want to build data profiles of people to determine how likely they are to be involved in serious crime, then "that's fine", but the US and EU would have to agree on a definition of serious crime.

Existing and evolving data protection laws should put a spanner into the US plans as well. And, the Lords committee is the second in two days to recommend the European Commission and German Presidency of the EU, which are conducting the PNR negotiations with the US, listen to the European Data Protection Supervisor.

EU law prevents data being sent to countries like the US that don't have equivalent data protection. The US's contempt for the interim PNR agreement, for which the Lords committee said there was "no justification at all", might be taken as an indication of what happens when people's personal data is shared with countries with an old-fashioned sense of fundamental rights. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.