Security Debrief

On May 5, 2010, the newly empowered European Parliament issued its guidelines for beginning new negotiations on Passenger Name Record (PNR) agreements with the United States, Australia and Canada. This resolution received minimal coverage in the U.S. media, though its consequences for international travel security are potentially significant.

Criminals and terrorists know no borders, as recent arrests and uncovered plots prove.  We have no choice but to cooperate with international partners and to deepen that cooperation wherever possible. The collection and analysis of PNR data – along with its counterpart Advance Passenger Information (API) – is a critical tool to identify and disrupt the travel of terrorists and other international criminals.

API and PNR are used to find watchlist matches; to provide leads on terrorist activity by providing links between known and unknown terrorist travel routes and patterns; to identify previously unknown associates of known or suspected terrorists and other criminals; and to discover fraudulent travel documents.

The PNR agreement between the United States and the European Union (EU) – the most recent version has been in effect since 2007 – provides a safe harbor for European-based airlines to provide PNR to DHS without conflicting with EU law. However, since its inception, the agreement has been plagued by the ongoing dispute over privacy between the United States and the EU.

The privacy issue has also affected the Treasury Department’s collection of bank transfer data on the Terrorist Finance Tracking Program, a program also known as “SWIFT, the name of the Belgian banking consortium that provided the data.)

The United States has endured much unfounded criticism in Europe on the subject of privacy and data protection. Specifically, EU critics charge American privacy laws with failing to provide appropriate redress to European citizens and that American privacy authorities lack the authority and independence necessary to protect personal information.

Unfortunately, the European Parliament’s direction to its negotiators continues to pick this fight, stating “the use of PNR data for law enforcement and security purposes must be in line with European data protection standards, in particular regarding purpose limitation, proportionality, legal redress, limitation of the amount of data to be collected and of the length of storage periods.”

For various legal, historical and cultural reasons, the U.S. privacy system has a different structure than its European counterpart, but the principles and goals remain the same.  There are practices in the United States that might not conform to EU privacy rules, just as some EU practices would not be legal in the Untied States. These facts are not likely to change. More to the point, European governments have been cooperating on law enforcement and security issues with the United States for decades without compromising personal information or running afoul of national laws.

To date there has not been a noticeable privacy breech during our daily law enforcement and security cooperation at the operational level. The PNR agreement is no different. For the safety and security of the traveling public, it is in our mutual interest to move beyond tired debates about privacy standards. Instead, we should embrace the extensive amount of common ground between our systems and continue to share PNR and other critical information.