Unaccountable Europe

The familiar argument that we must sacrifice a little liberty for the sake of a little security has long been discredited. Yet it is still to be heard in the corridors of the EU, with the proviso that all will be well as long as the restrictions on our liberties are temporary and end once the threat posed by the “war on terrorism” has itself come to an end. The most striking flaw in the argument is that the “war on terrorism” is permanent, a replacement for the Cold War as the legitimating ideology for globalization; the economic and the political go hand in hand.

This new “war” is far more pervasive and dangerous than the old one ever was. In the time of the Cold War, a number of competing ideologies – Western-style capitalism and “liberal democracy”, Soviet-style communism, Chinese-style communism, and a host of third world socialisms – acted as a brake on the capitalist states; in contrast to state surveillance in the Soviet bloc, “liberal democracy” had to have some tangible meaning. Today, the combined force of the “war on terrorism”, Western-style free market capitalism and “freedom and democracy” has no rival.

Some argue that the swathe of measures put through or planned since 11 September 2001 has properly balanced security and civil liberties; governments, ministers, officials, and many MPs appear to believe this is so, even though they are putting in place measures that will bring the entire population of Europe under surveillance.

First, there is to be surveillance of movement. Already one of the four basic “freedoms” of the EU, the freedom to move from country to country without being checked, is gone: everyone has to produce a passport or an ID card to board a plane, even in most cases for internal travel as well. In April 2004, the EU agreed that “passenger name record” (PNR) checks should be introduced on all flights in and out of the EU: all visitors and EU residents are to be vetted before boarding. It is not at all clear against which “watch-lists” people will be checked; will it be the EU list of “terrorist” organizations and individuals or a wider list of “suspected” terrorists; or, perhaps, a general list of all those wanted for or suspected of terrorism, organized crime, or any criminal charge?

It is only a matter of time before an Advanced Passenger Information System (APIS) that will put all passengers into one of three categories is introduced: green, you can board; yellow, you will be subjected to extra checks of baggage and person and/or questioned or placed under surveillance on arrival; red, you will be placed under arrest on arrival at the airport or check-in desk. Tests have shown up the flaws in the system: between 5 per cent and 15 per cent of all passengers can be classified as “yellow” depending on whether a narrow (terrorist suspects) list is used or a wider (terrorist, organized crime, any crime) list. And that is not the worst of it: if intelligence and security agencies do not know that a person is a terrorist, they will simply get on the plane through the “green” channel.

Second is the EU decision in December 2004 to introduce “biometric” passports. The European Parliament was only “consulted” on this measure. Indeed it was blackmailed into giving its “opinion” speedily. The European Council promised to extend the parliament’s co-decision powers to immigration and asylum on 1 January 2005 instead of April 2005 – a move that gave the parliament co-decision powers over measures such as the introduction of biometric passports.

The EU says this is needed to respond to international demands for “biometric” travel documents in line with the adopted standard of the ICAO (International Civil Aviation Organization) – a move emanating in the G8 and led by the US and UK. However, the ICAO standard only requires a digital picture, nothing more than a digitized version of the normal passport picture sent in with a postal application with the image inserted into a readable chip. This allows one-to-one checks at points of entry and departure to confirm that the person carrying the passport is the same person as on the digitized picture. It provides for a very basic check and has been erroneously referred to by government ministers and officials as the introduction of “biometric passports”.

The biometric passport measure adopted in the EU will involve the taking of two or more fingerprints from everyone applying for a new or first-time passport. Many people living in the area covered by Europe’s Schengen agreement travel within and between these countries using only their ID cards and there is a proposal under The Hague Programme to set minimum standards for these, which are likely to harmonize the use of fingerprints in them. Since the UK has not opted in to the Schengen provisions on border controls and immigration, it will introduce its own biometric passports. Ireland, which has not opted in either, has yet to make a decision.

The UK is proposing to introduce biometric passports from the autumn of 2006 (for first-time applicants) and subsequently for all renewals. This will involve the taking of fingerprints and a facial scan of up to 1,840 unique features on each face, and maybe an iris scan as well. Biometrics and the personal details of the individual will initially be stored on national databases and later be brought together on an EU-wide database.

The implications of this move are enormous. Over the next ten years, as passports are renewed, millions of people will have to present themselves at a “processing centre” to be “enrolled”. In the UK, the estimated number is more than 5 million people a year. “Enrolment” will involve not just having to go to a centre – instead of putting an application in the post – people will be interviewed and have to present documents to prove who they are. Then the biometrics will be compulsorily taken. The UK government is also attempting to get a bill through parliament requiring that everyone issued with a new or renewed passport will automatically be issued with an ID card as well.

The introduction of biometric passports and ID cards is only part of the picture. A new EU health card is coming in from January 2006 that will eventually hold the bearer’s medical history on a chip. New EU driving licence standards mean that these, like passports, will need to be renewed every ten years – five if some in authority have their way – and to include a digitized picture.

It is not hard to see that within the foreseeable future there will be moves to integrate the EU passport, ID card, driving licence, and health card into one single biometric chipped card. Privacy concerns will be traded for convenience – at least that is what the authorities are hoping for. UK Information Commissioner Richard Thomas says he fears we are “sleepwalking into a surveillance society”, a fear that can be extended to the 450 million people in the EU.

The third area of controversy concerns mandatory data retention. For years, law enforcement agencies have been lobbying for access to communications data, restrained only by the opposition of civil liberties and privacy groups backed by the media and public opinion. On 20 September 2001, just nine days after 9/11, a special meeting of the EU’s Justice and Home Affairs Council put the issue back to the top of the agenda.

The proposal now under discussion would require communications and service providers to retain traffic data for all phone calls, faxes, mobile calls (including their location), emails, and Internet usage for at least 12 months, and to make this available on demand to any law enforcement agency. The proposal also allows for the exchange of data between agencies in different countries within and beyond the EU.

There are, however, a number of problems with the proposal. Changes in technology mean that service providers for Internet and emails through ADSL provide unlimited usage and no longer need to keep a record of use (older technology relied on billing according to use). Under the current proposal, service providers would have to retain data they no longer need for at least 12 months (as opposed to two to three months under the older systems). Who will foot the bill: the state or the companies? The legal bases of the proposal remain unclear but this has not prevented the governments concerned from moving ahead with their plans.

The planned wholesale surveillance of movement and telecommunications, backed by the introduction of EU-wide fingerprinting and storage of personal data and biometrics on EU databases, is to be complemented by the “principle of availability”. Under this principle, all information and intelligence held nationally by law enforcement agencies in all 25 EU member states would be available to all the other agencies. An unpublished overview report on this principle (EU doc no: 7416/05) suggests that the end game is not just for all EU law enforcement agencies to have access to personal data regarding law and order (including DNA and fingerprints data) but that they should also have:

Direct access to the national administrative systems of all Member States eg: registers on persons, including legal persons, vehicles, firearms, identity documents, and drivers licences as well as aviation and maritime registers.

“National administrative systems” will, no doubt, include personal medical records when these are available on a national database, as they will be in the UK from 2006.

The dangers in this are evident: the “principle of availability” will make agencies self-regulating, with no checks on misuse and abuse. Where once requests had to be channelled through, and recorded by national interior ministries which scrutinized them before authorization, now there is to be a free market in personal data without any data protection worth the name.

Although they play only a secondary and supporting role in the war on terrorism, it is consistently argued that “law enforcement agencies” need these measures to strengthen their hand. The front-line in combating terrorism is made up of the intelligence and security agencies, not law enforcement. It is the former who collect SIGINT (signals intelligence), COMINT (communications intelligence) and HUMINT (human intelligence), and in most countries they have all the powers they need.

Just as the “war on terrorism” is being used as a smokescreen to introduce wholesale surveillance, so it is used by governments and law enforcement agencies keen to extend their powers – not to mention the multinationals that stand to make billions out of the new technological demands of wholesale surveillance. Once established in Europe and the US, these new standards become the benchmark for “global standards” and even greater profits.

As with all decisions taken in Brussels, which are rarely reported in any detail in the media, the reaction of civil society and people at large to this huge shift in the balance between the power of the state and the rights and liberties of the individual has yet to express itself. As Hana Stepankova, of the Czech Office for Personal Data Protection, says:

Privacy is one of the basic values of human life and personal data is the main gateway enabling entry into it. The citizens of countries that experienced totalitarian regimes had that hard experience when privacy was not considered of value and was sacrificed to the interests of the state. When the people of Europe find out that they are now all “Suspects”, acquiescence may turn into opposition.