In a speech today in Strasbourg opening the current session of the European Parliament, the President of the European Council (the executive branch of the European Union, comprised of national governments) invoked the attack on the satirical cartoonists of Charlie Hebdo as a reason for popularly-elected EU legislators to put aside their previous objections and enact a comprehensive EU-wide mandate for surveillance and profiling of airline passengers on the basis of Passenger Name Record (PNR) data from airline reservations.
Today’s speech by Council President Donald Tusk of Poland echoed similar statements by “security” (policing and surveillance) officials of other EU governments in conjunction with a summit meeting of EU ministers. The summit is also being attended by senior US officials from the DHS and other agencies that have been lobbying the EU for years to set up a PNR-based surveillance and profiling scheme modeled on the one used by the US.
Tusk and other EU officials have made PNR-based profiling of air travelers a priority as a “response” to the Charlie Hebdo attack in Paris, claiming that it “can help in detecting the travel of dangerous people.”
Is this true? And does the attack on Charlie Hebdo provide any reason for Members of the European Parliament, or the European Court of Justice, to change their opinion that mandatory root access by governments to airline reservation databases is unjustified and violates fundamental rights?
No, and no.
The attack on Charlie Hebdo was an act of domestic terrorism carried out within France by French citizens. They didn’t travel by air or cross international borders. Their means of transportation to and from the scene of the crime in Paris was a car stolen elsewhere in the Paris metropolitan area. Airline reservations or border controls would have given no indication of the impending attack, and could not have been used to prevent it.
After the fact, police pursuing the perpetrators could have obtained search warrants, including warrants for PNR data or other airline records if there was a likelihood that they would be relevant, through normal judicial procedures.
(And as Wikileaks recently revealed, European governments are already obtaining PNR data “informally” from airlines, and using it to profile travelers, without legal authority.)
Nothing about the attack on Charlie Hebdo provides any reason to give governments more power to engage in warrantless surveillance or profiling of travelers who aren’t suspected of any crime.
Comprehensive PNR surveillance is like the NSA’s dragnet interception and mining of Internet and telephone records — except that metadata about the movements of our physical bodies (PNR data) can be far more intimate that metadata about the movement of our messages. Which is more intrusive: For the NSA to know that you talked on the telephone or exchanged email messages or were in the same mobile phone “cell” with someone, or for the DHS or a European “Passenger Analysis Unit” to know from a hotel reservation passed on to the government as part of your PNR data that you slept in the same bed with that person?
The purpose of PNR-based surveillance is neither to investigate past crimes nor to track people who are already suspected of crimes. Those activities require neither new procedures nor new police powers. The only reason for governments to obtain the entire rich and intimately revealing PNR dataset for all air travelers is to identify new potential suspects, based on profiles and associations. Profiling and suspicion-by-association are the central purposes of a PNR system, not side effects or aberrations.
We’ll be in Brussels next week to discuss these issues with our European colleagues at a Privacy Camp on “Big Data & Ever Increasing State Surveillance“, and at the Computers, Privacy & Data Protection (CPDP) conference.