In the name of “preventing, detecting and investigating terrorist offenses and related travel”, all United Nations (UN) Member States should develop systems for processing and analysing Passenger Name Record (PNR), Advance Passenger Information (API) and “fingerprints, photographs, facial recognition, and other relevant identifying biometric data”, according to a UN Security Council resolution (no. 2396) on threats to international peace and security caused by terrorist acts agreed on 21 December 2017.
PNR for all
PNR data is collected by airlines and travel agents when individuals purchase airline tickets and includes a wide range of personal and other data. API is the biographical data contained in individuals’ passports.
EU Member States are obliged to gather and process API under a 2004 Directive and by May 2017 all EU Member States were supposed to implement the EU PNR Directive that mandates the gathering and processing of PNR data on all travellers leaving, entering or travelling within the EU; numerous other states around the globe also collect and process PNR and API data for ostensible counter-terrorism and law enforcement purposes. (The EU provisions on flights within the EU were added by Member States by means of a “declaration”, ignoring the opposition of the European Parliament.)
Under the title “Border Security and Information Sharing”, the UN Security Council Resolution – which is binding on UN Member States – demands that practically every state in the world adopt API and PNR systems, if they do not already have them, opening the door to massive pre-emptive profiling of air travellers. In the future, other modes of transport may also be covered – the EU has previously considered extending PNR schemes to rail and boat travel, while last year Belgium, France, the Netherlands and the UK agreed to introduce a PNR system for rail travel.
As observed by EDRi member Access Now:
“Under the EU PNR Directive, everyone’s PNR information – whether or not you are a suspect for any crime – is indiscriminately collected and shared with local enforcement authorities, and then stored for five years just in case it later becomes relevant to vaguely defined ‘serious’ crime and terrorism. Nothing has been presented to show this will do anything to help catch criminals or terrorists, and with more than 900 millions air passengers travelling in the EU every year, the sheer volume of personal information gathered and retained is well beyond what is necessary or proportionate. The directive therefore stands in violation of your fundamental rights to privacy and data protection.”
One of the key aims of the EU PNR Directive is the development of profiling systems against which all passengers’ data will be compared to determine whether they may be a “person of interest”. Such “risk-based screening” is now set to go global.
Biometrics and watchlists for all
Resolution 2396(2017) also:
“Decides that Member States shall develop and implement systems to collect biometric data, which could include fingerprints, photographs, facial recognition, and other relevant identifying biometric data, in order to responsibly and properly identify terrorists, including foreign terrorist fighters, in compliance with domestic law and international human rights law, calls upon other Member States, international, regional, and subregional entities to provide technical assistance, resources, and capacity building to Member States in order to implement such systems and encourages Member States to share this data responsibly among relevant Member States, as appropriate, and with INTERPOL and other relevant international bodies.” [emphasis added]
It further mandates that:
“Member States shall develop watch lists or databases of known and suspected terrorists, including foreign terrorist fighters, for use by law enforcement, border security, customs, military, and intelligence agencies to screen travelers and conduct risk assessments and investigations, in compliance with domestic and international law, including human rights law, and encourages Member States to share this information through bilateral and multilateral mechanisms.”
Amongst other things, the Resolution also calls for UN Member States to “consider, where appropriate, downgrading for official use intelligence threat and related travel data”. In this regard it must be recalled that “intelligence” gathered by security agencies does not always have to meet the legal standards that would be required for data gathered by law enforcement agencies.
Aside from “Border Security and Information Sharing”, the Resolution also outlines a host of requirements under the headings “Judicial Measures and International Cooperation” and “Prosecution, Rehabilitation and Reintegration Strategies”, as well as outlining various actions that should be taken by the UN.
Resolution 2396(2017) was accompanied by Resolution 2395(2017) that extends the mandate of the UN’s Counter-Terrorism Committee Executive Directorate (CTED), responsible for monitoring the implementation of UN counter-terrorism measures, until December 2021.
This article was originally published at http://www.statewatch.org/news/2018/jan/un-pnr-for-all.htm
UN press release: Security Council Urges Strengthening of Measures to Counter Threats Posed by Returning Foreign Terrorist Fighters, Adopting Resolution 2396 (21.12.2017)
UN Security Council Resolution 2395 (2017) on threats to international peace and security caused by terrorist acts (21.12.2017)
UN Security Council Resolution 2396 (2017) on threats to international peace and security caused by terrorist acts (21.12.2017)
Massive biometric “smart borders” database may be illegal (15.09.2017)
Court of Justice says no to EU-Canada travel surveillance deal as implementation of European system continues (26.07.2017)
PNR Directive: USA offers a helping hand to EU air travel surveillance and profiling efforts (14.06.2017)
(Contribution by EDRi member Statewatch, the United Kingdom)