Three months after it tightened security screening of airline passengers, the US Transportation Security Agency is replacing one of its most controversial rules. But this has not quelled the growing debate over others.
The alleged Christmas Day attempt by a Nigerian passenger to blow up an Amsterdam-Detroit flight prompted new rules and led President Obama to order a review of their effectiveness. Following that review, TSA dropped its requirement of enhanced screening for all in-bound passengers from designated countries, and replaced it with a system that relies on "intelligence indicators". The earlier system, in effect only since January, called for secondary screening of all nationals or visitors from 14 mostly-Muslim countries.
Screening based on nationality has now gone the way of bans on using the toilet during the last hour of flight - both have been jettisoned. But the debate intensifies over other security measures.
One of them is the growing use of full body scanners. By year's end TSA plans to have 200 body scanners installed in US airports, with a goal of 900 by 2014. Privacy, civil liberty, and some religious groups question the reliability of these devices, which are designed to detect non-metallic weapons and explosives, and claim they cannot spot items hidden in body cavities. Muslims argue that body scans violate Islamic law, while privacy groups complain that they amount to a virtual strip-search. Others fear health risks, especially for pregnant women and children. The TSA has tried to quell these concerns, pointing to the low level of scanner radiation, procedures to ensure passenger anonymity during scanning, and the option for a pat-down by a same-sex security guard in lieu of scanning. Yet critics still complain about inadequate information for passengers.
US requirements for carriers to transmit passenger name record (PNR) data to TSA on all inbound flights have existed since the US Secure Flight programme started. But new issues in Canada and Europe have revived claims of sovereignty and complaints that the USA fails to respect the privacy laws of other countries.
Secure Flight applies not only to domestic and in-bound foreign flights, but also to flights through US airspace. After Canadian objections, Canadian domestic flights that overfly the USA were exempted. But TSA still wants PNR data on flights between Canada and such sun destinations as Mexico that cross the USA without stopping. Until now, Canadian airlines have compared their passenger manifests with Canadian watch lists. Now the TSA wants them to transmit their data to the USA, as it aims to take over all list-matching for foreign passengers by year end. Transport minister John Baird is awaiting an opinion from Canada's privacy Tzar before ordering Canadian carriers to comply.
The legality of PNR data transfers to the USA from European carriers has faced a turbulent past. An initial deal was annulled by the European Court of Justice in 2006, since then European airlines have furnished more limited data under a provisional agreement. But Europe's adoption of the Treaty of Lisbon in December now requires that Europe's parliament approve such international arrangements. This approval is by no means a foregone conclusion. Two years ago the parliament declared "minimum conditions" for data transfers. These include standards on data protection, how long it may be retained, and the status of any agreement providing for it.
Like a warning shot across the bow, in February the European Parliament rejected a US proposal to share bank data for counter-terrorism purposes. Their reasons were partly procedural, but many members of parliament raised concerns about a lack of adequate privacy safeguards. Washington has dispatched a Homeland Security official to Strasbourg in an effort to head off a move by the European Parliament's civil liberties committee to delay until autumn approval of a US/EU deal on PNR transfers. The committee wants to develop its own model on what data European airlines should transmit, what uses can be made of it, and for how long. Some committee members hope to develop uniform standards that would apply to data requests from any country.
Part of the committee's reason for seeking a delay is to avoid a repeat of the February vote that killed the bank data plan. Because an earlier, more limited EC/US deal on financial data remains in effect, the February rejection did not slam the door on all trans-Atlantic co-operation. But there is no backup deal on PNRs. If Europe's parliament turns down the current agreement, according to committee co-ordinator Sophie in 't Veld, "the consequences will be much more serious".
Meanwhile the EC has raised the stakes by demanding the USA provide PNR data for US passengers flying to Europe, and to allow Europeans to sue in US courts if they suspect US misuse of their data. Instead of moving toward agreement, both sides seem to be digging in.
For more on the challenges ahead for the new European Commission