Building resistance to post-9/11 overreach

What happened

In the aftermath of 9/11, Governments across the world rushed to legislate to expand surveillance. Governments

  • Moved to limit debate and reduce consultations as they legislated with speed.
  • Created new systems to collect data on all travellers, for the purpose of profiling and risk scoring.
  • Expanded identity schemes, and began demanding biometrics, particularly at borders.
  • Developed financial surveillance mechanisms on an unprecedented scale.

What we did

Few non-governmental organisations were positioned to deal with the global nature of governments’ ambitions. In this environment, we too were small and under-resourced, so PI had to move strategically. We worked closely with organisations like the American Civil Liberties Union on how the US was influencing the rest of the world, and with Statewatch in Europe. With Bits of Freedom, we co-founded a European NGO, European Digital Rights (EDRi). In the UK we helped found the anti-ID card campaign, NO2ID. We drafted campaigns and advocacy materials that were signed on by NGOs across the world, experts, and sometimes even by industry and regulators. 

We campaigned at the European Union on the issue of ‘passenger name records’ (PNR). Changes in US law required airlines to provide government access to their reservation systems. This allowed broad access to sensitive data of all passengers. We worked at the European Parliament and pressured privacy regulators to push back against these demands. We also worked with the airline industry to understand how passenger data was being used. In concert we achieved pushbacks against egregious demands from the US Government and limitations on profiling.

We fought against biometric identity systems across the world. We placed pressure on the International Civil Aviation Organization (ICAO) and the EU on their biometric standards. We campaigned in the UK, US, and Japan against biometric collection at borders. We raised concerns about the fingerprinting of children at EU borders. We pushed the UNHCR on their use of biometrics. We worked in the US and Canada to increase the understanding of risks of surveillance-oriented identity systems, including engaging with the Privacy Commissioner of Canada, the US Federal Trade Commission, and the Department of Homeland Security.

When the New York Times disclosed the secret SWIFT agreement where the US Government had direct access to the financial network firm’s transactions, we filed complaints in 39 jurisdictions that this breached data protection law. We worked closely with regulators and with SWIFT to increase understanding of the nature of the access. The European Parliament passed a resolution subsequent to our complaints. 

Where things stand now

The fight on these issues continue. 

Global civil society is now strengthened and experienced on these issues. EDRi is a vibrant organisation. NO2ID achieved many of its goals on the UK ID card, though foreigners are required to register their biometrics and this system will likely expand with Brexit.

The European Parliament was initially strong in resisting US demands but eventually the EU began to see its own interests in collecting vast amounts of data, and now PNR is used for monitoring travel. The EU continues to expand its border surveillance, and the US is introducing new initiatives every year.

In 2006 the EU decided to include fingerprints in their biometric travel standards. We managed to ensure that the UK did not adopt this standard, thereby undermining the business case for the proposed ID cards scheme, which eventually fell. Governments across the world are now again expanding their data collection practices with new technologies.

The EU and US had to negotiate a treaty over access to SWIFT’s data and regulate it with elements of judicial oversight. The financial sector remains under vast surveillance — and new initiatives are being developed for deepening and expanding data collection and analysis. Innovations in the sector are seeking to increase data processing across the board, and ID systems are being linked increasingly with financial systems.

What we learned

Governments play a long game on their surveillance ambitions. With every victory and pushback we had against their more egregious demands, governments would either wait and reintroduce their policies when they had a political advantage, or they would conduct the surveillance in secret. Constant vigilance and engagement with policy-makers, regulators, industry, and experts is required to even maintain the line. 

Hard lessons

Working in the immediate aftermath of 9/11 era was challenging, but people were more shocked at the abrogation of rights at that moment than they were even just a few years later. Normalisation takes root quickly. Even governments who intially resisted demands from the Bush Administration and were wiling to work cooperatively eventually saw how they could take advantage of similar forms of surveillance, until we were alone without motivated allies.

What we are doing now

We continue to place pressure on governments. We also pressure industry to pushback against governments’ demands. We are reviewing the expansion of border surveillance particularly through the use of security assistance agreements with other countries.