WEBVTT

00:00:00.000 --> 00:00:18.879
<i> 36C3 preroll music</i>

00:00:18.879 --> 00:00:25.802
Herald: Next is Bijan. Bijan. Bijan, I 
pronounce this. Pretty persian. Yeah. He's

00:00:25.802 --> 00:00:32.730
an attorney, ein Rechtsanwalt it is called in
deutsch, and he works for the Gesellschaft

00:00:32.730 --> 00:00:37.971
für Freiheitsrechte in Berlin. If I'm
right. Good. Give them a welcome.

00:00:37.971 --> 00:00:42.369
applause, please. It's early in the
morning. We're going to kick back here.

00:00:42.369 --> 00:00:46.459
<i>applause</i>

00:00:46.459 --> 00:00:51.390
Bijan: Early in the morning, only at the
Congress you can call 12:30 early in the

00:00:51.390 --> 00:00:57.460
morning, but it is. And, um, well, if
you've ever sat on a plane and wondered

00:00:57.460 --> 00:01:02.350
what the person three rows behind you is
eating, whether they flying alone, whether

00:01:02.350 --> 00:01:07.050
they have checked in their luggage or only
hand luggage and what visa they were using

00:01:07.050 --> 00:01:12.510
when they were buying their plane ticket,
then you're probably a police officer or

00:01:12.510 --> 00:01:16.909
should join the national police of any EU
member state, because that is exactly what

00:01:16.909 --> 00:01:21.673
the national polices in Germany and
Austria and other Europeans member states,

00:01:21.673 --> 00:01:25.689
Europe, member states of the European
Union, can do. Thanks to the PNR

00:01:25.689 --> 00:01:30.479
directive, which is the topic of today's
talk. And we are going to talk and explain

00:01:30.479 --> 00:01:35.719
to you what the PNR directive and the laws
transposing it into national law are all

00:01:35.719 --> 00:01:40.889
about, why this is problematic and what we
can do and what we are actually doing

00:01:40.889 --> 00:01:46.780
against it in order to stop it. And Walter
will start off with a few infos.

00:01:46.780 --> 00:01:53.299
Walter: Yeah. Hello. So firstly, I would
like to introduce into Epicenter Works,

00:01:53.299 --> 00:01:58.915
because we have already a history on
bringing down data retention laws. So

00:01:58.915 --> 00:02:03.959
probably you know us from our fight
against data retention in Europe when we

00:02:03.959 --> 00:02:08.429
still were called "AKA Vorrat Österreich".
I am working for Epicenter Works on a

00:02:08.429 --> 00:02:14.610
voluntary basis. And I would like to
mention my colleague Angelika Adensamer

00:02:14.610 --> 00:02:19.800
who did the main work on this for
Epicenter Works. But she cannot be at

00:02:19.800 --> 00:02:31.130
Congress this year. So, flight data. It is
said, I've heard that at any given point

00:02:31.130 --> 00:02:38.554
in time, one million people are on a plane
in the skies flying around the globe. As

00:02:38.554 --> 00:02:47.379
you can see here. And today, although in
times of resource exhaustion, we should

00:02:47.379 --> 00:02:52.959
talk about that anyway. I am convinced
today we are talking about the data

00:02:52.959 --> 00:03:00.371
protection issue about it. A big one. And
we are talking about passenger name

00:03:00.371 --> 00:03:07.560
records. So what is a passenger name
record, anyway? A passenger name record,

00:03:07.560 --> 00:03:19.360
as you can see here, is a data set
compiled of 19 different data fields. So

00:03:19.360 --> 00:03:26.000
you can get about up to 60 different data
points on one single passenger on one

00:03:26.000 --> 00:03:31.549
single flight. So, for instance, you have
data in there like the first and second

00:03:31.549 --> 00:03:40.109
name, address, but also other things,
metadata. More important things, like the

00:03:40.109 --> 00:03:47.340
means of payment you made, the point in
time when you booked the flight and things

00:03:47.340 --> 00:03:54.280
like that. And as a specific problem about
it is that there is also a free text field

00:03:54.280 --> 00:04:02.170
so airline employees can enter data there
and which we cannot control. And

00:04:02.170 --> 00:04:11.739
altogether we have a quite big data set of
each passenger on each flight. So this is

00:04:11.739 --> 00:04:19.921
common in the airline industry. But in
2016, the PNR directive came about. So

00:04:19.921 --> 00:04:26.385
what is the PNR directive? It is a piece
of European legislation , which was

00:04:26.385 --> 00:04:35.080
enacted in April 2016. And when we have
European legislation, it's important to

00:04:35.080 --> 00:04:41.980
mention that it doesn't come out of the
blue out of Brussels, but it is enacted

00:04:41.980 --> 00:04:49.563
together with from the commission, the
European Parliament and the council. And

00:04:49.563 --> 00:04:56.070
the council are the governments of our
member states. So we have to keep in mind

00:04:56.070 --> 00:05:03.024
that member states governments, have a
big say when things like this are enacted.

00:05:03.024 --> 00:05:10.756
And it is a directive. And that means that
every single member state has to transpose

00:05:10.756 --> 00:05:16.980
the content of the directive into its
national law. And this had to be done

00:05:16.980 --> 00:05:24.824
until the 25th May of 2018. This was the
the tenth transposition deadline. And for

00:05:24.824 --> 00:05:32.661
instance, Austria and Germany made laws to
transpose that into their national law. So

00:05:32.661 --> 00:05:43.590
what had they to enact? They had to enact
laws prescribing that all airlines have to

00:05:43.590 --> 00:05:51.986
transfer data of all passengers, all
passenger name records of every flight,

00:05:51.986 --> 00:05:59.100
and they have to be pushed to a national
police database. So unlike the telecom

00:05:59.100 --> 00:06:06.290
data retention I already mentioned, the
data is not kept where it where where it

00:06:06.290 --> 00:06:11.380
is created. But it has to be pushed from
the private sector, from the airlines, to

00:06:11.380 --> 00:06:21.060
police database, databases. And the data
retention directive prescribes that every

00:06:21.060 --> 00:06:26.788
flight leaving or entering the European
Union must be covered by that. But in

00:06:26.788 --> 00:06:32.649
addition, every single member state also
covered flights within the EU. So you have

00:06:32.649 --> 00:06:37.880
we have the full take now. Flights within
the EU as well as flights leaving or

00:06:37.880 --> 00:06:46.060
entering the EU. And every single record
of every single passenger of every single

00:06:46.060 --> 00:06:55.410
flight is in a police database and will be
compared with existing databases, for

00:06:55.410 --> 00:07:02.573
instance, of known criminals or of stolen
passports and the like. And they try to

00:07:02.573 --> 00:07:10.560
find matches there. And what they are also
going to do is matching with predetermined

00:07:10.560 --> 00:07:16.245
criteria. So they will come up with flight
patterns of known perpetrators, for

00:07:16.245 --> 00:07:22.350
instance, when they booked a flight and so
on. They will algorithmically try to find

00:07:22.350 --> 00:07:29.550
patterns there, and then they will compare
your flight passenger name records with

00:07:29.550 --> 00:07:34.470
that data. And if you have a similar
behavior, than a previous perpetrator,

00:07:34.470 --> 00:07:42.348
previous criminal, for instance, then
you're already under suspicion. And this

00:07:42.348 --> 00:07:47.880
data in these databases are stored for
five years and can be further used by

00:07:47.880 --> 00:07:54.460
different law enforcement agencies. So
that data is not only compared and then

00:07:54.460 --> 00:08:00.560
deleted again. The storage time is five
years and they do something called

00:08:00.560 --> 00:08:08.040
depersonalization about six months after
the data was created. But this is not in

00:08:08.040 --> 00:08:13.480
any way an anonymisation, but they just
remove some data and it can easily be

00:08:13.480 --> 00:08:20.530
identified again. So the person the data
belongs to can easily be identified for

00:08:20.530 --> 00:08:27.495
the whole period of five years. So you
probably asked yourself already: First, is

00:08:27.495 --> 00:08:33.958
this effective? Well, this runs already
since last year, so we have some data.

00:08:33.958 --> 00:08:43.714
First, I will present to you the data from
Austria. In Austria, we found out that

00:08:43.714 --> 00:08:52.220
already until the 30th of September, 2019,
almost 24 passenger name records where

00:08:52.220 --> 00:08:59.450
forwarded to the passenger name unit at
the Bundeskriminalamt and

00:08:59.450 --> 00:09:06.640
11 900 000 thousand different people
were subject to that. And of these, almost

00:09:06.640 --> 00:09:13.005
24 000 000 passenger name records, the
algorithms that checking against databases

00:09:13.005 --> 00:09:21.210
already brought up 190 000
matches. So every single match,

00:09:21.210 --> 00:09:27.639
every single output the algorithm has,
must be checked by a human employee. So we

00:09:27.639 --> 00:09:34.430
have sitting there people who have to
check. Even this is not even the data of a

00:09:34.430 --> 00:09:41.580
year. And they have to check
190 000 matches and only 280

00:09:41.580 --> 00:09:47.340
of them are actual hits. So if a person
checks what the algorithm outputs there,

00:09:47.340 --> 00:09:55.540
then only in 0.15% of the cases
the policewoman or policeman

00:09:55.540 --> 00:10:01.610
come to their conclusion: This is actually
relevant for us. And if you do the math,

00:10:01.610 --> 00:10:09.731
this means that only 0.001% percent of all
that 24 million passenger name data, your

00:10:09.731 --> 00:10:15.810
data which is checked, actually leads to a
hit. And we don't even know how many

00:10:15.810 --> 00:10:23.120
actual false positives remain in these
220. This is only what the police will

00:10:23.120 --> 00:10:29.980
inspect afterwards. So we have no numbers
or results if they had actual

00:10:29.980 --> 00:10:36.840
investigative results on that. But what we
can say is that there are 21 employees,

00:10:36.840 --> 00:10:42.070
qualified employees, working in the
passenger name, Passenger Information Unit,

00:10:42.070 --> 00:10:48.880
and this costs almost 2 million euros per
year and only for checking that data in

00:10:48.880 --> 00:10:55.050
the small country of Austria. And Bijan
now will present to you the data in German.

00:10:55.050 --> 00:10:59.285
Bijan: The number, the data of the big
neighbor, because you said small country

00:10:59.285 --> 00:11:05.610
Austria. In Germany the numbers are
surprisingly similar. We also had - have

00:11:05.610 --> 00:11:11.341
numbers up until mid of August 2019, and
we have had almost 32 million passenger

00:11:11.341 --> 00:11:16.980
name records checked, which generated
automatic results of matches of about

00:11:16.980 --> 00:11:24.290
240 000, which then were checked by 40
police officers and there remained only

00:11:24.290 --> 00:11:32.910
910 actual hits. So the fail rate was
99.6% and 0.003% all PNRs checked led to

00:11:32.910 --> 00:11:38.090
actual hits. And even of that number, just
as in Austria, we are not sure how many

00:11:38.090 --> 00:11:43.170
false positives remain. We know that there
were considerably a considerable amount of

00:11:43.170 --> 00:11:47.670
false positives. We estimate them to be in
the hundreds. But the law enforcement did

00:11:47.670 --> 00:11:52.650
not specify what actually, how many
supposed positives remained, even among

00:11:52.650 --> 00:11:59.202
the 910. And one of the results we know is
that it led to 57 arrests. We don't know

00:11:59.202 --> 00:12:03.000
for which crimes. We don't know whether
these people actually committed a crime,

00:12:03.000 --> 00:12:08.190
whether they were suspected for crime,
whether they were just on a watch list.

00:12:08.190 --> 00:12:15.220
But 57 arrests, assuming this is these
were legitimate, this means that 0.0002%

00:12:15.220 --> 00:12:21.430
of all PNRs checked led to an arrest. And
if you try to to transpose this to other

00:12:21.430 --> 00:12:28.150
situations in life, you could go to a to a
market, to to some, uh, to some festival

00:12:28.150 --> 00:12:32.490
or what not, and just ask randomly people,
and you would probably have with a similar

00:12:32.490 --> 00:12:36.990
probability, an arrest in the end at the
end of the day. So if this holds that this

00:12:36.990 --> 00:12:41.735
whole PNR processing holds is this
effectiveness is the standard that we are

00:12:41.735 --> 00:12:49.611
happy with, then you can easily take this
to all other sorts of walks of life. And

00:12:49.611 --> 00:12:55.650
this is true, in our opinion, a big
problem, because it will lead to a digital

00:12:55.650 --> 00:13:00.766
surveillance state, which is has come
quite near with these new tools that the

00:13:00.766 --> 00:13:07.510
PNR directive provide. What we've now just
shown are the the automatic is the checks

00:13:07.510 --> 00:13:12.246
against databases. That was the one thing
that the PNR directive provides for. The

00:13:12.246 --> 00:13:17.070
other one is the checking against
predetermined criteria. And this is where

00:13:17.070 --> 00:13:23.010
the voodoo kind of starts, because the
idea that you can merely from the data

00:13:23.010 --> 00:13:29.145
that is in the PNR, in your passenger name
record, derive whether you are suspicious,

00:13:29.145 --> 00:13:36.292
or dangerous even is, at least in our
opinion, pretty much voodoo, and it has

00:13:36.292 --> 00:13:43.089
serious consequences. And it might lead to
automatic profiling affecting hundreds of

00:13:43.089 --> 00:13:47.270
millions of people, possibly, because
everybody is checked when they and when

00:13:47.270 --> 00:13:51.830
they use a plane. Everybody PNR record is
checked against these automatic , against

00:13:51.830 --> 00:13:56.742
these predetermined criteria, and not just
for crimes such as terrorism or organized

00:13:56.742 --> 00:14:01.670
crime, where you could maybe make a case
that there exists such a thing as a

00:14:01.670 --> 00:14:06.887
pattern of movements where you can
identify a terrorist suspect, but it is

00:14:06.887 --> 00:14:13.850
also used for crimes such as fraud or
forgery or cyber crime where I would argue

00:14:13.850 --> 00:14:18.501
you cannot find the typical cyber
criminals flight pattern, flight patterns.

00:14:18.501 --> 00:14:24.339
It's just not possible. And so but but the
PNR directive itself is only the one

00:14:24.339 --> 00:14:29.120
thing. We are fighting this for reasons
that go way beyond the PNR processing so

00:14:29.120 --> 00:14:35.980
the processing of PNR flight data, because
it may set a dangerous precedent for other

00:14:35.980 --> 00:14:40.870
mass surveillance. Already now PNR
processing is being discussed for buses

00:14:40.870 --> 00:14:44.850
that cross borders, for ships and trains.
And there are some countries such as

00:14:44.850 --> 00:14:50.870
Belgium that have already enacted the very
much. And why stop there, might a police

00:14:50.870 --> 00:14:56.220
officer argue. Why not include rental cars
that cross borders? Why not at some point

00:14:56.220 --> 00:15:00.410
include private cars that cross borders?
Why not get away with that requirement of

00:15:00.410 --> 00:15:04.460
crossing borders? Why not have everybody
checked all the time, maybe via their

00:15:04.460 --> 00:15:09.899
mobile phones? So when we give way to this
sort of data processing with such a low

00:15:09.899 --> 00:15:16.040
threshold of effectiveness, we open the
door for all sorts of, um, of activity

00:15:16.040 --> 00:15:21.310
that at least from our point of view, is
illegal. And the question you were maybe

00:15:21.310 --> 00:15:27.311
asking yourself or maybe not. Is this
legal? We are convinced it is not. And

00:15:27.311 --> 00:15:35.071
luckily, we could rely on a legal opinion
that the European Court of Justice ECJ has

00:15:35.071 --> 00:15:40.800
rendered a two and a half years ago. There
is one PNR agreement in place between the

00:15:40.800 --> 00:15:46.200
EU and the USA, which has not been
challenged yet. And another agreement was

00:15:46.200 --> 00:15:51.330
supposed to be known or was negotiated
between the EU Commission and Canada, and

00:15:51.330 --> 00:15:56.600
the EU Parliament then presented the
question to the ECJ whether this agreement

00:15:56.600 --> 00:16:01.830
would be violating fundamental rights of
the Charter of Fundamental Rights of the

00:16:01.830 --> 00:16:09.360
European Union. And the ECJ concluded that
it would, in the form that it was proposed

00:16:09.360 --> 00:16:13.800
to it, breach Article 7 and 8 of that
charter's. Article 7 as the right to

00:16:13.800 --> 00:16:17.971
privacy in Article 8 is the right to have
your data protected, your personal data

00:16:17.971 --> 00:16:23.746
protected. And we are, of course, relying
heavily on that, on the arguments that the

00:16:23.746 --> 00:16:29.149
court developed and developing them even
further, because; as you can imagine, the

00:16:29.149 --> 00:16:34.563
PNR, the agreement with Canada and the PNR
directive are quite similar. So what are

00:16:34.563 --> 00:16:40.821
these arguments that we are bringing up?
And we've shown already that the

00:16:40.821 --> 00:16:45.884
effectiveness is highly doubtful. And this
leads us to concluding that the PNR

00:16:45.884 --> 00:16:50.432
directive is disproportionate. So it
violates human fundamental rights. For

00:16:50.432 --> 00:16:55.943
several reasons. One being a point that
we've both raised already that PNR

00:16:55.943 --> 00:17:00.409
processing indiscriminately affects all
passengers. And this is a very important

00:17:00.409 --> 00:17:05.069
point, because it makes it shows the
difference between PNR processing under

00:17:05.069 --> 00:17:08.920
the PNR directive and what was formerly
the the data retention of

00:17:08.920 --> 00:17:14.720
telecommunications data. Because the
latter would require a specific case,

00:17:14.720 --> 00:17:20.029
something must have had happened in order
for the law enforcement to ask for the

00:17:20.029 --> 00:17:26.010
telecommunications data of the
telecommunications provider. But our

00:17:26.010 --> 00:17:32.210
PNR data on flights is checked all the
time, always, against databases, and even

00:17:32.210 --> 00:17:36.669
more importantly, the predetermined
criteria, which we, of course, do not know

00:17:36.669 --> 00:17:41.600
nothing about. And this brings with it
especially the last point, the

00:17:41.600 --> 00:17:46.205
predetermined criteria, are high risk of
false accusations. We've already seen that

00:17:46.205 --> 00:17:52.731
99.6% of data base matching, automatic
data is matching is wrongful. And imagine

00:17:52.731 --> 00:17:59.639
how much higher the number would be with
checking against predetermined criteria.

00:17:59.639 --> 00:18:05.809
And that the reason why we expect many
false accusations, false positives, is the

00:18:05.809 --> 00:18:09.379
so-called base rate fallacy, which
basically says that when you're looking

00:18:09.379 --> 00:18:13.980
for a very small amount of people in a
large dataset and you have a significant

00:18:13.980 --> 00:18:18.769
fail rate, you're very likely to produce
more false positives, maybe many more

00:18:18.769 --> 00:18:23.660
false positives than true positives. So
actual suspects, or not suspects, but

00:18:23.660 --> 00:18:28.104
actual terrorists. So, for instance, when
you if you're checking 100 million flight

00:18:28.104 --> 00:18:32.700
passengers. And you're looking for 100
terrorists, and you have even a fail rate

00:18:32.700 --> 00:18:39.659
of 0.1%, not the 99.6 that we're talking
about now, but even just 0.1%, this would

00:18:39.659 --> 00:18:45.269
render this would this would render
100 000 flight passengers subject to to

00:18:45.269 --> 00:18:50.756
to being suspected terrorists. So you
would have 100 000 false positives, 100

00:18:50.756 --> 00:18:55.280
terrorists that let's assume all of them
so that they had a positive success rate

00:18:55.280 --> 00:19:00.311
of 100 percent identifying positively as a
terrorist suspect. Then you will have

00:19:00.311 --> 00:19:07.291
100 000 false positives, 100 people that
are correctly suspected. But everybody, of

00:19:07.291 --> 00:19:11.399
course, will be treated the same. And what
I've listed here are just the obvious

00:19:11.399 --> 00:19:16.529
things, stigmatization at the airport by
interrogation, searches of luggage of

00:19:16.529 --> 00:19:21.460
people and arrests, missing flights.
And depending on the country

00:19:21.460 --> 00:19:27.019
you're in you may be in much more trouble
after that. The second point is that the

00:19:27.019 --> 00:19:33.075
data is being stored way too long. As
Walter has already mentioned 5 years. Why

00:19:33.075 --> 00:19:38.549
do you need 5 years worth of data to check
a database entry or against a

00:19:38.549 --> 00:19:42.795
predetermined criteria? Of course, you
don't needed it for that. Because you

00:19:42.795 --> 00:19:47.970
could do that immediately after a person
has boarded. You can perform the check and

00:19:47.970 --> 00:19:52.584
then you could get rid of the data, delete
it after it's being used. The reason why

00:19:52.584 --> 00:19:56.508
they're storing it so long as that law
enforcement and intelligence agencies have

00:19:56.508 --> 00:20:01.489
an interest that goes beyond that checking
after boarding, they want to keep the data

00:20:01.489 --> 00:20:06.649
and check it in future, criminal
investigations in future, looking into a

00:20:06.649 --> 00:20:10.635
person, what where they've traveled and so
on and so forth. But that has nothing to

00:20:10.635 --> 00:20:15.980
do with the original purpose of PNR, the
PNR directive. And what at least everybody

00:20:15.980 --> 00:20:21.243
here will know in all data storing, so
data storing is in itself a problem. It's

00:20:21.243 --> 00:20:25.169
in itself a violation of fundamental
rights when there is no legitimate reason

00:20:25.169 --> 00:20:30.316
to do so. But also all data storage puts
the data stored at risk. And as we've

00:20:30.316 --> 00:20:34.980
mentioned already, there's the payment
data, especially there's other other

00:20:34.980 --> 00:20:39.320
sensitive data with whom you've traveled,
whether you've traveled with light luggage

00:20:39.320 --> 00:20:45.787
or not, where you have gone to, via which
place and so on and so forth. Another

00:20:45.787 --> 00:20:49.370
point, which is a bit more complicated is
that the director does not sufficiently

00:20:49.370 --> 00:20:54.039
differentiate between crimes where
automatic profiling could make sense and

00:20:54.039 --> 00:20:59.901
others. So as I have said, there may be a
point in saying that the typical

00:20:59.901 --> 00:21:06.039
terrorists would fly from A to B via C
without checking in luggage using this or

00:21:06.039 --> 00:21:11.220
that tourist office and so on and so
forth. So maybe just assume that this is

00:21:11.220 --> 00:21:17.200
the case. This, no one can can tell me
that there is a typical flight pattern of

00:21:17.200 --> 00:21:23.200
a fraudster where you could ask someone
define which way a fraudster typically

00:21:23.200 --> 00:21:27.990
flies and identify such a person. So what
the directive would have needed to do if

00:21:27.990 --> 00:21:32.269
they wanted had wanted to check against
predetermined criteria would have been to

00:21:32.269 --> 00:21:38.943
identify for which crimes - exactly, and
only for these - you can use such a voodoo

00:21:38.943 --> 00:21:44.389
miracle weapon. And finally, these are not
the only arguments, but the more most

00:21:44.389 --> 00:21:49.269
important ones. We expect that the false
positives especially will lead to

00:21:49.269 --> 00:21:55.249
discrimination against minorities. And one
example that the German National Police,

00:21:55.249 --> 00:22:01.249
the Bundeskriminalamt has given us for a
predetermined criteria are young men

00:22:01.249 --> 00:22:06.732
flying from airports from the south of
Turkey to a major European city. So

00:22:06.732 --> 00:22:10.700
they're thinking about former IS fighters,
IS terrorists. And as you can easily

00:22:10.700 --> 00:22:15.690
imagine what kind of people will be
sitting in in in a on a plane that's

00:22:15.690 --> 00:22:20.310
coming from the south of Turkey to Germany
or to any other European country. Of

00:22:20.310 --> 00:22:25.986
course, this will affect them
disproportionately, affect minorities. And

00:22:25.986 --> 00:22:32.030
it is already now highly intransparent
what how these these predetermined

00:22:32.030 --> 00:22:38.220
criteria are developed. And imagine a near
future where law enforcement will

00:22:38.220 --> 00:22:42.640
naturally try to involve artificial
intelligence and finding patterns in the

00:22:42.640 --> 00:22:48.179
raw data of flight movements of PNR data,
of the treasure they're now hoarding with

00:22:48.179 --> 00:22:54.559
a five year worth of data. And at the
latest, at that point in time, it will be

00:22:54.559 --> 00:23:00.710
impossible for us to understand why a
certain criterion was defined and how how

00:23:00.710 --> 00:23:04.372
to challenge it when you're in the
position to be arrested at the airport,

00:23:04.372 --> 00:23:10.189
for instance. So what can we do? And
that's where we come in. The two

00:23:10.189 --> 00:23:15.919
organizations that we are. We are no
typical advocacy organizations, but we do

00:23:15.919 --> 00:23:21.039
strategic litigation. Because
unfortunately no advocacy worked on the

00:23:21.039 --> 00:23:26.220
PNR directive. It came into force pretty
much as the, um, as national law

00:23:26.220 --> 00:23:34.139
enforcement wanted it to be. And so there
is one instance, one authority at the time

00:23:34.139 --> 00:23:39.019
that in Europe, in Germany, in Europe, the
European Union, the courts, which can

00:23:39.019 --> 00:23:44.919
which can ideally, um, dismiss of the
reasons of the motivations of law

00:23:44.919 --> 00:23:51.340
enforcement to have such a directive
enforced and can try to objectively assess

00:23:51.340 --> 00:23:57.181
whether this is actually legal and should
remain in force, stay in force or not. And

00:23:57.181 --> 00:24:01.639
we did this through litigation both in
Germany and in Austria, and both are

00:24:01.639 --> 00:24:06.490
having the same goal, which is to present
to the European Court of Justice the

00:24:06.490 --> 00:24:11.774
question whether the PNR directive and any
national law that is transposing the PNR

00:24:11.774 --> 00:24:17.980
directive is in violation of the Charter
of Fundamental Rights. Why do we have to

00:24:17.980 --> 00:24:23.470
go? Why is the ECJ important? Because when
you have a national law that directly

00:24:23.470 --> 00:24:31.330
transposes a European law, a directive,
then then only the ECJ can declare such a

00:24:31.330 --> 00:24:35.419
law void. There is no way for, for
instance, in Germany, the federal

00:24:35.419 --> 00:24:39.669
constitutional court, the
Bundesverfassungsgericht, to say that this

00:24:39.669 --> 00:24:46.016
law should not be applied any longer. This
question must be presented to the ECJ. So

00:24:46.016 --> 00:24:50.940
how could we get to the ECJ? This actually
was a process that took us quite a bit of

00:24:50.940 --> 00:24:56.489
time. It's been two years in the making. A
year ago, we launched six different

00:24:56.489 --> 00:25:01.270
complaints of six different plaintiffs
that are flying all over Europe, that we

00:25:01.270 --> 00:25:05.792
booked flights for them that led them to a
European member states, a European Union

00:25:05.792 --> 00:25:10.926
member states and two states outside of
the European Union. And we sent the

00:25:10.926 --> 00:25:16.029
complaints to three different courts. The
one, two complaints were directed against

00:25:16.029 --> 00:25:20.320
the German national police and went to the
administrative court in Wiesbaden, and

00:25:20.320 --> 00:25:24.559
four others were directed against the
airplane airlines. So we tried to

00:25:24.559 --> 00:25:30.950
diversify as much as possible in order to
find a judge that would agree with us that

00:25:30.950 --> 00:25:36.779
this is problematic and this needs
checking. And we are optimistic that

00:25:36.779 --> 00:25:43.500
either the court in Wiesbaden or the court
in Cologne will soon present these very

00:25:43.500 --> 00:25:48.289
questions to the court, whether the German
transposition law and the PNR directive

00:25:48.289 --> 00:25:53.119
itself are violating fundamental rights
after European of the Charter of the

00:25:53.119 --> 00:25:58.981
European Union.
Walter: So as Bijan already mentioned, our

00:25:58.981 --> 00:26:05.389
aim is to bring our case as quick as
possible to the European Court of Justice.

00:26:05.389 --> 00:26:11.470
So we had different options. And in Austria,
we went a third way. We brought a case

00:26:11.470 --> 00:26:18.976
before the Austrian Data Protection Authority
against the Fluggastdatenzentralstelle

00:26:18.976 --> 00:26:24.603
im Bundeskriminalamt, a passenger
named unit. And we we brought several

00:26:24.603 --> 00:26:31.059
different cases and we also found out that
different, smaller things which we are on.

00:26:31.059 --> 00:26:38.014
But the main thing is that this case
already went as planned to the

00:26:38.014 --> 00:26:46.579
Bundesverwaltungsgericht, so the federal
administrative court in Austria. And from

00:26:46.579 --> 00:26:54.850
there, we hope that is also soon forwarded
to the European Court of Justice. And

00:26:54.850 --> 00:27:02.239
theoretically, it would be enough if one
case hits the European Court of Justice.

00:27:02.239 --> 00:27:07.590
But practically, it is, of course, very
important to have different strategies

00:27:07.590 --> 00:27:15.749
because there are different speeds and so
on. So that's why we also should mention

00:27:15.749 --> 00:27:22.929
another case, the the Belgian case. So
this Belgian human rights organization,

00:27:22.929 --> 00:27:28.647
they also brought the case before a
Belgian court. In this case, it was

00:27:28.647 --> 00:27:34.720
directly the Belgian constitutional court.
So they had a direct way to the

00:27:34.720 --> 00:27:40.340
constitutional court, unlike our cases in
Austria, where this or in Germany where

00:27:40.340 --> 00:27:47.369
this was not possible. And therefore, the
Belgian constitutional court already

00:27:47.369 --> 00:27:55.037
referred this case to the European Court
of Justice. And we are hoping that our

00:27:55.037 --> 00:28:01.210
case will be soon or cases, or at least
some of them will soon be joined with this

00:28:01.210 --> 00:28:11.220
case at the European Court of Justice, and
then decided together. So to sum up, we

00:28:11.220 --> 00:28:20.429
have actually a very infringing piece of
legislation the PNR directive, PNR

00:28:20.429 --> 00:28:28.529
processing, as Bijan explained to us in
more detail, is extremely intrusive in all

00:28:28.529 --> 00:28:34.549
flight passengers' fundamental rights. It
violates fundamental rights, especially

00:28:34.549 --> 00:28:41.460
because it is already... is also
ineffective and disproportionate. So we

00:28:41.460 --> 00:28:47.649
heard about these different things. The
base rate fallacy that it is ineffective

00:28:47.649 --> 00:28:54.099
and disproportionate because it is not
really possible to find specific suspects

00:28:54.099 --> 00:29:02.570
in such amount of data with without having
a lot, a real lot of false positives. So

00:29:02.570 --> 00:29:08.190
other arguments are that it is data
retention in the first place. So also

00:29:08.190 --> 00:29:14.989
already the retention of the data of
people like you and me is a big problem

00:29:14.989 --> 00:29:22.600
and unlawful. And this general suspicion
it leads to. So everybody becomes a

00:29:22.600 --> 00:29:30.200
suspect and can become practically a
suspect, can get problems practically from

00:29:30.200 --> 00:29:38.899
that legislation without being a criminal.
And yeah, we have strong arguments as we

00:29:38.899 --> 00:29:48.599
showed you already, the case of the Canada
PNR directive, the PNR agreement with

00:29:48.599 --> 00:29:55.259
Canada is very similar in practice to the
PNR directive. So the arguments already

00:29:55.259 --> 00:30:01.480
held before the European Court of Justice.
So actually, it's a shame that this was

00:30:01.480 --> 00:30:07.971
not stopped earlier. And civil rights
organizations as we are have to do that.

00:30:07.971 --> 00:30:16.590
And that's what we do. And that's also why
we depend on donations. So that's also

00:30:16.590 --> 00:30:21.789
important to stress that our work people
having people fully employed to do things

00:30:21.789 --> 00:30:28.700
like that cost some money. And that's
where you can find us. So we have a

00:30:28.700 --> 00:30:35.799
campaign website, nopnr.eu in German
and English. And you can find us, of

00:30:35.799 --> 00:30:40.580
course, on our website and both websites
and find ways how to join us, how to

00:30:40.580 --> 00:30:46.730
support us. And also still today, you can
meet us at our assembly in the CCL

00:30:46.730 --> 00:30:52.590
building the about freedom assembly, where
both the Gesellschaft für Freiheitsrechte

00:30:52.590 --> 00:31:00.659
and Epicentre Works have their desk and
you can ask all the question. But first,

00:31:00.659 --> 00:31:03.378
ask all your questions now. Thank you.

00:31:03.378 --> 00:31:06.870
<i>Applause</i>

00:31:06.870 --> 00:31:14.760
Herald: Thank you, Walter and Bijan, for
this very clarifying statements. I suppose

00:31:14.760 --> 00:31:19.379
there are quite some questions here in the
audience. Only I'm looking at someone

00:31:19.379 --> 00:31:32.252
who's grabbing a microphone now. I see the
signal angel. Yes. The mic is not on. Can

00:31:32.252 --> 00:31:47.591
someone help him? Signal Angel needs a mic.
Yes, it's almost there. Brains are

00:31:47.591 --> 00:31:51.409
working.
Signal Angel: Thank you. Is there a cheap

00:31:51.409 --> 00:31:55.470
method to spam for some trees, for
example, by booking flight under a false

00:31:55.470 --> 00:32:02.999
name and then canceling the flight?
Bijan: Well, I think it's it's difficult

00:32:02.999 --> 00:32:06.889
to say. I didn't get the very first words.
Sorry.

00:32:06.889 --> 00:32:11.159
Signal Angel: Yes, the very first one was:
is there a cheap method to spam, to spam

00:32:11.159 --> 00:32:14.809
for some trees?
Bijan: Yeah. Theoretically, I don't think

00:32:14.809 --> 00:32:19.129
that anything could speak against that.
Yeah, but the problem is that you would

00:32:19.129 --> 00:32:23.749
need to cancel very late because, um, I
think the first time they push the data,

00:32:23.749 --> 00:32:28.139
the airlines are pushing the data to the
national police is, 48 hours before the

00:32:28.139 --> 00:32:32.799
before boarding. So that might come to
become a bit expensive.

00:32:32.799 --> 00:32:34.439
<i>Laughter</i>

00:32:34.439 --> 00:32:38.918
Walter: I would want to make a general
remark also on that. Of course, here,

00:32:38.918 --> 00:32:44.109
especially here, thoughts like that, how
to hack the system are very important and

00:32:44.109 --> 00:32:50.759
can help. But our general approach is to
take legal action to protect all people at

00:32:50.759 --> 00:32:56.019
the same way, and not only those who who
are able to protect themselves or hack the

00:32:56.019 --> 00:33:04.139
system or whatever. So that's the reason
why we both go this general way to bring

00:33:04.139 --> 00:33:11.449
that down. Completely.
Herald: And other question here. Yes.

00:33:11.449 --> 00:33:20.879
Sorry, sir. Please.
Q: What do you expect as a result of your

00:33:20.879 --> 00:33:26.549
litigation if you are successful in court?
Will ... do you expect the courts to

00:33:26.549 --> 00:33:34.309
strike down the directive entirely, or do
you expect another legislative process to

00:33:34.309 --> 00:33:42.260
do the same thing again or to fix, quote
unquote, the directive in very small ways

00:33:42.260 --> 00:33:47.570
just to to drag out this battle and
continue the practice. What do you think

00:33:47.570 --> 00:33:52.210
the effects will be?
Bijan: Well, we think that the European

00:33:52.210 --> 00:33:56.070
Court of Justice, if it follows our
argument, our reasoning, it should it will

00:33:56.070 --> 00:33:59.690
strike down the PNR directive entirely,
because the way it is set up is

00:33:59.690 --> 00:34:06.561
fundamentally not in in accordance with
what it earlier ruled so far. Unless it

00:34:06.561 --> 00:34:10.550
will change its its entire history of
ruling on data retention and so on and so

00:34:10.550 --> 00:34:15.679
forth. But of course, we will expect the
member states to push for another

00:34:15.679 --> 00:34:21.349
legislation that may be similar, but not
the exact same thing. So I can imagine

00:34:21.349 --> 00:34:25.889
something of a of the sort of data
retention of telecommunications, as it

00:34:25.889 --> 00:34:31.060
were, and with airlines retaining the data
and keeping it for a shorter period of

00:34:31.060 --> 00:34:36.291
time and only giving it out when there is
a specific request with, where there is a

00:34:36.291 --> 00:34:41.029
specific reason for law enforcement to ask
for the data. I could imagine such a thing

00:34:41.029 --> 00:34:45.845
coming up again and then we would need to
check whether this is illegal or not. And

00:34:45.845 --> 00:34:50.254
maybe go through the whole procedure as
well. But it is it would be an immense

00:34:50.254 --> 00:34:56.191
success if the PNR directive as it stands
would be void. Declared void.

00:34:56.191 --> 00:35:02.290
Herald: Thank you. Someone else has a
question. I see the person here.

00:35:02.290 --> 00:35:10.789
Microphone one, please.
Q: Hel-lo, yeah. Okay, so you had the

00:35:10.789 --> 00:35:15.480
agreement that, uh, there are a lot of
false positives when they checked up PNR

00:35:15.480 --> 00:35:20.640
data. Um, do we have any information how
long it takes for them to react on the PNR

00:35:20.640 --> 00:35:25.570
data if they get a positive hit? So maybe
they won't react after the person has

00:35:25.570 --> 00:35:31.109
landed and already, uh, is in the country?
Bijan: They claim that they can act

00:35:31.109 --> 00:35:36.930
immediately, but we can't know that for
sure. So the fact that they had 57 arrests

00:35:36.930 --> 00:35:42.366
at the airports signals that at least that
in some respects this is true. But we

00:35:42.366 --> 00:35:47.477
cannot know for sure how much, how quickly
they they they kind of react. And keep in

00:35:47.477 --> 00:35:52.470
mind, this is only the start. So, so far
in Germany, right up until the point where

00:35:52.470 --> 00:35:57.220
this the data that I presented for Germany
came about, there were only 9 airlines, I

00:35:57.220 --> 00:36:01.440
think, that were linked to the system. So
expect there to be much more data coming

00:36:01.440 --> 00:36:05.829
in. And once they start with a
predetermined criteria thing, this will

00:36:05.829 --> 00:36:13.440
multiply probably. Um, even so, I cannot
imagine unless they they ... have this

00:36:13.440 --> 00:36:20.279
new, um, thing with hundreds of people
involved that they can act immediately in

00:36:20.279 --> 00:36:26.240
each and every case.
Herald: Thank you. There is a question

00:36:26.240 --> 00:36:30.100
again on the Internet. Yes.
Signal Angel: Yes. How come, you haven't

00:36:30.100 --> 00:36:35.349
tried voiding the local at one provisions
that this PNR there for intra EU flights? <i>(???)</i>

00:36:35.349 --> 00:36:39.180
That seems most likely against Schengen
provisions.

00:36:39.180 --> 00:36:44.837
Bijan: We have addressed that as well. We
have picked intra-EU flights also. We have

00:36:44.837 --> 00:36:52.290
not just picked flights that go extra EU,
but, we've also made the point about the

00:36:52.290 --> 00:36:57.839
the violation of Schengen criteria. But
that is not so much that is not the focus

00:36:57.839 --> 00:37:02.893
of our argument because they are, in our
opinion, much stronger ones. Because with

00:37:02.893 --> 00:37:06.990
Schengen you would need to argue that it's
practically impossible to enter the

00:37:06.990 --> 00:37:13.260
country without being held up and you're
not being held up in a physical form, at

00:37:13.260 --> 00:37:18.910
least not in general, generally. And so
this argument is a bit more difficult than

00:37:18.910 --> 00:37:25.024
having an actual border checking of
people. But we're making this point, of

00:37:25.024 --> 00:37:30.460
course. And but we rely on other points
that we think are stronger.

00:37:30.460 --> 00:37:35.540
Herald: Okay. Please. Microphone number
one, please.

00:37:35.540 --> 00:37:40.093
Q: Is there also data being collected on
flights inside a country. So, for example,

00:37:40.093 --> 00:37:43.530
from Munich to Berlin.
Bijan: Not yet. Not under the directive.

00:37:43.530 --> 00:37:48.099
And theoretically, of course, that the
German legislator or any other legislator

00:37:48.099 --> 00:37:51.820
could decide to include that as well, but
not so far.

00:37:51.820 --> 00:37:56.329
Herald: Number two, please. Microphone.
Yeah.

00:37:56.329 --> 00:38:01.920
Q: I was wondering how much, uh, false
negatives are in there. You know, that,

00:38:01.920 --> 00:38:07.940
like, uh, these big databases. If I don't
act like a normal terrorist or something

00:38:07.940 --> 00:38:10.570
than I am?
Bijan: We don't we don't know,

00:38:10.570 --> 00:38:15.130
unfortunately, not yet. Um, I did. I think
it would be very interesting, especially

00:38:15.130 --> 00:38:21.750
for the predetermined criteria , to see
how many they miss. Um, but yeah. No, not

00:38:21.750 --> 00:38:28.579
nothing at.
Herald: Yeah, and there is no undo button,

00:38:28.579 --> 00:38:33.579
I think. No. No. No undo. That's always
the thing that I that I'm worried about,

00:38:33.579 --> 00:38:38.140
you know. Then you have an announcement
about France's data that go out and then

00:38:38.140 --> 00:38:44.040
you can't have an undo. So what do we do
then? It's always new. Yeah, you can keep

00:38:44.040 --> 00:38:48.640
this for five years now. But who says it's
there for five years and what kind of

00:38:48.640 --> 00:38:51.967
interpretation to get out of it for five
years? After five years?

00:38:51.967 --> 00:38:55.089
Bijan: You can't know in
which database you will be transferred in

00:38:55.089 --> 00:38:59.940
the meantime, because law enforcement can
access the data of that very data set and

00:38:59.940 --> 00:39:03.700
forth for that data and the PNR data set
and put it in another data set because

00:39:03.700 --> 00:39:08.480
they have whatever reason to do so. And
then these are again enlarged and

00:39:08.480 --> 00:39:12.670
enlarged. And then you will find another
reason why they should remain in there for

00:39:12.670 --> 00:39:17.230
a longer time. So, yeah. That's why we're
fighting this now and hoping to change the

00:39:17.230 --> 00:39:19.480
future.
Herald: How do you see your chances?

00:39:19.480 --> 00:39:27.070
Actually, uh, a long term or short term
chances to get to that point is that?

00:39:27.070 --> 00:39:30.500
Bijan: We are very convinced that we will
be successful, because otherwise we

00:39:30.500 --> 00:39:33.529
wouldn't have started this. This is one of
our principles. We only do things that we

00:39:33.529 --> 00:39:38.321
are convinced of being able to win and we
think that we will win this. And what will

00:39:38.321 --> 00:39:42.240
come out of it? Referring to the I think
the second and the second question

00:39:42.240 --> 00:39:47.480
earlier. And what will be happening in the
future with other legislation? I can't

00:39:47.480 --> 00:39:51.430
know. But one argument the police is
always making or in private, at least to

00:39:51.430 --> 00:39:55.819
me, are is that they're saying, well,
people will get used to it and it won't be

00:39:55.819 --> 00:40:00.783
in in five or 10 years. Nobody's gonna be
wondering about things like this. And this

00:40:00.783 --> 00:40:05.299
is exactly what we are working against,
that this never becomes normal, because if

00:40:05.299 --> 00:40:07.470
this becomes normal, as I've argued
before,

00:40:07.470 --> 00:40:11.130
<i>applause</i>
Herald: needs an applause Yes.

00:40:11.130 --> 00:40:14.880
Bijan: If it becomes normal, as I've
argued before, it is easy to extend it to

00:40:14.880 --> 00:40:20.529
all sorts of life and ways of life and
walks of life. And this then would be in a

00:40:20.529 --> 00:40:25.859
surveillance state par excellence.
Herald: We were very close there. So we

00:40:25.859 --> 00:40:30.089
need to support them really hard. There is
one last question I suggest. No. There is

00:40:30.089 --> 00:40:35.619
two questions. Number two. Yes.
Q: Does the PNR directive apply only for

00:40:35.619 --> 00:40:39.492
regular scheduled flights? So does it also
apply for private flights? The general

00:40:39.492 --> 00:40:42.819
aviation business flights, etc.?
Bijan: Good question. I don't know.

00:40:42.819 --> 00:40:48.510
Actually, I look into that and. Write me!
Come, come here later and I'll check and

00:40:48.510 --> 00:40:52.310
I'll give you an answer.
Herald: Then there is one at number one.

00:40:52.310 --> 00:40:56.710
Q: I just wanted to ask a question in
response to the idea that this is becoming

00:40:56.710 --> 00:41:01.810
very normal, because one thing that I
think has become very normal that hasn't

00:41:01.810 --> 00:41:07.924
been mentioned explicitly is the idea that
people can be essentially put on a watch

00:41:07.924 --> 00:41:12.782
list as being a potential criminal in the
absence of a crime. And we have these

00:41:12.782 --> 00:41:19.605
terrorist watch lists all over the world
now. That is now the new normal. And I

00:41:19.605 --> 00:41:24.750
think that's very problematic. And can you
just maybe talk about: Do we, do you see a

00:41:24.750 --> 00:41:30.829
future where we can actually get back to,
you know, only arresting or investigating

00:41:30.829 --> 00:41:33.890
people because of probable cause, for
example?

00:41:33.890 --> 00:41:39.421
Bijan: Oh, I hope that this will be our
future. But, uh, about that point, that

00:41:39.421 --> 00:41:43.750
very point, I'm not too optimistic, to be
honest. I am optimistic about one other

00:41:43.750 --> 00:41:48.859
one. Another thing that is that these
instruments that are now being created

00:41:48.859 --> 00:41:52.910
will prove to be highly ineffective, as
we've so now see now already with checking

00:41:52.910 --> 00:41:58.290
against databases, that is already a lot
of work and very tedious work. But with

00:41:58.290 --> 00:42:04.079
the idea that you can define criteria for
people that that are legitimately to be

00:42:04.079 --> 00:42:08.710
suspected of committing a crime in the
future, I think it will prove, at least

00:42:08.710 --> 00:42:12.990
for the next few decades, to be quite
impossible. And this is I don't know if

00:42:12.990 --> 00:42:19.880
this came across correctly sufficiently,
but this is really the core issue that we

00:42:19.880 --> 00:42:25.619
have with the PNR directive. They are
claiming that they can find suspects of

00:42:25.619 --> 00:42:31.690
crimes or future crimes. Imagine! Not not
someone that has committed a crime or that

00:42:31.690 --> 00:42:36.890
will definitely commit a crime, but that
can reasonably be suspected of committing

00:42:36.890 --> 00:42:43.960
a crime in the future, and then act upon
that. And that is really a huge step into

00:42:43.960 --> 00:42:49.220
what I called voodoo, about the
expectation that you can take data and

00:42:49.220 --> 00:42:55.400
prevent crime. Minority Report times.
Yeah. To the power five. I don't know.

00:42:55.400 --> 00:43:00.534
Herald: Sit back and relax. Thank you
Bijan and thank you, Walter, for this

00:43:00.534 --> 00:43:08.520
fantastic lecture. Please support them at
noPNR dot EU, go to their booth as well.

00:43:08.520 --> 00:43:10.520
And thank you all.

00:43:10.520 --> 00:43:22.010
<i>36C3 postroll music</i>

00:43:22.010 --> 00:43:38.000
Subtitles created by c3subtitles.de
in the year 2021. Join, and help us!