Insecurity blanket
January 28, 2015DW: What's wrong with the EU's plans for the passenger name record (PNR) system? After Paris, and the constant stream of terrorism alerts we hear, be they in Australia, Europe, or the US, isn't a certain system to retain passenger data justified - shouldn't we be keeping details of people as they travel?
Jan Albrecht: I am convinced that we should, but we already do. Everywhere in Europe, we already know who is sitting on which plane. We even know which seat they're sitting in. We've collected so-called Advanced Passenger Information, API data, for decades, and justice and security authorities can check them against lists of risky or suspicious people. For example, in the case of the Paris attacks, there was information about the [suspects], and it would have been easy to track which planes they had traveled on. But what we're talking about with the blanket retention of passenger name records is that this should even include a person's booking details, their credit card number, meals they choose on a flight, their phone number, and so on. And this would be for all passengers - even completely irrelevant and unsuspicious people. This is completely unproportionate, and not helpful in the case of the Paris attacks, because we already knew those people.
But it could be argued that the current system is not working, and the intelligence agencies would say the devil is in the historical detail. I can see how your meal choice may be irrelevant. But people have got through, so surely something has to be changed.
Something has to be changed, I completely agree with that, and obviously the current system isn't working. If we assess our reaction to terrorism throughout the last decade, then we see we've already focused on the blanket retention of telecommunications and passenger data. So we don't need more. But what's lacking is that the dots - after the collection of data - are connected to suspicious people, and that investigators know what to do with this information, and that they share the information quickly with other authorities in the European Union. We have to focus on that now. But if we start building new databases and investing more money in computers, analyzing all of our travel habits - we would focus on the wrong priority. It would create more insecurity than security.
How do you feel about the provisions that have been included in the latest draft of the proposed passenger name record system, such as the de-personalization of data and that there should be data protection officers. Are these good provisions?
No. These provisions just try to create a picture that shows this as being safe. But in reality, in this proposal on data retention, depersonalization does not mean it is not personal data. All it means is that you can't do a search on a particular person, unless you can justify that search. It doesn't change the fact that your data is retained. It doesn't change the fact that this is a huge intrusion into your fundamental rights, because all of your habits, your travel history, and your communication, will be tracked. And that is incompatible with our civil liberties, which we want to defend, and which the European Court of Justice has said have to be taken into account.
So as we head for this meeting of EU interior ministers in Riga (January 29-30), what can you do to change this mentality - to say, "It's not the amount of data, but what you do with it"?
The message we have to send to the ministers is: "You have to deliver a real framework for better cooperation at the European level." We see, with the Paris attacks, where a lack of cooperation leads, because those people had been in several databases of several member states, and several authorities had followed them. The necessary last step, which is connecting the dots and working together, now has to happen.
It really does bring into view the idea of connecting the digital capabilities that we have with the human capabilities, because it always comes down to how we analyze digital data, doesn't it?
Absolutely. And we've seen that in all EU member states in recent years. Because of the high amount of money we've invested in computer systems, data systems, and the retention of data, all the member states have cut back the human resources in police and security authorities, especially when it comes to local authorities who know about radicalized persons, authorities who can address them, and create an environment for them to return to the rule of law, and come back into society. And we now have to realize that this has been a damaging and dangerous direction which we've taken. We have to correct this and invest money in local authorities and their coordination at the European level, and not spend hundreds of millions on data retention.
Jan Philipp Albrecht is a member of the European Parliament with the German Greens and European Free Alliance. He specializes in data protection and "civil liberties in the digital age" and is the vice chair of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs.