European personal privacy concerns must not stop us developing ways to identify terrorists by examining airline booking data, writes Michael Chertoff
Imagine that US troops in Afghanistan raided an al-Qaeda safe house and captured a computer containing the cellphone numbers of operatives in Europe. Wouldn't it be important to know whether one of those numbers was used to book a transatlantic flight? Unfortunately, our ability to make that connection remains limited: information that terrorists readily share with travel agents cannot easily be shared throughout the US government. That needs to change.
Information sharing and intelligence gathering are some of our most important tools in the global war on terrorism. British authorities, in partnership with the US and our allies, were able to disrupt the recent terrorist plot against passenger aircraft precisely because of timely, actionable intelligence, properly shared and acted upon before the terrorists could carry out their plans.
But despite the strong links we've forged with our European partners to protect our nations, we still remain handcuffed in our ability to use all available resources to identify threats and stop terrorists.
To defeat terrorists, we must limit their movement between countries and disable their worldwide networks by targeting our investigative resources. One technique practised by the Department of Homeland Security (DHS) and a number of foreign governments is the use of name-based information, such as passenger manifests and crew lists, to screen travellers coming to the US. These manifests allow us to identify known persons of interest on watch lists and to act upon threats before they can reach our shores - even, where possible, before they depart on their journey. But how do we thwart a terrorist who has not yet been identified?
One way is by using more of the detailed information collected by airlines and travel agencies when an individual books a flight. These passenger-name records (PNR) contain information, such as travel itineraries and payment details, that can be analysed in conjunction with current intelligence to identify high-risk travellers before they board aircraft. If we learned anything from 9/11 it is that we need to be better at connecting the dots of terrorist-related information. After 9/11, we used credit card and telephone records to identify those linked with the hijackers. But wouldn't it be better to identify such connections before a hijacker boards an aircraft?
By comparing PNR data and intelligence gathered on known terrorists - such as cellphone numbers collected in Afghanistan - we can identify unknown threats for additional screening and enhance our ability to assess risk. At the same time, we will spend less time with inconvenient screening of low-risk travellers.
The US government has collected PNR data on travellers aboard international flights to the US since the early 1990s. This information is of such value that after 9/11, Congress mandated its continued collection. But in the past few years, European privacy concerns have limited the ability of counterterrorism officials to gain broad access to data of this sort.
For example, under an agreement with the European Union, United States Customs and Border Protection receives this information regularly, but it cannot routinely share it with investigators in another DHS component, Immigration and Customs Enforcement, or with the FBI - never mind with our allies in London. This information might yet identify associates of those arrested recently in Britain, but the rules blind us in routinely searching for that connection.
DHS has made a strong commitment to protect personal privacy while screening international travellers. We do not profile based on race or ethnicity, but we do assess threats through analysis of individual behaviour. The DHS chief privacy officer has closely reviewed the PNR programme to ensure that it meets standards of fair information practices and US law. This includes providing a process through which travellers can seek redress if they feel their freedoms have been violated.
Protecting personal privacy is a part of responding to the post-9/11 world, but it should not reflexively block us from developing new screening tools. Indeed, more data sharing leads to more precisely targeted screening, which actually improves privacy by reducing questioning and searches of innocent travellers.
All governments bear a responsibility to prevent terrorists from boarding aircraft, and information sharing is a critical way we can work together to limit terrorist mobility, screen for unknown threats and investigate terrorist cells. Smart screening - including careful and responsive analysis of travel data - will enhance security and privacy. - (LA Times-Washington Post service)
Michael Chertoff is US secretary of homeland security