THE ATLANTIC COUNCIL OF THE UNITED STATES
TRANSATLANTIC SECURITY, DATA SHARING AND PRIVACY PROTECTION: A U.S.-EU DIALOGUE
WELCOME AND MODERATOR:
PRESIDENT AND CEO,
THE ATLANTIC COUNCIL
U.S. DEPARTMENT OF HOMELAND SECURITY
VICE PRESIDENT, JUSTICE, FUNDAMENTAL RIGHTS AND CITIZENSHIP, EUROPEAN COMMISSION
THURSDAY, JULY 8, 2010
Federal News Service
FREDERICK KEMPE: A very warm welcome to everyone. I’m Fred Kempe. I’m president and CEO of the Atlantic Council. We are privileged, this evening, to be joined by two extraordinary leaders, Secretary of Homeland Security Janet Napolitano – it’s wonderful to have you with us – and Vice President Viviane Reding, European commissioner for justice, fundamental rights and citizenship.
Overlaps a couple of cabinet positions here, but probably very close to the Eric Holder position, but others as well. I know her, of course, from my time at the Wall Street Journal Europe in Brussels, where we covered you in a different – Madame Reding is the longest-serving commissioner in Brussels, but even dearer to my heart, she started her career as a journalist and them moved from there into politics.
Shortly, we will have the honor of hearing from both principals on the topic of our forum, which we call “The Data Quandary: Trans-Atlantic Homeland Security and Privacy.” Their remarks will be followed by a question-and-answer period involving our audience, which is comprised of many distinguished guests and subject-matter experts, ambassadors, senior diplomats, board members and members of the Atlantic Council. And they’re designated in the list of attendees.
In particular, I want to recognize our partners, including SAS and LexisNexis, as well as Boyden Gray, our former ambassador to the European Union and a member of our board, for their support in organizing this two-day forum. I want to extend a special welcome to Boyden, who is here, as well as Thomas Spiller from SAS and Asim Fareeduddin, Ji Won (ph), Kim Femme-Richards (ph) and Arnold Felberbaum from LexisNexis and Reed Elsevier. Thank you for being here.
Our featured guests this evening, Secretary Napolitano and Vice President Reding, have much in common. Both have highly distinguished academic and professional careers. Both are pioneers and devoted public servants, highly respected for their skill, intellect and vision. And both, by virtue of their important responsibilities, are in the vanguard of changes exceptionally important to the trans-Atlantic alliance.
And I think it’s a measure of their importance that the Atlantic Council has taken on these issues as one of its areas of focus, and that is protecting the security and safety of our citizens in this complex era of international terrorism and organized crime, while safeguarding the cherished privacy and other civil rights at the core of our shared democratic values. Security and privacy: We know that this great challenge of our time is not an either/or proposition.
And our distinguished guests know so well both objectives are fundamental to one another. In a real and profound sense, the ability of our citizens to be safe against terrorist violence and criminal depredation is a right. And the preservation of civil liberties is an essential element of long-term security.
Proof of our progress in these fields – and I want to thank you, Madame Vice President, for providing news on a day when we’re having this event. It was very thoughtful of the European Parliament to do this. Proof of this closer cooperation is today’s welcome news of the European Parliament’s passage, by a quite considerable majority, of a new terrorist finance-tracking program known as TFTP. This agreement makes our all-day forum tomorrow all the more salient.
This is an excellent sign, but other challenges remain. And of course, the recent terrorist arrests in Norway once again highlight the shared threat. As we overcome this hurdle on TFTP, we should consider how we can move forward, finding new ways to cooperate in areas of need, not just in revisiting previous agreements.
Tomorrow, we will convene over 40 officials and subject-matter experts from the United States and Europe, representing diverse disciplines and perspectives in the security/privacy dynamic. The dialogue’s aim is to help develop approaches and solutions to reconcile competing equities and meet key challenges to progress. We will have the privilege of delivering our work to our distinguished principals in the hope that it will advance their work in the common interest of Europe, the United States and, we hope as well, the broader world.
So we thank you both for your service and leadership and we look forward to your remarks this evening and to our work tomorrow and beyond. So let me – to make this simple, I’ll introduce you both briefly. Then we’ll hear your comments: first, Secretary Napolitano and then Vice President Reding. And then I will rejoin you on stage and we’ll have a question-and-answer session.
Janet Napolitano serves with distinction as secretary of homeland security, a position held since her appointment in January 2009, after serving as governor of Arizona from 2003 to 2009 and, I might add, as the first female chair of the National Governors Association.
She recently returned from her latest trip overseas as part of a joint initiative with the International Civil Aviation Organization to build international consensus on aviation security, including in areas of data sharing. This mission has taken her to Spain, Mexico, Japan, Nigeria and, finally, the UAE, all within the past six months. You really have defined the office of homeland security as what it is, an international office.
Vice President Reding is the EU commission for justice, fundamental rights and citizenship. She served from 1999 to 2004 as European commissioner responsible for education, culture, youth, media and sport. And from 2005 to 2009, she was the European commission for information, society and media.
In November, last year, she became one of only five vice presidents of the European Commission. And as I said earlier, she began her career as a journalist and then in the Luxembourg Parliament. And from 1986 to 1998, she was president of the Luxembourg Union of Journalists.
She could be understood by Americans as the protector of the EU Charter of Fundamental Rights, which range from freedom of expression to protection of personal data. In the information age, she has said that safeguarding an individual’s right to privacy “requires a shift of focus for the policymakers.” Now, in her new role, she is in the process of pushing for an ambitious U.S.-EU agreement that would protect personal data rights while fighting crime and terrorism.
We’re honored and delighted to have both of these leaders with us tonight. Please, let me first turn the floor over to Secretary Napolitano. (Applause.)
SECRETARY JANET NAPOLITANO: Well, thank you. It’s a delight to be here. Fred, thank you for that warm welcome, although on a day when it’s 102 in Washington, I guess any welcome would be warm.
And I wanted to point out I began my career as a journalist too. I was editor of my high-school newspaper and I hope I get points for that. And it’s a joy to welcome Vice President Reding to Washington, D.C. We’ve met earlier this year abroad and have spoken since. And I really look forward to working with her on a number of agreements with respect to security and privacy moving forward.
We have been wrestling with many of the same issues in recent months, including, as you might imagine, how we secure air travel while protecting individual freedom and right. And while much has been made of our differences, in fact the United States and the EU work closely together and share a strong commitment both to security and to the rights and liberties of our citizens.
So last October, we concluded more than two years of negotiations on 12 shared principles for law enforcement and security cooperation, while protecting data. These were the so-called high-level contact group principles. And today’s approval by the European Parliament of the Terrorist Finance Tracking Program, TFTP, is another example of strong cooperation.
So before these important working-group sessions convene, I want to stress a few key points. First, there is a long history of information sharing between the United States and Europe with no record of misuse of data. There are, however, plenty of misperceptions. European nations and EU member states have been sharing personal information with the United States government for some 30 years.
And European airlines have provided PNR data to the United States in an operationally effective way, under United States law, since 2002, with no complaints that the United States has, in fact, misused the data. This success has been confirmed by two joint reviews by the Department of Homeland Security and the European Commission since 2004 and three internal Department of Homeland Security audits by its chief privacy officer.
Individual travelers who believe we may have made decisions based on inaccurate data can seek to receive copies and corrections under both the Freedom of Information Act and the Traveler Redress Inquiry Program.
Second and this is a good segue because second, both of us have strong privacy and data-protection laws. For example, our laws recognize that people have an expectation of privacy, that we must have a specific purpose for collecting data on an individual that is validated by the person’s consent or law, that an individual should be able to find out what data the government holds about them and be able to correct it if it is inaccurate, that effective oversight is required to ensure that the government does not abuse the public trust and that an individual should be able to go to the courts if their data is used contrary to law.
Now, these are, in fact, some of the 12 agreed-upon principles I referred to. And in the United States, we have developed mechanisms to implement these principles consistent with our legal and institutional history. In the Department of Homeland Security, we have both a privacy office and an office for civil rights and civil liberties.
They are both active participants in formulating policies before policies are implemented. And privacy protection is designed into our programs before there are begun. They are fully integrated in the decision-making process at the department, throughout its many components. And each of these areas, CRCL and privacy, both offices are led by lawyers who are nationally respected leaders in their own fields.
Now, privacy protections are also integral to the international agreements we’ve signed with our partner countries. The principles I outlined above and all of the fair information practice principles are memorialized in every information-sharing agreement and program we carry out.
The U.S.-EU mutual legal assistance and extradition agreements, the U.S. agreements with the EU institutions Europol and Eurojust, as well as numerous criminal and terrorist information-sharing agreements we have concluded with EU member states all reemphasize our shared goals of security cooperation hand-in-hand with privacy protection.
DHS, the department, received literally thousands of requests from individuals for their information or for corrections to be made to their records. These most frequently take the form of Freedom of Information Act, FOIA requests or applications through the Traveler Redress Inquiry Program, known as TRIP.
Through TRIP, in the last year alone we successfully adjudicated nearly 40,000 requests from people all over the world. And indeed, of all the EU’s significant trade, travel and investment partners, I don’t think any country provides any kind of – or the same kind of security cooperation and privacy protection that the United States, in fact, has.
Third major point: Today’s new threats require a new look at security and information sharing so we can continue to keep our citizens safe. Now, too often the effort to develop the best policy, especially where a national security question is raised, is portrayed as the same kind of ideological tug of war that we see too often in politics, where you need to either be on one side or on the other.
But this is not an either/or problem. We need to protect both our national security and our national values. And there is a simple fact underlying this dynamic: One cannot live free if one lives in fear because people are more able to exercise their freedoms if, in fact, they feel safe. And protecting these freedoms from shared threats requires shared actions and shared responsibilities.
The bombing attempt last Christmas Day, the Amsterdam flight to Detroit, is a perfect example. That incident involved an American plane flying into an American city, but it was an international terror plot in almost every other way. The suspect’s travel originated in Africa. He transited Europe and was destined for the United States. Among the 279 passengers on board the flight, Northwest flight 253, were more than 100 Europeans and individuals from at least 17 foreign countries.
Brings me to my fourth point: We cannot backtrack. We need to push forward with approaches like passenger name records, PNR and advanced imaging technologies, AIT. These are both demonstrably better ways to keep our citizens and those of other countries safe and secure.
Let me touch upon PNR. Now, currently we are operating under the 2007 agreement between the United States and the EU that governs PNR data from airlines flying between the United States and Europe. I addressed the European Parliament last November to talk about the need to continue and expand our partnership. And I know that some EU countries have, in fact, begun collecting and analyzing PNR data on their own and have seen benefits from this.
In recent months, the European Parliament has passed a resolution with a number of preconditions before it would consider ratifying our PNR agreement. Some of those provisions already are in place, such as a privacy impact assessment. And others, since as restrictions on data mining and watch-list matching, are, quite frankly, unrealistic. So I welcome the European Parliament’s stance that we maintain the 2007 agreement.
We have lots to discuss before anyone should talk about taking the drastic step of abrogating an agreement that, in fact, works very well. PNR is a powerful tool for identifying risks to our aviation system, not just for the United States, but for all nations who use it.
For example, in 2008, using PNR, DHS identified over 1800 travelers from all over the world who were inadmissible to the United States because they’d violated U.S. laws, or who required a criminal investigation. In 2009, one-third of all persons denied entry to the United States on terrorism grounds were denied not because of law enforcement or intelligence tips, but because of analysis of their PNR data.
And to bring this home, let me spotlight the critical role that PNR played in three recent counterterrorism cases in the United States. Najibullah Zazi, who has pled guilty to plotting to bomb New York subways – these attacks, in fact, were stopped only hours or days before they were set to occur. Before his arrest, DHS used PNR to learn about the broader terrorist network to which Zazi belonged. And you may have the recent DOJ press release on that.
PNR also was key to identifying subjects and their associates in the investigation into David Headley, who pled guilty for his role in the 2008 Mumbai terrorist attacks and was charged with planning an assassination in Denmark of the Mohammed cartoonist. And just this past May, U.S. customs and border protection used passenger information, PNR, to help apprehend Times Square bombing suspect Faisal Shahzad before he fled the country. These are not isolated cases, so you will understand if I’m skeptical of any desire to change what we know works very well.
Let me turn to AIT, advanced imaging technology. The reality is clear: al-Qaida and other terrorist groups continue to target commercial aviation. And as we also learned last Christmas Day, they are attempting to use explosive materials that do not contain metal and, therefore, cannot be detected by magnetometers. This means that we need improved technology to secure the safety of passengers on board planes.
Now, let’s remember: The metal detectors we walk through were introduced decades ago. And they have, in fact, advanced very little since then, during a time when explosives and weapon technology has advanced and spread. And in fact, terrorists and would-be terrorists have learned about those techniques via the Internet.
AIT is an objectively better technology because it can pinpoint anomalies on a person’s body, such as a nonmetallic weapon or explosive, as well as other dangerous materials. AIT is reasonably fast and it is noninvasive. This makes AIT an important and, indeed, an essential security technology.
But it is one that has raised privacy and civil-rights and civil-liberties concerns and our department has worked to accommodate all of these concerns through a number of steps. I was pleased to see, therefore, that the EU recently issued a document also endorsing AIT to upgrade aviation security.
That brings me to my fifth and final point. We should not and cannot allow relatively minor legal or cultural differences or misperceptions to derail a security effort altogether. Now, every nation has different laws, customs and policies governing how information about its citizens is collected, stored and shared. But the differences that remain should not be used to suggest that one nation values privacy more than another, or that different privacy laws and legal systems are incompatible.
I think the time has arrived for us to work through any remaining issues and to agree on a common, collaborative framework addressing future privacy concerns. In May, Vice President Reding asked the EU to grant her the authority to negotiate such a framework, based on the work of the high-level contact group. And I support that decision.
Negotiating such a framework will be challenging, but we should do it based on the 12 principles already agreed to by the high-level contact group, our PNR agreements and our mutual legal assistance treaties.
So we have come far. We have strong relationships that bind us together, but we also have shared threats and shared responsibilities. Let me end my remarks there. I look forward to a good discussion of these issues and I look forward very much to Vice President Reding’s remarks. Thank you very much.
VIVIANE REDING: Dear Janet, ladies and gentlemen, I think it’s, for me, a privilege to address the Atlantic Council because I know you since quite a moment. I know you – and that you have not remarked – since I have started to learn how to practice politics. And that was as a member of the NATO Parliamentary Assembly, a long time ago.
And as a member of the European Parliament for 10 years – that is why I know how to maneuver, also, in order to read 485 votes, in the end, for the new agreement. And as a European commissioner since 1999, I have continued to reinforce the trans-Atlantic common market, which is not built only on the economy, but which is built on citizens, on human beings. And they need concrete actions.
So I am here now in front of you as the first ever commissioner for EU justice. Why the first ever? Well, because we do have a new constitution, the new Lisbon Treaty, with the Charter of Fundamental Rights. And this one puts into the hand of the Commission, which is the guardian of the treaties and which is the one who takes the initiative, the responsibility to bring this continent forward and to set, also, the foundations for a robust trans-Atlantic partnership in the field of justice.
Now, this partnership is not new, even if the function as commissioner for justice is new. But the partnership is long, integrated and successful. And it is such a robust partnership because we share the same values: the rule of law, democracy, freedom, solidarity, economic freedom and stability.
And because it is a partnership which is not based only on common interest, but also on common beliefs and on shared values, it is a destination. And that is also why it has always been and it will continue to be a win-win situation.
And ours is also a very multilayered relationship, which is built, of course, on a solid trans-Atlantic market, which, despite the current crisis, remains the biggest economic area in the world. It generates 4 trillion euros in total commercial sales a year and it employees 14 million workers on both sides of the Atlantic.
Now, this level of economic integration, alongside with the convergence of our values, is a very strong foundation on which we can now build our partnership further – a partnership which I do believe will become stronger thanks to the constitutional changes which have happened in the European Union. The new Lisbon Treaty reinforces the Union’s ability to speak with one voice in a more stable institutional setting.
We now have a permanent president of the European Council, who speak for the 27 heads of state and of government. We have a high representative for external affairs. And this morning, the European Parliament in Strasburg has voted for the setup of a common European diplomatic service in the next coming months.
And we have a reinforced president of the European Commission, representing the common interests of the whole continent. And adding to this the assertive European Parliament, with powers comparable to those of your U.S. Congress – now, that completes an institutional setting which empowers the Union with the authority to conduct business in many different areas, going from economic governance to an area of justice, freedom and security.
This new treaty also reinforces the values and the rights in the European Union because the EU Charter of Fundamental Rights is an integral part of the new institution – of the new constitution. It is our bill of rights, which applies to all individuals, also to the U.S. citizens in Europe. In the EU, fundamental rights are guaranteed for every individual, regardless of nationality and regardless of the place of residence.
And because it is the latest bill of rights in the world, it is not astonishing that it is also the most modern codification of fundamental rights in the world. And it is, from now on, our compass for all decisions we have to take and we will take. And the vice president who is speaking to you has the task, the horizontal task, for applying the charter to all policies, also to the policies of the 26 other commissioners, which they will put in the pipeline.
Tomorrow morning, there will be, for me, a very emotional moment because I will deposit a copy of the Charter of Fundamental Rights in the National Archives. This symbolic gesture in the Rotunda for the Charters of Freedom will show to the American people that 500 million Europeans share with you a common history built on common values.
Now, you have a Europe equipped with stronger institutions, with new authorities and a whole new fundamental-rights sphere of law. And policymakers of the Union and of the United States can now, together, make a quantum leap towards stronger trans-Atlantic partnership. Let me take today’s copy as concrete example.
Now, the current debate on the issues of data protection and privacy should not be seen as a nuisance. It should be seen as an opportunity for policymakers in Europe and in the U.S. to reach an overreaching agreement on data protection, in order to bridge the differences which can remain and which have to be discussed among us and which have to be overpassed.
And bringing together and having this agreement, which then will help to have all the future technical agreements done in a very quick way because we do not need to start the discussions from scratch every time – well, that can show to the world how two continents join their forces in the interest of their citizens, while reinforcing security, while reinforcing rights.
And this morning’s overwhelming positive vote in the European Parliament in Strasburg on the Terrorist Finance Tracking Program, as has already been underlined, makes that we now have a new era of trust between the United States and Europe. The elected representative of 500 million European citizens made it very clear that with this vote, they say, yes, we trust our partners.
But they also said, yes, now the real work has to begin. Because with this vote the European Parliament has given the U.S. an advance in trust by setting a clear time limit for working out a general agreement on trans-Atlantic data protection. This should be made in the same time as the work on the passenger name record, as you just rightly underlined, should continue because that is an agreement which, for the time being, is provisionary. And we shouldn’t leave it provisionary. We should make it permanent.
And it is still subject to a vote by the European Parliament, so we have to go ahead with our mutual work, eliminating the uncertainties and eliminating the differences which, I think, after having heard my colleague, can very easily be bridged. And it is my determination to end this piecemeal approach. And that is the reason why only after some months in office in Brussels I worked on this mandate to start negotiations with the United States on an umbrella data-protection agreement.
The aim here is very clear. We need to provide legal certainty to data transfers and we have to ensure that these transfers are all subject to a high standard of data protection, and this on both sides of the Atlantic. The EU member states are currently discussing the fine print of this proposal, which I have put on the table, before the negotiations can officially start. I can assure you, colleague, that this will be done swiftly and that the green light will be given in the next coming weeks.
So then, while we will start unofficially, already, to get our needs together, but we will start then, officially. And I hope that this will go very quick. I am, therefore, her in Washington for exploratory talks with the U.S. administration, including my counterparts in the Departments of Justice and Homeland Security, as well as in the White House.
And I am joined by Madame Françoise Le Bail, who is the director-general of the newly created EU justice department. This new justice department has been created the 1st of July. So the director-general and me, our first visit goes to our friends here in the United States. And Françoise Le Bail will be our chief negotiator for the agreement, which, on the political level, we will put in place. And then Françoise is going to negotiate it. So you see, these women who take in hand security and justice and I think that’s a very, very good sign.
The past negotiations on the transfer of passenger data, the PNR, or the more recent talks on the transfer of financial-transaction data for the purpose of the TFTP – they have shown that it is not always so easy to find mutually accepted standards and practices for the protection of the personal data.
Now, our experts have been discussing for years on the usefulness or the not usefulness of having an agreement on this, based on high standards for the protection of our citizens, in order to be capable, really forcefully, to prevent and prosecute crime. In the past, I think, there were too many talks and not so much political will. Now this has changed. There will be less talks, more political will and well, Janet, we’ll get it done. That’s it, yes.
Because we are both committed to the protection of personal data and privacy, even if our systems for doing so are different. So what’s the problem? We are coming from a different historical background. We have different ways of getting things done. But we share the same values, so it shouldn’t be difficult to get our ends to meet. We need this legal certainty and we need to have these goals for our citizens for a new agreement.
And what I would like to have when we get this agreement: I would like that this agreement should become the reference for personal-data protection standards that apply whenever personal data needs to be transferred across the Atlantic for the purpose of police and judicial cooperation in criminal matters.
In addition to providing legal certainty and a high level of protection, this will save us time and energy in the future because then, every future talk would be based on the umbrella agreement and could be taken very, very quickly, indeed, if the need to act quickly appears – and it might appear – in the future.
Well, of course, you might ask yourself, now, why do we need to replace bilateral cooperation with EU member states, which worked well, with an EU-wide agreement? And the answer is very simple: Because we do have now the new constitution, because we do now have the Charter of Fundamental Rights, which contains a specific article 8 on the right to personal-data protection and because there is also the coherence of the constitutional rules of the EU member states.
So privacy and data protection are not only about the protection of individuals against the interference against the data. Beyond the right to be left alone, which is well-known to the United States, these fundamental rights are intrinsically linked with the core human dignity and self-determination – notably, as Janet has said it, the right of every individual to decide on the disclosure and use of his or her personal data.
And you see, we Europeans come out of a very difficult recent past. Most of our nations have experienced war. Many of them have experienced dictatorship. And this might also explain why this issue of personal freedoms and personal-data protection is very high on the agenda of each individual in Europe.
Now, you might ask yourself, all right, the individuals in Europe, but what is in it for the United States? What benefit will this future data-protection agreement yield for the Americans? Now, first, as I already said, the aim is to reach a win-win situation for both the EU and the United States.
We will negotiate a data-protection agreement that contains all the necessary high-level data protection standards, with obligations for data controllers and rights for the data subjects, as well as mechanisms to ensure the application of these standards. And if we manage to do that – and we will – then this should become a complete self-contained set of rules.
And the United States, as I said already, would feel the benefits immediately, since these high protection standards would guarantee the legal certainty and facilitate data transfers to and from the United States much more easily and much more naturally than is currently possible. Now, how quickly will we be able to do this? Janet? (Laughter.)
My experts tell me that it’s not going to be easy. We will need a lot of time. Well, if we agree and if we put our minds together, on the basis of our shared values and on the basis of the work which has already been done, then I think we should not need too much time because as I said in the beginning, too much talk, not enough political will have led to these delays. We should replace the too much talk with a very strong political will.
But of course, we also need to be realistic. When we touch upon key issues that are at the core of our respective legal systems, we will have, on both sides of the Atlantic, to have our legislators to come in. And that might take a little time.
But I’m very confident on my American friends because I have seen the know-how with which they have handled our European parliamentarians. You saw the result today with the vote. Now, maybe you utilize my know-how to come here to handle your members of Congress and then we will get this done. It is going to be very challenging indeed.
And with the strong approval, today, of the TFTP in the European Parliament and thus advance of trust which our parliamentarians have given to our endeavors and with our will to bring together the rights and the security, I think we should add to this the will to join the American Bill of Rights with the European Charter of Fundamental Rights, as I’m going to do it tomorrow in the archives. Well, then, what we are doing in the next coming weeks and months will become a gold standard. And it should set the tone for the rest of the world.
That is the end. I count on both of us that we will manage to do that. (Laughter, applause.)
MR. KEMPE: They want me to sit here.
SEC. NAPOLITANO: In the middle?
MS. REDING: You sit in the middle?
MR. KEMPE: They’ve asked me to sit on the side and you’ll sit on these two chairs.
MS. REDING: Oh, okay.
MR. KEMPE: Apparently, this is the – those were important statements and I’m going to let you respond a little bit to each other with my first one or two questions, then move very quickly to the audience. And when you ask your questions, do make them the form of a question and short and identify yourself as you ask them.
Vice President Reding was compelling and she was convincing, but I’m wondering if you’re convinced. And here’s my question. The comprehensive agreement that she talks about, which you endorsed the notion of – but you also talked about some concerns in your comments about what could happen in an interim period, I believe.
But my question is how would such an overarching agreement affect current accords, PNR, TFTP? What are the obstacles you would anticipate? What would be the things, the red lines – the things you would want to watch for? What specifically would you want this to accomplish? In other words, what important differences do we have to overcome?
SEC. NAPOLITANO: Well, I think a – such a framework type of an agreement has great value if it allows us to speed up other negotiations on other items that will have – that exist now but also will exist in the future. In other words, so that we don’t always have to start from scratch.
We start from, for example, the 12 principles enumerated by the High Level Contact Group. And if there is a – if there is a common understanding and it is a framework that allows for flexibility but forms a strong enough basis for future agreements so that arrangements are facilitated, problems can be resolved, there’s a constancy and stability that goes along with it now and moving forward, negotiating sector framework is, I think, in everyone’s interest.
There will be, undoubtedly, some issues. For example, on the – there has been a perennial interest about would such an agreement require the Congress of the United States to open up the Privacy Act in order to provide a different sort of statutory remedy for judicial redress than currently exists.
That, I think, is something that we would find very difficult to put into a framework type of agreement. But I don’t think – I think we can – there are alternatives that are available and those are the kinds of things that Viviane and I can and will be discussing. I think, also, we need to constantly pushing ourselves to be moving forward.
In other words, not to be renegotiating agreements that we have had that have worked, but that we are constantly moving forward and dealing with security issues that are arising because the threat environment in which our citizens exist is an ever-evolving one.
MR. KEMPE: I think that’s a good question, perhaps, to pick up on and that is how this new data protection agreement that you’re proposing is going to relate to existing PNR and SWIFT agreements. You know, you’ve got U.S.-EU common principles. Is this additional agreement even necessary?
And you heard the concerns regarding PNR from Secretary Napolitano. And maybe as part of that, as you talked about – and this is for both of you – you talked about the differences in culture, history. Can one square those differences that one – that one actually comes out with a stronger form of agreement or could one actually get in a position where you’re coming out with something that isn’t necessarily as good as what we have in place now, at least from the U.S. standpoint?
MS. REDING: Well, we do not have in place such an agreement now. We have made a continuously technical agreements on specific questions and now, with parliament coming in, we are fighting about those agreements. By the way, the PNR agreement is a provisionary one. It has not yet been voted by the European Parliament.
And what we like to avoid is that every time that we have a technical agreement which is necessary in order to preserve the freedom and the security of our citizens, both side of the Atlantic, that every time we start again to fight and to discuss. And that is why we need an umbrella agreement which once and for all puts the legal certainty in place, resolves the remaining problems and so that the technical agreements can, rather in an automatic way, be negotiated in a very quick way because we have solved the basic problems.
MR. KEMPE: This would replace PNR and SWIFT?
MS. REDING: No, no, no. No, no – it will not replace anything because PNR and SWIFT are technical agreements. It would be the umbrella agreement to have the rules, the standards put in place on which technical agreements then can base themselves, so that those go, as I say, nearly automatically.
Now, Janet has been speaking one of the problems which we need to solve and that is the problem of redress. What we are saying from the European side is that we would like that the European citizens have the same rights as the – to redress in United States as the American citizens have in Europe.
Now, by which way this is done – that is not the problem to solve of Europe. That is a problem of our American counterparts to see or do they want to open existing legislation with all the problems related to this? Do they want to solve the problem in a different way? I have very well understood Janet, now, saying there are other means rather than the heavy, demanding, long, time-consuming means in order to solve that problem.
Let’s have a look for this. If we have problems to solve at our part of the deal, well, we would also try to find the most efficient, quick way in order to get the deal done.
MS. KEMPE: Madame Secretary, response to that?
SEC. NAPOLITANO: Right, well, I think that’s right. I think if you were to take the principles of the High Level Contact Group and in a way, use them as the structure of a framework agreement. We’re, in essence, I think, three-quarters of the way there to begin with. And now, we have to do some more work, but I think the – I think the way forward is present.
And I think we have to continue to remind ourselves it is in the mutual interest of the EU and the United States to keep moving together in a concerted way because the issues that these agreements cover – it’s an umbrella agreement, but these umbrella agreements for the technical applications – those technical applications, in a way, are almost everything because they do involve how we share information.
They do involve how we protect security. They do involve how we protect the integrity of data systems. They do involve our capacities – mutual capacities – to be able to exchange information that can be preventive in nature. And so getting quickly to a framework makes sense because the so-called technical agreements really make all the difference.
MR. KEMPE: And do you accept the cultural differences that the vice president is talking about and will they be an impediment here or is there a coming together – the historical and cultural differences she was talking about, where the suggestion is Europe is just more sensitive about issues of privacy than, say, Americans would be?
SEC. NAPOLITANO: Well, I think that’s a perception. I don’t think it’s a reality, which is why I began my remarks that way. One of the things I’ve been struck by during my travels as Homeland Security secretary is I think there is some perception in some places that in the United States, we have access to everybody’s data at all times and we only get it to share it uniformly and universally and that there’s no privacy or interest in privacy whatsoever.
And nothing could be further from the truth, of course. And of course, in the United States, we have a high interest in our citizens’ privacy. We just have different ways of maintaining and protecting it. And things that are taken for granted in Europe, for example, national identity cards or registering with your passport when you sign into a hotel are things that, in the United States, are viewed as privacy invasions.
Things that in the United States, for example, the exchange of name recognition or traveler data before a trip and into a database so they can be compared against different watch-lists are viewed as a privacy invasion by some Europe. But the plain fact – if you retreat from each of those things is we both know that we have to have security and we have to protect privacy and civil rights.
And if we start from the things that those are not mutually exclusive, but have to be harmonized, that’s what the High Level Contact Group principles start with. Then we go into specific applications.
MR. KEMPE: Agree, disagree?
MS. REDING: I absolutely agree and that is also what the parliament has voted upon today because the parliament has very clearly said the agreement which is on the table is not a perfect one. But it is a necessary one in order to preserve our security. So let’s make this agreement stand in a definite form.
But let’s see it as an advance of confidence which we give to the future elaboration of the umbrella agreement. So it is very clear – and I think we should take that as a compliment to the way the European Parliament sees the trans-Atlantic relations and our capacity to overcome the cultural differences. I mean if there wouldn’t be any cultural difference, that would be strange, wouldn’t it? But we –
SEC. NAPOLITANO: Boring.
MS. REDING: And boring. Look, I am confronted, as a European commissioner, constantly, to those cultural differences. We are a continent which has united different languages, different histories – a history of war, of hatred into a system where we have unity in diversity, where we respect this diversity and are capable to go on together.
So what we do in Europe is the first time in mankind – in the history of mankind that nations are freely giving up their own priorities in order to share that with others. And when I see this, we are much different between the European nations than we are between Europe and United States, actually. So why shouldn’t overpass these small cultural differences and have a strong agreement?
MR. KEMPE: Thank you very much. We’ll talk, yet, about the all-European World Cup final that the – (laughter) – but let me go to the audience and start the questions. Oh, Thomas and then next to him, please. Yeah. And if you could identify yourself.
Q: Thomas Spiller with SAS and I’m based in Brussels, so good motivations for carrying the vote into parliament. I know how difficult it is to maneuver this institution. Just one question – addressed to both of you, but in particular, to madame la vice président.
This – if this umbrella agreement does come into effect, will – and how would this affect the existing – and I’m looking at the business-side of things – a lot of invention, innovations comes from the U.S. to the EU and vice versa. A lot of those invention, innovation like in the medicine field or, you know, personalized medicine deal with personal data.
Would this umbrella agreement also touch upon the commercial side or how would, you know – those two things – the security angle and the commercial angle – would they interact at some point in time under this umbrella agreement or it’s definitely separated? And will keep having two separate regimes when it comes to the business for exchanging data between Europe and the U.S.? Thank you.
MS. REDING: Well, if I might start with this – no, what we are doing is very limited scope to criminal acts and to acts of terrorism. So it does not concern the commercial aspect. The commercial aspect is covered by other laws and I – from the discussion which I had today with the American Chamber of Commerce, among others, this seems to work rather well. So don’t worry about the commercial applications. These are outside of the common endeavor which are meant for the security of our citizens.
SEC. NAPOLITANO: Agreed.
MR. KEMPE: Please.
Q: My name is Walter Jarosik (ph). I’m a member of the – new member of Atlantic Council. There is very many – very important issue about data collection as well as profiling. In United States, we have a very strong issue about someone from Arab or someone from Europe – someone is profile – they profile before he even gets to the gate. How about in Europe? What is the issue over there regarding profiling? And why we have to profile when you have all the data collection already?
MS. REDING: (Chuckles.) Is that addressed to you or to me? (Laughter.)
SEC. NAPOLITANO: I think it’s you. (Laughter.)
MS. REDING: I’ll take it. (Laughter.)
SEC. NAPOLITANO: I’ll start. First of all, as you know, United States law precludes and forbids profiling based on race, ethnicity, religious preference, gender, et cetera. And so I think underlying your question is really a very interesting point, which is to say that the more you have specific intelligence about an individual, and you are basing decisions not on anything but specific prior-acquired intelligence, the less likely you are to descend or be susceptible to any type of accusation of profiling.
MS. REDING: I would like to go to the same direction as my colleague. We have the same rules applying in Europe. I am always astonished when I see this enormous mass of information. I think it would be much more efficient if we were to manage to select the information which concerns real problems we have to solve.
If we would manage to do that, then we would become also much more efficient. So that is direction which we are taking and we count very much also on the technological developments to help us to go to this direction.
MR. KEMPE: Please.
Q: Kristoff von Marschall. I’m the U.S. correspondent for the German daily, Der Tagesspiegel. I would be interested – what is the most difficult task, if you have to explain to your national or European audiences, what you agree on? What do they ask you? Why do the other side does it this way or that way?
Is it about how many years one can save data or is it about who controls mining of data? So what is most surprising when you try to sell what you agree on to your national politicians or whatever? What is the most often question they ask – why Europeans do it that way or why Americans do it that way and we have to agree on that?
MS. REDING: Well, have you already explained to your politicians what it’s all about?
SEC. NAPOLITANO: We’re looking forward to exploring that with our – (laughter) – political bodies. No, I think – you know, I think the most difficult thing to explain is why this is complicated at all. In other words, the mutual interest is so strong. The historical pattern of cooperation exists with respect to the particular types of data exchanges I’ve talked about today, the PNR, for example.
They’ve been in existence for years. They’ve been audited. They’ve been audited by us, audited by independent bodies, audited by the commission, et cetera, et cetera. So I think one of the most difficult things for me to explain is why we need further agreements to agree.
MS. REDING: There are two kinds of politicians to whom I have to explain things. The first ones are the ministers of the interior and the ministers of justice. While they will have a more simplistic way to approaching the problem. The second one are the directly elected representatives of the 500 million European citizens, the European parliamentarians.
They will certainly concentrate very much on the protection of the citizens – on the protection of the individual versus this machinery of the state which likes to control everybody. So there, we have to explain what are the benefits of securing the life of our citizens while preserving their rights and to keep this into a balance and also then, for the politicians to go out to their voters because they have to explain to their voters what they are doing.
So before they can go to their voters and explain that the agreements which we are doing are in the interest of their voters, we have to have got our reasons for doing it. And our guarantees that we do it in such a way that it helps the citizens and doesn’t harm the citizens – this, we have to get into equilibrium.
MR. KEMPE: From country-to-country, I mean clearly, we’ve had 9/11 – you haven’t. But in Britain, in Spain, you’ve had something similar. Do you find the differences in attitude different depending on what degree of terrorism one has faced? Or is it fairly uniform across Europe?
MS. REDING: No, actually, it is quite uniform. While there are always difference of perception, which is absolutely clear, but because our history of wars and of eliminating the personal freedom, look, for instance, our 10 – 12 new countries who are coming out of communism into freedom.
Well, they have a very recent experience of elimination of every personal freedom. You can understand that there, the perception of is my personal freedom guaranteed is very, very strong. So a lot can be explained out of history. And then when you go to the southern countries, some of them have been under dictatorship some decades ago.
And they still have, in their DNA, this fear somebody’s going to come eliminate my personal freedom. So we politicians in Europe always have to take that into consideration and explain that there is this balance to be made between security and rights.
MR. KEMPE: Thank you for that. Please.
Q: I’m Gintare Enliuvicita (ph), Embassy of Lithuania. Dear ladies, I would like to thank you very much for your positive presentation and that women are kind of ruling these security issues. And my question is about PNR data agreement 2007, the specific issue about data storage – data storing period.
If I remember correctly, it is said that PNR data is kept in active file for seven years and then it will be – not deleted – but kept in dormant file for eight years, if it’s correct. What is the European Union position on that? I mean, is it reasonable period for keeping the data because you know that some people might be dead or the information is changed and it is kind of inaccurate. So what is the reason and what is the efficiency of keeping the data for such a long period of time? Thank you very much.
MS. REDING: I would like to say that I have, with Lithuania, very strong relationships because your president of the republic was working together with me in the European Commission as new commissioner coming in and you are lucky to have such a strong woman at the head of your republic. (Chuckles.) Now –
SEC. NAPOLITANO: There’s a theme that’s developing. (Laughter.)
MS. REDING: Yes, yes.
MR. KEMPE: I apologize for my gender. (Laughter.)
MS. REDING: Now, I’m responsible for gender equality in Europe so I will defend men. (Laughter.) They will start to have a very big problem if it continues – (inaudible). Now, there’s a storage period. It is a question where our lawmakers, the European parliamentarians are very nervous about because they say it is not necessary to have such a long period of storage. Let’s discuss about this.
Now, that is now concerning PNR, where we’ll certainly have, on this subject, a discussion with the European Parliament. But you must know that we have, inside in the European Union, also, a very strong debate on the data retention, which is not now with United States, but it is for inside, in the European Union on the data of telephoning.
And there, some of our constitutional courts have rejected the data-retention measures inside, in Europe, on the basis that the storage time is too long. So this discussion certainly is going to be high on the agenda and we will have to see that we find a solution which is reasonable.
That means a solution which will give those who care for our security enough material in order to solve the problem, but give to the citizen a guarantee that this material is only stored for as much time as it is absolutely necessary. So it is not only a trans-Atlantic discussion which we will have on this; it is also an interior European discussion on the same subject.
MR. KEMPE: Madame Secretary, do you see a difference here in terms of data-retention time between the U.S. and Europe? Is this one of the –
SEC. NAPOLITANO: Well, I think we have existing PNR agreements, as your question notes and if this is one of the issues that Europe would like to – or the EU would like to revisit, we’ll see.
MR. KEMPE: But you’d prefer keeping things where they are on that agreement?
SEC. NAPOLITANO: And moving forward because again, these are important agreements and they have shown to be effective in different ways and I think making concrete – well, why is it that things are done the way they are and what value is that is something that we need to better communicate between ourselves.
MR. KEMPE: Thank you. Fran Burwell?
Q: Fran Burwell from the Atlantic Council. Thank you very much for this discussion, which is both illuminating but also very positive. And I wondered if I could ask some questions to both of you about the new SWIFT legislation that was voted on this morning.
I’ve only seen the press reports on it and despite the journalistic backgrounds of everybody on the stage there, the press doesn’t always give you the complete picture so I’m a little bit – first, trying to verify some – the way things were reported. But two provisions, in particular, of what was passed I wanted to ask about.
And one was the idea that the EU would have someone in the United States, at a facility, and would have some capacity to limit or to temper, in some way, the data that was being transferred in bulk. So is that – how does that actually work? Do we know that? Is this actually – is what I’m saying accurate, first off, from your understandings?
And the second thing was the idea that the EU would develop more capacity itself to analyze this data and therefore obviate the need for bulk-data transfers? Would that be sufficient as far as the Department of Homeland Security is concerned if the EU were able to provide that information? Are these tools that we might look at in terms of other agreements as well – if they are, in fact, as I described? Thank you.
MS. REDING: Well, I might start with this because there is a specific European question in this. Security is not a one-way road. It has to go both ways. We have not built up, so far, in Europe, the capacity to analyze our own data for reason of security. And that is why we rely on our friends from the United States in order to somehow do a part of the – our own job.
And rightly so, as well, the ministers, as the parliament said, well that cannot continue. We have to take our own responsibility, also. And that is why the – as well the Council of Ministers, as the parliament were very clear, we have to build up our own system of analyzing the financial transactions. So that is the number one.
The number two – what are the rules, now, which apply to the new TFTP agreement which we call the SWIFT agreement, actually, in order to make it easier? There will be two monitoring levels. The first one is that EUROPOL will be the contact point in Europe when the United States asks for data which are linked to an inquiry for criminal activity or for terrorism.
So it is going through EUROPOL that United States will get the data. And then this – if I’m not mistaken – go to the treasury and in the treasury, there will be a person nominated by the European Commission, which will monitor the way this data is processed. So there’s two elements in order to respond to the “fears,” quote, unquote, of the European Parliament that this data might be utilized for other reasons than the reasons of security.
So this will give a guarantee to the parliament that the data which is called upon is going to be utilized for defending our common security. Well, that is a way we have found, now, in this agreement in order to calm down the excitement in the parliament. You have seen the results in the votes. And I think it is worth this result.
SEC. NAPOLITANO: But I think the TFTP or SWIFT illustrates an essential point I would like to make and that is the need to keep moving forward because the plain fact of the matter, is that until the SWIFT – the pre-existing SWIFT arrangement was allowed to disappear in February, the use of the SWIFT agreement to track terrorist financing had been done quite effectively for quite a period of time.
The agreement was allowed to leave and now we have the transition to the post-Lisbon-Treaty world. So we almost had to start from the beginning to renegotiate what had previously existed. And it required the United States to give some, I think, to give – and move significantly, to have two different levels of European review for what previously had been routine data exchanges where terrorist-finance tracking was concerned – somebody at treasury and INTERPOL.
So that was a movement and it can be viewed as an expression of confidence in the United States, but I think it also should be viewed as an expression by the United States that if certain things can be done that will not unduly impede the ability to exchange information on a real-time basis when necessary for security purposes, we’re willing to try and to make adjustments.
I would hope that as the system matures, and particularly, if we are able to successfully to have an overall framework agreement that we will not have to let agreements disappear and then have to resuscitate them in order to move forward. You know, TFTP – to resuscitate it, to – effort – the efforts were led by the Department of Treasury, but I think we had three Cabinet officers, myself included and indeed, I think all the way up to and including the president of the United States, have to personally involve themselves in getting a TFTP agreement back again.
And I think we can feel good that it’s back. I think we can feel good about the vote this morning. But there were – I think – signs there on both ways – both positively and in terms of what we – it’s not sustainable to have that kind of an effort for every agreement moving forward. So it illustrates the functionality and the purpose of needing to have some overarching framework.
MS. REDING: Yes, but I would like to add – I agree completely with what you said, Janet. I would like just to add for the audience – because I am not sure that this message has come across. The negative vote of the European Parliament was not directed against United States.
It was directed, very clearly, against the European ministers of the interior who had tried to push this agreement through without having consulted and discussed this agreement with European Parliament and without having taken into consideration that the new constitution gives a responsibility to the elected representatives of the people to have their say. So the parliament was very angry indeed against its own ministers, not against the United States. I want to make that very clear.
MR. KEMPE: We – I – we’ve just about run out of time. I think we have just one more question. The ambassador could ask you a question. We’ll have a quick answer and then we’ll round up. Please.
Q: Very specific question – if you could say a few words about ESTA, Electronic System for Travel Authorization – what’s your view and what commission – does commission have any ideas how it’s going from outside?
MR. KEMPE: And if you can identify yourself for the record, as well, please.
Q: Andrejs Pildegovics, ambassador of Latvia.
MR. KEMPE: Thank you, please.
SEC. NAPOLITANO: Well, from our standpoint, we think ESTA has been going very well. The issue has been that Congress, this year, added a fee, the purpose of which is to promote or to pay for the promotion of international tourism.
But I think the perception in Europe is that the fee is, in reality, a tax and is open to possible retaliation on that score. We hope it isn’t. I think the representatives of the EU were on the Hill quite vociferously about the additional fee that was added, but that went ahead and was passed into law and literally was viewed as a way to promote international tourism.
MR. KEMPE: What’s – just one sentence or two sentences – we have our workshop tomorrow. In this tug-of-war between – is privacy and security – what would be the important thing that you could get from our workshop tomorrow in terms of either advice, discussion, outcome – what would you like us to struggle with?
SEC. NAPOLITANO: Well, I think one of the things we struggle with is how effectively to base agreements on correct perceptions on each system’s laws and privileges and rights. I sometimes – as I said earlier – think there’s almost an Orwellian – you know, they see the United States’ security issues coming and there’s all of a sudden, George Orwell is somewhere in the mix. And as you know and as we all know in this room, that’s not the case.
But how do we more persuasively address the public perception because the public perception helps inform the political will and the political will ultimately is necessary here to get these things done.
MS. REDING: We are not going into a brave new world. (Laughter.) We are going into a partnership where security is high on the agenda and it is at the same level as the rights of the individuals. Now, this is easily said. But what are the real differences and what are the perceived differences?
And what can we do in order to explain that the perceived differences might not be the same one as the real objective problems which we have to solve? Because if you – and there, I agree with Janet. If you have to show political leadership, it is very difficult, if on the other side, you have feelings and you cannot reasonably explain what you are up to.
So what are the realities in the laws, in the implementation of the laws, in the law enforcement so that we can get rid of the differences or make the differences merge into a common action? So bring the whole thing down to objective analysis again.
MR. KEMPE: Thank you. Before I thank you both for this powerful, powerful, excellent evening, I do want to welcome Françoise Le Bail (ph) and I guess we’re going to be seeing more of you in the United States and the doors of the Atlantic Council are open to you if we can ever be of assistance.
Since this has been a gender-specific discussion – (laughter) – I do want to also tip my hat to a very impressive woman who runs our European Union work and the work tomorrow – Vice President of the Atlantic Council Fran Burwell, her assistant, Nick Siegel, who’s putting this together. And then importantly, John Rate who has been champion of this, long time in the Senate and worked on all sorts of important government taskforces over the years.
So on behalf of the audience, I really want to thank you. It was meaty. It was an important time to have this discussion. You’ve set us up brilliantly for tomorrow. And it was, I think, been – the diplomats would have said a frank exchange, but also a very honest exchange about what’s – you know, what’s facing us all. So thank you very much. (Applause.)