Recent terrorist attacks in Brussels, Paris and San Bernardino have accelerated the need for governments to use all effective tools to deter additional plots. The European Union (EU) has taken a wise step toward keeping nations and citizens—their own and ours—safe and secure by approving the use of aviation Passenger Name Records (PNR) as part of increased information collection and sharing.
The European Parliament’s recent decision to approve the PNR law will allow the collection and sharing of airline passenger information data with the goal of preventing, detecting, investigating and prosecuting terrorist offenses and serious crimes. Specifically, it will require airlines to provide passengers' data—names, passport numbers, flight itineraries, etc.—to national authorities for all flights to and from countries in the EU. This information flow is especially helpful in this region, where international visitors can travel by car or rail to various other member states within Europe once they’ve arrived. But with travel systems becoming more and more integrated, and threat matrices becoming increasingly global, the move’s benefits will extend far beyond the EU.
By collecting, sharing and analyzing PNR information, intelligence agencies will be able to detect patterns of suspicious behavior, prevent threats from entering the EU, and investigate plots once terrorist suspects are identified both before and after incidents much more comprehensively than they’ve been able to in the past. This information-sharing process is an effective investigative tool that enhances the ability of authorities to track the travel patterns and associates of terrorists or criminals once they’ve discovered a potential or actual plot. Identifying and scrutinizing suspects lessens their ability to do harm not just in Europe, but on our side of the pond, as well.
And fortunately, the Europeans have a tested model from which to build their own PNR system: ours.
Following the 9/11 attacks, the United States placed a significant emphasis on identifying potential threats seeking to fly to or enter it, particularly through reforms suggested by the 9/11 Commission which famously noted: “Targeting travel is at least as powerful a weapon against terrorists as targeting their money.” We built the Advanced Passenger Information (APIS) and PNR systems that made the collection, sharing, and review of passenger information mandatory for international flights to and from the United States as well as for domestic flights. Building these systems was complicated, but in the process we learned that these programs double as both effective counterterrorism tools and a way to facilitate legitimate travel.
The EU has given national governments a delivery deadline of two years for PNR implementation. Fortunately, our country’s arduous path towards implementing these systems provides a framework for the EU that should help countries adopt these security measures smartly and efficiently. European nations will be able to draw best practices from the United States for a more seamless implementation—from tackling privacy concerns to building mechanisms for redress, both of which required complicated balancing of privacy and law enforcement sources and methods.
While at the Department of Homeland Security, one of the most difficult aspects of PNR I dealt with as Assistant Secretary for Border and Transportation Security Policy under Secretary Tom Ridge was the privacy issue. While Congress had passed a law mandating the collection of passenger information from all international flights to the United States, the EU member states viewed their privacy laws as forbidding the sharing of passenger information for European nations. Eventually in 2004, we negotiated a treaty with the EU, with provisions stipulating storage duration limits for passenger information, limitations on sensitive information like religious affiliation, and guidelines on redress for people who felt mistreated. This agreement, now in its third iteration, implemented a system that is effective and helps to keep the homeland secure while not invading travelers’ privacy. This agreement helps ensure that flights coming from Europe, mostly full of returning U.S. citizens and Europeans traveling under the Visa Waiver Program, are thoroughly vetted before travel.
These lessons will help guide the EU’s implementation of PNR, which will greatly assist in preventing terrorism and crime in the EU, the United States, and around the globe. Potential malicious actors will face additional scrutiny, which will in turn help to identify and prevent terrorist cells from forming or festering in Europe.
Operating under different legal regimes for privacy protections and different historical circumstances about government surveillance, perhaps it is not surprising that it has taken the EU a decade to come to the same conclusion as the United States about using aviation passenger information as a counterterrorism tool. The U.S. experience with PNR is a roadmap for Europe and demonstrates a powerful information tool to find the terrorist and criminal needles in the very valuable travel haystack.
C. Stewart Verdery, Jr. served as Assistant Secretary for Border and Transportation Security Policy and Planning at the Department of Homeland Security from 2003-2005. He is founder of the consulting firm Monument Policy Group.
Image: APC/Global Entry kiosks at an airport. Department of Homeland Security photo, public domain.