ńňđ. 8
(âńĺăî 23)



successive UK governments have installed over 1.5 million cameras in response to terrorist
bombings. While the average Londoner is estimated to have their picture recorded more
than three hundred times a day, no single bomber has been caught’ (see http://www.
Such as CAPPS II, TIA and the Homeland Security Department.
See, e.g., ‘Countering the Changing Threat of International Terrorism’, a report of the
National Commission on Terrorism made pursuant to Public Law 277 (105th Congress):

Fears of cyber-attacks against critical national infrastructures are taken
seriously by most governments24 and legislation has been implemented to
criminalize terrorist-related hacking and other similarly motivated cyber-
attacks. For example, the United Kingdom’s Terrorism Act 2000 widens the
definition of terrorism to include acts that ‘seriously interfere with or ser-
iously disrupt an electronic system’, where they are ‘designed to influence the
government or to intimidate the public’ and are done ‘for the purpose of
advancing a political, religious or ideological cause’. Threats to critical infra-
structures and increasingly vital communications equipment including the
Internet had already been identified prior to 9/11. For example, in 1997 US
President Clinton’s Commission on Critical Infrastructure Protection had
stated that ‘the rapid proliferation and integration of telecommunications
systems and computer systems have connected infrastructures to one another
in a complex network of interdependence. This interlinkage, combined with
an emerging constellation of threats, poses unprecedented national risk.’25
Post-9/11 governments have acted swiftly to protect critical information
systems and national communications infrastructure. The US government
issued a formal National Strategy to Secure Cyberspace, complemented by its
National Strategy for the Physical Protection of Critical Infrastructures and
Key Assets.26 The strategic objectives are stated to be the prevention of cyber-
attacks against critical American infrastructures, the reduction of national
vulnerability to such attacks, and the minimization of damage and recovery
time from attacks. The report summarizes clearly the objectives that ought to
figure most highly in any government’s plan to protect against cyber-attacks
of such scope.27
Of course, no documented act of cyber-terrorism has yet occurred, but
there have been many instances of cyber-attacks in the form of unauthorized

For an overview and assessment of the risks of cyber-terrorism and other aspects of
‘information warfare’, see Adam J. Elbirt, ‘Information Warfare: Are You At Risk?’
(2003/2004), IEEE Technology & Society Magazine, 22(4), 13–19: http://faculty.uml.edu/
R. T. Marsh, ‘Critical Foundations: Protecting America’s Infrastructure’ (President’s
Commission on Critical Infrastructure Protection, October 1997) at ix, see www.timeusa.
In the US government’s previously-released National Strategy for Homeland Security
(July 2002), the following areas were identified as ‘critical infrastructure sectors’, viz. food,
water, agriculture, public health, emergency services, government, defence industrial base,
information and communication, transport, energy, banking and finance, chemical
industry, postal and shipping. Key assets were considered to be individual targets whose
destruction could not only have vital consequences but also damage the nation’s morale;
major historical symbols and attractions are thus included in the phrase. See http://
The National Security to Secure Cyberspace (February 2003), http://www.fas.org/irp/

hacking, computer virus and malicious code releases, and denial of service attacks.
A cyber-attack ‘becomes’ an act of cyber-terrorism only if it is motivated by
terrorist aims. Further, cyber-attacks and even acts of cyber-terrorism need not
be attacks on critical infrastructures. It is thus important that any laws drafted
or amended to deal with these activities are enacted with a clear understanding
as to the distinctions between them.28 It is noteworthy also that many of these
acts are likely to already constitute criminal offences in the laws of many
The legal response to the use of technology in terrorism-related activities
must be seen in the wider context of the balance between national security
and law enforcement on the one hand, and freedom of speech, access to
information and government transparency on the other. In this regard, many
of the US consumer/citizen and privacy advocacy groups have been collecting
and making available documents and information relating to the workings
of this balance post-9/11. For example, the Electronic Frontier Foundation
(EFF) maintains a list of websites that have been shut down either by the US
or other governments, under the banner ‘Chilling Effects of Anti-Terrorism:
[the] ‘‘National Security’’ Toll on Freedom of Expression’.29

III. Salient features of US law and government practice
A. The post-9/11 US government approach to data sharing and analysis
Some of the organizational and policy changes post-9/11 provide useful
examples of how the US government has approached its goals of improving
data sharing across agencies and facilitating counter-terrorism measures.
Actions taken to implement these goals include the creation of the Terrorist
Information Awareness (TIA) Program, the creation of the Department of
Homeland Security, and the development of CAPPS II.
One of the most controversial issues in this context has been the US
government’s declared intent of using data mining and analysis tools to
identify potential terrorist threats. The term ‘data mining’ can be mislead-
ingly general, conjuring up as it does images of automated ‘spiders’ and other

For a summary of these and a description of the various legal tools that are available (at
least to the US government) to combat cyber-terrorism, see the 24 February 2004
testimony before the US Senate Committee on the Judiciary of Mr John Malcolm,
Deputy Assistant Attorney-General at the US Department of Justice, titled ‘Virtual
Threat, Real Terror: Cyber-terrorism in the 21st Century’, http://www.globalsecurity.
See http://www.eff.org/Privacy/Surveillance/Terrorism/antiterrorism_chill.html; it also
maintains a ‘Surveillance Monitor’ listing incidents of video surveillance worldwide:

search technology fanning out across databases and files to gather informa-
tion; in its specific meaning, however, data mining involves the application of
algorithms to data sets in order to discover predictive patterns in such data.30
A related, if lesser known term, is ‘automated data analysis’, which can be
applied to patterns generated by data mining. Automated data analysis uses
models that predict behaviour, perform risk assessment or data association
(i.e. link analysis) and other tasks; it is particularly useful as a tool for accurate
identification (e.g., of a person) and for providing clues through link analysis
across data sets. Although the term ‘data mining’ is often used generally as a
single description of these and other analytical tools, it is therefore but one
step in a broader ‘knowledge discovery’ process.31 A stark illustration of the
power and potential of such tools is the fact that link analysis could likely have
identified all the 9/11 terrorists for follow-up investigation before that date,
had government watch lists, airline records and other publicly-held informa-
tion been analysed this way.32
The controversies generated by data mining and automated data analysis
have little to do with the way the technology works; rather, they coalesce
around two specific issues: (1) the risk of mathematical, pattern or human
errors in using the technology (e.g., ‘false positives’) and the potential for
abuse or mistaken harassment, investigation, and even prosecution due to
these errors; and (2) the lack of public discussion and transparency over how,
on what data, and for what specific purpose the government intends to use
the technology. The latter risk itself would tend to increase the public
discomfort already identified over the potential for abuse or mistaken appli-
cation of the results generated by such technology. In particular, because the
‘stakes are so high when fighting catastrophic terrorism that there will be
a great temptation for the government to use these techniques as more than
an analytical tool . . . [they] will want to take action based on [the results]
alone . . . [including] detention, arrest or denial of a benefit’.33 The
possibility that such temptation is now very real, combined with public
unease over past abuses of domestic surveillance powers by the FBI,34
means that any government seeking to use these tools while preserving
respect for civil liberties must address public concerns over potential abuses,
secrecy and lack of transparency. In this respect, the US government’s hand-
ling of the public outcry over its data mining plans seems particularly

See Mary DeRosa, ‘Data Mining and Data Analysis for Counter-Terrorism’, published by
the Center for Strategic and International Studies (March 2004), http://www.cdt.org/
Ibid. 32 Ibid., at 6–8. 33 Ibid., at 15.
E.g., as reported by the 1976 Church Committee.

1. The TIA Program
The TIA Program was established in 2002 under its original name of ‘Total
Information Awareness’ in the new Office of Information Awareness, a division
of the Defense Advanced Research Projects Agency, the main research organiza-
tion of the Department of Defense (DoD). It was envisaged that a large data
collection and analytical system would be developed. The resulting controversy
over this program led the DoD to establish an internal oversight board and an
external advisory board in an attempt to ensure ‘that TIA develops and disse-
minates its products to track terrorists in a manner consistent with US constitu-
tional law, US statutory law, and American values related to privacy’.35 While
acknowledging that TIA intended to develop technology including language and
pattern recognition tools, the DoD seemed defensive in stating that TIA was not
intending to ‘create a gigantic database’, ‘has not ever collected or gathered and is
not now collecting or gathering any intelligence information [and] has never
collected, and has no plan or intent to collect privately held consumer data on US
citizens’. In October 2003, Congress ended funding for the Office of Information
Awareness, at least in respect of projects other than for foreign surveillance
purposes. However, some of the general research planned by the Office and
the TIA Program is apparently still continuing under other agencies and

2. The Department of Homeland Security
The original purpose of the Department of Homeland Security was to ensure
‘greater accountability over critical homeland security missions and unity of
purpose among the agencies responsible for them’.37 Alongside obvious areas
such as border controls and immigration procedures, the proposal identified
improving the FBI’s analytic capabilities, the deployment of biometrics and
analytical tools, and the need to integrate information-sharing as important
initiatives requiring action. In November 2002 the Homeland Security Act38
created a new Cabinet department, to which twenty-two government agen-
cies, including the Immigration and Naturalization Service, the Secret Service
and the Customs Service, were transferred.39 The Department may access and

See ‘Total Information Awareness (TIA) Update’, a press release issued by the US
Department of Defense on 7 February 2003, http://www.defenselink.mil/releases/2003/
See, e.g., the EFF’s statement on the Congressional move at http://www.eff.org/Privacy/
See the US government’s ‘National Strategy for Homeland Security’ issued in July 2002:
H.R. 5005.
With about 170,000 employees, the Department is also apparently one of the largest
federal agencies ever created by the US government.

analyze a wide range of information, including information from law enforce-
ment, intelligence, federal, state and local government agencies, and private
sector sources. To allay privacy concerns, the Act contains some oversight
provisions, including the need to appoint a Privacy Officer and to establish
procedures that would limit re-dissemination of information to ensure there is
no unauthorized use, ensure the security, confidentiality and integrity of
information, and protect the legal rights of the information subjects. In addi-
tion, certain provisions in earlier versions of the law that had been criticized
heavily by privacy and civil liberties groups did not survive into the final

The passenger screening program known as CAPPS II also attracted contro-
versy. The original CAPPS, launched in 1998, was operated by the airlines
through their reservations systems to identify passengers who required a
higher level of scrutiny by matching the passenger’s itinerary against certain
behavioural rules and government watch lists. Unlike CAPPS, CAPPS II was
to be managed by the Transportation Security Administration (TSA), which
since November 2001 has taken over civil aviation security from the Federal
Aviation Administration.41 CAPPS II is also broader than CAPPS in its access
to and analysis of a greater amount of data, including commercial databases.
The main purpose is to classify air passengers into three different risk levels.
A passenger making a reservation will have to provide certain personal infor-
mation (her name, date of birth, address and home phone number), which is
checked against various databases. The result is returned to CAPPS II as an
identity authentication score, which is then checked against government data-
bases to generate a risk assessment score for that passenger, which is encoded
onto the passenger’s boarding pass at the airport. Passengers deemed to be
‘unacceptable’ risks will be denied boarding passes and the law enforcement
authorities notified; in some cases, such passengers may be taken into custody.
Implementation of CAPPS II has significant implications for privacy.
Prime amongst these implications are the possibility of error and data
inaccuracy, both in relation to the commercial databases that are checked
initially for the passenger’s identity authentication as well as the analysis and
methods used to generate the risk assessment. The latter case may be parti-
cularly disturbing if the incidents or scope of error in CAPPS II are fairly high,

These included the controversial Operation TIPS and a proposal for a national ID card.
Operation TIPS was a proposal apparently by the Department of Justice to facilitate the
creation of a network of informants using people whose jobs gave them access to private
homes (e.g., utility workers).
For an analysis of CAPPS II in the context of aviation security, see Alan K-J. Tan,
Chapter 11, in this volume.

given the gravity of the possible consequences if a passenger is denied a
boarding pass.
The initial announcement of CAPPS II and a broadly drafted notice about
its scope and operations placed in the Federal Register in January 2003 led to a
storm of controversy. In July 2003 a revised notice was placed in the Federal
Register – apparently as a result of discussions with and feedback from
privacy groups, legislators and the public – so that some fears of the plan’s
breadth was dispelled. For example, it became clearer that CAPPS II would
not use a person’s financial or credit information, that passenger data would
be deleted shortly after travel was completed, and that the commercial data pro-
viders would not be permitted to use information provided to them by the system.
Further implementation of CAPPS II was halted pending a General
Accounting Office (GAO) review of, inter alia, the status of CAPPS II with
respect to certain developmental, operational and public acceptance issues,
including privacy safeguards. The GAO report was released in February
2004,42 and it disclosed that as of 1 January 2004, CAPPS II had met only
one out of eight key issues Congress had identified; among those unmet were
issues related to unauthorized access prevention, data inaccuracy and privacy
concerns. Specifically, the GAO report disclosed that the TSA was still work-
ing on a system to address either identity theft or accuracy issues with the
commercial and government databases to be used within CAPPS II,43 had yet
to formulate a redress system for passengers mistakenly identified as ‘false
positives’, and had not determined the actual period for which passenger data
would be retained. Although the report acknowledges that the TSA has gone
some way toward meeting privacy concerns by attempting to develop pro-
cesses in keeping with internationally recognized Fair Information
Principles,44 the overall impression and findings in the report seem clearly
to indicate that CAPPS II had a long way to go before its development status
or plans are definite enough for any determinative finding as to whether
privacy concerns have been adequately addressed or not.
In July 2004 Tom Ridge, Secretary of the Department of Homeland
Security, indicated publicly that CAPPS II may be dropped due to concerns

As GAO–04–385, ‘Aviation Security: Computer Assisted Passenger Prescreening System
Faces Significant Implementation Challenges’, http://www.epic.org/privacy/airtravel/gao-
It would appear that commercial data providers, although generally using accuracy
testing, do not necessarily employ the same factors and processes in doing so.
These relate generally to transparency as regards the collection and use of data, including
maintaining accuracy and use only for disclosed or specific purposes. See, e.g., the 1980 OECD
Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data,
http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html; and
the Federal Trade Commission’s Reports to Congress on online privacy in 1998, 1999 and
2000, http://www.ftc.gov/privacy/privacyinitiatives/promises_reptest.html.

over privacy and system interoperability.45 However, he left open the possi-
bility that another programme could be developed to replace it. It is unclear
at this point what the ‘new’ programme will consist of ;46 however, when the
broad aim and scope of CAPPS II is contrasted with the lack of clarity as regards
specific privacy concerns identified by Congress, it seems clear that the US
government is taking drastic steps to ensure that the events of 9/11 do not
reoccur, and that these steps include developing and deploying technology like
CAPPS II that will clearly, and perhaps negatively, impact on individual privacy.
Despite the fury that CAPPS II has drawn from privacy advocates, it is
difficult to see how the US government could have left the issue of airline
security alone, or what other system can be developed that will be more likely
than the current system to help identify terrorist risks. It is beyond the scope
of this paper to analyze the models and error projections or margins that such
systems use, or the assertion that such a system will not help deter or detect
terrorism.47 The main privacy objections, however, seem to centre on the
secrecy, the possibility of ‘mission creep’ and the lack of assurance (war-
ranted, in the present circumstances) about how the system will work and
how inaccuracies and mistakes can be minimized. In light of the recent
revelations about American airline companies unilaterally revealing passen-
ger data to government agencies for passenger profiling studies and airline
security projects48 (possibly in violation of the airlines’ own privacy policies),
it is vital that the TSA take immediate, public and substantial steps to allay
public outcry and concern over the issue of privacy and airline security.
The development of CAPPS II has obvious international implications as
well, since much airline travel is international in nature. Where data collec-
tion and checking of travellers from the European Union is concerned, the
impact of the EU Data Protection Directive has to be considered. Although
the EU and the US reached preliminary agreement in 2003 for US inspectors

This was widely reported, having first been announced by USA Today: ‘Plan to Collect
Flier Data Cancelled’, 14 July 2004 http://www.usatoday.com/news/washington/2004–07–14-
See the ACLU letter of 20 July 2004 to Secretary Ridge, ‘Is CAPPS II Really Dead?’ http://
See, e.g., Samidh Chakrabarti and Aaron Strauss, ‘Carnival Booth: An Algorithm for
Defeating the Computer Assisted Passenger Screening System’, a student paper published
in May 2002 as part of the MIT course ‘Law and Ethics on the Electronic Frontier’, http://
JetBlue turned over passenger data to a US defence contractor in September 2003, while
Northwest Airlines admitted in January 2004 that it had revealed passenger data to NASA
(having earlier denied doing so – the disclosures were so large that apparently 6000 CDs
had to be used to contain the information), and most recently, in April 2004, American
Airlines disclosed that it had divulged over one million passenger records to the TSA.
JetBlue and Northwest are currently facing class action lawsuits in respect of such
disclosures from some of their passengers.

to examine passenger records of flights originating in the EU, the European
Parliament voted 276–260 in April 2004 to send the agreement to the European
Court of Justice (ECJ) for its review, contending that the agreement violated the
Directive. While the ECJ’s decision could have been fairly significant – for
example, if the US–EU agreement is found not to be in compliance with the
Directive, it could limit the scope and applicability of CAPPS II or its progeny
to the extent it related to flights or passengers originating in the EU – that may
now be a moot point. On 14 May 2004, the European Commission (EC)
adopted an ‘adequacy finding’ under the Data Protection Directive. The
agreement was signed between the EU and the US on 28 May, thus establishing
the legal framework for the transfer of passenger name record (PNR) data.
In the Annex to the EC decision, the US Bureau for Customs and Border
Protection (CBP) undertakes to develop and use filters for mutually agreed
terms and codes relating to so-called ‘sensitive’ data (specific examples given
include data relating to race, ethnicity, political opinions, religious beliefs
and health); until such time as the filters are deployed the CBP agreed it will
not use any such data. PNR data would be accessed only by authorized
personnel, for 7 days in the first instance, and by a more limited number of
persons for 3.5 years thereafter. Any PNR data that has not been accessed
during that 3.5 year period will be destroyed, and data that has been accessed
retained for a further 8 years (except for data ‘linked to a specific enforcement
record’, which will remain accessible till the record is archived).
To concerns that PNR data accessible to the CBP could be subject to a
disclosure under the US Freedom of Information Act (FOIA), the Annex
makes clear that the CBP will consider such data to be within the class of
confidential information that is exempt from FOIA disclosure. Regarding
disclosure to other US and foreign government agencies, the Annex states that
this will be on a case-by-case basis and only to those agencies having counter-
terrorism or law enforcement powers, and with the disclosed data subject to the
same FOIA-exempt treatment. Finally, the Annex also contains provisions for
the giving of notice, access and opportunities for rectification of PNR data on the
part of passengers. It is, however, doubtful whether a similar review as that
undertaken by the EU will take place in other countries, in part because not all
countries have clear data protection or privacy laws.49
Technology already exists to protect data privacy and minimize abuse in
the use of data mining technology on large databases by governments. These

On this point, it may be of interest to note that some privacy advocates consider the EU’s
review process not entirely effective. For example, although the Working Party overseeing
the Data Protection Directive issued an Opinion (22 June 2004) expressing disappoint-
ment that the EC took the Working Party’s demands into account only ‘partially’, groups
such as Privacy International considered the Working Party’s recommendations in the
Opinion fairly weak: see http://pi.gn.apc.org/article.shtml?cmd[347]=x-347–60528.

include technology to eliminate and resolve false positives; anonymizing
technology (to mask specific identifying information without prejudicing
the accuracy of the analysis); audit technology (to maintain a record of
searches so as to ‘watch the watchers’); and rule-based processing (to conduct
the analysis according to clear and transparent rules, e.g., of access and
scope).50 But even with the deployment of such protective technology, there
remains a need to develop and implement clear, consistent and open guidelines
for government agencies, officials and data processors as to the processing,
harvesting and handling of data and results. Such guidelines will help to
address public concern over privacy issues while facilitating the adoption of
new technology for legitimate public policy purposes.51 Further, given the US
government’s recent difficulties with handling public perceptions and concerns
over TIA, homeland security and CAPPS II, the need for greater openness and
clear guidelines on data mining and analysis seems all the more urgent.

B. The existence of a public access right to government information
in the US
The federal Freedom of Information Act of 199652 is particularly relevant
when considering the balance between individual rights and national interests.
Under the FOIA US government agencies are required to make available to the
public certain information regarding its structures, procedures and statements
of policy. Where the agency’s records are not specifically listed as requiring
publication in the Federal Register, they may be requested under the FOIA. The
FOIA ‘establishes a presumption that records in the possession of agencies and
departments of the executive branch of the US government are accessible to the
people . . . Before enactment of the FOIA in 1966, the burden was on the
individual to establish a right to examine these government records . . . With
the passage of the FOIA, the burden of proof shifted from the individual to the
government . . . the ‘‘need to know’’ standard has been replaced by a ‘‘right to
know’’ doctrine. The government now has to justify the need for secrecy.’53
Consumer advocacy groups such as the Electronic Privacy Information
Center (EPIC) use the FOIA to seek clarity and information regarding FBI
and other government policies on privacy protection, including, most recently,

DeRosa, ‘Data Mining’.
See ‘Creating a Trusted Network for Homeland Security’, the Second Report of the Markle
Foundation Task Force on National Security in the Information Age (December 2003),
5 USC Sec. 552.
See ‘A Citizen’s Guide on using the Freedom of Information Act and the Privacy Act of
1974 to request Government Records’, being the First Report from the House of
Representatives’ Committee on Government Reform and issued during the 2nd Session
of the 107th Congress on 12 March 2002 as House Report 107–371.

a pending lawsuit regarding information that Northwest Airlines had disclosed
several months’ worth of passenger data to NASA for use in passenger profiling
and data mining research.54 Previously, in September 2003, EPIC had also filed
an FOIA request seeking information from the US Transportation Security
Administration (TSA) regarding CAPPS II, including information on privacy
assessment reports related thereto. The TSA resisted the request, claiming the
documents concerned did not fall within the ambit of the FOIA.55
Conceptually, it seems obvious how a legally transparent mechanism such
as the FOIA helps to balance the conflict between the public/individual’s right
to information and the government desire in the interest of national security
to keep certain information classified.56 To the extent that laws such as the
Patriot Act appear to tip the balance in favour of more secrecy and less public
scrutiny, other laws such as the FOIA act as a check and balance on this trend.
The challenge, however, is to ensure that such disclosure/accountability
mechanisms perform that role effectively. In other words, their scope, pro-
cedures and implementation must avoid either making too much informa-
tion available so that intelligence gathering, law enforcement and other
legitimate and justifiable (in the context) executive activities are compro-
mised, or making too little information available so that the citizenry/public’s
right to know is merely a question of lip service. While it may be axiomatic to
state that a government will naturally prefer not to have its every move
questioned (particularly as regards politically sensitive matters, including
foreign surveillance issues) or its motives challenged (particularly where it
genuinely believes it is acting in the national interest), it does not mean that every
refusal to disclose information or reluctance to open its processes to public
scrutiny is necessarily suspicious, malignant or damaging to the public interest.
At the same time, those charged with administering or deciding on FOIA-type
requests ought not to assume that the government’s assertion of national security
concerns will necessarily outweigh the need to make information publicly
available. This remains the case even where the executive genuinely believes

EPIC v. National Aeronautics and Space Administration (N.D. Cal. 2004).
EPIC v. Transportation Security Administration et al., Civ. No. 03–1846 (D.D.C. 2003). On
2 August 2004, the court handed down an opinion concluding that while the documents
were exempted from disclosure under the FOIA’s deliberative process privilege, the TSA
had not met the requisite statutory burden requiring an analysis of reasonably segregable
non-exempt information that would have to be released. The TSA thus has to conduct
such an analysis and either release such information or refile a motion with the court
addressing the segregability issue. The court’s Memorandum of Opinion can be found at
According to EPIC, ‘As the government seeks to expand its power to collect information
about individuals, it increasingly hides that surveillance power behind a wall of secrecy.
Congress has long recognized this tendency in the Executive Branch, and sought to limit
government secrecy by creating legal obligations of openness under the FOIA and the
Privacy Act of 1974’ (see http://www.epic.org/open_gov/foiagallery.html).

this to be the case, and it must be borne in mind especially in today’s environ-
ment where terrorist activity appears to be widespread, imminent and unceasing.
There always needs to be an open, transparent and thorough examination of
each request, while weighing the various and competing interests.
In this context, privacy advocates have found recently released statistics
about the US government’s acts in relation to the classification of secret
information and the requests for surveillance orders disturbing, and indica-
tive of a growing tendency to perform greater surveillance under conditions
of lesser accountability. In the 2003 Wiretap Report issued by the
Administrative Office of the US Courts, it was disclosed that applications
for wiretap orders made by federal officials rose 16 per cent in 2003, with the
average length of a wiretap increasing from 39 to 44 days.57 In the 2003
Foreign Intelligence Surveillance Act (FISA) Annual Report, it was disclosed
that the FISA court58 granted 1,724 applications for secret surveillance last
year, more than in any previous year and a more than 50 per cent increase
from 2001. In addition, 2003 appears to be the first year where more surveil-
lance orders were granted than federal wiretap warrants.
Outside the US the challenge may be to ensure that adequate checks and
balances exist in the legal system to safeguard against government abuse of
surveillance powers. Although the FOIA can be a powerful tool, in the US it
exists as part of a system that also includes judicial review and other oversight
mechanisms. As such, it may be said that despite the apparent growing trend
of secrecy within the executive, its actions are still open to some measure of
public scrutiny.

IV. The international dimension
A. Recent anti-terrorism legal and policy developments
in the United Kingdom
In the wake of 9/11, several laws and programmes enhancing the government’s
surveillance powers were introduced into the UK which alarmed civil liberties
groups.59 In light of the UK’s role as a staunch ally of the US in the fight against
terrorism and its position as a leading common law jurisdiction, an examination

See http://www.uscourts.gov/wiretap03/2003WireTap.pdf.
This is a court set up especially to review applications for FISA surveillance orders. The
Court has been perceived as being extremely secretive, with even its proceedings and
rulings closed to the public. It is interesting to note, however, that in August 2002 the FISA
Court uncharacteristically issued a public opinion in which it overruled its lower court’s
refusal of the government’s application for a FISA order.
See, e.g., the websites relating to UK privacy laws and government surveillance maintained
by Privacy International (http://www.pi.greennet.org.uk/countries/uk/) and the Foundation
for Information Policy Research (http://www.fipr.org/surveillance.html).

of some of these changes to the UK’s laws and their impact provides an inter-
esting parallel to the changes to US law and policy already described. As the
changes in the UK were fairly complex and relatively broad, this part will focus
only on those amendments that have an actual or potential impact on privacy.60
In the main, these were changes to the UK’s statutory laws (including secondary
legislation) that concerned the acquisition (through interceptions) of the actual
contents of telephone, postal and electronic communications, as well as the
persons to whom, and purposes for which, access to data relating to such
communications (e.g., location and traffic data) could be granted.
Under the Regulation of Investigatory Powers Act 2000 (RIPA), intercep-
tion of communications ‘in the course of their transmission’ through either a
postal service or telecommunication system may be conducted upon the
issuing of a warrant by the Secretary of State. A warrant may be issued only
if the Secretary believes it is ‘necessary’ to fulfil one of three identified
purposes, and that the interception being authorized is ‘proportionate’ to
the reason for seeking the warrant. The specific purposes for which a warrant
may be necessary are that interception is ‘in the interests of national security’,
for the purpose of ‘preventing or detecting serious crime’, or for ‘safeguard-
ing the economic well-being of the United Kingdom’.61 It is not entirely clear
what factors would govern the determination of what is ‘necessary’ and
‘proportionate’, and the fact that it is the Secretary of State rather than a
judge who determines the issuing of a warrant has led to the criticism that the
powers of interception conferred by RIPA are overly broad.62
The legal framework governing access to communications data by public
authorities has been described as ‘diffuse’ and lacking a coherent supervisory
legal framework.63 Limited access rights by public authorities had been
conferred by a variety of specific statutes, while oversight is generally pro-
vided by the Data Protection Act 1998 and the Human Rights Act 1998. The
introduction of Codes of Practice under RIPA and the Anti-Terrorism, Crime
and Security Act 2001(ATCSA) added complexity to the situation, and
created some confusion as to the potential ‘disparity of purpose’ between
the data retention requirements under the ATCSA and the ability under RIPA
for public authorities to access such data. The complexity of the situation and
increased public concern over the UK government’s actions in the name of
national security were heightened by the government’s proposal in June 2002
to increase the type and number of public authorities who could access data

See Helen Fenwick and Gavin Phillipson, Chapter 21, in this volume.
Section 5, RIPA. RIPA also contains provisions detailing the procedure for obtaining a
warrant, the contents of a warrant, its duration and renewal.
Paul T. Dougan, ‘Cybercrime and Human Rights’ http://www.strath.ac.uk/Other/
staffclub/web2law/cybercrime%20and%20human%20rights.pdf, 44–7.
See the Privy Counsellors’ 2003 Report on the ATCSA, below note 81, at 93–7.

retained by communications service providers. The controversy and protest
that this proposal (dubbed the ‘snoopers’ charter’) attracted led to the with-
drawal of the draft Order later the same month.
Although the pre-9/11 RIPA raised some privacy advocates’ hackles, the
quick passage and scope, post-9/11, of ACTSA proved even more contro-
versial, leading to increased media attention to the UK government’s plans
for data retention and surveillance, thus contributing to a growing public
backlash. ATCSA’s data retention provisions covered data relating to mobile
text messages as well as web activity, and applied to communications service
providers. In this respect, and as required by the ATCSA, a Draft Voluntary
Code of Practice on Retention of Communications Data and a Draft
Retention of Communications Data (Code of Practice) Order 2003 was
laid before the UK Parliament in September 2003.
In its review of the draft Code, the Joint Committee on Human Rights of
both UK Houses of Parliament expressed concern over certain matters relat-
ing both to the scope and operation of the Code and the Order. These
included, inter alia, (a) the need to ensure that they were compatible with
the human rights protection provisions of the European Convention on
Human Rights (ECHR),64 which requires any invasion thereof to be both
‘necessary’ and ‘proportionate’; (b) the possibility of overlap with RIPA
where access to the data retained was concerned;65 and (c) the short
period of time made available to Parliament to consider these proposals.66
Nonetheless, a revised ‘snoopers’ charter’ that the Home Office claimed cut
down on the number of public authorities who could access communications
data retained by communications service providers and tightened procedural
safeguards for such access was passed by Parliament in November 2003.67 In
January 2004, a negotiated Voluntary Code of Practice under ATCSA also
See in particular Article 8 (the right to private life). In the UK, the implementation of the
ECHR by the Human Rights Act 1998, however, seems to obligate public authorities only
to act compatibly with Convention rights. In this respect, the Joint Committee was
concerned with the potential lack of adequate safeguards for proper data retention on
the part of communications service providers, since the government was of the view that
these did not constitute public authorities: see pp. 7–16 of its Report on the Draft
Voluntary Code of Practice on Retention of Communications Data Under Part 11 of the
Anti-Terrorism, Crime and Security Act of 2001, Sixteenth Report of Session 2002–03, HL
Paper 181 and HC Paper 1272, 11 November 2003 (http://pi.gn.apc.org/issues/terrorism/
Particularly in view of the fact that, at the time the Code was under review by the Joint
Committee, a Draft Regulation of Investigatory Powers (Communications Data) Order
had been presented to Parliament under RIPA; the Order would have expanded the
number and type of bodies who could gain lawful access to communications data. See
ibid. at p. 14.
See Report on the Draft Voluntary Code of Practice, 17.
The Regulation of Investigatory Powers (Communications Data) Order 2003, which came
into force in January 2004.

came into force. The Code specifies different retention periods of between
four and twelve months for different types of data, and contains several
assurances as to the legitimacy of data retention.68 Under ATCSA, the
Home Secretary will have until December 2005 to assess the effectiveness of
the Code, after which he has the power (through secondary legislation) to
impose a mandatory code if the voluntary Code is found ineffective.
The fact that the UK government chose to issue five proposed statutory
instruments within a single week in 2003, each dealing with particular aspects
of RIPA or the ATCSA,69 most likely contributed to a growing public percep-
tion that the government was expanding its surveillance powers not merely to
combat terrorism, but also to enhance its investigatory powers in other areas
as well. It is thus somewhat disconcerting that the UK government none-
theless went ahead with an even more controversial proposal: the introduc-
tion of a national ID card.70
The proposal has been scrutinized by Parliamentarians. In July 2004, the
House of Commons Home Affairs Committee released its Identity Cards
report,71 which listed an array of concerns over privacy issues and the possible
over-breadth of the ID card scheme, while concluding that it could signifi-
cantly assist in tackling terrorism, identity theft and criminal activity more
generally, and would support other aims such as improving citizens’ access to
public services. However, it noted that the scheme in the draft Bill would
confer on the government ‘powers to register a wide range of information not
obviously related to establishing identity and . . . wider access to the database
than is justified by the fight against organised crime and terrorism’. The
Committee thought it ‘unacceptable to leave to secondary legislation ques-
tions over the degree of access to the database, especially since the purposes of
the Bill need to be made less broad’ and stated its opinion that the scheme
would ‘undoubtedly represent a significant change in the relationship
between the state and the individual in this country’. Finally, the Report

E.g., ‘service providers are entitled to rely heavily on the fact that the Secretary of State and
Parliament will have concluded that the retention of communications data for the periods
specified in the Code is necessary in order to safeguard national security’.
Including the Draft Codes and Order mentioned above. The other proposals were the
Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence
Sources) Order 2003 (which restricted the purposes for which public authorities could
conduct directed surveillance) and the Regulation of Investigatory Powers (Intrusive
Surveillance) Order 2003 (which dealt with intrusive surveillance of prisoners by the
Northern Ireland prison service).
See, e.g., the Guardian newspaper’s ‘Big Brother’ special report, http://www.guardian.
co.uk/bigbrother/privacy/0,12377,783005,00.html; the statement by the Foundation for
Information Policy Research, ‘ID Card Scheme An Expensive Flop’, April 26, 2004 (http://
www.fipr.org/press/040426id.html); and the comments on ‘National ID Cards’ by Privacy
International (http://pi.gn.apc.org).
HC 130–1 (http://pi.gn.apc.org/issues/idcard/uk/ukhomeaffairsreportt29_07_04.pdf).

recommended that ‘the test should be whether the measures needed to install
and operate an effective identity card system are proportionate to the benefits
such a system would bring and to the problems to be tackled and whether
such a scheme is the most effective means of doing so’.
In February 2004, the Home Office issued a discussion paper on ‘Counter-
Terrorism: Reconciling Security and Liberty in an Open Society’.72 The discus-
sion paper outlines the government’s response to the Privy Counsellors’
critical review of the ATCSA in December 2003,73 in particular, as regards
its recommendations on immigration, detention and terrorist financing.
The paper also addressed concerns over the lack of adequate safeguards
for, and judicial oversight of, the disclosure of personal information by one
public authority to another for a wide range of criminal investigations. It
clearly sets forth the UK government’s view that the current oversight
regime is adequate, and that the standards and requirements of the ECHR
have been met.
The issuing of the discussion paper and regular public comments by the
Home Secretary on the importance of public debate seem to indicate that
the UK government is taking steps to address its increasingly Orwellian
public image. Unfortunately, since many of these steps are reactive – even
defensive – in nature, and given its various missteps in this regard (e.g. its
proposal and subsequent withdrawal of the ‘snoopers’ charter’ in 2002) as
well as the ongoing push for programmes such as national ID cards, it seems
certain that privacy advocates will continue to be suspicious of the UK
government. Equally certainly, the media and various watchdog groups will
continue to monitor the government’s legislative, regulatory and other pro-
posals.74 The situation in the UK – in terms of the relationship between the
government and privacy advocates, and the public scrutiny of the appropriate
policy balance to be struck between national security and individual liberty
and privacy – is thus very similar to that in the US on these issues.
Finally, a Freedom of Information Act under which an individual
has a right to access information will come into force on 1 January
2005.75 Approximately 100,000 ‘public authorities’ are required to maintain

CM 6147 (http://www.homeoffice.gov.uk/docs3/CT_discussion_paper.pdf).
HC 100. See also Fenwick and Phillipson, Chapter 21, in this volume.
One of Privacy International’s annual UK Big Brother Awards (given to those who have
done the most to devastate privacy and civil liberties in the UK) – the Lifetime Menace
Award – was renamed the David Blunkett Lifetime Menace Award (after the then UK
Home Secretary). The 2004 awards saw the greatest number of votes for Mr Blunkett, the
Home Office and the national ID card scheme; however, these were apparently disquali-
fied because of having won a number of awards in previous years.
The UK Information Commissioner and the Department of Constitutional Affairs have
published user-friendly, detailed guides to the Act on their websites: see, respectively,
http://www.informationcommissioner.gov.uk and http://www.dca.gov.uk/foi/index.htm.

and update ‘publication schemes’ that will describe information that is
publicly available, how such information may be obtained, and whether a
fee will be charged. Almost any person, including non-citizens, has a right to
find out whether the information requested is being held by the authority
and, if so, to have that information disclosed to her. There are, however,
certain statutory exemptions from disclosure (e.g., in the public interest).76
Although the scope of the Act seems broad, it remains to be seen how effective
it will be in providing government accountability and how frequently it will
be used by individuals or advocacy groups. It does, however, provide yet
another parallel with the US system and might thus serve as a useful check
against the abuse of executive power.

B. The Echelon surveillance system
Any discussion of increased government surveillance must consider the
confirmation by a committee of the European Parliament in July 2001 of
the existence of a government-backed international communications surveil-
lance system known as Echelon.77 Echelon is a ‘system used by the United
States National Security Agency (NSA) to intercept and process international
communications passing through communications satellites. It is one part of
a global surveillance system that is now over 50 years old. Other parts of the
same system intercept messages from the Internet, from undersea cables,
from radio transmissions, from secret equipment installed inside embassies,
or use orbiting satellites to monitor signals anywhere on the earth’s surface.
The system includes stations run by Britain, Canada, Australia and New
Zealand, in addition to those operated by the United States.’78 According to
Duncan Campbell, the system was initiated under a UK–USA Agreement in
1947, which linked British and American systems, personnel and stations.
The networks of Canada, Australia and New Zealand were later included.
Subsequently, other countries including Norway, Denmark, Germany and
Turkey also became participants in the UK–USA network.79 The system’s
networks are apparently engineered along similar lines as the Internet, and
are comprised of many systems, networks and applications connected across
international transoceanic cables and space links. Although how Echelon

See, e.g., the various Awareness Guidance publications prepared by the Information
Commissioner’s office.
‘Report On The Existence Of A Global System For The Interception Of Private And
Commercial Communications (ECHELON interception system)’, 2001/2098(INI).
See Duncan Campbell, ‘Inside Echelon: the History, Structure and Function of the Global
Surveillance System Known As Echelon’ (2000): http://www.heise.de/tp/english/inhalt/te/
Campbell, ibid.

actually operates is not publicly known, it seems clear that the system is
capable of a large number and volume of interceptions of electronic and
other communications, and that increasingly sophisticated filtering technolo-
gies are employed to search, filter, process and analyse the information
received. The privacy implications of such a system, particularly if it is a
secret system, backed and long-used by democratic governments, are
obvious. They are compounded so long as the governments apparently
leading or participating significantly in the system do not acknowledge its
existence: the US has not officially acknowledged Echelon, although Australia
and New Zealand have. At the same time, there are potential advantages to
such a system, such as its ability to quickly and efficiently minimize the
difficulties of data sharing across governments and agencies.
Since the release of the European Parliament report and related resolution
that was adopted (in September 2001), there have been many reports regard-
ing the existence, workings or abuses either of alleged parts of the Echelon
system, or of similar large-scale surveillance programmes.80 The organiza-
tions that compile these reports and news pieces are generally privacy and
civil liberties advocates; a fact which illustrates the public scrutiny role of
such groups in an open society. Where governments may be justly cautious in
their public disclosures and discussions, these groups can act as a useful
public voice and counterbalance. There is a risk, of course, that the pro-
privacy, even libertarian, stance of these groups could lead to a somewhat
unilateral or one-sided perspective on the matter. If so, however, it would be
up to governments to determine if, when and to what extent they ought to
counter or answer what may appear to them to be the more extreme asser-
tions about government surveillance and secrecy.

V. Summary and conclusion
The use of surveillance technology has become, and will remain, a key tool in
the fight against terrorism. The challenge for governments is to use such
technology in ways that further that important cause, in the name of security,
but without unduly compromising the need to ensure that civil liberties are
respected to the fullest extent possible. Certainly, it would be unrealistic to
expect governments not to use the most advanced technology available to
them. At the same time, ‘countering terrorism’ and ‘ensuring national secur-
ity’ are broad and general causes. Without doubting the legitimacy of these
policies in the present circumstances, it would be unfortunate if governments

See, e.g., the pages maintained by the American Civil Liberties Union (http://archive.
aclu.org/echelonwatch/), Cyber-Rights and Cyber-Liberties UK (http://www.cyber-rights.
org/interception/echelon/), and the Center for Democracy & Technology (http://

simply relied on those broad justifications for an entire range of executive
decisions and policies that, whether individually or holistically, erode indi-
vidual freedoms and threaten privacy unnecessarily. After all, ‘counter-
terrorist legislation must be sufficiently flexible to meet the potential threat
to society, but it must also contain proper protections for the privacy and
liberty of the individual and . . . [be] accompanied by its own tailored safe-
guards, including careful monitoring and review of its use. It is important
that it commands broad public support, otherwise its use risks being mis-
trusted and therefore less effective.’81
In the US, the post-9/11 policy and legislative changes are wide-ranging
and seem set to continue. Since the Patriot Act first began life as a proposed
Anti-Terrorism Act immediately after the 9/11 attacks, privacy advocates
have publicly worried about the chilling effects that overly broad government
surveillance powers could have on public access to information, free speech
and other constitutional rights and civil liberties. This concern is acute when
judicial oversight of executive powers seems to have been diluted. The public
view in the US that this is the case has been further strengthened with the
advent of the other legislative changes and new mechanisms and policies
discussed in this chapter, many of which have a clear potential impact on
While legal developments outside the US have not been subject to as much
public scrutiny and debate (in part because of the relatively more active
privacy groups based in the US), the trend appears to parallel that in the
US, i.e. to consolidate and enhance government surveillance powers, at least
where national security and other fundamental public interests are at stake.
This chapter has examined some of the post-9/11 measures adopted in the
UK that potentially impact privacy protections there. As the US and the UK
are two major common law jurisdictions as well as leaders in the international
fight against terrorism, the similarities in law and policy changes in these two
countries are noteworthy and potentially influential.
In light of the discussion above, governments would be well-advised to
consider engaging their public in more open discussions over the necessity
for and scope of surveillance that is seen to be overly invasive. This will be
particularly significant in countries where privacy concerns have traditionally
been important, but is no less needed in countries where that has not been the
case. Although some element of secrecy is admittedly necessary due to the

The UK Privy Counsellor Review Committee, ‘The Anti-Terrorism, Crime and Security
Act 2001 Review: Report’, HC 100, 12 December 2003 (http://www.homeoffice.gov.uk/
docs3/newton_committee_report_2003.pdf). The Committee considered two general
principles to be of fundamental importance in this context: that an individual has a
right to privacy and liberty, and that the government has a duty to take ‘necessary’ steps
to protect society from terrorism.

very nature of surveillance and national security policy, governments should
not fall prey to the temptation of operating from a default position of total or
maximum secrecy. Similarly, individuals and privacy advocates should dis-
tinguish between policies and processes: it may be necessary at times to
question the former, but where the former can be found to be justifiable
and legitimate, it may be the latter that requires very close scrutiny, e.g., to
minimize the possibility that the scope of proposed laws and procedures (in
the name of a justified policy) are wider than necessary for the declared
purpose. The fears of each ‘side’ can be allayed only if governments and
their watchers (constructive though any criticism might be) operate from
these premises and have the mutual public interest – of striking the most
appropriate balance of individual and the wider public interests in a parti-
cular context and time – in mind.
Finally, it must be said that the use of surveillance technology by govern-
ments is not always or necessarily a negative. Where terrorists seek to inti-
midate and destroy, responsible governments are presumed to have the
public good in mind when using technology. It would be irrational to deny
that the use of bomb scanners, metal detectors and other search devices at
airports and other major points of entry/exit into/out of a country are
necessary; whether or not they are actually statistically effective, they at
least succeed in assuring the public that preventive measures are being
taken in the name of security, and may succeed to some extent as deterrents.
Similarly, wiretapping and video surveillance can and probably does assist in
crime detection. In other words, most if not all of the forms of surveillance
technology identified earlier in this chapter have benign and positive uses, at
least in the hands of a responsible government (acting through its law
enforcement or security arms). The risks in instances where there is a clear
public interest in personal or national security are therefore centred on the
possibility of abuse of that technology by the government, and on the possible
flaws and error rates of such technology. Such risks and attendant public
concern are heightened if governments maintain an aura of non-disclosure or
secrecy about either the technology or the extent to which it is used.

Recent developments relating to terrorism
and aviation security

I. Overview
Before 11 September 2001 aviation security concerns revolved primarily
around preventing aircraft hijacking and sabotage, and apprehending the
perpetrators of such acts.1 In this regard, any risk to lives was largely confined
to passengers and crew on board aircraft. In response to such long-held
concerns several international conventions adopted under the auspices of
the International Civil Aviation Organisation (ICAO)2 had sought to

I am grateful for the insights provided by my students in the Aviation Law and Policy
course offered at the Faculty of Law, National University of Singapore, in the 2003–2004
academic year. All errors remain my own. The law and developments are reflected as at early
August 2004.
Other criminal acts against the safety of aviation include attacks on airports and air
navigation facilities and the use of surface-to-air missiles aimed at aircraft in flight (these
are known as man-portable air defence systems or MANPADS). The latter is a serious
concern today, and has led to moves to secure flight pathways and airport perimeters. In
the US a new Act to address this issue – the Commercial Aviation MANPADS Defense Act
of 2004 (CAMDA) – is currently being debated.
These conventions include the 1963 Tokyo Convention on Offenses and Certain Other
Acts Committed on Board Aircraft, 20 U.S.T. 2941, 704 U.N.T.S. 219, reprinted in 58 Am. J.
Int’l L. 566 (1959); the 1970 Hague Convention for the Suppression of Unlawful Seizure of
Aircraft, 22 U.S.T. 1641, 860 U.N.T.S. 105, reprinted in 10 I.L.M. 133 (1971); the 1971
Montreal Convention for the Suppression of Unlawful Acts Against the Safety of Civil
Aviation, 24 U.S.T. 564, 974 U.N.T.S. 177, reprinted in 10 I.L.M. 115 (1971); the 1988
Montreal Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving
International Civil Aviation, ICAO Doc. 9518, reprinted in 18 Ann. Air & Space L. 251
(1993) and the 1991 Montreal Convention on the Marking of Plastic Explosives for the
Purpose of Detection, ICAO Doc. S/22393 & corr. 1, reprinted in 30 I.L.M. 721 (1991). In
addition to these instruments, Annex 17 (Safeguarding International Civil Aviation against
Acts of Unlawful Interference) to the 1944 Chicago Convention on Civil Aviation, 61 Stat.
1180, 15 U.N.T.S. 295, requires state parties to establish their respective national civil
aviation security programmes and relevant institutions in order to regulate matters of
security such as the presence of weapons, explosives or other dangerous devices on board
aircraft; the inspection and screening of aircraft, passengers, baggage, cargo and mail; and
the training and certification of security personnel.


establish universal jurisdiction over the perpetrators of violence
against aircraft and to provide for states to prosecute or extradite these
Since 9/11, however, the bigger concern has been the use of aircraft as
weapons of destruction, aimed at causing massive loss of lives and property
on the ground.4 Consequently, the aviation industry has had to face a
plethora of new security measures designed to prevent the occurrence of
not only conventional hijacking and sabotage, but more ominously, the use
of aircraft as suicide weapons against interests on land. This shift in emphasis
toward preventing the use of aircraft as weapons has introduced unprece-
dented challenges for civil liberties as well as heightened costs and inconven-
ience for the air travel industry and travellers alike.5 This chapter assesses
some of these concerns and outlines the new measures that have been adopted
to deal with the post-9/11 aviation security environment. It also analyzes the
prospect of harmonizing security measures among countries with different
perceptions of terrorism risks and the varying capacities to comply with the
requisite measures.

II. Aviation security responses post-9/11
In the past three years or so, aviation security has become a priority on
regulatory agendas worldwide. In the US, the Aviation and Transportation
Security Act (ATSA),6 first adopted in November 2001 placed aviation
security matters within the purview of the federal government.7 ATSA also

A number of aviation security arrangements exist outside the ICAO regime, including the
1977 European Convention on the Suppression of Terrorism, reprinted in 15 I.L.M. 1272
(1976) and the 1978 Bonn Declaration on Hijacking, reprinted in 17 I.L.M. 1285 (1978).
The academic literature on aerial terrorism is abundant – see, e.g., S. K. Agrawala, Aircraft
Hijacking and International Law (Dobbs Ferry, NY, Oceana, 1973); Nancy D. Joyner, Aerial
Hijacking as an International Crime (Dobbs Ferry, NY, Oceana, 1974); Edward
McWhinney, Aerial Piracy and International Terrorism: The Illegal Diversion of Aircraft
and International Law (2nd rev. ed., Dordrecht, Boston, 1987) and Rosalyn Higgins and
Maurice Flory (eds.), Terrorism and International Law (London, Routledge, 1997).
For details, see Phillip A. Karber, ‘Responses to the September 11 Attacks: Re-constructing
Global Aviation in an Era of the Civil Aircraft as a Weapon of Destruction’ (2002) 25 Harv.
J. L. & Pub. Pol’y 781, at 781–82, and Eric J. Miller, ‘The ‘‘Cost’’ of Securing Domestic Air
Travel’ (2003) 21 John Marshall J. Computer & Info. L. 405, at 420.
In the US alone, the estimated costs over the five-year period from 2002–2006 is US$9
billion, see Cletus C. Coughlin, Jeffery P. Cohen and Sarosh R. Khan, ‘Aviation Security
and Terrorism: A Review of the Economic Issues’, Federal Reserve Bank of St. Louis Review,
(Sept/Oct 2002), at 20.
Pub. L. No. 107–71, 1447, 115 Stat. 597 (2001) (codified as amended in various sections of
49 U.S.C.).
Hitherto, these functions were exercised by the airlines and their private contractors under
Federal Aviation Administration (FAA) regulations.

established the Transportation Security Administration (TSA)8 within the
Department of Transport, giving it the authority to regulate security in all
modes of transportation. In 2002 the Homeland Security Act9 was enacted,
establishing the Department of Homeland Security which assumed compe-
tence over the numerous agencies with anti-terrorism mandates, including
the TSA itself. Apart from federalizing airport security functions, ATSA also
imposed a whole host of new aviation security measures, including minimum
job qualifications for security employees, the installation of impregnable
cockpit doors and video monitors to link the cockpit and cabin, the perform-
ance of background checks on airport employees, enhanced security for
airport perimeter access, the installation of explosive detection systems at
airports to scan baggage and the placement of armed air marshals on board
high-risk flights.
On its part the European Union responded by enacting Regulation 2320/
2002 establishing common rules for civil aviation security.10 The Regulation
laid down common security standards for EU Member States and obliged
them to set up their respective national civil aviation security programmes
to implement the common standards.11 Among the standards enacted or
contemplated pursuant to Regulation 2320/2002 are those relating to
restricted areas at airports and the screening of departing passengers and
their baggage for prohibited articles. The European Council is also consid-
ering a proposal for the introduction of biometric identifiers in passports.
At the same time, the EU has yet to formally include armed sky marshals in
its regulatory agenda, leaving the matter to be dealt with by individual
member states.
The international agency responsible for civil aviation, ICAO, has reviewed
and amended its Standards and Recommended Practices (SARPs) on

For more on the TSA, see Kent C. Krause (2002) ‘Putting the Transportation Security
Administration in Historical Context’, 68 J. Air L. & Com. 233 and David Norton, ‘Recent
Developments in Aviation Law’ (2002) 67 J. Air L. & Com. 1107.
Pub. L. No. 107–296, 116 Stat. 2153, in force 25 November 2002.
EC, Parliament and Council Regulation 2320/2002 of 16 December 2002 establishing
common rules in the field of civil aviation security, [2002] O.J. L 355/1. See also Jan
Wouters and Frederik Naert, ‘The European Union and ‘‘September 11th’’ ’ (2003) 13 Ind.
Int’l & Comp. L. Rev. 719. Implementing instruments enacted pursuant to Regulation
2320/2002 include Commission Regulation (EC) No. 622/2003 laying down measures for
implementation of the common basic standards on aviation security, Regulation No.
1217/2003 of 4 July 2003 laying down common specifications for national civil aviation
security quality control programmes and Regulation No. 1486/2003 of 22 August 2003
pertaining to the conduct of inspections to verify the effectiveness of security measures.
For details, see John Balfour, ‘EC Aviation Scene (No.2: 2003)’ (2003) 28:2 Air & Space L.
106, at 111. In September 2003, the European Aviation Safety Agency (EASA) was
established, see EC Regulation 1592/2002 establishing a European Aviation Safety
Agency, 2002 O.J.L 240/1–21.

Aviation Security found in Annex 17 of the 1944 Chicago Convention.12 In
amending Annex 17, ICAO extended the provisions of the Annex to domestic
flights and laid down new requirements on the locking of cockpit doors and
other procedures aimed at preventing flight deck intrusion, the implementa-
tion of security controls such as background checks on airport personnel,
increased security of passports and the standardization of airline and airport
personnel identity documents.
In June 2002, ICAO approved an ‘Aviation Security Plan of Action’,
establishing a Universal Aviation Security Audit Programme. The Programme
is premised upon the conducting of ‘regular, mandatory, systematic and harmon-
ized audits’ to evaluate the aviation security measures in place in member
states.13 The audits are to be conducted with a view to identifying and correct-
ing deficiencies in the implementation of the Annex 17 SARPs. The Aviation
Security Plan of Action also includes the identification, analysis and develop-
ment of an effective global response to new and emerging threats, and the
integration of timely measures to be taken in airports, aircraft and air traffic
control systems. ICAO is also considering the proposed implementation of
machine readable travel documents (MRTDs) and the adoption of a global
system of biometric identification information for passports and other
Meanwhile, the association of airlines – the International Air Transport
Association (IATA) – established the Global Aviation Security Action Group
(GASAG), which initiates the harmonization of industry-wide security mea-
sures.14 GASAG has developed industry positions on: harmonization of
aviation security standards; state/public funding for enhanced security mea-
sures; background checks for persons having unescorted access to restricted
areas in airports; the establishment of and effective maintenance of restricted
zones at airports; new identification technologies such as biometrics;
increased passenger and baggage security controls; risk assessment of passen-
gers; and reinforced cockpit doors.

Amendment 10 to Annex 17, see ICAO Doc. 7300/8, 8th Edition (2001). See also the
Declaration of Misuse of Civil Aircraft as Weapons of Destruction and Other Terrorist
Acts Involving Civil Aviation, ICAO Ass. Res. A33–1, x 7 (2001), issued in the immediate
aftermath of the 9/11 incident. For comments, see Ruwantissa Abeyratne, ‘The Events of
11 September 2001 – ICAO’s Responses to the Security and Insurance Crises’, 27:6 Air &
Space L. 406 (2002).
The audit programme is modeled on ICAO’s existing safety oversight audit programme
established in 1999. The expression ‘mandatory’ is somewhat misleading, as auditing is
still contingent on state consent. For more on the security audit programme, see Anthony
J. Broderick and James Loos, ‘Government Aviation Safety Oversight – Trust but Verify’
(2002) 67 J. Air L. & Com. 1035, at 1052.
See IATA website at http://www.iata.org/whatwedo/security_issues.htm.

IATA’s Board of Governors has also approved a set of Recommended
Security Standards (RSSs),15 containing recommendations that are to be
met or exceeded by member airlines. In addition, a resolution was adopted
calling on states to ensure that effective airline security programmes are in
place which are in line with ICAO’s Annex 17 requirements and the RSSs.
IATA has also initiated a Simplified Passenger Travel (SPT) Programme
based upon a travel card facilitating an individual’s journey. The card
will contain relevant personal data and travel history, including machine-
readable biometric data and passport/visa information.
Pursuant to the numerous laws, policies and programmes adopted
by states, ICAO and IATA, improved security measures are now being
implemented to varying degrees of comprehensiveness around the world.
The most significant of these can be divided into: (a) airborne security
measures such as air marshals, armed pilots and fortified cockpit doors;
and (b) ground security measures such as baggage screening, airport peri-
meter security, and passenger profiling and information gathering using new
technology such as biometrics.16 These measures will now be assessed.

A. Airborne security – air marshals, armed pilots and fortified
cockpit doors
Under the ATSA, the Under-Secretary of Transportation Security is
authorized to provide Federal air marshals on passenger flights.17 In parti-
cular, the Under-Secretary is obliged to do so for flights deemed to be ‘high
security risks’.18 Thousands of air marshals are now being deployed on US
domestic flights, as well as on certain international flights operated by US and
foreign airlines flying into and out of the US. In the EU enthusiasm for air
marshals has been more muted, with a significant number of member states
and their pilots’ unions being strongly opposed to the measure.19 At the same
time, states like Germany, the Czech Republic, Austria and Switzerland have

See ‘IATA Recommended Security Standards,’ IATA Security Manual, at http://www.
In addition, it should be noted that an important revision to the 1952 Rome Convention
on Damage to Third Parties on the Ground is being considered at ICAO, with a view to
increasing the certainty and amount of compensation to victims of air crashes, including
those resulting from acts of terrorism.
ATSA, note 6 above, s. 110(c). S. 105 allows for the marshals to be armed. They may be
placed on ‘every passenger flight of air carriers and air transportation or interstate air
transportation’, 49 U.S.C. 44917(a) (2002).
ATSA, ibid., s.105(a).
Portugal, Denmark, Sweden, Italy and Finland, amongst others, have voiced their con-
cerns against air marshals, while the UK and France plan on using them only in some

begun providing air marshals on selected flights. Meanwhile, a proposal has
been forwarded to the European Council regarding a potential EU-wide sky
marshals programme, but no legislative developments have taken place since
On its part, ICAO’s Amendment 10 to Annex 17 provides that each
Contracting State shall consider21 (i.e. at its discretion) requests by any
other State to allow the travel of armed personnel on board the aircraft of
operators of the requesting State. Only after agreement by all States involved
in a particular flight sector shall such personnel be allowed.22 IATA, through
a common GASAG stand, supports ICAO’s position and urges all airlines to
ensure that their State complies with Annex 17.23
The air marshals programme has some concrete benefits – primarily, it acts
as a further line of defence supplementing on-the-ground baggage and
passenger screenings where these might fail in detecting potential threats.
However, armed air marshals are opposed by many states, airlines, and pilots’
unions for their huge safety risks. The major concern is the presence of guns
on board a plane: bullets may cause cabin depressurization should they
puncture the windows or walls of aircraft.24 There are also fears of accidental
shootings of passengers, and of the marshal’s weapon being used against
himself by terrorists or any other party.25 There have also been reports of
ill-trained or over-zealous marshals holding innocent passengers at gunpoint
at the slightest provocation.26

EC, ‘Introduction of European Union ‘‘Sky Marshals’’ Programme: Discussion Paper,’
Proposal by the Austrian Delegation to the Council of the European Union, No. 6391/02
(19 February 2002), available online at http://register.consilium.eu.int/pdf/en/02/st06/
Annex 17, note 12 above, para. 4.6.5. Amendment 10 is also significant in that it extends,
for the first time, principles governing measures designed to safeguard against acts of
unlawful interference into the domestic context, see Annex 17, x 2.1.3. State parties to the
Chicago Convention are henceforth obliged to comply with these principles even for
domestic flights.
Annex 17, note 12 above, para. 4.6.5.
GASAG also sets out guidelines for the operational deployment of air marshals.
Apparently, even veteran police officers ‘have only an 18 to 22 per cent hit ratio in armed
confrontations’, see Monica G. Renna, ‘Fire in the Sky: A Critical Look at Arming Pilots
with Handguns’ (2003) 68 J. Air L. & Com. 859, at 871. Thus, even if air marshals or pilots
had the accuracy of a highly trained police officer, there is still a risk that bullets might go
astray some 80 per cent of the time.
Police statistics show that 21 per cent of officers are shot with their own weapons, see
Renna, ibid.
In one example in the US, an air marshal detained two passengers solely because of their
appearance and the way they looked at him. It was later discovered that the air marshal
had previously failed a psychological examination for the Philadelphia Police Department,
see ‘Air marshal in dispute failed police test’, Philadelphia Inquirer, 2 October 2002.

In some countries, suggestions have been made for air marshals to carry
stun or taser guns or those with low-velocity bullets capable of incapacitating
a target but not presenting risks to passengers or the safety of the flight.
Overall, many states deem it incongruous for ground security measures to
diligently seek to exclude guns from planes only to allow air marshals to bring
them on board at considerable risk to the flight. In addition, there are
questions relating to the authority of the air marshal vis-a-vis the aircraft
commander’s, particularly when a terrorist situation calls for quick judg-
ments. Whether the marshal’s discretion overrides the aircraft commander’s
authority is still uncertain and is a primary reason why many pilots’ unions
remain opposed to air marshals.
Another legal issue concerns the liability of air marshals and their employers
(whether airline or state) for accidental injuries to passengers. Under the Warsaw
Convention regime,27 an airline may, by categorizing a terrorist incident as an
‘accident’ under Article 17, rely on the Article 20 defence that it took ‘all
necessary measures’ to avoid the damage or that it was ‘impossible’ to take
such measures. If the 1999 Montreal Convention28 is applicable, the carrier could
argue under Article 21 that the passenger’s injury was ‘not due to the negligence
or other wrongful act or omission of the carrier or its servants or agents’ or was
‘solely due to the negligence or other wrongful act or omission of a third party’.
Hence, the carrier’s liability in situations of injury to passengers by an
air marshal turns on the precise relationship between the airline and the marshal.
In most states currently deploying marshals, marshals are typically members of
the police force or other government agencies – government employees whose
presence may be obliged by law. If so, an airline could argue that the marshals
are not their ‘servants or agents’ but ‘third parties’ whose sole negligence may
have caused injury to passengers, exempting the airline from liability. On the
other hand, if marshals are employed by an airline, it would be more difficult for
the airline to argue that the marshal is not its servant or agent.
Costs are also an issue. It is estimated that to effectively cover most flights
today, the air marshal programme in the US alone would cost $20 billion per
year.29 The bulk of these costs would be passed on to the airlines and
consumers, much to the resistance of industry groups like IATA. In any
event, due to the massive number of flights worldwide, it will take time before

1929 Warsaw Convention for the Unification of Certain Rules Relating to International
Carriage by Air, 137 L.N.T.S. 11, as amended.
1999 Montreal Convention for the Unification of Certain Rules for International Carriage
by Air. The Convention entered into force in late 2003 and is now progressively gaining
widespread acceptance and displacing the old Warsaw Convention (which remains in
force for state parties who have not moved to the Montreal regime).
John R. Lott, ‘Marshals are Good, But Armed Pilots are Better’ Wall Street Journal Europe,
2 January 2004, available at http://johnrlott.tripod.com/op-eds/ArmedMarshalsWSJE.html.
For an assessment of the total costs of aviation security, see below note 101.

national authorities can recruit, train and deploy enough marshals to satisfy
the security needs of commercial airlines.30
In the US, it has been noted that marshals are being rushed through
training and relevant standards are being compromised to get more armed
marshals on board flights. Some airlines have also asked whether the state
should shoulder the entire costs, including the cost of the marshal’s seat on
board the plane. From the airline’s perspective, the state should pay for all
security measures since these are essentially public goods. There is also
concern among airlines that some states like the US are providing security-
related funding to their airlines which essentially constitutes subsidies which
foreign airlines do not enjoy.
In the short term, it is unrealistic to expect uniform implementation of air
marshals programmes worldwide, even if ICAO were able to craft harmo-
nized rules for the training, emplacement and financing of air marshals. At
ICAO, states are likely to scrutinize the cost-effectiveness of air marshals, the
liability of air marshals for causing passenger injury, the relationship between
the marshal and the aircraft commander, and whether a US-type air marshal
programme is suitable for flights in other parts of the world.
Indeed, there is every reason for states to assess for themselves the parti-
cular level of risk which may necessitate the employment of air marshals on
certain flight sectors. It is conceivable that many flights, particularly those
which do not involve entering US airspace, may be adjudged to bear a lower
risk and may thus be fully or partially exempt. Presumably there is no reason
why a flight from Bangkok to Beijing should carry the same number of air
marshals or be subjected to the same stringent screening procedures as, say, a
flight from London to New York.
In other words, differentiated risk assessment can be recognized as an
operating principle in ICAO’s deliberations. In the meantime, states would
simply have to be prepared for the likes of the US and the European states
imposing requirements for air marshals on foreign airlines entering their
airspace.31 ICAO itself recognizes the need for flexibility and differentiation
in this matter, as reflected by its Amendment 10 to Annex 17 which provides

Karber, ‘Re-constructing Global Aviation’, at 794–5.
On 29 December 2003 the Department of Homeland Security warned foreign carriers that
they would be denied landing rights at US airports if they failed to put armed guards on
flights which the US considered to be security risks. The US Department of Transport has
on occasions terminated air transport services between the US and states whose airports
were found to be wanting in upholding security standards. See the Foreign Airport
Security Act of 1985, Pub. L. 99–83, Tit. V, Pt. B, 99 Stat. 222 which requires the FAA to
assess the security procedures of foreign airports and foreign air carriers that serve the US.
In order to be allowed to serve US airports, foreign airlines must adopt and implement
security procedures established by the federal government. Foreign airlines are also
required to maintain effective security programmes, see 49 U.S.C. 44906–7 (2002).

that states retain the discretion to meet requests by other states to allow the
placement of air marshals.
As always, the challenge for ICAO is to ensure that whatever rules and
standards it puts in place can be implemented in a timely and effective
manner by member states. One major problem which has always afflicted
ICAO is that it possesses little authority to enforce compliance with its rules
and standards – the so-called ‘SARPs’. This has long been a challenge for
aviation safety, where the furthest ICAO has gone is to develop an audit
scheme to assess the aviation safety arrangements of states and their air
operators. The audits can only be conducted with the consent of the relevant
state, and there is no penalty associated with non-compliance.32 In practice,
though, other states may customarily deny access to their airspace to carriers
from states which they (or ICAO) have determined to have violated the
relevant SARPs. This has proven to be a highly effective deterrent, particularly
for air operators that cannot afford to be excluded from lucrative markets like
the US.
In light of this inherent weakness in ICAO’s enforcement machinery, states
must continue to possess the authority to impose and enforce standards
higher than ICAO’s minimum standards. Thus, for air marshals, ICAO
could develop minimum standards applicable to all states, for instance, in
conducting risk assessments using common criteria to determine if air mar-
shals need to be deployed on particular flight sectors. In addition, a uniform
standard for the training, arming and financing of air marshals can be
established, should marshals be necessary.
Beyond these minimum standards, states which feel particularly vulner-
able should have the flexibility of adopting (and enforcing) more stringent
and specialized standards for aircraft entering their airspace, particularly for
flight sectors considered high-risk. This may include the deployment of any
number of marshals thought necessary, and for extra training and specified
weaponry if needed. In this manner, a differentiated system of risk assessment
responding to varying perceptions of risk can be established, not only for air
marshals but all other associated security measures.
Even more controversial than air marshals is the arming of pilots. In July
2002 the US enacted the Arming Pilots Against Terrorism Act (APATA)33 as
part of the Homeland Security Act measures. Under the APATA, the TSA is
tasked with establishing a programme ‘to select, train, deputize, equip, and
supervise volunteer pilots’. Under the ‘Federal Flight Deck Officer Program’
(FFDOP) which was subsequently set up, pilots are to be trained to use

Results of the audits may be published, but often in consultation with the state concerned,
and sensitive information is rarely made public.
H.R. 4635, 107th Cong. (2002).

firearms at a level of proficiency ‘comparable to the level of proficiency
required of Federal air marshals’.34


ńňđ. 8
(âńĺăî 23)