Protecting Personal Data: Who Is Watching Big Brother?

by Vera von Kreutzbruck
- Germany -

One of life’s sweet pleasures is to travel. Thanks to the increasing number of low-cost flights, traveling abroad is no longer a luxury reserved for the privileged few. At the same time, however, there is an alarming increase in the demand of personal data from tourists and no clear transatlantic legal framework on personal data exchange. Though third parties such as airlines and airport operators have the right to read this data, we don’t know what happens with it afterwards.

Under legislation introduced after the September 11th attacks, the United States has tightened security measures for foreign tourists entering its country. The latest measure requires that by 2012, every traveler entering the United States who is part of the visa-waiver program must have a biometric passport or be forced to apply for a visa.

The biometric passport – which contains an embedded chip with personal data, facial images and fingerprints – is on its way to becoming a global travel prerequisite. Current passports will remain valid for travel to most countries until then. Germany, France and the Netherlands have already started issuing the new documents. EU parliamentarians approved the US’ demand and passed a ruling at the end of 2005 saying that its goal is to combat illegal immigration, terrorism and organized crime. But the excuse that the new passports will help prevent international terrorism is questionable since security agents will need to know whose face or fingerprints they are looking for in the first place.

Initially, Washington gave a 2006 deadline for the 27 countries in the EU and other visa-waiver countries such as Norway, Iceland and Switzerland, but then pushed the date back to June of this year to give these countries more time to prepare the technology needed to issue the biometric passports. The US State Department started introducing e-passports in 2006 and every passport holder in the US is projected to have one by 2017.

In the meantime, there is little enthusiasm for these new requirements. Data watchdogs and human rights activists argue that this regulation treats everyone as a potential criminal, thus violating the protection of citizens’ personal data and imposing a state of constant surveillance.

Peter Hustinx, the European Data Protection Supervisor, said in a press conference on the implementation of biometric passports in 2007 that security measures aimed at preventing terrorism are often stepped up at the expense of privacy. Hustinx is in charge of giving governments and EU bodies advice on data security standards and acts independently of EU institutions. He warned that the EU was “rushing in a new era” of using biometric identifiers for security checks while standards for data protection were still not clear.

“It is very important that the biometric data is only saved in the passport and not in external databanks. Until now there are no international regulations which guarantee this,” said Peter Schaar, German Federal Commissioner for Data Protection, at a conference on data protection held in March of this year in Berlin.

In 2005 when this ruling was issued, no intense political debate occurred in Germany but there were some voices of dissent. The left-wing daily newspaper Die Tageszeitung published a column saying that since 9/11 domestic security had gained more importance than the protection of fundamental citizen rights. In addition, security experts have warned of the danger and ease with which hackers and state agencies could abuse the data registers and the sensitive personal information they track.

In fact, the e-pass, which is supposed to protect states against terrorist attacks, is not so safe at all. In 2006 at the Black Hat security conference held in Las Vegas, Lukas Grunwald, a German computer security consultant, proved that the data in the chips is easy to copy. He demonstrated that a terrorist could carry a passport with his/her real name and photo printed on the pages, but with a chip that contains different information cloned from someone else’s passport. However, this could be easily avoided if the security official examines the pass to make sure the name and the picture printed on it match the data read from the chip.

Further troubling to activists and watchdogs, the European Union is about to enter talks with the US on giving it access to banking data. The plan could go beyond an existing deal with the EU that allows trans-Atlantic airlines to transfer credit card, email addresses, passport, travel itineraries and other data belonging to European passengers to US officials. The US has already been examining transactions handled by the Society for Worldwide Interbank Financial Transactions (SWIFT) since 9/11. SWIFT, which is headquartered in Belgium, is planning to move its servers and database from the US to Europe. With data privacy laws far stricter in Europe, the US would then need permission from the EU before it could gain access to this sensitive information.

The protection of a citizen’s privacy and personal data is vital for any democratic society, and should be respected as much as freedom of expression or movement. Some officials in the US and the EU would do well to re-read Article 8 of the European Union’s Charter of Fundamental Rights which states the following:

“Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. […] Compliance with these rules shall be subject to control by an independent authority.”

In the paranoid quest for more security, freedom and privacy are often sacrificed. We are all being watched by “Big Brother,” but who is watching “Big Brother” for us?

About the Author
Vera von Kreutzbruck was born in Argentina. She started her career in journalism at the English language newspaper, Buenos Aires Herald. After a fellowship in Germany three years ago, she decided to settle in Berlin. She currently works as a freelance journalist contributing to media in Europe and Latin America. Her articles focus on international news and culture in Germany and the European Union.

Posted in FEATURE ARTICLES, Technology, The World
5 comments on “Protecting Personal Data: Who Is Watching Big Brother?
  1. MHahn says:

    In the United States, we tend to imagine ourselves as being the most free and democratic nation on the face of the earth. In reality, especially when it comes to citizens’ privacy, we not only lag way behind most of Europe but also have institutional obstacles that prevent “the right to the protection of personal data.” Personal details such as prescription medication and credit history are regularly exchanged on the open market for enormous sums of money. Perhaps it comes as a shock to other Americans to find that this is most definitely NOT the norm in Europe. I’m disappointed that Europe has decided to cave to the US’s demands- surely they could have collectively refused had they really wanted to.

  2. brittanyshoot says:

    The fact that these are exceptionally easy to hack freaks me out. RFID chips aren’t secure at all – you walk past a scanner with your passport slightly open, and boom! Someone has snatched up all of your data. There are some websites that suggest disabling the chips or somehow mangling your own passport (or at least offer instructions), but even doing that in the interest of self protection can pose serious legal issues since most passports are technically government property. Then again, your passport with a non-working chip will still be legal…

  3. Vera says:

    Thanks MHahn for your comments! I totally agree with you, I was also disappointed that Europe gave in to the US’ pressure. Another example: Afghanistan. After much discussions Germany ended up sending troops there. Only a couple of years ago they had refused to go to Iraq!

  4. We Americans have to take responsibility for leading our government, corporations, and communities, not expectantly wait to be led. With regard to privacy, it took persistence, but decades ago I got my life insurance companies to accept as my identification # an alternate # instead of my Social Security #, after I read “Guard Your Social Security Number with Your Life” in Coevolution Quarterly/Whole Earth Review. (Don’t recall the article’s author for sure, but I think it was Paul Hawken.)
    It was tougher to get Blue Cross to accept an alt ID#, but soon after 1993, they finally agreed to my request. Of course, many years later, Blue Cross and virtually everybody has started using alt ID #s, across the board, realizing their earlier folly in sharing SS#s so freely.
    The last to catch on seemed to be our local community college. With great reluctance, they finally agreed to allow my 21-yr-old to use an alt ID # a couple yrs ago, and they have indeed now gone with alt ID#s system-wide. (I’d switched our family’s own practice before she was born.) http://www.marilynch.com/blog

  5. smebs says:

    The fact that these are exceptionally easy to hack freaks me out. RFID chips aren’t secure at all – you walk past a scanner with your passport slightly open, and boom! Someone has snatched up all of your data. There are some websites that suggest disabling the chips or somehow mangling your own passport (or at least offer instructions), but even doing that in the interest of self protection can pose serious legal issues since most passports are technically government property. Then again, your passport with a non-working chip will still be legal.
    thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

*