House of Lords steps into US-EU data spat

The House of Lords has called for some fair play in the homeland front of the "war on terror" after examining the massive data gathering exercises the US is using to build risk profiles of people travelling through its borders.

In weighing the balance between public security and private rights, the House of Lords EU Committee considered evidence used by America to justify its collection of Passenger Name Records (PNR) data and their use in the Automated Targeting System, its dragnet border surveillance programme.

The US has doubled the evidence it presents to allied nations who ask questions about its data gathering: it now has eight case studies that describe how 11 baddies were plucked out of the 400 million people who travel yearly through US border ports.

Lord Wright of Richmond, chair of the EU sub-committee on Home Affairs, said even those eight were of limited use: "We've only been given one piece of evidence that the collection of PNR has avoided any terrorist outrage," he said. And even then that suspected terrorist wasn't caught: he was turned away at the US border - his partial fingerprints were later found on the steering wheel of a car bomb that killed 132 people in Iraq.

The other examples noted how the system had been used to nab three suspected drug smugglers, five suspected terrorists, a drug user, and a corrupt ticket agent. The suspected terrorists were turned away, so it cannot be known if the intelligence was correct.

The Lords report gives its own example of how intelligence can be wrong: the case of Mahar Arar, a 34-year-old Canadian ICT consultant who just happened to live in Syria until the age of 17. In 2002, Arar was arrested at JFK airport in New York on route to Montreal. He was "chained, shackled, flown to Syria...held in a tiny 'grave-like' cell for ten months...beaten, tortured and forced to make a false confession". A Canadian judge "categorically" cleared him of all terrorism allegations last year.

The report is aimed at the UK government, which is running its own ATS clone, and EU negotiators who are trying to limit US demands for more data in a PNR agreement they hope to agree before an interim arrangement runs out in July.

Home Office minister Joan Ryan told the committee that 23 people had been nabbed at British borders in 2007 by Project Semaphore, the UK's pilot criminal PNR profiling system. The report said Semaphore had "resulted in some 900 arrests for crimes including murder, rape, drug and tobacco smuggling and passport offences" since it was established in 2004.

However, it noted: "Any increased detection of crimes or immigration offences is welcome, but we have yet to hear that the collection of this data has led to successes in combating terrorism or serious cross-border crime."

In seeking to find a balance between "public security and private rights", said Lord Wright, the committee has found the median rests on the point of purpose - that is, the reasons why the US collects PNR and other data to create risk profiles of the people who pass through its borders. The original purpose given for these systems was to catch terrorists, but there has been some project creep.

"You will have seen [from the report] that there is quite a lot of inconsistency between the various statements about what this is for," said Lord Wright.

"As the agreements have developed over the years it's become clear that the US authorities want it to cover much more. The problem is it departs from its original purpose of collecting PNR.

"The [PNR] agreement should have a clear definition about what all this is for. We are calling for much greater clarity - whether we will get it, I don't know."

The point of equilibrium the Lords have found is flexible, however, Lord Wright said. Should the authorities decide they want to build data profiles of people to determine how likely they are to be involved in serious crime, then "that's fine", but the US and EU would have to agree on a definition of serious crime.

Existing and evolving data protection laws should put a spanner into the US plans as well. And, the Lords committee is the second in two days to recommend the European Commission and German Presidency of the EU, which are conducting the PNR negotiations with the US, listen to the European Data Protection Supervisor.

EU law prevents data being sent to countries like the US that don't have equivalent data protection. The US's contempt for the interim PNR agreement, for which the Lords committee said there was "no justification at all", might be taken as an indication of what happens when people's personal data is shared with countries with an old-fashioned sense of fundamental rights. ®