Since the terror attacks in New York, London and Madrid, the number of databases collecting personal data of citizens and foreigners on both sides of the Atlantic has multiplied considerably. The exchange of personal data has also intensified, the main objective being to facilitate preventive investigations in the war on terror. Personal data is information about the identity of an individual: traditional data such as name and birthday, biometric information such as facial recognition or fingerprints, and sensitive data such as DNA-profiles, bank information, religious beliefs, union memberships, and data on health and sexual life.
If the efficiency of personal data exchange in the war on terror was obvious, the prospect of lengthy interrogations, administrative discrimination, false arrests, potential security hacks or data losses could be tolerated to a certain degree. But civil society lacks any means of evaluation; it lacks a necessity assessment that would justify such risks and costs.
The potential usefulness of international personal data exchange is undeniable. In 2006, Australian authorities located a citizen on an alleged rape charge as a result of fingerprint data exchanged with Great Britain. The contentious 2008 Prüm Treaty, which facilitated data exchange between ten EU members, is another famous example. Hundreds of matching criminal files allowed for cooperation on a number of investigations.
Data-sharing is also used for terrorism investigations. However, EU-US agreements have been dismissed as insufficient by American authorities and several EU members. Data availability was considered scarce: "only" PNR, SWIFT and biometric data is being exchanged so far. Responsible EU authorities were rejected for being less competent than national establishments. European data protection standards also further complicated negotiations. Thus in March 2008, a first bilateral agreement, modeled on the Prüm Treaty, was signed between the US and Germany. Immediately, Estonia, Hungary and the Czech Republic expressed their interest in such a bypass agreement.
Security concerns are not all that is at stake. The security technology industry is booming, and cooperation on the war on terror fosters transatlantic ties. However, neither Europol nor the DHS or equivalent European departments are willing to divulge information as to whether a terrorist was caught or an attack impeded due to international personal data transfer. Proof that data-sharing assists the war on terror remains absent.
Meanwhile, there is a growing record of personal data scandals. Processing data is an extremely complex procedure. Data has to be collected, saved, organized; in some cases it has to be adapted; it might be consulted or used for various purposes; it might have to be transmitted, shared, and combined with other data. Each stage increases the risk of mismanagement or misuse.
Today, each and every transatlantic passenger is seen a priori as a potential terrorist. People have been delayed for hours on borders between countries, sometimes arrested, because their name resembled a watch-list entry, or their ethnic characteristics were targets of terrorist hunters. An eminent example is the repeated interrogations at several US airports of Senator Kennedy in 2004, whose name resembled a terrorist alias.
The reliance on biometric technologies has made traveling most difficult for disabled people and those whose fingerprints are not machine-readable. Fingerprints can also be misused. In 2004, Brandon Mayfield, an American attorney, was falsely arrested after the FBI erroneously associated him with the Madrid bombings. A court's decision later found that Mayfield's fingerprints - despite a sworn FBI testimony - had been falsely used against him to facilitate investigations.
Finally, the risk of cyberterrorism should not be underestimated. The FBI is planning the world's largest database of biometric information - a hack of such a database would have unforeseeable consequences. One could be identity theft. But as previous data scandals have proven, the data could also simply get lost.
Meanwhile, the multiplication of databases and data-sharing practices seriously impedes the ability of parliaments, data protection authorities and civil society to control international surveillance developments. Suggestions for an international framework for surveillance, for instance under the ICAO, remain as yet unexplored.
Transatlantic exchange of personal data has not yet proven to usefully serve the war on terror. Meanwhile, cooperation on the war on terror remains a point of pride on both sides of the Atlantic. So long as there is no international framework to guide this increasingly internationalized surveillance, what appears to be a tempting experiment from a security-political perspective could prove to be horrendously costly.
Julia Galaski is a European Affairs Masters student at Sciences Po, Paris, and is currently interning at the Stiftung für Wissenschaft und Politik, Berlin.
Related Materials from the Atlantic Community:
- James Andrew Lewis: There's No Such Thing As Cyberterror
- Daniel Fiott: Defending Europe In the Future: Revising the European Security Strategy
- 10
January 6, 2009
Member deleted
The mechanisms are tedious and do present the problems as mentioned in the case of Senator Kennedy. However, with all due respects to Senator Kennedy, his repeated interrogations merely serve to remind people that the state is vigilant, though the first interrogation should have made any other subsequent interrogation redundant. But that again serves to remind about the huge task at hand.
The dangers of cyber-terrorism do increase with a transatlantic exchange that is not leak proof. There also is the Human Rights issue involved, where any collection/exchange of personal data needs to give and provide citizens with a sense of enhanced security, and not threaten their sense of security. It is less about technical issues involving the Human Rights issues here, but more about the serious nature of threats to the citizens - whose pre-emption necessitates such data collection/sharing amongst the security agencies.
These, unfortunately, are the victories of terrorism - both against the state and its people.
One can imagine Julia's concerns here - when the state or elements thereof involve in activities that enrage and/or threaten the sense of security of citizens: the fears of cyber-terrorism as well as the fears of an Orwellian nightmare of 1984!
Moreover, before any widespread transatlantic co-operation (data/information collection/sharing) that is deep enough is possible, there are wider and deeper issues involving interpretations and agreements about 'potential threats'. However, the fear of abuse and the luring of people - also reminds me of another possible threat. Of immigrant groups having access to fringe information and/or classified information - and their abuse of it in their countries of origin, to settle other issues that may fall under the rubric of terrorism itself. US does present that danger, though many in the US now wonder about certain European states! Quite a circularity.