OUT-LAW.com
Thursday, December 7, 2006
The US Government signalled some willingness this week to address
concerns over citizens' privacy, but also launched a scheme which
will analyse secret airline passenger risk profiles and keep them
for 40 years.
The US Government released guidelines which it says will protect
the privacy of US citizens in an era of increasing data collection
and information sharing by and between Government bodies.
Congress had previously mandated greater information sharing
within government and law enforcement, but there have been concerns
that that process undermines individuals' privacy.
The office of the US intelligence chief John Negroponte has now
released a set of guidelines for state agencies to follow in dealing
with individuals' data.
The guidelines say that Government bodies must ensure that information
is being gathered lawfully and that sharing with other bodies
is legal. Information can only be shared if it is to do with homeland
security, terrorism or law enforcement, they say.
"Protected information should be shared through the Information
Sharing Environment (ISE) only if it is terrorism information,
homeland security information, or law enforcement information,"
said the guidelines. "Each agency shall adopt internal policies
and procedures requiring it to ensure that the agency’s
access to and use of protected information available through the
ISE is consistent with the authorized purpose of the ISE."
Meanwhile, however, the US Government began a planned scheme
this week which creates risk assessments of airline passengers,
assessments that passengers can never see and which are kept on
file for 40 years.
A programme has been identified by digital rights group the Electronic
Frontier Foundation (EFF) which collects information about individuals,
stores it in a database and performs a risk assessment about whether
or not the individuals concerned are likely to break US law.
"Personally identifiable information is collected to ensure
that people and cargo entering or exiting the United States comply
with all applicable US laws," said a privacy impact report
on the Automatic Targeting Scheme (ATS). "Relevant data,
including personally identifiable information, is necessary for
CBP to assess effectively and efficiently the risk and/or threat
posed by a person, a conveyance operated by person, or cargo handled
by a person, entering or exiting the country."
Information will be gathered and stored on US citizens and foreigners,
including EU citizens. A major source of data will be passenger
name records (PNR), themselves the subject of data protection
controversy in Europe.
The US has agreed a controversial deal with the European Commission
to allow airlines to pass 34 pieces of information to US authorities
every time an EU citizen flies into the US. The European Parliament
opposed the deal, as did privacy activists, in part because US
data protection is weaker than that in the EU.
"Generally, data maintained specifically by ATS will be
retained for up to forty years," said the ATS privacy report.
"Certain data maintained in ATS may be subject to other retention
limitations pursuant to applicable arrangements."
European PNS data will not be kept for as long as 40 years, said
the report, because of the conditions of its transferral.
The EFF says that the system is invasive and unprecedented. "The
government is preparing to give millions of law-abiding citizens
'risk assessment' scores that will follow them throughout their
lives," said EFF Senior Counsel David Sobel. "If that
wasn't frightening enough, none of us will have the ability to
know our own score, or to challenge it. Homeland Security needs
to delay the deployment of this system and allow for an informed
public debate on this dangerous proposal."
Email
