ECJ – Security Architectures in the EU

New pre-authorization system: Profiling of passengers could also be banned for Frontex

Under the new ETIAS system, Frontex processes application forms from travelers from visa-free countries. The border agency is to develop an algorithm to determine their risk. A court ruling may have brought those plans crashing down.

On Tuesday, the European Court of Justice (ECJ) published a landmark decision on the EU’s passenger data system. Among numerous other violations of fundamental rights, the court in a preliminary ruling criticizes the use of „self-learning systems“ that search for anomalies in the mass data that is collected without any reason.

The automated pre-assessment of travelers is also criticized. According to the ECJ, the use of predictive selectors or algorithms must be ruled out in the warrantless screening of passengers. The ruling is thus also significant for the European Travel Information and Authorization System (ETIAS), which is to use algorithms to profile all travelers from third countries. It is scheduled to go live in nine months. „New pre-authorization system: Profiling of passengers could also be banned for Frontex“ weiterlesen

Data retention and decryption: Justice and Home Affairs Council wants more surveillance

EU member states will call for bypassing encryption also for counterterrorism and law enforcement. In addition, the entry of extremism suspects should be prevented and their assets frozen in the Union.

Tomorrow, the EU justice ministers will hold their regular meeting in Luxembourg, followed the next day by the interior ministers. Together, they form the Justice and Home Affairs Council, where member states adopt pending legislation or make policy statements.

In addition to the legislative projects, the interior ministers also want to adopt conclusions on the fight against terrorism on Friday. Under the title „Protecting Europeans from terrorism: achievements and next steps“, measures are called for in various areas. There are now several versions of the document, all of which have so far been classified. However, the British civil liberties organization Statewatch has posted an April 11 version online. „Data retention and decryption: Justice and Home Affairs Council wants more surveillance“ weiterlesen

Prüm II: EU Committee criticises planned obligation for facial recognition

All EU member states are to network their police facial images and investigation files across Europe. This puts pressure on some governments without such systems.

The European Economic and Social Committee (EESC) has criticised plans to oblige all EU member states to set up a uniform system for police searches of facial images. The EU Commission had presented such a proposal for a new regulation in December. It is to extend the automated data exchange under the Prüm decisions to facial recognition.

In its opinion, the EESC writes that member states should decide for themselves whether to follow the extension of the Prüm system to facial recognition, which was adopted in 2008. So far, such matching is only possible for fingerprints and non-coding DNA data. „Prüm II: EU Committee criticises planned obligation for facial recognition“ weiterlesen

European Court of Justice: Controls at the Schengen borders may not be extended arbitrarily

Some EU members still control their internal borders excessively. However, exceeding the time limit of six months is incompatible with the Schengen Borders Code. Governments and the EU Commission must now react.

The lifting of internal border controls is often praised as the greatest achievement of the European Union. However, especially for migration control, many countries have made use of the possibility of temporary reintroduction and have extended this regulation, sometimes dozens of times. This is contrary to EU law, ruled the Court of Justice of the European Union (ECJ) in Luxembourg last week.

The case was brought by the Austrian citizen N.W., who refused to show his passport at a checkpoint at the Slovenian border in Austria and was ordered to pay a €36 fine for this according to a court ruling. In a second case, W. challenged the judgement. The Regional Administrative Court of Styria therefore referred the matter to the ECJ for a preliminary ruling. Now the courts in Austria have to deal with it again. „European Court of Justice: Controls at the Schengen borders may not be extended arbitrarily“ weiterlesen

German Police: Interventions more than doubled after exchange of passenger data

The EU PNR Directive is leading to more and more interventions by the German authorities. An extension to rail, bus and ship travel is not yet off the table, but before that the Court of Justice in Luxembourg will rule on the legality of the law. Similar agreements with Canada and Japan are apparently no longer coming into being.

The storage and processing of passenger data in air traffic led to significantly more interventions by the German Bundespolizei (Federal Police) last year. According to an annual report that has only just been presented, its headquarters received 25,280 personal data from the Federal Criminal Police Office (BKA) with a request for so-called follow-up measures. In 2019, this number was still 10,900, according to the report, which results in an increase of around 132 per cent despite a pandemic-related decline in passenger numbers. „German Police: Interventions more than doubled after exchange of passenger data“ weiterlesen

EU project iBorderCtrl: Is the lie detector coming or not?

A document made legible again reveals how the beneficiaries of EU security research have been pushing for legislative changes for the introduction of prohibited technologies. The EU Commission is now funding a follow-up project with 8 million euros.

For three years, a consortium of European companies, institutes, universities and police forces had been working in an EU project on technologies to make the work of border and customs authorities easier. Several applications were combined in a „Intelligent Portable Border Control System“ (iBorderCtrl), which officers can access via a mobile device. The principle is that travellers feed as much personal data as possible into the system themselves before entering the country.

The platform then carries out a risk assessment and includes other data sources. An algorithm decides whether the person is classified as harmless. Then the border crossing at automatic control gates can take place quickly and smoothly. Those who are classified as risky by iBorderCtrl have to go through a „manual“ border control. „EU project iBorderCtrl: Is the lie detector coming or not?“ weiterlesen

Behavioural analysis and Twitter check: EU security research tests new „lie detector“ for border control

The EU Court of Justice is to decide how extensively the Commission must inform about a research project sensitive to fundamental rights. The decision is of great significance, because the successor to iBorderCtrl, which has long been terminated, is also problematic.

Last week, the European Court of Justice (ECJ) in Luxembourg heard a case on the disclosure of the EU security research projec iBorderCtrl. It was supposed to develop a system for quick and easy border control. Travellers are thereby screened for suspicious behaviour with a risk analysis. It is not known how the platform will implement this in concrete terms. That is why MEP Patrick Breyer, who sits in the Brussels Parliament for the Pirate Party, has sued the EU Commission for more transparency.

From 2023, the EU will put into operation a „Travel Information and Authorisation System“ (ETIAS) in which entries must be declared before crossing the border. This affects all third-country nationals, even if they do not require a visa. iBorderCtrl is one of the projects that should develop or improve individual components of the ETIAS. This includes the fusion and analysis of as much traveller data as possible. „Behavioural analysis and Twitter check: EU security research tests new „lie detector“ for border control“ weiterlesen

European Commission finds shortcomings in the implementation of the Passenger Name Record Directive

Only two EU Member States have not yet implemented the EU PNR Directive, and almost all of them also use it for flights within the European Union. There are problems with data protection and data quality. Regardless of the lawsuits before the European Court of Justice, the EU Commission is working on an extension.

Four years ago, the European Union adopted the „EU Passenger Name Record (PNR) Directive“. In order to prevent, detect, investigate and prosecute terrorist offences and serious crime, the 26 EU member states participating in the directive are to set up a Passenger Information Unit (PIU), which will receive extensive data records on passengers from the airlines when they book and board flights. The European Commission has now submitted a report on the implementation of the measures, as required. „European Commission finds shortcomings in the implementation of the Passenger Name Record Directive“ weiterlesen

New agreements: European Union wants to expand use of passenger data

The EU Parliament is to deal with a new agreement on the exchange of passenger data with Canada. So far, PNR agreements exist only with the USA and Australia, but now the EU Commission also wants to negotiate with Japan. Others could follow after the International Civil Aviation Organization adopts new standards.

The member states of the European Union want to conclude a further agreement on the transmission and use of passenger data. A proposal to start negotiations with Japan was published by the EU Commission in September, and the EU interior ministers intend to adopt it at their next meeting in Brussels at the beginning of December. The EU Parliament will not be involved, the MEPs can only vote on the negotiated treaty. „New agreements: European Union wants to expand use of passenger data“ weiterlesen

EU surveillance state

The EU is increasing the surveillance in its Member States. US authorities could soon also wiretap legally in Europe

The new European Parliament is to be constituted in September, after which the EU Commission will be re-elected. The governments of the member states use this phase to put far-reaching surveillance measures on track. This week the Justice and Home Affairs Ministers debated this on their Council meeting in Luxembourg.

Data retention is right at the top of the agenda. EU-wide, Internet and telephone providers are to be forced to store data on customers and their communications for years. If necessary, these could later be queried by police authorities or secret services. Although the European Union adopted a corresponding directive in 2006, it was declared invalid ten years later by the European Court of Justice (ECJ). As a result, many member states issued national regulations that differ in the depth of intervention or storage period. „EU surveillance state“ weiterlesen