Annnnnnnnd here we go again.
In 2013 a counter terrorism and security proposal went before the European Parliament and was voted down. The proposal was the EU PNR (Passenger Name Record) which was intended to obtain and record a great many details about every air passenger boarding a flight anywhere within the EU.
The original PNR was intended to retain the full data for 30 days, the European Council changed that to 2 Years with ‘Depersonalised data’ (I.E. Name replaced with a reference number) being kept for 5 years.
Access to the data was intended to cover any agency dealing with Terrorism, Serious Transnational Crime and Serious National Crime. Any authorised agency would have been able to access the data by making the case that an individual was under investigation for one of those crimes or who had applied for and received judicial authority to access the records.
The European Parliament has blocked the PNR but we are told that unnamed European Officials and Senior national politicians have been agitating for PNR to be bought into force. Call me cynical, people do, but I suspect a few of those unnamed politicians are British.
Within days of the Charlie Hebdo attacks and all that support for Freedom the pressure to impose the PNR regulations was stepped up. Our Media are noticing and the story is getting coverage with the usual lurid headlines.
The reason for the sudden news is the leak of a proposal to change the PNR in an attempt to get it passed the European Parliament. The compromise is supposed to be halfway between the Commission and the Parliaments versions.
What was leaked and what is being proposed is as follows:
Data retention period for Personalised data to be 7 days, retention of Depersonalised data to remain at 5 years.
Crimes covered to include Terrorism and Transnational Serious Crime, national serious crime to be removed except where judicial permission to access has been granted.
Passengers to have the right to access, and request amendment of, data relating to them held under PNR.
The assignment of Data Protection Officers to oversee the retention and access of retained data.
Data collection for intra EU flights, that is a flight that takes off AND lands inside the EU, to be optional not mandatory.
Stricter limits on who can access the data and how / why such permission is granted.
All very reasonable, because, well Terrorists.
Looking at the above you can perhaps see a few changes that suggest the original PNR lacked such little details as passengers being able to see what data was being retained about themselves but the new amended version covers those.
So why did I start this post with Annnnnnnnd here we go again.
What we see here is reasonable, justified by Terrorists, intended to keep us safe in our beds at night. The perfectly understandable desire by our intelligence services to gather as much information as possible to deal with those evil Terrorists who lurk under every bush in your garden.
The data would be collected by national agencies who then pass the data to the EU body who holds it. It would either require legally granted access to the details of flyers not actually relevant to them flying OR require flyers to give such information themselves (without lying or suchlike). The information is held for only 7 days which is basically pointless for anything except chasing a terrorist in the immediate aftermath of an attack if, and it’s a big IF, the retained data is depersonalised and not just separated with identifiable personal details such as names kept separately and reference able.
The data relates ONLY to air travel and does not include the billions of car, van, lorry, train or boat journeys that cross internal and external EU borders every year.
The data relates to passengers taking off from an EU airport, it does not include passengers LANDING at EU airports unless the EU wishes to impose the PNR on all airlines flying into EU destinations.
Failure to provide the data cannot prevent a person flying within the EU or outside the EU unless the PNR has the authority to violate the EU laws on freedom of movement or to compel airlines not to carry passengers under these circumstances.
It’s far less a carefully crafted means of gathering data on Terrorist movements and more 'yet another' way of gathering data on the general population. Anyone want to bet that GCHQ’s idea of depersonalising the data means replace the name with a number that links to another database where the name, DoB etc are kept safe.
In countries like the UK we don’t know what information is being kept on us now, we have no way of knowing what information is retained or for how long. We have to trust our politicians are safeguarding our privacy. Clegg too busy to attend the security reviews anyone.
What I am seeing here is yet another of those thousand small cuts that are killing our democracy and privacy or what remains of it. PNR as it is publicly proposed will not help identify Terrorists, the data is of little use unless the Terrorist is already known or the security services start classifying every person who goes to Turkey on holiday as a potential terrorist.
The seven day personalised limit will not prevent Terrorist attacks, it MAY be useful for catching them after an attack has been carried out or if suspicion of being a Terrorist or potential Terrorist is acted on fast enough. But for long term intelligence operations to prevent Terrorist attacks, not so helpful.
I don’t see this being much use as proposed, at least not if the intention is counter terrorism.
Of course if it’s simply more justification to track the movements of law abiding citizens, then it will work just fine.
Different day, same shit!
European Counter Terrorism Initiative Won’t Stop Terrorists But It Will Help Spy on the Population.