The Security Partnerships Bulletin reviews significant legal and policy developments regarding homeland security partnerships between the US government and foreign governments. Steptoe & Johnson LLP offers foreign governments and businesses comprehensive counseling on these matters, including insights from former senior government officials responsible for homeland security laws and policies.
Air Cargo Developments
- The detection of explosives in air cargo bound for the United States has put the spotlight on the risks of inbound air cargo. Previous issues of this newsletter have discussed at length the new requirements for screening passenger plane air cargo. Key points in the new debate include the following:
- Most importantly, the US government lacks a process to obtain data and analyze risks with respect to air cargo. This situation is in stark contrast to the robust systems for obtaining and analyzing risks regarding inbound passengers and inbound maritime cargo.
- Thanks to good work by the Transportation Security Administration (TSA), there is a reasonably protective system for conducting physical screening of cargo on passenger planes traveling within or from the United States. But this leaves uncovered cargo on: (i) “all-cargo” flights; and (ii) many flights (whether passenger or all-cargo) from foreign locations headed to the United States.
- It would not be hard to develop a risk-rating system for air cargo that would cover all flights with a US nexus (whether inbound or domestic departure; whether passenger or all-cargo). Under current rules, data on air cargo (such as cargo contents, carrier, departure and arrival points, shipper identity, etc.) generally must be provided to Customs and Border Protection (CBP) either (i) before a flight departs to the United States (for flights departing from within North America) or (ii) four hours before the flight lands (for flights departing from outside North America). That often is inadequate time for even a well-automated risk assessment, and in any event this information generally is not used to assign risks to cargo.
- We were fortunate to have good intelligence and law enforcement work that prevented a catastrophe from the air cargo explosives plot last week. But the Department of Homeland Security (DHS) now will be under pressure to revise its data collection system (including timing requirements) into a robust data screening system to provide an added layer of protection.
- The alternatives to such a data screening system are not good. Congressman Markey has vowed to push through new rules that would require "100% screening" of cargo on all-cargo flights; to the extent such a requirement would entail physical screening rather than data screening, such a mandate would be impractical and both security and business would suffer.
Renegotiating the Passenger Name Record (PNR) Agreement
- United States law requires airlines operating flights to or from the United States to provide the Department of Homeland Security (DHS) with certain passenger reservation information (passenger name record data or PNR) to facilitate secure and efficient travel.
- PNR contains a variety of information provided routinely by a passenger, such as name, address, itinerary, and details of the reservation (such as travel agency and payment information). PNR may include other information provided by a passenger during the booking process, such as affiliation with a frequent flier program.
- In 2007, following several years of negotiations, the United States and the European Union (EU) reached an agreement governing the transfer of PNR data to DHS. This agreement—which satisfied both US and EU law—was intended to remain in effect until 2014. However, it was not ratified by the requisite number of EU member states by December 2009 when the Lisbon Treaty came into effect. The Lisbon Treaty grants the European Parliament new authority over PNR and other law enforcement and security accords and in May 2010, the Parliament—voicing privacy and data protection concerns—called for a renegotiation of the agreement.
- In late September 2010 the European Commission adopted recommendations for negotiating a new PNR agreement with the United States. The recommendations touched on several issues that have been at the center of US-EU privacy and data protection discussions for years, including the nature of oversight and the availability of redress.
- For its part, DHS strongly believes that the 2007 PNR agreement has been successful in both protecting the data and privacy of individuals and helping to prevent terrorism and crime.
- It is unclear when formal renegotiations will begin; the EU is expected officially to adopt its new negotiating mandate by the end of the year.
- Depending on its final form, a new PNR agreement may have consequences for other multilateral and bilateral law enforcement and security agreement between the United States and Europe, including those designed to combat crime by exchanging biometric information.
Visa Waiver Program Developments
- In early October the US State Department released the nonimmigrant visa refusal rates for fiscal year 2010 (http://www.travel.state.gov/pdf/refusalratelanguage.pdf). These rates are calculated yearly; a nonimmigrant visa refusal rate below 3 percent is the key to Visa Waiver Program (VWP) eligibility. Since its inception in the late 1980s, the VWP has provided a foundation on which close security, commercial, and cultural ties between the United States and its foreign partners can flourish.
- Although the US government—led by DHS—supports expansion of the VWP to countries able to meet the statutory standards and willing and able to enter into a closer security partnership, most countries historically have not been able to pass the 3 percent refusal rate test. In fact, the recent expansion of the program to Central and Eastern European countries as well as South Korea was only possible because of a statutory provision that permitted flexibility to admit new VWP members with refusal rates up to 10 percent. By statute, however, that flexibility was suspended (with the standard moving back to 3 percent) unless and until DHS implements a “biometric air exit program.”
- The FY10 data shows two countries with refusal rates below 3 percent and several others with rates between 3 and 10 percent.
- Cyprus (1.7 percent) and Taiwan (2.2 percent) have met the statutory standard; Taiwan’s rate in particular has been trending downward in recent years – it was 5.9 percent in FY08 and 4.4 percent in FY09.
- Potential candidate countries with refusal rates between 3 percent and 10 percent include: Argentina (3.1 percent); Chile (5 percent); Brazil (5.2 percent); Croatia (5.3 percent); Uruguay (5.6 percent); Israel (6.4 percent); and Poland (9.8 percent). Of these countries, the decline in Poland’s rate has been the most dramatic from a high of 26.2 percent in FY06.
For this second group of countries, the most significant obstacle to VWP membership remains the lack of a biometric air exit system as implementation of such a system would restore visa refusal rate flexibility up to 10 percent.