Columbia International Affairs Online: Journals

CIAO DATE: 11/2008

Transatlantic Convergence Passenger Data Questions

European Affairs

A publication of:
The European Institute

Volume: 9, Issue: 1 (Winter / Spring 2008)


Michael Chertoff

Abstract

A curious notion has emerged about how the United States has tried to navigate the seas of global security since the September 11 terrorist attacks. It depicts Washington as charting a solitary course characterized by premises, principles, and policies which diverge dramatically from those of other nations – notably its European allies.

Full Text

A curious notion has emerged about how the United States has tried to navigate the seas of global security since the September 11 terrorist attacks. It depicts Washington as charting a solitary course characterized by premises, principles, and policies which diverge dramatically from those of other nations – notably its European allies.

This notion is false and also misleading about the trend of developments. I can attest to the realities based on my extensive interactions with my security counterparts in Europe and elsewhere. Differences in approach do exist, largely rooted in culture, geography and history. But their importance and weight have been exaggerated and are now declining in practice. What I’ve witnessed is a growing convergence among nations – especially among our transatlantic partners – in the battle against terrorism. I see a common recognition of the terrorist threat, a shared vision for an effective response to it and an evolving consensus on the specific steps that are needed now.

This was put well last year by Peter Clarke, who heads counterterrorism for Scotland Yard: “The current… threat is of such a scale and intractability that we must not only defeat [those] who plot and carry out appalling acts of violence; we must also find a way of defeating the ideas that drive them.”

When the Taliban were Osama Bin Laden’s handmaidens in ruling Afghanistan, the outcome provided a revealing portrait of the kind of ideas the terrorists embrace. While in power, they destroyed the works of other religions. They tortured and murdered those who transgressed their rigid rules governing every detail of life. They compelled women to become the virtual property of their fathers or husbands, denying them the right to own property, get an education or otherwise determine their own destinies.

The willingness of such extremists to kill innocent Muslims in Afghanistan and around the world highlights the fact that they do not represent mainstream Islam, but a hideous distortion. Much like communism and fascism in the last century, this new zealotry has an ideology that is totalitarian in nature. The goal of its adherents is to dominate as many nations as possible, destroying their liberties and imposing on them a medieval, theocratic vision of how people must live.

Their dreams of domination may appear ridiculously grandiose, but our experience of fascism and communism instructs us never to underestimate the power of determined fanatics to fulfill their ambitions. Moreover, in the Middle East, North Africa, and South Asia, the extremists have already been able to seize territory within failing states, creating their own statelets in which they rule. Equally important, they are aided by the latest technology and by the forces of globalization, which empower them to do the kinds of things that only large armies could once do. I can attest that this assessment of the threat we face is shared not only by transatlantic democracies but by leaders around the world. Of course, it is one thing to agree broadly on the nature of the danger we confront from ideologically-driven terrorism but quite another to concur on how to combat it. Yet here, too, we see the unmistakable outlines of a global consensus.

Around the world, governments are arriving at three important realizations on how best to build a strategy to defend our countries, our people, and our way of life.

First, they are starting to see that in order to protect themselves, they must not only operate within their own borders and ports of entry, but beyond them as well. To a growing extent, they recognize the need to extend their security perimeters so they can stop dangerous people abroad before they end up on planes heading for our homelands.

Second, since this strategy necessitates working with other countries, nations are coming to see that they cannot pursue the business of security alone. Strong partnerships among countries are essential.

And finally, nations are coming to agree that while security measures must be taken abroad as well as at home and in concert with others, no nation or group of nations can be everywhere at once.

The quest to eliminate all risk is quixotic, so nations are attempting instead to manage it. It is worth adding that any country that consistently pursues risk elimination will end up harming what it is attempting to protect: we could eliminate every risk to our airliners by shutting down our airports, but that would hand the terrorists a victory by destroying air travel – just what the terrorists were trying to achieve in the first place by attacking our airliners.

What matters is that the treaty saves the most important institutional changes needed to make the EU more efficient in terms of decision-making. Crucial points include the extension of qualified-majority voting (even then, many areas will still require unanimity: tax harmonization, defense, and even the Common Foreign and Security Policy, migration, parts of commercial policy, future reductions in the number of Commissioners, any extension of the Commission President’s powers). In making this change, the most contentious issue was the plan to shift to a new “double majority” (requiring 55 percent of EU member states representing 65 percent of the EU population for a “majority”). This complex procedural question included a new calculation for the number of votes allocated to each member state in decisions by the European Council. Poland set out to be the spoiler, vehemently opposing the new voting formula because it would enhance German power to the detriment of smaller members, notably Poland and Spain. The adjustment seemed reasonable to most Europeans: Poland’s population only comprises about eight percent of the EU total of 490 million, compared to Germany’s 17 percent, yet Poland under the old (and still temporarily prevailing system) has had nearly as many votes as Germany. (Out of a total of 345 votes, Poland had – and retains until 2014 – 27 votes compared to the 29 each of Germany and the other largest countries.) The Nice Treaty, which allocated the old voting quotas, also established a threefold requirement for majority (states, population and weighted votes) that favored smaller and medium-sized states (such as Poland) in a way that ensured that the three biggest members had no blocking minority. Most EU member states agreed that this needed to be changed (with the new “double majority” voting formula) to facilitate majority voting in the expanded 27-member bloc. After the summit, the EU has a road map to this slightly-streamlined system.

In short, governments are concurring not only on the nature of the terrorist threat but on a broad strategy to stop bad individuals from attacking the people and infrastructure in our respective countries.

Unquestionably, this strategy has its challenges.

For example, in America, each year we welcome more than 400 million travelers – 91 million by air. The good news is that only a tiny handful might pose a genuine threat; the bad news is that, given modern technology, it only takes a few to wreak untold havoc. While we have terrorist watch lists that identify people we know to be dangerous, we need to find individuals who are terrorists but are not yet known to us. The question is how best to do it without taking the kinds of draconian measures that would shut down travel altogether.

In the United States, we are confronting this challenge by focusing on three key areas: information, biometrics and secure documentation.

By collecting just a few key pieces of non-sensitive, commercial information, we can identify the small number of passengers who warrant a closer look before they board a plane or enter our country.

Last year, this approach took a giant step forward with our agreement with the European Union, in which the EU agreed to transfer passenger name record (PNR) data to our Department of Homeland Security from air carriers operating transatlantic flights.

Even before this transatlantic agreement was reached, data of this sort had proved to be a useful tool for combating terrorism. In April 2006 at Boston’s Logan Airport, two arriving passengers exhibited travel patterns indicating “high-risk behaviors” and so Customs and Border Protection (CBP) officers decided to take a closer look at them. In the “secondary interview” process, one subject stated that he was traveling to America on business for a group suspected of having financial ties to Al Qaeda. When his baggage was examined, officers discovered images of armed men, one of them labeled “Mujahadin.” Both passengers were refused entry to the United States.

Three years earlier, on the basis of such data and other analytics, an inspector at Chicago’s O’Hare Airport pulled aside an individual for secondary questioning. When his answers did not satisfy the security officers, he was denied U.S. entry – but not before his finger-prints had been taken. The next time we saw those fingerprints or rather parts of them, they were on the steering wheel of a suicide vehicle that blew up and killed 32 people in Iraq.

The use of fingerprinting and other biometrics is a second way of picking out terrorists from the mass of innocent travelers and laying the basis for identifying more of them. Under our US-VISIT program, visitors arriving at our ports of entry have had their two index fingers scanned and then compared with the fingerprints in databases from prior entries or with their visa records. The procedure verifies a visitor’s identity and ensures that the person is not a known felon or terrorist.

The chances of success are improved by taking prints of all 10 fingers. We are in a process of transition to a 10-fingerprint screening program at our ports of entry, and this will increase our capability for finding matches with latent prints that have been collected from battlefields, safe houses and training camps around the world. So, a terrorist can no longer escape notice just because we don’t have a match-up with an index finger. The practice of 10-fingerprint collection will have a deterrent effect on visa applicants who know that they have left prints in terrorist locales that may now be in Western records.

Besides PNR and our 10-fingerprint initiative, a third example of how we will locate dangerous individuals among the vast throngs of visitors to the United States is our attempts to unmask terrorists pretending to be someone else. For this purpose, we are counting on a new requirement for travelers to present secure identification documents – a program known as the Western Hemisphere Travel Initiative (WHTI). It establishes documentation requirements for previously exempt travelers entering the United States. As a first step, we implemented a new requirement in January 2007 for U.S. citizens, together with citizens of Canada and Bermuda, to present passports when they fly into the United States from points of departure within the Western hemisphere.

This step toward standardized, secure and reliable documentation will enable border officials to identify travelers quickly, reliably, and accurately at ports. Until now, the security risk has been aggravated by allowing travelers of this sort to use approximately 8,000 types of identification. That practice made it difficult to assess travelers seeking entry without significantly slowing the time required to process their paperwork. By limiting and standardizing the documentation requirement, WHTI aims to facilitate the process while enhancing border security.

The next step was implemented in January 2008 when the United States ended the practice of accepting oral declarations of citizenship alone as a basis for access from citizens of neighboring countries and our own at our land and sea ports of entry.

Critics have cited all three of these initiatives – PNR data collection and usage, biometrics, and secure traveler identification – as evidence that the United States is grabbing every available piece of information, acting like Big Brother and acting alone in this manner on the world stage.

In fact, similar programs are being implemented by governments around the world, especially in nations which share our democratic values and traditions, including the value of privacy.

Prominent among them are our friends and partners across the Atlantic. In February of this year, the EU proposed a biometric entry/exit system that resembles our US-VISIT program. Last November, the EU released a proposed requirement for its member states that mirrors our own PNR data-usage rules in border-management processes. As for individual countries, the United Kingdom has embarked on a seven-year initiative, known as the “eBorders program,” to establish an integrated biometric and biographic border- management system.

Ireland will roll out a similar program in order to secure its common area with the UK. The Netherlands, Portugal, Germany, Britain and Malaysia have all pioneered expedited entry and/or registered traveler programs to allow pre-approved travelers to move quickly through passport control. For years, Australia has run an Electronic Travel Authorization program that mitigates risk thanks to an automated screening program which verifies the eligibility of would-be visitors. Japan has begun recording the fingerprints and photographs of all foreign visitors in a manner compatible with the US-VISIT concept.

As the Economist put it recently, “all [emphasis added] countries are moving towards the collection of ‘biometric’ information.” That article (November 24, 2007) focused on Japan. But it underscored evidence from around the world of convergence among countries on security matters arising from the terrorist threat.

And when it comes to our transatlantic partnerships, American and European cooperation in combating terrorism deepens every year, a trend evidenced by the dismantled plots in Germany, Denmark and the UK last year alone.

Terrorism poses a continuing challenge, including its practitioners’ ability to adapt to security countermeasures. Hence we must do everything possible to preserve and strengthen this partnership between the United States and Europe – a partnership that won the Cold War and one that has been remarkably successful thus far in disrupting the plots of our common foes.

We have come a very long way in dealing with the terrorist danger that threatens us all. The threat, however, remains. We owe it to those who depend on us not to grow complacent and fail in our duty to protect them, but to build on the progress we’ve made and the consensus we’ve achieved.

Michael Chertoff is the U.S. Secretary of Homeland Security. He previously served as a judge on the United States Court of Appeals, as a federal prosecutor, and as assistant U.S. Attorney General.

***

 

EU Must Store Data on its own Frontier Entries, Too – Commissioner Frattini Says

When the EU agreed last year to share passenger name record (PNR) information with U.S. authorities, Homeland Security chief Michael Chertoff described it as “a giant step forward” in transatlantic security cooperation. Now, his counterpart in the European Commission wants Europeans to follow the U.S. lead and start collecting passenger data as part of the EU’s own anti-terrorism strategy.

The push for this change is coming from the Commissioner for Justice, Freedom and Security, Franco Frattini. In recent months, he has proposed several steps in collecting more passenger data. One would require all airlines flying into EU countries to turn over passenger information to the intelligence agencies of EU member states, to be stored for up to 13 years (for possible consultation in unfolding investigations). Under this plan, 19 individual pieces of data, including passport numbers and credit card details, would be kept on file in a database similar to the U.S.’s PNR system. Additionally, Frattini has proposed that travelers from non-EU states be required to carry biometric passports (containing an identification chip) when entering or leaving the EU’s Schengen zone of passport-free travel. With this technology, the array of data collected at the point of entry would be stored digitally for automated cross-reference.

Some of these proposed initiatives are controversial in Europe. But Commissioner Frattini defended them in an interview with Germany’s Der Spiegel in early 2008 in which he said that, in the wake of the EU agreement to transfer PNR data to the U.S., “I would find it strange if we didn’t then also concern ourselves with Europeans’ security.”

Airline passengers are only the first stage of anti-terrorist security, according to Frattini, who said that Europe will need to secure and monitor travel on ships and trains as well. “One of the attackers in London in 2005 was able to escape through France to Italy by train,” he noted.

Frattini addressed concerns that the data could be stolen or misused. Acknowledging that 13 years is “a long time” to store personal information, he said that people “can rest assured that the data will be well-protected. I am also willing to initiate legal sanctions to punish any misuse.”

Critics should understand, he said, that “the problem is not data storage, the problem is terrorism.”