Tuesday, May 30, 2006

Passenger flight data: European court blocks EU data deal with US

The European Court of Justice has today anulled the European Council's decision regarding an agreement to provide US authorities with the data of European flight passengers, and the European Commission's decision that this agreement complies with with the European Union's data protection requirements. (More information about the details can be found in the ECJ's press release).

Such an outcome had been expected since the court's Advocate General had recommended the anulment in November of 2005 (see my respective posting on this blog).

Now both aforementioned institutions, the Council and the Commission, are left with the proverbial egg on their faces. This is a victory for the European Parliament which had brought the case before the court, arguing that the Commission was violating the European Union's own data protection legislation.

The full text of the ruling will soon be available here. The BBC, the New York Times, and SPIEGEL Online already have reports on this up.

Since the United States have threatened to withdraw landing rights from any airline not complying with the agreement, it will be interesting to watch further developments in this case. However, the ECJ has ruled that the agreement can stay in effect until 30 September 2006. I would expect intense negotiations to start now between the EU and the US…

Technorati Tags:

Wednesday, May 24, 2006

German constitutional court declares dragnet searches unconstitutional

The German Federal Constitutional Court (FCC) yesterday ruled that dragnet searches through through databases are unconstitutional if there is no concrete danger involved.

After 9/11, authorities in the German state of Northrhine Westphalia had initiated such a search to track down "sleepers" who might become Islamist terrorists. University student databases were used as well as communal registration office data and the central database of foreigners. Criteria used included male gender, age between 18 and 40, present or former enrollment in higher education, Islamic faith, and country of birth. The persons who met these criteria (apparently some 32000) were then investigated further by the local policy forces. No "sleepers" were detected as a result of this exercise. (A German language press release from the FCC is here, an International Herald Tribune summary here, Deutsche Welle English language service has it here).

A Moroccan student (at the time) of Islamic faith complained against having been subjected to this procedure, and took his case all the way to the FCC which eventually ruled in his favour. The Court ruled that the dragnet search had violated the student's "right to informational self-determination", a right the Court had developed from the Basic Law (the German constitution) some twenty five years ago. The Court ruled further that a dragnet search was such an intrusion to the student's fundamental rights that it would only be admissible if there was a concrete danger. While this could in principle also apply to the case of a terrorist threat, more concrete information about the threat was required than had been present in the post-9/11 dragnet searches.

The ruling has met different echoes in German political life. While Bavarian interior minister Beckstein (a law-and-order supporter) called it "a black day in the fight against terrorism", civil rights groups and the liberal press have praised the FCC for upholding civil rights that have been under threat in recent years. The latter also pointed out that dragnet searches like this can lead to hysteria as whole groups of the population are sweepingly suspected of presenting a terrorist danger.

Technorati Tags: ,

Tuesday, May 23, 2006

If you're a US veteran, your data have been stolen

Bad news for some 26 million US veterans: their names, Social Security numbers and birth dates are among the data that were compromised when a laptop with an external drive was stolen in Maryland some three weeks ago. Identity theft on a gigantic scale now is another problem the US armed forces have to worry about.

As the Department of Veteran Affairs announces on its website, an employee took the data home (a violation of the Department's policy), and his home was burglarized. As CNN reports, the loss was kept secret for three weeks in order not to alert the thieves of the content of their booty, fearing that they might then try to sell it to interested parties.

Some 26.5 million veterans and some of their spouses are concerned, apparently every living veteran discharged between 1975 and the present. The Department has set up a major information operation, including a call centre, to provide information. The call centre can handle up to 260000 calls per day, so if everyone calls — well, you can do the maths for yourself.

Law makers have expressed concern about the stolen data. As the New York Times writes, the problem is that the data concerned may enable the thief "to begin trying to open new accounts, secure loans, buy property and otherwise wreak havoc on the victim's credit history."

As regular readers of this blog will know, this is only the latest in a long string of incidents of major data theft, including as victims US firm ChoicePoint, Lexis-Nexis subsidiary Seisint, Bank of America, Retail Ventures subsidiary DSW Shoe Warehouse, the hotel chain Marriott, and the Pentagon.

Technorati Tags:

Monday, May 15, 2006

Does the Bush administration use phone records to track leaks to the media?

Maybe this is from the just-because-you're-paranoid-doesn't-mean-they're-not-after-you-Department, but today's entry in ABC News' Chief Investigative Correspondent Brian Ross' blog sounds worrying.

Ross writes that he has been warned in personal conversation by a senior law-enforcement official to "get some new cell phones, quick" because the numbers of their existing ones were being tracked. Given the recently uncovered giant NSA phone call database, the administration would be in a position to establish patterns of calls from journalists to officials, providing material for leak investigators.

And perhaps damaging an important function of the media — scrutinizing the government and holding it publicly to account — on the way. Uncovering problems often relies on the activities of "whistleblowers" — both in the public and in the private sector. It is here that personal privacy interfaces with an important function for society as a whole.

Frank Rich, in an op-ed piece in yesterday's New York Times, draws the parallel with the 1971 publication by his newspaper of the "Pentagon Papers" which uncovered lies by the Johnson administration in the Vietnam war. The Nixon administration tried to stop publication, but failed. Today, Rich writes, the situation is similar with regard to the Iraq war:
"The administration's die-hard defenders are desperate to deflect blame for the fiasco, and, guess what, the traitors once again are The Times and The Post. This time the newspapers committed the crime of exposing warrantless spying on Americans by the National Security Agency (The Times) and the C.I.A.'s secret ''black site'' Eastern European prisons (The Post). Aping the Nixon template, the current White House tried to stop both papers from publishing and when that failed impugned their patriotism."
By the way: reading the comments reacting to Ross' entry makes it quite clear that the above analysis is not shared by everyone, to put it mildly...

Technorati Tags:

Thursday, May 11, 2006

NSA builds up massive database of Americans' phone calls

In the land of the brave and the free, Big Brother knows who you've called. That is the bottom line of a report published by USA Today.

The National Security Agency, the country's most secretive intelligence agency (it used to be joked that its acronym NSA stood for "No Such Agency") has been collecting phone call records of tens of millions of Americans, apparently since shortly after the 9/11 attacks in 2001. It seems that the NSA has obtained the data directly from the United States' three biggest telephone companies, AT&T, Bell South and Verizon who collectively service more than 200 mio customers. The result is apparently the biggest database in the world.

Remarkably, this giant data collection exercise seems to have taken place purely on a voluntary basis — since no court orders exist which would require the companies to hand over the data. Apparently the NSA's claim that national security was at risk was all that it took for the companies to oblige with the request. Even though a procedure exists to protect American citizens' rights in this area (the FISA court named after the Foreign Intelligence Surveillance Act of 1978, passed after an illegal snooping operation by the NSA had been uncovered), it was not used.

Denver-based phone company Qwest, however, refused to hand over data, after the company's request to obtain FISA authorisation had been turned down by the NSA, who also refused to provide the firm with a letter of authorization from the U.S. attorney general's office.

My personal comment: if I lived in the States, I know which company would get my telephone business. And I am curious whether this story (if it turns out to be completely correct) will cause the public outcry it deserves.

The most serious question this raises, in my opinion, is: What is the point of installing protection mechanisms for civil liberties like FISA if public authorities collude with private companies to bypass them?

Update: Further reports on this can be found (in German) at Spiegel Online and on the BBC Website. The BBC reports that US senators have announced that they would order the phone companies to testify about this. It also points out that the NSA's director when the operation was launched was General Michael Hayden, who this week was nominated to head the CIA. These revelations may endanger his confirmation in the Senate.

Further update: CNN has the story here, and President Bush's remarks concerning it are here. He emphasizes that "the privacy of ordinary Americans is fiercely protected in all our activities. We're not mining or trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to al Qaeda and their known affiliates."

Yet another update: A poll conducted by the Washington Post and ABC shows that a majority (63%) of US citizens thinks that the NSA's data collection is an acceptable way to investigate terrorism, while only 35% thought it unacceptable. The poll (more details here) also shows that 65% of those interviewed said it was more important to investigate potential terrorist threats "even if it intrudes on privacy."

Technorati Tags:

Wednesday, May 03, 2006

Pentagon victim of data theft attack

The Pentagon, home of US defense, has become the latest victim of a data theft attack. As UK newspaper The Guardian and German IT newsservice heise online report, the health care information of more than 14,000 employees has been compromised. Apparently this includes credit card and social security numbers as well as private addresses, telephone numbers and email addresses.

The Pentagon's own statement (for which you have to dig deep into a website full of optimistic news coverage and a depressingly long line of statements identifying dead soldiers in Iraq) says that individuals affected have been informed by letter that the incident may put them at the risk of identity theft.