A troika of officials from the DHS appeared today before the Subcommittee on Counterterrorism and Intelligence of the House Committee on Homeland security to make a joint sales pitch for the proposed agreement between the US and the European Union on DHS access to PNR data (airline reservations).
Today’s hearing appears to have been staged purely as a propaganda exercise intended to mislead European Union officials and citizens about the PNR agreement and DHS use of PNR data. The proposed “agreement” would not be a treaty (and thus would be unenforcible in U.S. courts). Even if it were reformulated as a treaty — as the European Parliament has demanded as a condition for its ratification of the agreement — it would only require ratification by the U.S. Senate, not the House of Representatives.
The House subcommittee hearing certainly looked as though it was held to create a stage for the DHS. The three DHS officials were the only witnesses. They included Chief “Privacy” Officer Mary Ellen Callahan, who Edward Hasbrouck of the Identity Project debated in June at CFP, and David Heyman (successor to Stewart Baker, who wrote the original US-EU PNR agreement as DHS Asst. Secretary for Policy), who had been scheduled to participate in the CFP panel but canceled at the last minute.
In the absence of any independent or non-governmental witnesses who might have raised questions or presented alternative views, the DHS witnesses at today’s hearing presented a “united front” including an unusual joint written statement.
For the most part, the DHS repeated the same lies today as have appeared in previous DHS reports and lobbying to the EU. For example, they described PNR data incorrectly as “the data an airline receives from a traveler,” ignoring the data entered in PNRs (unbeknownst to travelers) by travel companies and other third parties. They said that “Of the literally billions of passengers traveling to and from the United States during the past 10 years, there has not been a single … use of PNR in violation of established privacy protections,” despite the DHS track record of using PNR data as the basis for denying innocent people — including both US and EU citizens — their right to travel.
In their most egregious lie, perjuring themselves before Congress, the DHS witnesses claimed again (falsely) today, as they have claimed (falsely) before, that:
DHS applies fair information practice principles to its collection and use of PNR, including … auditing and accountability, individual access, and redress. Moreover, the Department is firmly committed to transparency when it comes to informing our partners and the public about its mission, including how we use … identifiable information such as PNR data.
This statement is false. The DHS witnesses who made this statement knew it was false. And they made it for the sole purpose of misleading Europeans about the facts.
In fact, the DHS has claimed, in its most recent arguments to the Federal court hearing our lawsuit about PNR data, that it does not have any logs that would permit anyone to tell who has accessed the DHS copy of a particular PNR.
In fact, the DHS has exempted itself from the requirements of the Privacy Act for individual access by US citizens and residents to PNR data, accounting for disclosures of such data, and correction of inaccurate or irrelevant records. In response to our lawsuit, the DHS is claiming the right to apply these exemptions even to requests for PNR data made by a US citizen several years before the exemption rules were even promulgated. The Privacy Act does not provide any rights to foreign visitors, and no other US law provides any such rights. DHS considers any access to, accounting for use of, or correction of, PNR data to be entirely at DHS’s “discretion”, and not a matter of right.
And while the DHS claims that some portions of PNR data might be releasable under the Freedom of Information Act, even though they have been exempted from the Privacy Act, FOIA provides no right to nay acocunting of disclosures or of how data has been used — an essential element of the “fair information practice principles” that the DHS (falsely) claims to be following.
In short, the DHS witnesses at today’s hearing were once again lying — this time under oath before Congress — about what (if any) rights of access, auditing, accountability, and redress are actually available. Contrary to today’s lies before Congress, the official legal position of the DHS in every court case in which individuals have asserted such rights has been, and continues to be, that nobody has any right to see PNR data about themselves or know how it is used. There is no right of redress.
The proposed “agreement” would do nothing to change any of this. This is the real position by which the proposed “agreement” should be judged.
Many questions remain to which Europeans should demand answers before the upcoming European Parliament vote on whether to ratify the proposed agreement.
Despite the lies that dominated the DHS testimony at today’s hearting, there were some important admissions between the lines:
First, the DHS admitted that PNR data is already being used by DHS personnel stationed within the EU to make no-fly decisions for flights departing from European airports:
CBP stations Immigration Advisory Program (IAP) officers at certain foreign airports…. At the invitation of foreign partners, IAP officers make ”no-board” recommendations to airlines on the basis of passenger data analysis and a review of individual travel documents…. CBP’s National Targeting Center-Passenger (NTC-P) analyzes PNR data received up to 72 hours prior to departure and provides recommendations to the IAP officers…. IAP officers are currently posted at ten airports in eight countries, and have recommended, in part based upon PNR data, a total of 2,875 no-boards in fiscal year 2011, including nine No-Fly hits, 74 confirmed Terrorist Screening Database matches, and 109 cases of fraudulent document use.
This confirms a report earlier this month by Andrej Hunko, a member of the German national legislature (”Bundestag”), based on responses to his information access requests to the German government about its collaboration with DHS. It’s clear from the DHS testimony that the bast majority of people denied access to flights on the basis of PNR data were neither suspected of terrorists nor accused of any crime. None of these no-fly decisions or “recommendations” were reviewed by US courts, nor has the DHS indicated any procedure in US law that it believes would allow for such judicial review of no-fly decisions.
Second, the DHS finally admitted the real reason it wants the proposed “agreement” with the EU:
To protect U.S. industry partners from unreasonable lawsuits, as well as to reassure our allies, DHS has entered into these negotiations.
As we’ve said before, DHS doesn’t need the proposed “agreement” to get PNR data from the Computerized Reservation Systems (CRSs) by whom it is stored. Most of the CRSs, even those used by European travel companies, are based in the US. Even the major European CRS, Amadeus, hs offices in the US with full access to its PNR database. None of the major CRSs log access to PNR data, so there’s no way for the airlin or the traveler to know if DGS has demanded that the CRS hand over a copy of any or all of your PNR data.
The real reason for the proposed US-EU agreement, and its only legally binding effect, would be to give immunity from legal liability in Europe to the travel companies — airlines, travel agencies, tour operators, and of course the CRSs, including both those based in the US and those based in the EU — who are currently violating EU data protection laws with every airline reservation.
We hope the European Parliament will see through the DHS lies, recognize the proposed PNR agreement as nothing more or less than an immunity agreement for lawbreaking travel companies, and refuse to ratify it.