1 00:00:00,000 --> 00:00:18,879 * 36C3 preroll music* 2 00:00:18,879 --> 00:00:25,802 Herald: Next is Bijan. Bijan. Bijan, I pronounce this. Pretty persian. Yeah. He's 3 00:00:25,802 --> 00:00:32,730 an attorney, ein Rechtsanwalt it is called in deutsch, and he works for the Gesellschaft 4 00:00:32,730 --> 00:00:37,971 für Freiheitsrechte in Berlin. If I'm right. Good. Give them a welcome. 5 00:00:37,971 --> 00:00:42,369 applause, please. It's early in the morning. We're going to kick back here. 6 00:00:42,369 --> 00:00:46,459 *applause* 7 00:00:46,459 --> 00:00:51,390 Bijan: Early in the morning, only at the Congress you can call 12:30 early in the 8 00:00:51,390 --> 00:00:57,460 morning, but it is. And, um, well, if you've ever sat on a plane and wondered 9 00:00:57,460 --> 00:01:02,350 what the person three rows behind you is eating, whether they flying alone, whether 10 00:01:02,350 --> 00:01:07,050 they have checked in their luggage or only hand luggage and what visa they were using 11 00:01:07,050 --> 00:01:12,510 when they were buying their plane ticket, then you're probably a police officer or 12 00:01:12,510 --> 00:01:16,909 should join the national police of any EU member state, because that is exactly what 13 00:01:16,909 --> 00:01:21,673 the national polices in Germany and Austria and other Europeans member states, 14 00:01:21,673 --> 00:01:25,689 Europe, member states of the European Union, can do. Thanks to the PNR 15 00:01:25,689 --> 00:01:30,479 directive, which is the topic of today's talk. And we are going to talk and explain 16 00:01:30,479 --> 00:01:35,719 to you what the PNR directive and the laws transposing it into national law are all 17 00:01:35,719 --> 00:01:40,889 about, why this is problematic and what we can do and what we are actually doing 18 00:01:40,889 --> 00:01:46,780 against it in order to stop it. And Walter will start off with a few infos. 19 00:01:46,780 --> 00:01:53,299 Walter: Yeah. Hello. So firstly, I would like to introduce into Epicenter Works, 20 00:01:53,299 --> 00:01:58,915 because we have already a history on bringing down data retention laws. So 21 00:01:58,915 --> 00:02:03,959 probably you know us from our fight against data retention in Europe when we 22 00:02:03,959 --> 00:02:08,429 still were called "AKA Vorrat Österreich". I am working for Epicenter Works on a 23 00:02:08,429 --> 00:02:14,610 voluntary basis. And I would like to mention my colleague Angelika Adensamer 24 00:02:14,610 --> 00:02:19,800 who did the main work on this for Epicenter Works. But she cannot be at 25 00:02:19,800 --> 00:02:31,130 Congress this year. So, flight data. It is said, I've heard that at any given point 26 00:02:31,130 --> 00:02:38,554 in time, one million people are on a plane in the skies flying around the globe. As 27 00:02:38,554 --> 00:02:47,379 you can see here. And today, although in times of resource exhaustion, we should 28 00:02:47,379 --> 00:02:52,959 talk about that anyway. I am convinced today we are talking about the data 29 00:02:52,959 --> 00:03:00,371 protection issue about it. A big one. And we are talking about passenger name 30 00:03:00,371 --> 00:03:07,560 records. So what is a passenger name record, anyway? A passenger name record, 31 00:03:07,560 --> 00:03:19,360 as you can see here, is a data set compiled of 19 different data fields. So 32 00:03:19,360 --> 00:03:26,000 you can get about up to 60 different data points on one single passenger on one 33 00:03:26,000 --> 00:03:31,549 single flight. So, for instance, you have data in there like the first and second 34 00:03:31,549 --> 00:03:40,109 name, address, but also other things, metadata. More important things, like the 35 00:03:40,109 --> 00:03:47,340 means of payment you made, the point in time when you booked the flight and things 36 00:03:47,340 --> 00:03:54,280 like that. And as a specific problem about it is that there is also a free text field 37 00:03:54,280 --> 00:04:02,170 so airline employees can enter data there and which we cannot control. And 38 00:04:02,170 --> 00:04:11,739 altogether we have a quite big data set of each passenger on each flight. So this is 39 00:04:11,739 --> 00:04:19,921 common in the airline industry. But in 2016, the PNR directive came about. So 40 00:04:19,921 --> 00:04:26,385 what is the PNR directive? It is a piece of European legislation , which was 41 00:04:26,385 --> 00:04:35,080 enacted in April 2016. And when we have European legislation, it's important to 42 00:04:35,080 --> 00:04:41,980 mention that it doesn't come out of the blue out of Brussels, but it is enacted 43 00:04:41,980 --> 00:04:49,563 together with from the commission, the European Parliament and the council. And 44 00:04:49,563 --> 00:04:56,070 the council are the governments of our member states. So we have to keep in mind 45 00:04:56,070 --> 00:05:03,024 that member states governments, have a big say when things like this are enacted. 46 00:05:03,024 --> 00:05:10,756 And it is a directive. And that means that every single member state has to transpose 47 00:05:10,756 --> 00:05:16,980 the content of the directive into its national law. And this had to be done 48 00:05:16,980 --> 00:05:24,824 until the 25th May of 2018. This was the the tenth transposition deadline. And for 49 00:05:24,824 --> 00:05:32,661 instance, Austria and Germany made laws to transpose that into their national law. So 50 00:05:32,661 --> 00:05:43,590 what had they to enact? They had to enact laws prescribing that all airlines have to 51 00:05:43,590 --> 00:05:51,986 transfer data of all passengers, all passenger name records of every flight, 52 00:05:51,986 --> 00:05:59,100 and they have to be pushed to a national police database. So unlike the telecom 53 00:05:59,100 --> 00:06:06,290 data retention I already mentioned, the data is not kept where it where where it 54 00:06:06,290 --> 00:06:11,380 is created. But it has to be pushed from the private sector, from the airlines, to 55 00:06:11,380 --> 00:06:21,060 police database, databases. And the data retention directive prescribes that every 56 00:06:21,060 --> 00:06:26,788 flight leaving or entering the European Union must be covered by that. But in 57 00:06:26,788 --> 00:06:32,649 addition, every single member state also covered flights within the EU. So you have 58 00:06:32,649 --> 00:06:37,880 we have the full take now. Flights within the EU as well as flights leaving or 59 00:06:37,880 --> 00:06:46,060 entering the EU. And every single record of every single passenger of every single 60 00:06:46,060 --> 00:06:55,410 flight is in a police database and will be compared with existing databases, for 61 00:06:55,410 --> 00:07:02,573 instance, of known criminals or of stolen passports and the like. And they try to 62 00:07:02,573 --> 00:07:10,560 find matches there. And what they are also going to do is matching with predetermined 63 00:07:10,560 --> 00:07:16,245 criteria. So they will come up with flight patterns of known perpetrators, for 64 00:07:16,245 --> 00:07:22,350 instance, when they booked a flight and so on. They will algorithmically try to find 65 00:07:22,350 --> 00:07:29,550 patterns there, and then they will compare your flight passenger name records with 66 00:07:29,550 --> 00:07:34,470 that data. And if you have a similar behavior, than a previous perpetrator, 67 00:07:34,470 --> 00:07:42,348 previous criminal, for instance, then you're already under suspicion. And this 68 00:07:42,348 --> 00:07:47,880 data in these databases are stored for five years and can be further used by 69 00:07:47,880 --> 00:07:54,460 different law enforcement agencies. So that data is not only compared and then 70 00:07:54,460 --> 00:08:00,560 deleted again. The storage time is five years and they do something called 71 00:08:00,560 --> 00:08:08,040 depersonalization about six months after the data was created. But this is not in 72 00:08:08,040 --> 00:08:13,480 any way an anonymisation, but they just remove some data and it can easily be 73 00:08:13,480 --> 00:08:20,530 identified again. So the person the data belongs to can easily be identified for 74 00:08:20,530 --> 00:08:27,495 the whole period of five years. So you probably asked yourself already: First, is 75 00:08:27,495 --> 00:08:33,958 this effective? Well, this runs already since last year, so we have some data. 76 00:08:33,958 --> 00:08:43,714 First, I will present to you the data from Austria. In Austria, we found out that 77 00:08:43,714 --> 00:08:52,220 already until the 30th of September, 2019, almost 24 passenger name records where 78 00:08:52,220 --> 00:08:59,450 forwarded to the passenger name unit at the Bundeskriminalamt and 79 00:08:59,450 --> 00:09:06,640 11 900 000 thousand different people were subject to that. And of these, almost 80 00:09:06,640 --> 00:09:13,005 24 000 000 passenger name records, the algorithms that checking against databases 81 00:09:13,005 --> 00:09:21,210 already brought up 190 000 matches. So every single match, 82 00:09:21,210 --> 00:09:27,639 every single output the algorithm has, must be checked by a human employee. So we 83 00:09:27,639 --> 00:09:34,430 have sitting there people who have to check. Even this is not even the data of a 84 00:09:34,430 --> 00:09:41,580 year. And they have to check 190 000 matches and only 280 85 00:09:41,580 --> 00:09:47,340 of them are actual hits. So if a person checks what the algorithm outputs there, 86 00:09:47,340 --> 00:09:55,540 then only in 0.15% of the cases the policewoman or policeman 87 00:09:55,540 --> 00:10:01,610 come to their conclusion: This is actually relevant for us. And if you do the math, 88 00:10:01,610 --> 00:10:09,731 this means that only 0.001% percent of all that 24 million passenger name data, your 89 00:10:09,731 --> 00:10:15,810 data which is checked, actually leads to a hit. And we don't even know how many 90 00:10:15,810 --> 00:10:23,120 actual false positives remain in these 220. This is only what the police will 91 00:10:23,120 --> 00:10:29,980 inspect afterwards. So we have no numbers or results if they had actual 92 00:10:29,980 --> 00:10:36,840 investigative results on that. But what we can say is that there are 21 employees, 93 00:10:36,840 --> 00:10:42,070 qualified employees, working in the passenger name, Passenger Information Unit, 94 00:10:42,070 --> 00:10:48,880 and this costs almost 2 million euros per year and only for checking that data in 95 00:10:48,880 --> 00:10:55,050 the small country of Austria. And Bijan now will present to you the data in German. 96 00:10:55,050 --> 00:10:59,285 Bijan: The number, the data of the big neighbor, because you said small country 97 00:10:59,285 --> 00:11:05,610 Austria. In Germany the numbers are surprisingly similar. We also had - have 98 00:11:05,610 --> 00:11:11,341 numbers up until mid of August 2019, and we have had almost 32 million passenger 99 00:11:11,341 --> 00:11:16,980 name records checked, which generated automatic results of matches of about 100 00:11:16,980 --> 00:11:24,290 240 000, which then were checked by 40 police officers and there remained only 101 00:11:24,290 --> 00:11:32,910 910 actual hits. So the fail rate was 99.6% and 0.003% all PNRs checked led to 102 00:11:32,910 --> 00:11:38,090 actual hits. And even of that number, just as in Austria, we are not sure how many 103 00:11:38,090 --> 00:11:43,170 false positives remain. We know that there were considerably a considerable amount of 104 00:11:43,170 --> 00:11:47,670 false positives. We estimate them to be in the hundreds. But the law enforcement did 105 00:11:47,670 --> 00:11:52,650 not specify what actually, how many supposed positives remained, even among 106 00:11:52,650 --> 00:11:59,202 the 910. And one of the results we know is that it led to 57 arrests. We don't know 107 00:11:59,202 --> 00:12:03,000 for which crimes. We don't know whether these people actually committed a crime, 108 00:12:03,000 --> 00:12:08,190 whether they were suspected for crime, whether they were just on a watch list. 109 00:12:08,190 --> 00:12:15,220 But 57 arrests, assuming this is these were legitimate, this means that 0.0002% 110 00:12:15,220 --> 00:12:21,430 of all PNRs checked led to an arrest. And if you try to to transpose this to other 111 00:12:21,430 --> 00:12:28,150 situations in life, you could go to a to a market, to to some, uh, to some festival 112 00:12:28,150 --> 00:12:32,490 or what not, and just ask randomly people, and you would probably have with a similar 113 00:12:32,490 --> 00:12:36,990 probability, an arrest in the end at the end of the day. So if this holds that this 114 00:12:36,990 --> 00:12:41,735 whole PNR processing holds is this effectiveness is the standard that we are 115 00:12:41,735 --> 00:12:49,611 happy with, then you can easily take this to all other sorts of walks of life. And 116 00:12:49,611 --> 00:12:55,650 this is true, in our opinion, a big problem, because it will lead to a digital 117 00:12:55,650 --> 00:13:00,766 surveillance state, which is has come quite near with these new tools that the 118 00:13:00,766 --> 00:13:07,510 PNR directive provide. What we've now just shown are the the automatic is the checks 119 00:13:07,510 --> 00:13:12,246 against databases. That was the one thing that the PNR directive provides for. The 120 00:13:12,246 --> 00:13:17,070 other one is the checking against predetermined criteria. And this is where 121 00:13:17,070 --> 00:13:23,010 the voodoo kind of starts, because the idea that you can merely from the data 122 00:13:23,010 --> 00:13:29,145 that is in the PNR, in your passenger name record, derive whether you are suspicious, 123 00:13:29,145 --> 00:13:36,292 or dangerous even is, at least in our opinion, pretty much voodoo, and it has 124 00:13:36,292 --> 00:13:43,089 serious consequences. And it might lead to automatic profiling affecting hundreds of 125 00:13:43,089 --> 00:13:47,270 millions of people, possibly, because everybody is checked when they and when 126 00:13:47,270 --> 00:13:51,830 they use a plane. Everybody PNR record is checked against these automatic , against 127 00:13:51,830 --> 00:13:56,742 these predetermined criteria, and not just for crimes such as terrorism or organized 128 00:13:56,742 --> 00:14:01,670 crime, where you could maybe make a case that there exists such a thing as a 129 00:14:01,670 --> 00:14:06,887 pattern of movements where you can identify a terrorist suspect, but it is 130 00:14:06,887 --> 00:14:13,850 also used for crimes such as fraud or forgery or cyber crime where I would argue 131 00:14:13,850 --> 00:14:18,501 you cannot find the typical cyber criminals flight pattern, flight patterns. 132 00:14:18,501 --> 00:14:24,339 It's just not possible. And so but but the PNR directive itself is only the one 133 00:14:24,339 --> 00:14:29,120 thing. We are fighting this for reasons that go way beyond the PNR processing so 134 00:14:29,120 --> 00:14:35,980 the processing of PNR flight data, because it may set a dangerous precedent for other 135 00:14:35,980 --> 00:14:40,870 mass surveillance. Already now PNR processing is being discussed for buses 136 00:14:40,870 --> 00:14:44,850 that cross borders, for ships and trains. And there are some countries such as 137 00:14:44,850 --> 00:14:50,870 Belgium that have already enacted the very much. And why stop there, might a police 138 00:14:50,870 --> 00:14:56,220 officer argue. Why not include rental cars that cross borders? Why not at some point 139 00:14:56,220 --> 00:15:00,410 include private cars that cross borders? Why not get away with that requirement of 140 00:15:00,410 --> 00:15:04,460 crossing borders? Why not have everybody checked all the time, maybe via their 141 00:15:04,460 --> 00:15:09,899 mobile phones? So when we give way to this sort of data processing with such a low 142 00:15:09,899 --> 00:15:16,040 threshold of effectiveness, we open the door for all sorts of, um, of activity 143 00:15:16,040 --> 00:15:21,310 that at least from our point of view, is illegal. And the question you were maybe 144 00:15:21,310 --> 00:15:27,311 asking yourself or maybe not. Is this legal? We are convinced it is not. And 145 00:15:27,311 --> 00:15:35,071 luckily, we could rely on a legal opinion that the European Court of Justice ECJ has 146 00:15:35,071 --> 00:15:40,800 rendered a two and a half years ago. There is one PNR agreement in place between the 147 00:15:40,800 --> 00:15:46,200 EU and the USA, which has not been challenged yet. And another agreement was 148 00:15:46,200 --> 00:15:51,330 supposed to be known or was negotiated between the EU Commission and Canada, and 149 00:15:51,330 --> 00:15:56,600 the EU Parliament then presented the question to the ECJ whether this agreement 150 00:15:56,600 --> 00:16:01,830 would be violating fundamental rights of the Charter of Fundamental Rights of the 151 00:16:01,830 --> 00:16:09,360 European Union. And the ECJ concluded that it would, in the form that it was proposed 152 00:16:09,360 --> 00:16:13,800 to it, breach Article 7 and 8 of that charter's. Article 7 as the right to 153 00:16:13,800 --> 00:16:17,971 privacy in Article 8 is the right to have your data protected, your personal data 154 00:16:17,971 --> 00:16:23,746 protected. And we are, of course, relying heavily on that, on the arguments that the 155 00:16:23,746 --> 00:16:29,149 court developed and developing them even further, because; as you can imagine, the 156 00:16:29,149 --> 00:16:34,563 PNR, the agreement with Canada and the PNR directive are quite similar. So what are 157 00:16:34,563 --> 00:16:40,821 these arguments that we are bringing up? And we've shown already that the 158 00:16:40,821 --> 00:16:45,884 effectiveness is highly doubtful. And this leads us to concluding that the PNR 159 00:16:45,884 --> 00:16:50,432 directive is disproportionate. So it violates human fundamental rights. For 160 00:16:50,432 --> 00:16:55,943 several reasons. One being a point that we've both raised already that PNR 161 00:16:55,943 --> 00:17:00,409 processing indiscriminately affects all passengers. And this is a very important 162 00:17:00,409 --> 00:17:05,069 point, because it makes it shows the difference between PNR processing under 163 00:17:05,069 --> 00:17:08,920 the PNR directive and what was formerly the the data retention of 164 00:17:08,920 --> 00:17:14,720 telecommunications data. Because the latter would require a specific case, 165 00:17:14,720 --> 00:17:20,029 something must have had happened in order for the law enforcement to ask for the 166 00:17:20,029 --> 00:17:26,010 telecommunications data of the telecommunications provider. But our 167 00:17:26,010 --> 00:17:32,210 PNR data on flights is checked all the time, always, against databases, and even 168 00:17:32,210 --> 00:17:36,669 more importantly, the predetermined criteria, which we, of course, do not know 169 00:17:36,669 --> 00:17:41,600 nothing about. And this brings with it especially the last point, the 170 00:17:41,600 --> 00:17:46,205 predetermined criteria, are high risk of false accusations. We've already seen that 171 00:17:46,205 --> 00:17:52,731 99.6% of data base matching, automatic data is matching is wrongful. And imagine 172 00:17:52,731 --> 00:17:59,639 how much higher the number would be with checking against predetermined criteria. 173 00:17:59,639 --> 00:18:05,809 And that the reason why we expect many false accusations, false positives, is the 174 00:18:05,809 --> 00:18:09,379 so-called base rate fallacy, which basically says that when you're looking 175 00:18:09,379 --> 00:18:13,980 for a very small amount of people in a large dataset and you have a significant 176 00:18:13,980 --> 00:18:18,769 fail rate, you're very likely to produce more false positives, maybe many more 177 00:18:18,769 --> 00:18:23,660 false positives than true positives. So actual suspects, or not suspects, but 178 00:18:23,660 --> 00:18:28,104 actual terrorists. So, for instance, when you if you're checking 100 million flight 179 00:18:28,104 --> 00:18:32,700 passengers. And you're looking for 100 terrorists, and you have even a fail rate 180 00:18:32,700 --> 00:18:39,659 of 0.1%, not the 99.6 that we're talking about now, but even just 0.1%, this would 181 00:18:39,659 --> 00:18:45,269 render this would this would render 100 000 flight passengers subject to to 182 00:18:45,269 --> 00:18:50,756 to being suspected terrorists. So you would have 100 000 false positives, 100 183 00:18:50,756 --> 00:18:55,280 terrorists that let's assume all of them so that they had a positive success rate 184 00:18:55,280 --> 00:19:00,311 of 100 percent identifying positively as a terrorist suspect. Then you will have 185 00:19:00,311 --> 00:19:07,291 100 000 false positives, 100 people that are correctly suspected. But everybody, of 186 00:19:07,291 --> 00:19:11,399 course, will be treated the same. And what I've listed here are just the obvious 187 00:19:11,399 --> 00:19:16,529 things, stigmatization at the airport by interrogation, searches of luggage of 188 00:19:16,529 --> 00:19:21,460 people and arrests, missing flights. And depending on the country 189 00:19:21,460 --> 00:19:27,019 you're in you may be in much more trouble after that. The second point is that the 190 00:19:27,019 --> 00:19:33,075 data is being stored way too long. As Walter has already mentioned 5 years. Why 191 00:19:33,075 --> 00:19:38,549 do you need 5 years worth of data to check a database entry or against a 192 00:19:38,549 --> 00:19:42,795 predetermined criteria? Of course, you don't needed it for that. Because you 193 00:19:42,795 --> 00:19:47,970 could do that immediately after a person has boarded. You can perform the check and 194 00:19:47,970 --> 00:19:52,584 then you could get rid of the data, delete it after it's being used. The reason why 195 00:19:52,584 --> 00:19:56,508 they're storing it so long as that law enforcement and intelligence agencies have 196 00:19:56,508 --> 00:20:01,489 an interest that goes beyond that checking after boarding, they want to keep the data 197 00:20:01,489 --> 00:20:06,649 and check it in future, criminal investigations in future, looking into a 198 00:20:06,649 --> 00:20:10,635 person, what where they've traveled and so on and so forth. But that has nothing to 199 00:20:10,635 --> 00:20:15,980 do with the original purpose of PNR, the PNR directive. And what at least everybody 200 00:20:15,980 --> 00:20:21,243 here will know in all data storing, so data storing is in itself a problem. It's 201 00:20:21,243 --> 00:20:25,169 in itself a violation of fundamental rights when there is no legitimate reason 202 00:20:25,169 --> 00:20:30,316 to do so. But also all data storage puts the data stored at risk. And as we've 203 00:20:30,316 --> 00:20:34,980 mentioned already, there's the payment data, especially there's other other 204 00:20:34,980 --> 00:20:39,320 sensitive data with whom you've traveled, whether you've traveled with light luggage 205 00:20:39,320 --> 00:20:45,787 or not, where you have gone to, via which place and so on and so forth. Another 206 00:20:45,787 --> 00:20:49,370 point, which is a bit more complicated is that the director does not sufficiently 207 00:20:49,370 --> 00:20:54,039 differentiate between crimes where automatic profiling could make sense and 208 00:20:54,039 --> 00:20:59,901 others. So as I have said, there may be a point in saying that the typical 209 00:20:59,901 --> 00:21:06,039 terrorists would fly from A to B via C without checking in luggage using this or 210 00:21:06,039 --> 00:21:11,220 that tourist office and so on and so forth. So maybe just assume that this is 211 00:21:11,220 --> 00:21:17,200 the case. This, no one can can tell me that there is a typical flight pattern of 212 00:21:17,200 --> 00:21:23,200 a fraudster where you could ask someone define which way a fraudster typically 213 00:21:23,200 --> 00:21:27,990 flies and identify such a person. So what the directive would have needed to do if 214 00:21:27,990 --> 00:21:32,269 they wanted had wanted to check against predetermined criteria would have been to 215 00:21:32,269 --> 00:21:38,943 identify for which crimes - exactly, and only for these - you can use such a voodoo 216 00:21:38,943 --> 00:21:44,389 miracle weapon. And finally, these are not the only arguments, but the more most 217 00:21:44,389 --> 00:21:49,269 important ones. We expect that the false positives especially will lead to 218 00:21:49,269 --> 00:21:55,249 discrimination against minorities. And one example that the German National Police, 219 00:21:55,249 --> 00:22:01,249 the Bundeskriminalamt has given us for a predetermined criteria are young men 220 00:22:01,249 --> 00:22:06,732 flying from airports from the south of Turkey to a major European city. So 221 00:22:06,732 --> 00:22:10,700 they're thinking about former IS fighters, IS terrorists. And as you can easily 222 00:22:10,700 --> 00:22:15,690 imagine what kind of people will be sitting in in in a on a plane that's 223 00:22:15,690 --> 00:22:20,310 coming from the south of Turkey to Germany or to any other European country. Of 224 00:22:20,310 --> 00:22:25,986 course, this will affect them disproportionately, affect minorities. And 225 00:22:25,986 --> 00:22:32,030 it is already now highly intransparent what how these these predetermined 226 00:22:32,030 --> 00:22:38,220 criteria are developed. And imagine a near future where law enforcement will 227 00:22:38,220 --> 00:22:42,640 naturally try to involve artificial intelligence and finding patterns in the 228 00:22:42,640 --> 00:22:48,179 raw data of flight movements of PNR data, of the treasure they're now hoarding with 229 00:22:48,179 --> 00:22:54,559 a five year worth of data. And at the latest, at that point in time, it will be 230 00:22:54,559 --> 00:23:00,710 impossible for us to understand why a certain criterion was defined and how how 231 00:23:00,710 --> 00:23:04,372 to challenge it when you're in the position to be arrested at the airport, 232 00:23:04,372 --> 00:23:10,189 for instance. So what can we do? And that's where we come in. The two 233 00:23:10,189 --> 00:23:15,919 organizations that we are. We are no typical advocacy organizations, but we do 234 00:23:15,919 --> 00:23:21,039 strategic litigation. Because unfortunately no advocacy worked on the 235 00:23:21,039 --> 00:23:26,220 PNR directive. It came into force pretty much as the, um, as national law 236 00:23:26,220 --> 00:23:34,139 enforcement wanted it to be. And so there is one instance, one authority at the time 237 00:23:34,139 --> 00:23:39,019 that in Europe, in Germany, in Europe, the European Union, the courts, which can 238 00:23:39,019 --> 00:23:44,919 which can ideally, um, dismiss of the reasons of the motivations of law 239 00:23:44,919 --> 00:23:51,340 enforcement to have such a directive enforced and can try to objectively assess 240 00:23:51,340 --> 00:23:57,181 whether this is actually legal and should remain in force, stay in force or not. And 241 00:23:57,181 --> 00:24:01,639 we did this through litigation both in Germany and in Austria, and both are 242 00:24:01,639 --> 00:24:06,490 having the same goal, which is to present to the European Court of Justice the 243 00:24:06,490 --> 00:24:11,774 question whether the PNR directive and any national law that is transposing the PNR 244 00:24:11,774 --> 00:24:17,980 directive is in violation of the Charter of Fundamental Rights. Why do we have to 245 00:24:17,980 --> 00:24:23,470 go? Why is the ECJ important? Because when you have a national law that directly 246 00:24:23,470 --> 00:24:31,330 transposes a European law, a directive, then then only the ECJ can declare such a 247 00:24:31,330 --> 00:24:35,419 law void. There is no way for, for instance, in Germany, the federal 248 00:24:35,419 --> 00:24:39,669 constitutional court, the Bundesverfassungsgericht, to say that this 249 00:24:39,669 --> 00:24:46,016 law should not be applied any longer. This question must be presented to the ECJ. So 250 00:24:46,016 --> 00:24:50,940 how could we get to the ECJ? This actually was a process that took us quite a bit of 251 00:24:50,940 --> 00:24:56,489 time. It's been two years in the making. A year ago, we launched six different 252 00:24:56,489 --> 00:25:01,270 complaints of six different plaintiffs that are flying all over Europe, that we 253 00:25:01,270 --> 00:25:05,792 booked flights for them that led them to a European member states, a European Union 254 00:25:05,792 --> 00:25:10,926 member states and two states outside of the European Union. And we sent the 255 00:25:10,926 --> 00:25:16,029 complaints to three different courts. The one, two complaints were directed against 256 00:25:16,029 --> 00:25:20,320 the German national police and went to the administrative court in Wiesbaden, and 257 00:25:20,320 --> 00:25:24,559 four others were directed against the airplane airlines. So we tried to 258 00:25:24,559 --> 00:25:30,950 diversify as much as possible in order to find a judge that would agree with us that 259 00:25:30,950 --> 00:25:36,779 this is problematic and this needs checking. And we are optimistic that 260 00:25:36,779 --> 00:25:43,500 either the court in Wiesbaden or the court in Cologne will soon present these very 261 00:25:43,500 --> 00:25:48,289 questions to the court, whether the German transposition law and the PNR directive 262 00:25:48,289 --> 00:25:53,119 itself are violating fundamental rights after European of the Charter of the 263 00:25:53,119 --> 00:25:58,981 European Union. Walter: So as Bijan already mentioned, our 264 00:25:58,981 --> 00:26:05,389 aim is to bring our case as quick as possible to the European Court of Justice. 265 00:26:05,389 --> 00:26:11,470 So we had different options. And in Austria, we went a third way. We brought a case 266 00:26:11,470 --> 00:26:18,976 before the Austrian Data Protection Authority against the Fluggastdatenzentralstelle 267 00:26:18,976 --> 00:26:24,603 im Bundeskriminalamt, a passenger named unit. And we we brought several 268 00:26:24,603 --> 00:26:31,059 different cases and we also found out that different, smaller things which we are on. 269 00:26:31,059 --> 00:26:38,014 But the main thing is that this case already went as planned to the 270 00:26:38,014 --> 00:26:46,579 Bundesverwaltungsgericht, so the federal administrative court in Austria. And from 271 00:26:46,579 --> 00:26:54,850 there, we hope that is also soon forwarded to the European Court of Justice. And 272 00:26:54,850 --> 00:27:02,239 theoretically, it would be enough if one case hits the European Court of Justice. 273 00:27:02,239 --> 00:27:07,590 But practically, it is, of course, very important to have different strategies 274 00:27:07,590 --> 00:27:15,749 because there are different speeds and so on. So that's why we also should mention 275 00:27:15,749 --> 00:27:22,929 another case, the the Belgian case. So this Belgian human rights organization, 276 00:27:22,929 --> 00:27:28,647 they also brought the case before a Belgian court. In this case, it was 277 00:27:28,647 --> 00:27:34,720 directly the Belgian constitutional court. So they had a direct way to the 278 00:27:34,720 --> 00:27:40,340 constitutional court, unlike our cases in Austria, where this or in Germany where 279 00:27:40,340 --> 00:27:47,369 this was not possible. And therefore, the Belgian constitutional court already 280 00:27:47,369 --> 00:27:55,037 referred this case to the European Court of Justice. And we are hoping that our 281 00:27:55,037 --> 00:28:01,210 case will be soon or cases, or at least some of them will soon be joined with this 282 00:28:01,210 --> 00:28:11,220 case at the European Court of Justice, and then decided together. So to sum up, we 283 00:28:11,220 --> 00:28:20,429 have actually a very infringing piece of legislation the PNR directive, PNR 284 00:28:20,429 --> 00:28:28,529 processing, as Bijan explained to us in more detail, is extremely intrusive in all 285 00:28:28,529 --> 00:28:34,549 flight passengers' fundamental rights. It violates fundamental rights, especially 286 00:28:34,549 --> 00:28:41,460 because it is already... is also ineffective and disproportionate. So we 287 00:28:41,460 --> 00:28:47,649 heard about these different things. The base rate fallacy that it is ineffective 288 00:28:47,649 --> 00:28:54,099 and disproportionate because it is not really possible to find specific suspects 289 00:28:54,099 --> 00:29:02,570 in such amount of data with without having a lot, a real lot of false positives. So 290 00:29:02,570 --> 00:29:08,190 other arguments are that it is data retention in the first place. So also 291 00:29:08,190 --> 00:29:14,989 already the retention of the data of people like you and me is a big problem 292 00:29:14,989 --> 00:29:22,600 and unlawful. And this general suspicion it leads to. So everybody becomes a 293 00:29:22,600 --> 00:29:30,200 suspect and can become practically a suspect, can get problems practically from 294 00:29:30,200 --> 00:29:38,899 that legislation without being a criminal. And yeah, we have strong arguments as we 295 00:29:38,899 --> 00:29:48,599 showed you already, the case of the Canada PNR directive, the PNR agreement with 296 00:29:48,599 --> 00:29:55,259 Canada is very similar in practice to the PNR directive. So the arguments already 297 00:29:55,259 --> 00:30:01,480 held before the European Court of Justice. So actually, it's a shame that this was 298 00:30:01,480 --> 00:30:07,971 not stopped earlier. And civil rights organizations as we are have to do that. 299 00:30:07,971 --> 00:30:16,590 And that's what we do. And that's also why we depend on donations. So that's also 300 00:30:16,590 --> 00:30:21,789 important to stress that our work people having people fully employed to do things 301 00:30:21,789 --> 00:30:28,700 like that cost some money. And that's where you can find us. So we have a 302 00:30:28,700 --> 00:30:35,799 campaign website, nopnr.eu in German and English. And you can find us, of 303 00:30:35,799 --> 00:30:40,580 course, on our website and both websites and find ways how to join us, how to 304 00:30:40,580 --> 00:30:46,730 support us. And also still today, you can meet us at our assembly in the CCL 305 00:30:46,730 --> 00:30:52,590 building the about freedom assembly, where both the Gesellschaft für Freiheitsrechte 306 00:30:52,590 --> 00:31:00,659 and Epicentre Works have their desk and you can ask all the question. But first, 307 00:31:00,659 --> 00:31:03,378 ask all your questions now. Thank you. 308 00:31:03,378 --> 00:31:06,870 *Applause* 309 00:31:06,870 --> 00:31:14,760 Herald: Thank you, Walter and Bijan, for this very clarifying statements. I suppose 310 00:31:14,760 --> 00:31:19,379 there are quite some questions here in the audience. Only I'm looking at someone 311 00:31:19,379 --> 00:31:32,252 who's grabbing a microphone now. I see the signal angel. Yes. The mic is not on. Can 312 00:31:32,252 --> 00:31:47,591 someone help him? Signal Angel needs a mic. Yes, it's almost there. Brains are 313 00:31:47,591 --> 00:31:51,409 working. Signal Angel: Thank you. Is there a cheap 314 00:31:51,409 --> 00:31:55,470 method to spam for some trees, for example, by booking flight under a false 315 00:31:55,470 --> 00:32:02,999 name and then canceling the flight? Bijan: Well, I think it's it's difficult 316 00:32:02,999 --> 00:32:06,889 to say. I didn't get the very first words. Sorry. 317 00:32:06,889 --> 00:32:11,159 Signal Angel: Yes, the very first one was: is there a cheap method to spam, to spam 318 00:32:11,159 --> 00:32:14,809 for some trees? Bijan: Yeah. Theoretically, I don't think 319 00:32:14,809 --> 00:32:19,129 that anything could speak against that. Yeah, but the problem is that you would 320 00:32:19,129 --> 00:32:23,749 need to cancel very late because, um, I think the first time they push the data, 321 00:32:23,749 --> 00:32:28,139 the airlines are pushing the data to the national police is, 48 hours before the 322 00:32:28,139 --> 00:32:32,799 before boarding. So that might come to become a bit expensive. 323 00:32:32,799 --> 00:32:34,439 *Laughter* 324 00:32:34,439 --> 00:32:38,918 Walter: I would want to make a general remark also on that. Of course, here, 325 00:32:38,918 --> 00:32:44,109 especially here, thoughts like that, how to hack the system are very important and 326 00:32:44,109 --> 00:32:50,759 can help. But our general approach is to take legal action to protect all people at 327 00:32:50,759 --> 00:32:56,019 the same way, and not only those who who are able to protect themselves or hack the 328 00:32:56,019 --> 00:33:04,139 system or whatever. So that's the reason why we both go this general way to bring 329 00:33:04,139 --> 00:33:11,449 that down. Completely. Herald: And other question here. Yes. 330 00:33:11,449 --> 00:33:20,879 Sorry, sir. Please. Q: What do you expect as a result of your 331 00:33:20,879 --> 00:33:26,549 litigation if you are successful in court? Will ... do you expect the courts to 332 00:33:26,549 --> 00:33:34,309 strike down the directive entirely, or do you expect another legislative process to 333 00:33:34,309 --> 00:33:42,260 do the same thing again or to fix, quote unquote, the directive in very small ways 334 00:33:42,260 --> 00:33:47,570 just to to drag out this battle and continue the practice. What do you think 335 00:33:47,570 --> 00:33:52,210 the effects will be? Bijan: Well, we think that the European 336 00:33:52,210 --> 00:33:56,070 Court of Justice, if it follows our argument, our reasoning, it should it will 337 00:33:56,070 --> 00:33:59,690 strike down the PNR directive entirely, because the way it is set up is 338 00:33:59,690 --> 00:34:06,561 fundamentally not in in accordance with what it earlier ruled so far. Unless it 339 00:34:06,561 --> 00:34:10,550 will change its its entire history of ruling on data retention and so on and so 340 00:34:10,550 --> 00:34:15,679 forth. But of course, we will expect the member states to push for another 341 00:34:15,679 --> 00:34:21,349 legislation that may be similar, but not the exact same thing. So I can imagine 342 00:34:21,349 --> 00:34:25,889 something of a of the sort of data retention of telecommunications, as it 343 00:34:25,889 --> 00:34:31,060 were, and with airlines retaining the data and keeping it for a shorter period of 344 00:34:31,060 --> 00:34:36,291 time and only giving it out when there is a specific request with, where there is a 345 00:34:36,291 --> 00:34:41,029 specific reason for law enforcement to ask for the data. I could imagine such a thing 346 00:34:41,029 --> 00:34:45,845 coming up again and then we would need to check whether this is illegal or not. And 347 00:34:45,845 --> 00:34:50,254 maybe go through the whole procedure as well. But it is it would be an immense 348 00:34:50,254 --> 00:34:56,191 success if the PNR directive as it stands would be void. Declared void. 349 00:34:56,191 --> 00:35:02,290 Herald: Thank you. Someone else has a question. I see the person here. 350 00:35:02,290 --> 00:35:10,789 Microphone one, please. Q: Hel-lo, yeah. Okay, so you had the 351 00:35:10,789 --> 00:35:15,480 agreement that, uh, there are a lot of false positives when they checked up PNR 352 00:35:15,480 --> 00:35:20,640 data. Um, do we have any information how long it takes for them to react on the PNR 353 00:35:20,640 --> 00:35:25,570 data if they get a positive hit? So maybe they won't react after the person has 354 00:35:25,570 --> 00:35:31,109 landed and already, uh, is in the country? Bijan: They claim that they can act 355 00:35:31,109 --> 00:35:36,930 immediately, but we can't know that for sure. So the fact that they had 57 arrests 356 00:35:36,930 --> 00:35:42,366 at the airports signals that at least that in some respects this is true. But we 357 00:35:42,366 --> 00:35:47,477 cannot know for sure how much, how quickly they they they kind of react. And keep in 358 00:35:47,477 --> 00:35:52,470 mind, this is only the start. So, so far in Germany, right up until the point where 359 00:35:52,470 --> 00:35:57,220 this the data that I presented for Germany came about, there were only 9 airlines, I 360 00:35:57,220 --> 00:36:01,440 think, that were linked to the system. So expect there to be much more data coming 361 00:36:01,440 --> 00:36:05,829 in. And once they start with a predetermined criteria thing, this will 362 00:36:05,829 --> 00:36:13,440 multiply probably. Um, even so, I cannot imagine unless they they ... have this 363 00:36:13,440 --> 00:36:20,279 new, um, thing with hundreds of people involved that they can act immediately in 364 00:36:20,279 --> 00:36:26,240 each and every case. Herald: Thank you. There is a question 365 00:36:26,240 --> 00:36:30,100 again on the Internet. Yes. Signal Angel: Yes. How come, you haven't 366 00:36:30,100 --> 00:36:35,349 tried voiding the local at one provisions that this PNR there for intra EU flights? *(???)* 367 00:36:35,349 --> 00:36:39,180 That seems most likely against Schengen provisions. 368 00:36:39,180 --> 00:36:44,837 Bijan: We have addressed that as well. We have picked intra-EU flights also. We have 369 00:36:44,837 --> 00:36:52,290 not just picked flights that go extra EU, but, we've also made the point about the 370 00:36:52,290 --> 00:36:57,839 the violation of Schengen criteria. But that is not so much that is not the focus 371 00:36:57,839 --> 00:37:02,893 of our argument because they are, in our opinion, much stronger ones. Because with 372 00:37:02,893 --> 00:37:06,990 Schengen you would need to argue that it's practically impossible to enter the 373 00:37:06,990 --> 00:37:13,260 country without being held up and you're not being held up in a physical form, at 374 00:37:13,260 --> 00:37:18,910 least not in general, generally. And so this argument is a bit more difficult than 375 00:37:18,910 --> 00:37:25,024 having an actual border checking of people. But we're making this point, of 376 00:37:25,024 --> 00:37:30,460 course. And but we rely on other points that we think are stronger. 377 00:37:30,460 --> 00:37:35,540 Herald: Okay. Please. Microphone number one, please. 378 00:37:35,540 --> 00:37:40,093 Q: Is there also data being collected on flights inside a country. So, for example, 379 00:37:40,093 --> 00:37:43,530 from Munich to Berlin. Bijan: Not yet. Not under the directive. 380 00:37:43,530 --> 00:37:48,099 And theoretically, of course, that the German legislator or any other legislator 381 00:37:48,099 --> 00:37:51,820 could decide to include that as well, but not so far. 382 00:37:51,820 --> 00:37:56,329 Herald: Number two, please. Microphone. Yeah. 383 00:37:56,329 --> 00:38:01,920 Q: I was wondering how much, uh, false negatives are in there. You know, that, 384 00:38:01,920 --> 00:38:07,940 like, uh, these big databases. If I don't act like a normal terrorist or something 385 00:38:07,940 --> 00:38:10,570 than I am? Bijan: We don't we don't know, 386 00:38:10,570 --> 00:38:15,130 unfortunately, not yet. Um, I did. I think it would be very interesting, especially 387 00:38:15,130 --> 00:38:21,750 for the predetermined criteria , to see how many they miss. Um, but yeah. No, not 388 00:38:21,750 --> 00:38:28,579 nothing at. Herald: Yeah, and there is no undo button, 389 00:38:28,579 --> 00:38:33,579 I think. No. No. No undo. That's always the thing that I that I'm worried about, 390 00:38:33,579 --> 00:38:38,140 you know. Then you have an announcement about France's data that go out and then 391 00:38:38,140 --> 00:38:44,040 you can't have an undo. So what do we do then? It's always new. Yeah, you can keep 392 00:38:44,040 --> 00:38:48,640 this for five years now. But who says it's there for five years and what kind of 393 00:38:48,640 --> 00:38:51,967 interpretation to get out of it for five years? After five years? 394 00:38:51,967 --> 00:38:55,089 Bijan: You can't know in which database you will be transferred in 395 00:38:55,089 --> 00:38:59,940 the meantime, because law enforcement can access the data of that very data set and 396 00:38:59,940 --> 00:39:03,700 forth for that data and the PNR data set and put it in another data set because 397 00:39:03,700 --> 00:39:08,480 they have whatever reason to do so. And then these are again enlarged and 398 00:39:08,480 --> 00:39:12,670 enlarged. And then you will find another reason why they should remain in there for 399 00:39:12,670 --> 00:39:17,230 a longer time. So, yeah. That's why we're fighting this now and hoping to change the 400 00:39:17,230 --> 00:39:19,480 future. Herald: How do you see your chances? 401 00:39:19,480 --> 00:39:27,070 Actually, uh, a long term or short term chances to get to that point is that? 402 00:39:27,070 --> 00:39:30,500 Bijan: We are very convinced that we will be successful, because otherwise we 403 00:39:30,500 --> 00:39:33,529 wouldn't have started this. This is one of our principles. We only do things that we 404 00:39:33,529 --> 00:39:38,321 are convinced of being able to win and we think that we will win this. And what will 405 00:39:38,321 --> 00:39:42,240 come out of it? Referring to the I think the second and the second question 406 00:39:42,240 --> 00:39:47,480 earlier. And what will be happening in the future with other legislation? I can't 407 00:39:47,480 --> 00:39:51,430 know. But one argument the police is always making or in private, at least to 408 00:39:51,430 --> 00:39:55,819 me, are is that they're saying, well, people will get used to it and it won't be 409 00:39:55,819 --> 00:40:00,783 in in five or 10 years. Nobody's gonna be wondering about things like this. And this 410 00:40:00,783 --> 00:40:05,299 is exactly what we are working against, that this never becomes normal, because if 411 00:40:05,299 --> 00:40:07,470 this becomes normal, as I've argued before, 412 00:40:07,470 --> 00:40:11,130 *applause* Herald: needs an applause Yes. 413 00:40:11,130 --> 00:40:14,880 Bijan: If it becomes normal, as I've argued before, it is easy to extend it to 414 00:40:14,880 --> 00:40:20,529 all sorts of life and ways of life and walks of life. And this then would be in a 415 00:40:20,529 --> 00:40:25,859 surveillance state par excellence. Herald: We were very close there. So we 416 00:40:25,859 --> 00:40:30,089 need to support them really hard. There is one last question I suggest. No. There is 417 00:40:30,089 --> 00:40:35,619 two questions. Number two. Yes. Q: Does the PNR directive apply only for 418 00:40:35,619 --> 00:40:39,492 regular scheduled flights? So does it also apply for private flights? The general 419 00:40:39,492 --> 00:40:42,819 aviation business flights, etc.? Bijan: Good question. I don't know. 420 00:40:42,819 --> 00:40:48,510 Actually, I look into that and. Write me! Come, come here later and I'll check and 421 00:40:48,510 --> 00:40:52,310 I'll give you an answer. Herald: Then there is one at number one. 422 00:40:52,310 --> 00:40:56,710 Q: I just wanted to ask a question in response to the idea that this is becoming 423 00:40:56,710 --> 00:41:01,810 very normal, because one thing that I think has become very normal that hasn't 424 00:41:01,810 --> 00:41:07,924 been mentioned explicitly is the idea that people can be essentially put on a watch 425 00:41:07,924 --> 00:41:12,782 list as being a potential criminal in the absence of a crime. And we have these 426 00:41:12,782 --> 00:41:19,605 terrorist watch lists all over the world now. That is now the new normal. And I 427 00:41:19,605 --> 00:41:24,750 think that's very problematic. And can you just maybe talk about: Do we, do you see a 428 00:41:24,750 --> 00:41:30,829 future where we can actually get back to, you know, only arresting or investigating 429 00:41:30,829 --> 00:41:33,890 people because of probable cause, for example? 430 00:41:33,890 --> 00:41:39,421 Bijan: Oh, I hope that this will be our future. But, uh, about that point, that 431 00:41:39,421 --> 00:41:43,750 very point, I'm not too optimistic, to be honest. I am optimistic about one other 432 00:41:43,750 --> 00:41:48,859 one. Another thing that is that these instruments that are now being created 433 00:41:48,859 --> 00:41:52,910 will prove to be highly ineffective, as we've so now see now already with checking 434 00:41:52,910 --> 00:41:58,290 against databases, that is already a lot of work and very tedious work. But with 435 00:41:58,290 --> 00:42:04,079 the idea that you can define criteria for people that that are legitimately to be 436 00:42:04,079 --> 00:42:08,710 suspected of committing a crime in the future, I think it will prove, at least 437 00:42:08,710 --> 00:42:12,990 for the next few decades, to be quite impossible. And this is I don't know if 438 00:42:12,990 --> 00:42:19,880 this came across correctly sufficiently, but this is really the core issue that we 439 00:42:19,880 --> 00:42:25,619 have with the PNR directive. They are claiming that they can find suspects of 440 00:42:25,619 --> 00:42:31,690 crimes or future crimes. Imagine! Not not someone that has committed a crime or that 441 00:42:31,690 --> 00:42:36,890 will definitely commit a crime, but that can reasonably be suspected of committing 442 00:42:36,890 --> 00:42:43,960 a crime in the future, and then act upon that. And that is really a huge step into 443 00:42:43,960 --> 00:42:49,220 what I called voodoo, about the expectation that you can take data and 444 00:42:49,220 --> 00:42:55,400 prevent crime. Minority Report times. Yeah. To the power five. I don't know. 445 00:42:55,400 --> 00:43:00,534 Herald: Sit back and relax. Thank you Bijan and thank you, Walter, for this 446 00:43:00,534 --> 00:43:08,520 fantastic lecture. Please support them at noPNR dot EU, go to their booth as well. 447 00:43:08,520 --> 00:43:10,520 And thank you all. 448 00:43:10,520 --> 00:43:22,010 *36C3 postroll music* 449 00:43:22,010 --> 00:43:38,000 Subtitles created by c3subtitles.de in the year 2021. Join, and help us!