Civil Rights after September 11th

After the 9/11 terrorist attacks, politicians responsible for security issues agreed that the previous laws were not tough enough. In changing security measures, they blatantly violated data privacy laws. A report by C. Schulzki-Haddouti

New passport laws on both sides of the Atlantic now allow the introduction of biometric information in visas and passports in order to identify people by their fingerprints or faces. But at the same time, the efficacy of biometric systems of identification is still under question. Some systems have failure rates of up to 20 percent, and they are not immune to falsification. In 2002 a Japanese mathematician was able to fool eleven biometric fingerprint systems by using artificial fingers made of gummi-bear gelatine. With 23 percent humidity, the gelatine has similar physical properties to real fingers. With even more primitive tinkering, computer journalists were able to get around not only fingerprint systems, but also face identification and even iris scanning systems, which are considered very accurate. At the moment, the German government has scientists testing the feasibility of options for digital personal identification.

With its Germany-wide wanted-persons search, the German Federal Criminal Police Office has gathered approximately 20,000 data entries on alleged Islamic “sleepers.” The aim of the wanted persons search was to identify more “sleepers” in order to prevent attacks. But the profiles on the wanted posters were of such poor quality that the data banks in universities, utility services and transportation services in effect were out to identify “all male Islamic students.” The constitutional permissibility of the method used was never thoroughly reviewed—despite the fact that the only success thus far claimed by this method of apprehending terrorists was the arrest of the Red Army Faction terrorist Rolf Heissler in 1979. And again this time the nation-wide search did not lead to direct results. But nonetheless, in the European Council the Federal Minister of the Interior pushed for the introduction of the wanted persons search throughout Europe.

Central European data bank for “Islamic terrorism”

Another suggestion gained attention in the conservative camp after the terrorist attacks: The former president of the German Office for the Protection of the Constitution, Eckhart Werthebach, called for a central data bank for “Islamic terrorism.” The military counterintelligence agency (MAD), the Federal Border Control and the Customs Investigation Office were to contribute their data to this central file. Werthebach’s idea found little resonance initially. However, the new Schengen Information System (SIS II), which has been in development since 2002, is intended to collect biometric data and compile new data banks. These data banks will contain information about “troublemakers” within the Schengen states who have been issued a travel ban based on certain occurrences, as well as information about visas for demonstrators from third countries, other travel bans and identified terrorists. SIS II will link up people with other data and thus will in principle allow for a Europe-wide wanted persons search.

But it is above all in the US where the idea has dominated that the terrorist attacks could have been prevented if it had been possible to “connect all the dots.” The US government thus invested in the development of wide-ranging data banks which were to be evaluated through the process of data mining. Interesting data analyses are anticipated above all from communications data, which track who has faxed, telephoned or mailed with whom and who has visited which web-sites when. With the appropriate software, networks of relationships can be mapped. But this type of data collection only takes on meaning when many countries participate. Those sought may build up communication networks throughout many countries. These networks only become apparent when investigators have access to the provider data from each country potentially involved. At the request of the American president, the member states debated in the European Union the idea of storing communication data via Internet providers. But a new regulation has not yet been established because Germany has resisted the measure. At the UN summit meeting in December, this will likely be a concern raised by the US, which is pushing for a broad passage of the Council of Europe agreement on cyber crime. If passed, this regulation will mean that no one will be able to telephone or surf the Internet without potentially being observed.

EU security measures violate the law

The first application of a wide-ranging data bank in the US is a new control system for flight passengers. The data are allegedly able to recognise terrorists within five seconds on the basis of an analysis and a risk evaluation. Europeans will also be monitored with this system. Since March 2003, US border officials have access to the flight passenger data banks of European airlines. In addition to passengers’ names, dates of birth, addresses and telephone numbers, information such as the name of those accompanying passengers as well as their travel agent and company are included in the data banks. Additional desired information includes billing addresses, email addresses and travel status. If passengers request Halal meals, this is also recorded in the system. The EU Commission agreed to allow access to this information because otherwise the US would have rescinded the airlines’ landing rights. As data privacy experts have determined, these measures are against the law. The consequences? None so far.

The examples above show that since September 11th the basic right to information privacy as grounded in the German federal court ruling on the census in 1983 has been violated. In a democratic state, this is disturbing. Combating terrorism should not endanger the same principles that it is meant to protect.

Christiane Schulzki-Haddouti, Qantara.de;
translation from German: Christina M. White

© 2003 Qantara.de