-
36C3 preroll music
-
Herald: Next is Bijan. Bijan. Bijan, I
pronounce this. Pretty persian. Yeah. He's
-
an attorney, ein Rechtsanwalt it is called in
deutsch, and he works for the Gesellschaft
-
für Freiheitsrechte in Berlin. If I'm
right. Good. Give them a welcome.
-
applause, please. It's early in the
morning. We're going to kick back here.
-
applause
-
Bijan: Early in the morning, only at the
Congress you can call 12:30 early in the
-
morning, but it is. And, um, well, if
you've ever sat on a plane and wondered
-
what the person three rows behind you is
eating, whether they flying alone, whether
-
they have checked in their luggage or only
hand luggage and what visa they were using
-
when they were buying their plane ticket,
then you're probably a police officer or
-
should join the national police of any EU
member state, because that is exactly what
-
the national polices in Germany and
Austria and other Europeans member states,
-
Europe, member states of the European
Union, can do. Thanks to the PNR
-
directive, which is the topic of today's
talk. And we are going to talk and explain
-
to you what the PNR directive and the laws
transposing it into national law are all
-
about, why this is problematic and what we
can do and what we are actually doing
-
against it in order to stop it. And Walter
will start off with a few infos.
-
Walter: Yeah. Hello. So firstly, I would
like to introduce into Epicenter Works,
-
because we have already a history on
bringing down data retention laws. So
-
probably you know us from our fight
against data retention in Europe when we
-
still were called "AKA Vorrat Österreich".
I am working for Epicenter Works on a
-
voluntary basis. And I would like to
mention my colleague Angelika Adensamer
-
who did the main work on this for
Epicenter Works. But she cannot be at
-
Congress this year. So, flight data. It is
said, I've heard that at any given point
-
in time, one million people are on a plane
in the skies flying around the globe. As
-
you can see here. And today, although in
times of resource exhaustion, we should
-
talk about that anyway. I am convinced
today we are talking about the data
-
protection issue about it. A big one. And
we are talking about passenger name
-
records. So what is a passenger name
record, anyway? A passenger name record,
-
as you can see here, is a data set
compiled of 19 different data fields. So
-
you can get about up to 60 different data
points on one single passenger on one
-
single flight. So, for instance, you have
data in there like the first and second
-
name, address, but also other things,
metadata. More important things, like the
-
means of payment you made, the point in
time when you booked the flight and things
-
like that. And as a specific problem about
it is that there is also a free text field
-
so airline employees can enter data there
and which we cannot control. And
-
altogether we have a quite big data set of
each passenger on each flight. So this is
-
common in the airline industry. But in
2016, the PNR directive came about. So
-
what is the PNR directive? It is a piece
of European legislation , which was
-
enacted in April 2016. And when we have
European legislation, it's important to
-
mention that it doesn't come out of the
blue out of Brussels, but it is enacted
-
together with from the commission, the
European Parliament and the council. And
-
the council are the governments of our
member states. So we have to keep in mind
-
that member states governments, have a
big say when things like this are enacted.
-
And it is a directive. And that means that
every single member state has to transpose
-
the content of the directive into its
national law. And this had to be done
-
until the 25th May of 2018. This was the
the tenth transposition deadline. And for
-
instance, Austria and Germany made laws to
transpose that into their national law. So
-
what had they to enact? They had to enact
laws prescribing that all airlines have to
-
transfer data of all passengers, all
passenger name records of every flight,
-
and they have to be pushed to a national
police database. So unlike the telecom
-
data retention I already mentioned, the
data is not kept where it where where it
-
is created. But it has to be pushed from
the private sector, from the airlines, to
-
police database, databases. And the data
retention directive prescribes that every
-
flight leaving or entering the European
Union must be covered by that. But in
-
addition, every single member state also
covered flights within the EU. So you have
-
we have the full take now. Flights within
the EU as well as flights leaving or
-
entering the EU. And every single record
of every single passenger of every single
-
flight is in a police database and will be
compared with existing databases, for
-
instance, of known criminals or of stolen
passports and the like. And they try to
-
find matches there. And what they are also
going to do is matching with predetermined
-
criteria. So they will come up with flight
patterns of known perpetrators, for
-
instance, when they booked a flight and so
on. They will algorithmically try to find
-
patterns there, and then they will compare
your flight passenger name records with
-
that data. And if you have a similar
behavior, than a previous perpetrator,
-
previous criminal, for instance, then
you're already under suspicion. And this
-
data in these databases are stored for
five years and can be further used by
-
different law enforcement agencies. So
that data is not only compared and then
-
deleted again. The storage time is five
years and they do something called
-
depersonalization about six months after
the data was created. But this is not in
-
any way an anonymisation, but they just
remove some data and it can easily be
-
identified again. So the person the data
belongs to can easily be identified for
-
the whole period of five years. So you
probably asked yourself already: First, is
-
this effective? Well, this runs already
since last year, so we have some data.
-
First, I will present to you the data from
Austria. In Austria, we found out that
-
already until the 30th of September, 2019,
almost 24 passenger name records where
-
forwarded to the passenger name unit at
the Bundeskriminalamt and
-
11 900 000 thousand different people
were subject to that. And of these, almost
-
24 000 000 passenger name records, the
algorithms that checking against databases
-
already brought up 190 000
matches. So every single match,
-
every single output the algorithm has,
must be checked by a human employee. So we
-
have sitting there people who have to
check. Even this is not even the data of a
-
year. And they have to check
190 000 matches and only 280
-
of them are actual hits. So if a person
checks what the algorithm outputs there,
-
then only in 0.15% of the cases
the policewoman or policeman
-
come to their conclusion: This is actually
relevant for us. And if you do the math,
-
this means that only 0.001% percent of all
that 24 million passenger name data, your
-
data which is checked, actually leads to a
hit. And we don't even know how many
-
actual false positives remain in these
220. This is only what the police will
-
inspect afterwards. So we have no numbers
or results if they had actual
-
investigative results on that. But what we
can say is that there are 21 employees,
-
qualified employees, working in the
passenger name, Passenger Information Unit,
-
and this costs almost 2 million euros per
year and only for checking that data in
-
the small country of Austria. And Bijan
now will present to you the data in German.
-
Bijan: The number, the data of the big
neighbor, because you said small country
-
Austria. In Germany the numbers are
surprisingly similar. We also had - have
-
numbers up until mid of August 2019, and
we have had almost 32 million passenger
-
name records checked, which generated
automatic results of matches of about
-
240 000, which then were checked by 40
police officers and there remained only
-
910 actual hits. So the fail rate was
99.6% and 0.003% all PNRs checked led to
-
actual hits. And even of that number, just
as in Austria, we are not sure how many
-
false positives remain. We know that there
were considerably a considerable amount of
-
false positives. We estimate them to be in
the hundreds. But the law enforcement did
-
not specify what actually, how many
supposed positives remained, even among
-
the 910. And one of the results we know is
that it led to 57 arrests. We don't know
-
for which crimes. We don't know whether
these people actually committed a crime,
-
whether they were suspected for crime,
whether they were just on a watch list.
-
But 57 arrests, assuming this is these
were legitimate, this means that 0.0002%
-
of all PNRs checked led to an arrest. And
if you try to to transpose this to other
-
situations in life, you could go to a to a
market, to to some, uh, to some festival
-
or what not, and just ask randomly people,
and you would probably have with a similar
-
probability, an arrest in the end at the
end of the day. So if this holds that this
-
whole PNR processing holds is this
effectiveness is the standard that we are
-
happy with, then you can easily take this
to all other sorts of walks of life. And
-
this is true, in our opinion, a big
problem, because it will lead to a digital
-
surveillance state, which is has come
quite near with these new tools that the
-
PNR directive provide. What we've now just
shown are the the automatic is the checks
-
against databases. That was the one thing
that the PNR directive provides for. The
-
other one is the checking against
predetermined criteria. And this is where
-
the voodoo kind of starts, because the
idea that you can merely from the data
-
that is in the PNR, in your passenger name
record, derive whether you are suspicious,
-
or dangerous even is, at least in our
opinion, pretty much voodoo, and it has
-
serious consequences. And it might lead to
automatic profiling affecting hundreds of
-
millions of people, possibly, because
everybody is checked when they and when
-
they use a plane. Everybody PNR record is
checked against these automatic , against
-
these predetermined criteria, and not just
for crimes such as terrorism or organized
-
crime, where you could maybe make a case
that there exists such a thing as a
-
pattern of movements where you can
identify a terrorist suspect, but it is
-
also used for crimes such as fraud or
forgery or cyber crime where I would argue
-
you cannot find the typical cyber
criminals flight pattern, flight patterns.
-
It's just not possible. And so but but the
PNR directive itself is only the one
-
thing. We are fighting this for reasons
that go way beyond the PNR processing so
-
the processing of PNR flight data, because
it may set a dangerous precedent for other
-
mass surveillance. Already now PNR
processing is being discussed for buses
-
that cross borders, for ships and trains.
And there are some countries such as
-
Belgium that have already enacted the very
much. And why stop there, might a police
-
officer argue. Why not include rental cars
that cross borders? Why not at some point
-
include private cars that cross borders?
Why not get away with that requirement of
-
crossing borders? Why not have everybody
checked all the time, maybe via their
-
mobile phones? So when we give way to this
sort of data processing with such a low
-
threshold of effectiveness, we open the
door for all sorts of, um, of activity
-
that at least from our point of view, is
illegal. And the question you were maybe
-
asking yourself or maybe not. Is this
legal? We are convinced it is not. And
-
luckily, we could rely on a legal opinion
that the European Court of Justice ECJ has
-
rendered a two and a half years ago. There
is one PNR agreement in place between the
-
EU and the USA, which has not been
challenged yet. And another agreement was
-
supposed to be known or was negotiated
between the EU Commission and Canada, and
-
the EU Parliament then presented the
question to the ECJ whether this agreement
-
would be violating fundamental rights of
the Charter of Fundamental Rights of the
-
European Union. And the ECJ concluded that
it would, in the form that it was proposed
-
to it, breach Article 7 and 8 of that
charter's. Article 7 as the right to
-
privacy in Article 8 is the right to have
your data protected, your personal data
-
protected. And we are, of course, relying
heavily on that, on the arguments that the
-
court developed and developing them even
further, because; as you can imagine, the
-
PNR, the agreement with Canada and the PNR
directive are quite similar. So what are
-
these arguments that we are bringing up?
And we've shown already that the
-
effectiveness is highly doubtful. And this
leads us to concluding that the PNR
-
directive is disproportionate. So it
violates human fundamental rights. For
-
several reasons. One being a point that
we've both raised already that PNR
-
processing indiscriminately affects all
passengers. And this is a very important
-
point, because it makes it shows the
difference between PNR processing under
-
the PNR directive and what was formerly
the the data retention of
-
telecommunications data. Because the
latter would require a specific case,
-
something must have had happened in order
for the law enforcement to ask for the
-
telecommunications data of the
telecommunications provider. But our
-
PNR data on flights is checked all the
time, always, against databases, and even
-
more importantly, the predetermined
criteria, which we, of course, do not know
-
nothing about. And this brings with it
especially the last point, the
-
predetermined criteria, are high risk of
false accusations. We've already seen that
-
99.6% of data base matching, automatic
data is matching is wrongful. And imagine
-
how much higher the number would be with
checking against predetermined criteria.
-
And that the reason why we expect many
false accusations, false positives, is the
-
so-called base rate fallacy, which
basically says that when you're looking
-
for a very small amount of people in a
large dataset and you have a significant
-
fail rate, you're very likely to produce
more false positives, maybe many more
-
false positives than true positives. So
actual suspects, or not suspects, but
-
actual terrorists. So, for instance, when
you if you're checking 100 million flight
-
passengers. And you're looking for 100
terrorists, and you have even a fail rate
-
of 0.1%, not the 99.6 that we're talking
about now, but even just 0.1%, this would
-
render this would this would render
100 000 flight passengers subject to to
-
to being suspected terrorists. So you
would have 100 000 false positives, 100
-
terrorists that let's assume all of them
so that they had a positive success rate
-
of 100 percent identifying positively as a
terrorist suspect. Then you will have
-
100 000 false positives, 100 people that
are correctly suspected. But everybody, of
-
course, will be treated the same. And what
I've listed here are just the obvious
-
things, stigmatization at the airport by
interrogation, searches of luggage of
-
people and arrests, missing flights.
And depending on the country
-
you're in you may be in much more trouble
after that. The second point is that the
-
data is being stored way too long. As
Walter has already mentioned 5 years. Why
-
do you need 5 years worth of data to check
a database entry or against a
-
predetermined criteria? Of course, you
don't needed it for that. Because you
-
could do that immediately after a person
has boarded. You can perform the check and
-
then you could get rid of the data, delete
it after it's being used. The reason why
-
they're storing it so long as that law
enforcement and intelligence agencies have
-
an interest that goes beyond that checking
after boarding, they want to keep the data
-
and check it in future, criminal
investigations in future, looking into a
-
person, what where they've traveled and so
on and so forth. But that has nothing to
-
do with the original purpose of PNR, the
PNR directive. And what at least everybody
-
here will know in all data storing, so
data storing is in itself a problem. It's
-
in itself a violation of fundamental
rights when there is no legitimate reason
-
to do so. But also all data storage puts
the data stored at risk. And as we've
-
mentioned already, there's the payment
data, especially there's other other
-
sensitive data with whom you've traveled,
whether you've traveled with light luggage
-
or not, where you have gone to, via which
place and so on and so forth. Another
-
point, which is a bit more complicated is
that the director does not sufficiently
-
differentiate between crimes where
automatic profiling could make sense and
-
others. So as I have said, there may be a
point in saying that the typical
-
terrorists would fly from A to B via C
without checking in luggage using this or
-
that tourist office and so on and so
forth. So maybe just assume that this is
-
the case. This, no one can can tell me
that there is a typical flight pattern of
-
a fraudster where you could ask someone
define which way a fraudster typically
-
flies and identify such a person. So what
the directive would have needed to do if
-
they wanted had wanted to check against
predetermined criteria would have been to
-
identify for which crimes - exactly, and
only for these - you can use such a voodoo
-
miracle weapon. And finally, these are not
the only arguments, but the more most
-
important ones. We expect that the false
positives especially will lead to
-
discrimination against minorities. And one
example that the German National Police,
-
the Bundeskriminalamt has given us for a
predetermined criteria are young men
-
flying from airports from the south of
Turkey to a major European city. So
-
they're thinking about former IS fighters,
IS terrorists. And as you can easily
-
imagine what kind of people will be
sitting in in in a on a plane that's
-
coming from the south of Turkey to Germany
or to any other European country. Of
-
course, this will affect them
disproportionately, affect minorities. And
-
it is already now highly intransparent
what how these these predetermined
-
criteria are developed. And imagine a near
future where law enforcement will
-
naturally try to involve artificial
intelligence and finding patterns in the
-
raw data of flight movements of PNR data,
of the treasure they're now hoarding with
-
a five year worth of data. And at the
latest, at that point in time, it will be
-
impossible for us to understand why a
certain criterion was defined and how how
-
to challenge it when you're in the
position to be arrested at the airport,
-
for instance. So what can we do? And
that's where we come in. The two
-
organizations that we are. We are no
typical advocacy organizations, but we do
-
strategic litigation. Because
unfortunately no advocacy worked on the
-
PNR directive. It came into force pretty
much as the, um, as national law
-
enforcement wanted it to be. And so there
is one instance, one authority at the time
-
that in Europe, in Germany, in Europe, the
European Union, the courts, which can
-
which can ideally, um, dismiss of the
reasons of the motivations of law
-
enforcement to have such a directive
enforced and can try to objectively assess
-
whether this is actually legal and should
remain in force, stay in force or not. And
-
we did this through litigation both in
Germany and in Austria, and both are
-
having the same goal, which is to present
to the European Court of Justice the
-
question whether the PNR directive and any
national law that is transposing the PNR
-
directive is in violation of the Charter
of Fundamental Rights. Why do we have to
-
go? Why is the ECJ important? Because when
you have a national law that directly
-
transposes a European law, a directive,
then then only the ECJ can declare such a
-
law void. There is no way for, for
instance, in Germany, the federal
-
constitutional court, the
Bundesverfassungsgericht, to say that this
-
law should not be applied any longer. This
question must be presented to the ECJ. So
-
how could we get to the ECJ? This actually
was a process that took us quite a bit of
-
time. It's been two years in the making. A
year ago, we launched six different
-
complaints of six different plaintiffs
that are flying all over Europe, that we
-
booked flights for them that led them to a
European member states, a European Union
-
member states and two states outside of
the European Union. And we sent the
-
complaints to three different courts. The
one, two complaints were directed against
-
the German national police and went to the
administrative court in Wiesbaden, and
-
four others were directed against the
airplane airlines. So we tried to
-
diversify as much as possible in order to
find a judge that would agree with us that
-
this is problematic and this needs
checking. And we are optimistic that
-
either the court in Wiesbaden or the court
in Cologne will soon present these very
-
questions to the court, whether the German
transposition law and the PNR directive
-
itself are violating fundamental rights
after European of the Charter of the
-
European Union.
Walter: So as Bijan already mentioned, our
-
aim is to bring our case as quick as
possible to the European Court of Justice.
-
So we had different options. And in Austria,
we went a third way. We brought a case
-
before the Austrian Data Protection Authority
against the Fluggastdatenzentralstelle
-
im Bundeskriminalamt, a passenger
named unit. And we we brought several
-
different cases and we also found out that
different, smaller things which we are on.
-
But the main thing is that this case
already went as planned to the
-
Bundesverwaltungsgericht, so the federal
administrative court in Austria. And from
-
there, we hope that is also soon forwarded
to the European Court of Justice. And
-
theoretically, it would be enough if one
case hits the European Court of Justice.
-
But practically, it is, of course, very
important to have different strategies
-
because there are different speeds and so
on. So that's why we also should mention
-
another case, the the Belgian case. So
this Belgian human rights organization,
-
they also brought the case before a
Belgian court. In this case, it was
-
directly the Belgian constitutional court.
So they had a direct way to the
-
constitutional court, unlike our cases in
Austria, where this or in Germany where
-
this was not possible. And therefore, the
Belgian constitutional court already
-
referred this case to the European Court
of Justice. And we are hoping that our
-
case will be soon or cases, or at least
some of them will soon be joined with this
-
case at the European Court of Justice, and
then decided together. So to sum up, we
-
have actually a very infringing piece of
legislation the PNR directive, PNR
-
processing, as Bijan explained to us in
more detail, is extremely intrusive in all
-
flight passengers' fundamental rights. It
violates fundamental rights, especially
-
because it is already... is also
ineffective and disproportionate. So we
-
heard about these different things. The
base rate fallacy that it is ineffective
-
and disproportionate because it is not
really possible to find specific suspects
-
in such amount of data with without having
a lot, a real lot of false positives. So
-
other arguments are that it is data
retention in the first place. So also
-
already the retention of the data of
people like you and me is a big problem
-
and unlawful. And this general suspicion
it leads to. So everybody becomes a
-
suspect and can become practically a
suspect, can get problems practically from
-
that legislation without being a criminal.
And yeah, we have strong arguments as we
-
showed you already, the case of the Canada
PNR directive, the PNR agreement with
-
Canada is very similar in practice to the
PNR directive. So the arguments already
-
held before the European Court of Justice.
So actually, it's a shame that this was
-
not stopped earlier. And civil rights
organizations as we are have to do that.
-
And that's what we do. And that's also why
we depend on donations. So that's also
-
important to stress that our work people
having people fully employed to do things
-
like that cost some money. And that's
where you can find us. So we have a
-
campaign website, nopnr.eu in German
and English. And you can find us, of
-
course, on our website and both websites
and find ways how to join us, how to
-
support us. And also still today, you can
meet us at our assembly in the CCL
-
building the about freedom assembly, where
both the Gesellschaft für Freiheitsrechte
-
and Epicentre Works have their desk and
you can ask all the question. But first,
-
ask all your questions now. Thank you.
-
Applause
-
Herald: Thank you, Walter and Bijan, for
this very clarifying statements. I suppose
-
there are quite some questions here in the
audience. Only I'm looking at someone
-
who's grabbing a microphone now. I see the
signal angel. Yes. The mic is not on. Can
-
someone help him? Signal Angel needs a mic.
Yes, it's almost there. Brains are
-
working.
Signal Angel: Thank you. Is there a cheap
-
method to spam for some trees, for
example, by booking flight under a false
-
name and then canceling the flight?
Bijan: Well, I think it's it's difficult
-
to say. I didn't get the very first words.
Sorry.
-
Signal Angel: Yes, the very first one was:
is there a cheap method to spam, to spam
-
for some trees?
Bijan: Yeah. Theoretically, I don't think
-
that anything could speak against that.
Yeah, but the problem is that you would
-
need to cancel very late because, um, I
think the first time they push the data,
-
the airlines are pushing the data to the
national police is, 48 hours before the
-
before boarding. So that might come to
become a bit expensive.
-
Laughter
-
Walter: I would want to make a general
remark also on that. Of course, here,
-
especially here, thoughts like that, how
to hack the system are very important and
-
can help. But our general approach is to
take legal action to protect all people at
-
the same way, and not only those who who
are able to protect themselves or hack the
-
system or whatever. So that's the reason
why we both go this general way to bring
-
that down. Completely.
Herald: And other question here. Yes.
-
Sorry, sir. Please.
Q: What do you expect as a result of your
-
litigation if you are successful in court?
Will ... do you expect the courts to
-
strike down the directive entirely, or do
you expect another legislative process to
-
do the same thing again or to fix, quote
unquote, the directive in very small ways
-
just to to drag out this battle and
continue the practice. What do you think
-
the effects will be?
Bijan: Well, we think that the European
-
Court of Justice, if it follows our
argument, our reasoning, it should it will
-
strike down the PNR directive entirely,
because the way it is set up is
-
fundamentally not in in accordance with
what it earlier ruled so far. Unless it
-
will change its its entire history of
ruling on data retention and so on and so
-
forth. But of course, we will expect the
member states to push for another
-
legislation that may be similar, but not
the exact same thing. So I can imagine
-
something of a of the sort of data
retention of telecommunications, as it
-
were, and with airlines retaining the data
and keeping it for a shorter period of
-
time and only giving it out when there is
a specific request with, where there is a
-
specific reason for law enforcement to ask
for the data. I could imagine such a thing
-
coming up again and then we would need to
check whether this is illegal or not. And
-
maybe go through the whole procedure as
well. But it is it would be an immense
-
success if the PNR directive as it stands
would be void. Declared void.
-
Herald: Thank you. Someone else has a
question. I see the person here.
-
Microphone one, please.
Q: Hel-lo, yeah. Okay, so you had the
-
agreement that, uh, there are a lot of
false positives when they checked up PNR
-
data. Um, do we have any information how
long it takes for them to react on the PNR
-
data if they get a positive hit? So maybe
they won't react after the person has
-
landed and already, uh, is in the country?
Bijan: They claim that they can act
-
immediately, but we can't know that for
sure. So the fact that they had 57 arrests
-
at the airports signals that at least that
in some respects this is true. But we
-
cannot know for sure how much, how quickly
they they they kind of react. And keep in
-
mind, this is only the start. So, so far
in Germany, right up until the point where
-
this the data that I presented for Germany
came about, there were only 9 airlines, I
-
think, that were linked to the system. So
expect there to be much more data coming
-
in. And once they start with a
predetermined criteria thing, this will
-
multiply probably. Um, even so, I cannot
imagine unless they they ... have this
-
new, um, thing with hundreds of people
involved that they can act immediately in
-
each and every case.
Herald: Thank you. There is a question
-
again on the Internet. Yes.
Signal Angel: Yes. How come, you haven't
-
tried voiding the local at one provisions
that this PNR there for intra EU flights? (???)
-
That seems most likely against Schengen
provisions.
-
Bijan: We have addressed that as well. We
have picked intra-EU flights also. We have
-
not just picked flights that go extra EU,
but, we've also made the point about the
-
the violation of Schengen criteria. But
that is not so much that is not the focus
-
of our argument because they are, in our
opinion, much stronger ones. Because with
-
Schengen you would need to argue that it's
practically impossible to enter the
-
country without being held up and you're
not being held up in a physical form, at
-
least not in general, generally. And so
this argument is a bit more difficult than
-
having an actual border checking of
people. But we're making this point, of
-
course. And but we rely on other points
that we think are stronger.
-
Herald: Okay. Please. Microphone number
one, please.
-
Q: Is there also data being collected on
flights inside a country. So, for example,
-
from Munich to Berlin.
Bijan: Not yet. Not under the directive.
-
And theoretically, of course, that the
German legislator or any other legislator
-
could decide to include that as well, but
not so far.
-
Herald: Number two, please. Microphone.
Yeah.
-
Q: I was wondering how much, uh, false
negatives are in there. You know, that,
-
like, uh, these big databases. If I don't
act like a normal terrorist or something
-
than I am?
Bijan: We don't we don't know,
-
unfortunately, not yet. Um, I did. I think
it would be very interesting, especially
-
for the predetermined criteria , to see
how many they miss. Um, but yeah. No, not
-
nothing at.
Herald: Yeah, and there is no undo button,
-
I think. No. No. No undo. That's always
the thing that I that I'm worried about,
-
you know. Then you have an announcement
about France's data that go out and then
-
you can't have an undo. So what do we do
then? It's always new. Yeah, you can keep
-
this for five years now. But who says it's
there for five years and what kind of
-
interpretation to get out of it for five
years? After five years?
-
Bijan: You can't know in
which database you will be transferred in
-
the meantime, because law enforcement can
access the data of that very data set and
-
forth for that data and the PNR data set
and put it in another data set because
-
they have whatever reason to do so. And
then these are again enlarged and
-
enlarged. And then you will find another
reason why they should remain in there for
-
a longer time. So, yeah. That's why we're
fighting this now and hoping to change the
-
future.
Herald: How do you see your chances?
-
Actually, uh, a long term or short term
chances to get to that point is that?
-
Bijan: We are very convinced that we will
be successful, because otherwise we
-
wouldn't have started this. This is one of
our principles. We only do things that we
-
are convinced of being able to win and we
think that we will win this. And what will
-
come out of it? Referring to the I think
the second and the second question
-
earlier. And what will be happening in the
future with other legislation? I can't
-
know. But one argument the police is
always making or in private, at least to
-
me, are is that they're saying, well,
people will get used to it and it won't be
-
in in five or 10 years. Nobody's gonna be
wondering about things like this. And this
-
is exactly what we are working against,
that this never becomes normal, because if
-
this becomes normal, as I've argued
before,
-
applause
Herald: needs an applause Yes.
-
Bijan: If it becomes normal, as I've
argued before, it is easy to extend it to
-
all sorts of life and ways of life and
walks of life. And this then would be in a
-
surveillance state par excellence.
Herald: We were very close there. So we
-
need to support them really hard. There is
one last question I suggest. No. There is
-
two questions. Number two. Yes.
Q: Does the PNR directive apply only for
-
regular scheduled flights? So does it also
apply for private flights? The general
-
aviation business flights, etc.?
Bijan: Good question. I don't know.
-
Actually, I look into that and. Write me!
Come, come here later and I'll check and
-
I'll give you an answer.
Herald: Then there is one at number one.
-
Q: I just wanted to ask a question in
response to the idea that this is becoming
-
very normal, because one thing that I
think has become very normal that hasn't
-
been mentioned explicitly is the idea that
people can be essentially put on a watch
-
list as being a potential criminal in the
absence of a crime. And we have these
-
terrorist watch lists all over the world
now. That is now the new normal. And I
-
think that's very problematic. And can you
just maybe talk about: Do we, do you see a
-
future where we can actually get back to,
you know, only arresting or investigating
-
people because of probable cause, for
example?
-
Bijan: Oh, I hope that this will be our
future. But, uh, about that point, that
-
very point, I'm not too optimistic, to be
honest. I am optimistic about one other
-
one. Another thing that is that these
instruments that are now being created
-
will prove to be highly ineffective, as
we've so now see now already with checking
-
against databases, that is already a lot
of work and very tedious work. But with
-
the idea that you can define criteria for
people that that are legitimately to be
-
suspected of committing a crime in the
future, I think it will prove, at least
-
for the next few decades, to be quite
impossible. And this is I don't know if
-
this came across correctly sufficiently,
but this is really the core issue that we
-
have with the PNR directive. They are
claiming that they can find suspects of
-
crimes or future crimes. Imagine! Not not
someone that has committed a crime or that
-
will definitely commit a crime, but that
can reasonably be suspected of committing
-
a crime in the future, and then act upon
that. And that is really a huge step into
-
what I called voodoo, about the
expectation that you can take data and
-
prevent crime. Minority Report times.
Yeah. To the power five. I don't know.
-
Herald: Sit back and relax. Thank you
Bijan and thank you, Walter, for this
-
fantastic lecture. Please support them at
noPNR dot EU, go to their booth as well.
-
And thank you all.
-
36C3 postroll music
-
Subtitles created by c3subtitles.de
in the year 2021. Join, and help us!
