Kirstie Ball is Professor of Organization at The Open University Business School and Director of the school’s Centre for Research into Information, Surveillance and Privacy (CRISP).
Following the 9/11 attacks in 2001, a raft of legislation was introduced in the UK and in Europe mandating data sharing between the private sector and government. Private sector data about customers and their activities was seen by the US and UK governments as containing vital information about the movements and activities of criminals and terrorists. Financial transactions, travel movements and latterly communications data became the objects of scrutiny. Post Snowden, the appetite for such surveillance waned, with the European Parliament suspending the transfer of PNR and SWIFT data to the United States government. However, after the attacks in Paris and Copenhagen earlier in 2015, this appetite seems to have been renewed.
Nowhere has this been observed more keenly at European level than in discussions about a new Passenger Name Record (PNR) directive. This directive is intended to apply to all airlines operating into and out of Europe. Currently in draft form, the directive would oblige airlines operating in member states to hand PNR data – information about passengers’ bookings - to their respective governments in advance of travel. The data would then be mined by law enforcement agencies for evidence concerning the past – or future – activities of crime and terror suspects, and for evidence of suspicious activity. The draft directive currently applies to flights from outside Europe, but could be extended to cover flights within Europe as well.
In considering whether such a law should be enacted, the European Parliament could do worse than to examine the experiences of the UK government in their now failed EBorders programme, implemented under the Immigration, Asylum and Nationality Act 2006. A new book ‘The Private Security State’ authored by Professor Kirstie Ball and colleagues from the Open University, considers what went wrong with E borders. The book suggests that governments should listen to representations from the air travel sector before mandating them to provide passenger data on an even bigger scale.
The objective of the eBorders programme was to collect information pertaining to every journey into and out of the UK, taken by rail, sea or air, by 2014. The programme mandated air carriers to collect and transfer to government all passport data relating to their passengers within 24 hours and 30 minutes of departure. The information was then held for five years in an active government database where it was subject to all kinds of analysis. Then it was held for another five years in an archive with access on a case-by-case basis. However it has now been quietly and abandoned as an expensive failure. The total cost of the programme was £¾ billion and it was finally £60 million over budget.
When engaging with the private sector over information sharing, it is important to note that private sector infrastructures are set up to maintain market distinctiveness and competitive advantage. They are not designed to join to organizations with whom they are not already associated within the rules of market-based competition. So the problems with eBorders stemmed from both the practical and legal aspects of its delivery in relation to the airline industry. The industry expressed concerns about the design of the programme from its pilot in 2004, through to its eventual roll out in 2009. In particular the ‘Trusted Borders’ consortium – a group of companies appointed to deliver the programme - was felt to ignore their concerns over industry structure, operating standards and the legality of the programme.
Their first concern was that the programme caused an uneven regulatory burden which disadvantaged some players in the sector, because all airlines are not alike. It was comparatively easy for a national legacy carrier such as British Airways or KLM to transfer passport data to government. All of their seats were for sale using the Global Distribution Systems (GDS), large information systems used by travel agents to book seats on airlines throughout the world. After lobbying from the Association of British Travel Agents, the GDSs enabled passport data to be entered at the time of booking and the transfer was automated from there.
Some low cost and charter carriers, however, were not listed on GDSs: charter carriers are particularly absent because their seats are not available for independent sale. These airlines had to build their own infrastructure to transfer data at significant extra cost. New customer websites, mobile apps, self-service kiosks in airports and help lines needed to be set up at the airlines’ expense to collect data from customers in advance and make them aware of the new requirements. Airlines also have very long supply chains with multiple points of sale. Tour operators and travel agents had to juggle multiple data collection points for multiple airlines while taking care not to ruin the customers’ travel experience with talk of security.
The low cost and leisure airlines were further disadvantaged by the choice of operating standard for data transfer. SITA, one of the Trusted Borders members, insisted on its own standard SITA type B, which was not standard across the whole airline industry and which was costly to implement. Leisure airlines used an older, cheaper operating standard called UNEdifact. As airports throughout the world upgraded to SITA compliant systems, the additional costs were passed on to airlines in increased landing fees. But the problems didn’t end there: Raytheon, the lead partner of the consortium, was tasked with providing the eBorders interface at border control in airports. It failed to deliver a useable system and was eventually sacked from the consortium in 2010. Last year it was awarded £224 million in damages after suing the UK Home Office for unlawful termination of the contract. That decision was then overturned on appeal in March 2015.
The final nail in the coffin for eBorders were a set of legal objections from the European Commission. Potential legal problems with the programme were highlighted by the airlines to the home affairs select committee in 2009 but these warnings were not heeded by the government. Early in 2010, the European Commission informed the British Government that eBorders compromised European citizens’ rights to freedom of movement. The scheme also breached Belgian, French and German Data Protection Law. The UK Information Commissioner suggested that citizens could opt out, but airlines across the sector then faced an enormous cost of amending systems to incorporate the opt-out. The result was a legal stalemate and very patchy data collection.
EBorders has been abandoned and huge amounts of money have been wasted. The UK Home Office is now pursuing a system of universal exit checks using automated passport gates in airports, rather than gathering data from airlines. Passport data collection has effectively been re-centralised. E borders is proof that mass data collection from the private sector for national security purposes is difficult to achieve at a systems level, costly, and legally and commercially compromising. And yet, in the face of this evidence, a draft directive on PNR data, which relies on airlines transferring PNR data en masse to national governments, has resurfaced in Europe.
The European Parliament is currently, and rightly, facing serious questions over mass PNR data collection in relation to various Human Rights and Data Protection Laws. However it also needs to face up to industry concerns over the commercial implications of such a directive. The avoidance of additional financial pressures, unfair regulatory burdens, compromises to business models, existing regulatory obligations, supply chain relationships and customer relationships will be of paramount importance to airlines given the damage done by eBorders. Sensitivity to these issues may help Europe decide once and for all whether mass surveillance is not only desirable from a human rights perspective but is also feasible, prudent and sustainable.