- Establish or designate a new travel surveillance and control agency (“Passenger Information Unit”),
- Require all airlines operating flights to or from places outside the EU to transmit complete copies of Passenger Name Records (PNRs) for all passengers to the government, and
- Pass on any of this PNR data to any other EU member state on request.
The directive essentially commits the EU to join the US in “pre-crime” predictive mass surveillance and profiling of all air travelers. Not surprisingly, the vote by the European Parliament was welcomed by leading US advocates for the globalization of pre-crime travel policing, including former DHS Assistant Secretary for Policy Stewart Baker (previously general counsel of the NSA) and Deputy Assistant Secretary for Policy Paul Rosenzweig. Baker and Rozenzweig were responsible for DHS negotiating strategy with the EU on the PNR issue during the time when their boss, DHS Secretary Michael Chertoff, was lying repeatedly to the European Parliament about the state of both US and international law relating to PNR data.
Meanwhile, as reported elsewhere, the commercial data architecture for handling PNR data remains fundamentally insecure.
What will happen next?
The proposed directive must still be approved by the European Council (the national governments of the member states), but that approval seems assured.
The EU directive is not “self-effectuating”. Each EU member state is required to “transpose” the directive into national law within two years.
The directive can be, and probably will be, challenged in the European Court of Justice as violating human rights recognized by EU and international law. Implementing legislation can be, and probably will be in at least some countries, challenged in national courts as violating national Constitutional rights.
Now that the US has gotten the EU on board, the US is likely to increase its pressure on other countries and international organizations — primarily ICAO — to globalize the shift from targeted investigation and arrest of suspects to mass surveillance and predictive pre-crime profiling of travelers.
Airlines are likely to find it inconvenient and expensive to deal with 28 different EU Passenger Information Units with potentially different data content and format demands, in addition to the travel dataveillance regimes already in effect in the USA, Canada, Australia, and other countries. Airlines and the travel industry are thus likely to support US efforts to get ICAO to approve a global “security standard” requiring airlines to share PNR data in a standard format with all governments of countries served by their flights.