Loading summary
A
Foreign. Welcome to the Tech Pill, a podcast that looks at how technology is reshaping our lives every day and exploring the different ways that companies and governments use tech to increase their power. My name is Gus Hossain, and I'm the Executive Director at Privacy International.
B
And I'm Caitlin, and I'm PI's campaigns coordinator. Hi.
A
This week, we're talking about travel. I don't know if it's the same for you, wherever you're listening, but in London, as we hit July, everybody starts imagining being elsewhere. And with the World cup going on, many people around the world are traveling to see the World cup, to get locked out of seeing the World Cup. But also it's just in the Northern Hemisphere. It's summer holidays coming soon, so we thought it would be interesting to explore. What is travel going to be like this summer? Whether you're heading to U.S. canada, and Mexico like I am later this summer, or you're heading to Europe to avoid going to U.S. canada, and Mexico during the World cup, and I'm also heading to Europe this summer, or you're flying elsewhere to avoid both of those geographic zones. But then you have to worry about the fact that your airplane's probably avoiding ongoing conflict zones and making travel times even worse. So travel this summer is not going to be simple. So we thought we'd explore it with you.
B
Yes. Or you can do what I'm doing, which is driving to Devon.
A
That's such a wise idea. But though Devon's like, far away.
B
I mean, it depends. You're an American, so. Well, kind of. Your version of far away is different from mine, so for me, it's a really long drive. It's worth noting for a future podcast that car travel will not always be unseiled and, you know, the easy way around some of these problems. But that's a different podcast for a different time. This podcast is air travel, and this podcast is the World Cup.
A
International travel.
B
Exactly. International travel. That's a better. Yeah, international travel. Yeah. And we thought we'd start with the World cup because, you know, it's the big event that people are traveling for. That's I was gonna say on everybody's lips, but I suppose it's not based in the uk. It's huge. Presumably other places less so, but still World cup travel. And in recent weeks, there have been quite a few stories about how World cup travel is not necessarily going that well. It's kind of lucky in some respects that the World cup is split between Canada, the U.S. and Mexico, because at least Canada and Mexico aren't causing too many problems.
A
Yeah, yeah. I'm gonna try to avoid sound like an old man many times, but like, the US Sucks as a border. Without a doubt, the US has the worst border when it comes to surveillance and oppressive tactics and whatnot. But what the US government's been doing since 911 has been forcing its two other land borders being Mexico and Canada, to make their policies just as annoying. And I can't say the same thing of the Mexican government, but I can certainly say of successive Canadian governments. Their responses to US Bullying on creating stronger border for Canada has been to be okay. You know, like, they've been so freaking compliant. And so they have no problem ramping up their border surveillance and oppressive border practices. But they're not yet as. Sorry, I shouldn't swear, but I do swear a lot when it comes to border and travel policy. It's one of the first policy domains I looked into after calm surveillance in the 1990s. So I'm such an old fart. Can I use the word fart? I don't know.
B
I think you can use the word fart. I do not think fart is a swear. If it was, we'd have issues with the president's name.
A
Yeah, that's right. So the US Already has like this practice of collecting data on travelers even before they show up. But that's either in the form of asking for a visa or when you have to get some pre clearance through the eta, the electronic travel authorization, which Canada has as well, of course, because it wanted to ape the Americans. And then when you show up, you have the indignity of landing in the US where you get fingerprinted and that data is kept for 100 years. And that was all like post 911 stuff, you know? So as much as people think things have been getting worse in America in the last few years and certainly is going to get a hell of a lot worse with Trump administration policies already. Traveling to the US Is just supremely unpleasant. And I can say that as a citizen too.
B
Yeah, 100%. And PI, we travel a lot. We're an international organization. We travel and we have travel security policies to try and keep information and staff safe as they cross borders. And there are different almost levels to that travel security policy depending on the border that you're crossing. And the US has always been one of the borders. We've been absolutely clear and the security policy has been absolutely clear. Clear is one of the higher risk borders. As such, the steps that we take when we're crossing The US Border are some of the most stringent of the steps that we take crossing any border in the world. And so everything that we do when crossing that border is set up such that if you're pulled aside into a small, dark room by border control, you can say yes, by all means to every single question they ask. They say, can you unlock your device? And you go, yes, by all means, because there's nothing on it. We're going to take your device. Yes, by all means, there's nothing on it. And so every single travel security step that we take is predicated on the basis that the US Border is a high risk border for surveillance, for data, for privacy.
A
That ranks up there with Israel and China for US where basically, if you're traveling to those countries, you're not taking anything with you because they're going to take it from you. And I've had that experience, unfortunately, with Israel. But yeah, the US Just like last year, the data was that the customs and border police, I think they stopped over 55,000 people for searches of the electronic devices. And what's really interesting, if you are traveling to the US and you are concerned about this, if you do a search about this issue, you will find a lot of outlets, news outlets, predominantly with guides for you on what you can do to prepare for travel to the US And I go back to what Caitlin just said. I don't like those guides because they still presume that you have a level of autonomy when you're at the border. And generally when you're at the border, and if you're not a citizen, you have no rights. And so the answer should generally be, yes, sir or ma', am, I will comply. Because otherwise you're going to have a hell of a load of pain coming at you.
B
And it's worth noting that even citizens in the US you can't be barred and returned from entering. You're a US Citizen, you're allowed home, but outside of that, you don't have many more rights. We might have exactly the same experience, but that's the only real distinguishing factor, which is their ability to bounce you back to where you came from is much lower.
A
After they've detained you for an extended period of time.
B
Exactly. They can still detain you, they can still arrest you, they can still search your devices, they can still take your devices, they can still do a huge amount of stuff to you. It's just literally that very distinct. Are you getting on a flight back to where you came from or are you staying? And staying could mean in prison or detained or any number of things. It's just that you can send back to your kind of origin. Yes, origin, that's the word I'm looking for.
A
But like, and of course, if you're listening, you're thinking, well, look, what are the odds of getting stopped at the border and having your phone searched? Like that happens? I think the Percentage is like 0.01% of the travelers to the United States have this problem. And that's where we get into what the Trump administration has been pushing, which is they want it so that in the future, and it's unclear to me if they were able to accelerate this in time for the World cup and for the summer's travel, but they want it so that every traveler to the US has to submit ahead of time your social media accounts, your email accounts, your phone numbers, your business phone number, your family's email account, social media account, their phone numbers, your work email, every form of identifier that can allow them to, whether it's search a database or search through social media. And you can imagine if you're traveling as a family, they're going to search through your kid's social media account in a way that you haven't. You're going to be judged as a family on your way to a game or to Disneyland or whatever the hell you're doing based on your kid's social media account. And welcome to the future brought to you by the Trump administration. And this is all based on a consultation for changes to the Federal Register that they ran at the end of last year. And in that, they also said it was just the throwaway line that they want DNA as well. So that's the world that the Trump administration's building for future borders. What we've seen already around the World cup is there was a lot of news around the first referee to participate in the World cup from Somalia was stopped at the border and sent home and was not allowed to be the first referee in World cup history for Somalia.
B
And I mean, that specific instance, obviously, new thing has only happened with the World cup, but Trump has been targeting people from Somalia since at least the beginning of this administration. I don't think from the beginning of the last administration, but for some reason, it's Somali specific, that a lot of Somali people have been targeted by Trump's border policies. I don't know why it's quite a specific form of racism Somalia, but it has been happening pretty persistently.
A
To be fair, the BBC, when we were doing research on that specific case, also flagged a case of a person from Scotland who as pre approval was revoked.
B
Yes. And so he had gotten the approval in good time. He had been very responsible. And then it having been approved, the status then changed to pending. And then basically the day I think he was going to fly, it was changed to denied. So despite having received approval sometime in that period of time, they'd gone actually and changed their mind, despite the initial assessment, I guess. Which means he had flown from Australia, where he lived, to Scotland, where Osami was to visit his family so he could fly with his brother to the World Cup. Now instead he has to fly back to Australia and presumably eat the cost of the flight to Florida, which is a lot of money.
A
Yeah. There's going to be some awkward family conversation because the brother continued. Are they still going to split the hotel costs and everything like that? So if you are fortunate enough to travel to the US for the World cup and you land and you get through with or without your devices, with or without your DNA being taken, you also have to deal with the fact that you show up at a stadium and there's vast amounts of surveillance at these stadiums. Now mass surveillance is being deployed more and more at sporting events. And on the day that we were recording this, the UN Special Rapporteur on Freedom of Protest issued a statement about how alarmed she was about the expanding use of mass surveillance and immigration enforcement at football matches. And she timed it for the start of the World cup, saying, look, it's really disappointing that, you know, this is supposed to be a time of celebration. Instead people have to be worried about being rounded up by just attending these celebratory moments.
B
Yes. And one of our colleagues, Clara, has put together a ton of work on increasing uses of surveillance technologies, particularly facial recognition of football matches, kind of generally throughout the footballing ecosystem, not just the World cup, which is available on our website, on all good websites, so just ours. And we'll put the link in the description because it's quite interesting just seeing the expansion of these kind of surveillance technologies into community events. Yeah.
A
Like again, I'm going to sound like an old fart. And again we agree that I could use the word fart, but I remember working on this issue back in 2000. So right before 911 and right before 9 11, the two big stories that are related to this is that first, in light of a plane that had taken off in America and had blown up, that was not terrorist related, the Clinton administration decided to push forward with a computer assisted passenger profiling system that would take passenger data and decide who's a terrorist and who isn't. And they were facing a lot of flak for trying to introduce a profiling system. It was literally called a profiling system. And around the same time, Tampa Bay, who had been about to host the super bowl, had deployed facial recognition technology. The police in Tampa Bay had deployed facial recognition technology. And it had become quite embarrassing because the mayor of Tampa Bay was going around selling this technology to other mayors all across the country. And it's only afterwards we found out that the police actually shut off the system because there's so many errors that were being flagged by the system that it ended up being pointless. But then, you know, a few months later, 911 happens, and both those policies go into overdrive.
B
Which brings us on neatly to the next topic, which is the new EU travel profiling system or the many, many EU systems, some of which are new and some of which are not new, which are integrated in increasingly complicated ways. Right. So I'm going to try and get through this without using any acronyms. I know because I was writing a list of all the acronyms that are involved in this story or these series of systems. And it is long. And so I'll include the list of acronyms because I don't think we're going to manage it in the description. Probably take off some of my really shady notes. But there are 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 key acronyms. Actually, we could probably do this in acronym form where we only use acronyms, but that would be harsh. So if you're looking to travel to the European Union, or. No, to be specific, if you're looking to travel to the Schengen area, which is largely European Union countries, but not entirely, then look out, because they have been implementing some new border systems which are causing abject chaos. But I think actually we should start with what happened to you, Gus.
A
Oh, yeah. So we've been warned for years now that Europe wanted to start its fingerprinting biometric collection system of all non EU travelers to the Schengen area, as Caitlin perfectly drew that distinction. And it kept on getting delayed. It was supposed to happen for the French Olympics, and then it got delayed and they just so happened to turn the switch formally on about five days before I had to travel to Portugal for a meeting. And like I've been in fear of this system going on, mostly because I knew it'd be just a collect, an absolute mess. And so, lo and behold, I was not let down. We land at Lisbon airport and there are Just cues upon cues upon cues. And the travelers are bewildered as to where we're supposed to go and what we're supposed to do. And then we go in front of a computer, the self register and all of that, and the computer just doesn't even recognize the fact that it's alive. And so it's like we're trying to interface with it. And so then we look to the staff, and so often the staff just, like, nod their head with a smile like, you know, it's just. They're so used to it not working. They do this point you to another queue. So you go into the other queue, and there's a human being who. Who just processes your passport like the old days, and you continue on. And that was, you know, mildly amusing. And we thought we could talk about it in a podcast someday, but not urgently. It was the departure that was the cluster fart. Let's call it that. Where leaving Lisbon, we got to the airport four and a half hours early. And getting through, you know, security was the easy bit. Once you get through security, you see this wall of people. And I've never seen so many people outside of a sporting event. I would say, without exaggeration, at least 5,000 people in a queue. Because if you think about it, all the airplanes each have seats of, say, 300 seats. And there must have been at least a half dozen flights to the US within the next four hours. And of course, all the other flights outside the Schengen area and ins. Inside the Schengen area. So you had all these people queuing, and nobody had any idea what the hell was going on. You're queuing and queuing, and it was about two hours of queuing. Then you finally get to where these gates are, these automated gates that are supposed to take your. Your fingerprints and rescan you to help in order to help you out. But by the time we waited for that entire time, and there's so much chaos because people are dying to get to their flights, the airport officials and the border officials decided to say, okay, you know what? Again, let's just put you through to a person at a desk. But this time, the person at the desk knew that the pressures were so high, they didn't even look at the passport. They just, like, noticed that there was a passport, open it to a page, closed it, and just let everybody through. Absolute chaos. And so they could have done that two hours before, then saved us all two hours, but it was just. It was ridiculous. It was security theater and completely foreseeable. So, sorry, I Just got. It's a foreseeability part that just drives me nuts, you know.
B
Well, so this is the end point of this system. This is the like largely public facing part which is called the entry and exit system. And the entry and exit system demands four fingerprints and a photograph taken upon arrival at the border for inclusion in the Entry exit system database. So people who had to apply for a visa, which is still most of the world when it comes to the Schengen area, have already had 10 fingerprints and a photo, 10 like as part of the visa application process. The new part is non EU citizens who don't need a visa now need a travel authorization. And so the new aspect of this is those people are now being asked to provide biometrics, the entry exit system. I forgot I wasn't using acronyms. The entry exit system. Airlines have been calling for its suspension because the wait times are just crazy and they've been exacerbating existing long wait times. And they're just like when we can't cope with this, we need to be able to suspend it. And in theory, when you leave the Schengen area, anytime you cross that kind of external border, the same checks should take place as when you enter. Now this is one of a load of different databases that have been introduced in the kind of in the hope, all under the heading of like interoperability. So the idea is there's loads more information in the system and that information can talk to all the other information to achieve X purpose. And so there are all these new databases and new travel procedures. The information that's stored either in the visa information System, which is the visas, or the ETIAs, which is the European Travel Information Authorization System, which is for people who need the travel authorization because they don't need a visa, they both now feed into something called the Common Identity Repository. So you apply for your visa or your travel authorization, you have to give up, you know, a certain amount of information, more if you need a visa, less if you need the travel authorisation. And then identity information from both of those systems get passed up to this new system called the Common Identity Repository, which only includes non EU citizens and is really, really sketchy. So it's not all the information you ever give. Like it's not purpose for travel, it's not, you know, any of that kind of thing. Instead it's like passport information, name, it's anything identity specific rather than individual journey specific. And the intention with that system is once you've crossed the border and you're in the country or Persistently onwards, because the information is retained. For example, police can check who you are if you have a really pretty severe accident. They can check who your body is. They can do all sorts of things in a country functionally. They can stop you and find out who you are or what this information that has been gathered about you is. It also links to an automated procedure which tries to detect false identities. This also has its own acronym. It's the mid, which is the Multiple Identity Detector, which attempts to look at loads of different factors like your biometrics and see if they're associated with their own accounts. And also runs your information through another database, which is the Interpol's Stolen and Lost Travel Documents database, or the slted, which double checks if your passport's been pinged as for example, missing or stolen. All of these different aspects have huge problems. But it's like this big collective set of databases, including two other ones I haven't mentioned yet, which is the Schengen Information System, which is an EU database for police, border control and others to be able to check if people are wanted by police, subject to an entry ban, which is checked every time you cross that external Schengen border, even if you're an EU citizen. But everyone should get, in theory run through the Schengen Information System or the sis. And then the other. Actually the other two important databases to know about is the European Criminal Records Information System for third country Nationals, which is basically a database that records non EU citizens who've been convicted in, in EU member states of crimes, and eurodac, which is a database of asylum seekers and they're trying to add undocumented migrants to this system. So that's supposed to keep track of all of them. So that's all of the different databases, if you include the entry exit system, which is itself a database. So if you can keep all those different databases straight, that are really quite significant problems with a load of them. They're problems that in 2010 that European Commission highlighted. The European Commission said a single overarching EU information system with multiple purposes would deliver the highest degree of information sharing, but would also be a gross and illegitimate restriction of individuals right to privacy and data protection.
A
Oh, the good old 2010s. We were all so naive and hopeful.
B
The 2010s European Commission were like, yeah, this seems shady. The 2025, 2026 European Commission seems. This seems great. Even to the point that. So Frontex, who we actually talked to you about in the last episode we did with Bill Goodwin, who were doing shady data Transfers to Europol, even Frontex went, this seems shady. There's no data protection impact assessment for the new European Travel Information and Authorisation System, the etis. And there's a huge amount of legal uncertainty because the European Commission was supposed to issue legal guidance in 2024, but they have not done so. And our friends at State Watch asked the European Commission, like, is there a reason that you haven't produced this guidance? And the European Commission did not respond, yes. So in theory, Frontex operate the European Travel Information Authorisation System, but in practice, even they are like, we think the system is sketchy, which is true, because. So there are inadequate safeguards for discrimination. There are inadequate safeguards for purpose limitation, which is to say the data is not being collected for one purpose, it's being collected and then potentially used for a whole range of purposes. There's no specific threshold for police access. So if you're the police and you want to take a look at the database to which you have access to, there's no specific safeguard or threshold that says you're only allowed to do it for this kind of level of crime or suspicion or anything like that. There's just, you have limited access to your data protection rights. So normally you have a right to correct systems information where it's wrong, but it's incredibly hard to do that here because it's all over the place and you need to know, therefore, where it is and where it's wrong. Even understanding it is quite difficult and that limits your access to your data protection rights. So it's all of these kind of things to the point that the EU Fundamental Rights Agency, when commenting on the initial proposal for the European Travel Information Authorization System, said that there's limited research available on the feasibility of using risk indicators without engaging in discriminatory profiling, and that the system should only be introduced if a test phase demonstrates the necessity and proportionality of doing so. This is something I've realized I've forgotten to mention, which is going to make everything more confusing. The intention of these systems and the interplay between them is to run automated checks when you apply for your travel authorization or your visa against a whole range of other systems, both European and international, to see if you could be a problem. And then where those systems throw up red flags, a human is supposed to then go in and double check them. The problem is that all of the systems that it integrates with or ask questions of aren't necessarily good. They're filled with inadequate data. Like, the data is rubbish, it's not good Previous studies have found huge quality problems with all large scale EU databases, in particularly the Visa Information System, where biometrics are attached to the wrong files, significant amounts of inaccurate data are stored. And so there are all these quality problems, right, which if you start doing automated checks, represent huge risk for the people being checked because there's no guarantee the information being surfaced is actually about them. There's inadequate protections re things like in particular. And the one that raised particular concerns for statewatch is Interpol's stolen and lost travel documents database. And so the intention, like when you apply for these things is to say, hey, has someone flagged that their passport's been nicked and this person is using that person's passport? Is the intention in practice. Different governments have in the past flagged people's documents as lost or stolen, when in fact they just don't like that person. All the State Watch examples are Turkish examples. So one journalist was removed from a flight back in 2017. So it's been going a while from Brussels to New York after the Turkish authorities issued a false notification in that database. Another professional basketball player in the US narrowly avoided arrest in Indonesia after the Turkish government also filed a false report and lost documents database and then was detained in fact at an airport in Romania due to this false report. And so the requirements on national governments in terms of what they're allowed to add and review in these databases are poor because they don't prevent them from flagging people who aren't problems. There's inadequate amount of resourcing for the data protection authorities who are supposed to be overseeing the new system. Basically it's adding a ton of extra work. National data protection authorities and we've had persistent issues with national data protection authorities having the ability to do their own jobs because they're overworked, overloaded, they don't have the resourcing, they don't have the staff, they don't have the money. And there are huge problems because it's a huge volume of data that is being stored in like six different databases minimum, and is checking further databases outside of those databases. And policing forces, both national and at the EU level already have huge problems with the volume of data that they have and their ability to process it and use it, which is why in some respects you keep seeing incidents that have happened by people who are already on police's databases or like police knowing about someone hasn't necessarily led to the prevention of serious crime. Right. And the volume of data that they have sometimes obscures actual concerns because there's Just too much of it to get to or to look at or to engage with.
A
And so you're describing that. The problems with the fact that there's too much information and these disparate sources of information, untrusted sources, such as the Turkish government wrongfully flagging people. But then there's also the back end side. Where didn't Statewatch find that the American government's trying to get access to this data as well? There's like a data sharing agreement that's being considered.
B
Yeah, I think the US wanted basically an exemption. Right. So they wanted their own staff to not have to engage with the digital border system, so they'd get preferential treatment so diplomatic, military and other personnel wouldn't have to get fingerprinted or facially scanned. And the Council of Europe provided guidance on how to be flexible. And then separately, they were trying to negotiate direct access to the biometric data being collected, or I think they still maybe are. In 2025, EU ministers agreed to launch negotiations on that agreement, which would give US border agencies access to that personal data and then vice versa. So the EU border people would get access to the US databases, which, like, if you had data protection problems before about data sharing, then heading off to the US makes it even worse.
A
But ironically, if you say no to the US in the same way if you say no to the United Kingdom, you should probably count on the fact they're going to hack in anyways.
B
Yeah, that's also not impossible.
A
Yeah, that's generally our finding when it comes to these governments.
B
But it's worth noting some of these systems have been around a while. Right. So in 2016, a piece of legislation called the Passenger Name Record Directive, or PNR Directive, you'll see it sometimes written out, but we're not using acronyms. So the Passenger Name Record Directive was the first automated profiling system for the eu, which is still being challenged in court. So Epicenter Works, who were an organization who we're friends with, based in Austria and Gesellschaft for Freiheit. No damn. Gesellschaft for Freiheitzrechte.
A
I'm impressed by that, Caitlin. I'm also impressed you didn't jump immediately to the Anglicized version of that, which is the Civil Rights association, based in Germany.
B
Wow. I always think, any good reason to try and test my GCSE level German.
A
Nice.
B
And they've had some victories. Right? And some of the victories came in like 2022, 2020. So it's been going a long time. But it includes reducing the retention period, for example, and as far as I know, it's ongoing. So the challenges and litigation to these rules can take forever and won't necessarily lead to them being undone. And there are challenges to the new data retention system, particularly in Belgium by a Belgian NGO called La Ligue des Drouits Humain. My French is, if anything, if you can believe it, worse than my job.
A
They're doing a good job, but they
B
are challenging the Belgian system because their definition of a risk to security, which allows them to run all these searches and defines the pings and stuff, includes threats to public order, internal security, and or the international relations of one member state, which they say is crazy, too broad. And it seriously challenges the data protection principle of purpose limitation, which is to say that when you collect data, it should be for a specific defined purpose.
A
Sorry, you're just triggering me. So, okay, let me. Let me old fart this just a little bit. So after 9, 11, the U.S. government, like, they were ready with a whole suite of demands. So, like October 2001, the Bush administration sends letters to governments around the world saying, these are the ways you can help us fight terrorism after this horrible thing happened. And so one of the first responses of the Bush administration was to ask governments around the world to water down their privacy laws, including asking the EU to do that. And they then also said, we want travelers data from all airlines, these passenger name records, and we want to accumulate it in a system and we're going to do as we see fit. And PI. And we were working with the American Civil Liberties Unit at the time. We knew what it meant for this data to end up in a system because we knew about the Clinton administration's idea of doing passenger, automated passenger profiling. So we fought this and we worked with the eu. The EU didn't like this. EU airlines didn't like this. They said, hey, in Europe, we have privacy laws. We're not allowed to do these types of things. We protect the rights of our citizens. And for years, the European Parliament did a phenomenal job of pushing back against the Bush administration's huge appeal or data grab, until at some point, and I think it's pretty much motivated by the British government, who were always keen to participate with the Americans in these things. The European Parliament and the European Union realized, huh, why? Why do the Americans want this data? Maybe there's some fun to be had with passenger records. And so it was around 2010, 2011, when the EU switched gears and said, hey, we're going to build the exact same systems. And that's when I just, I Threw all my toys out of the pram and I stopped working on European Union policy for. For a good number of years. So I thought, what's the point? What's the point when they pretend they're all principled and then they switch gears at a drop of a hat and say, ah, but we can do the same thing.
B
So there are two interesting tidbits that I picked up when I was looking into this one was from Kazelschaf Freiheidsrecht, who flagged that one. EU member state already considers it suspicious if someone travels a long distance with too little luggage, which if anyone's ever been. Well, I wasn't one of these students. I was very jealous of everyone else going on a gap year. But if you've ever seen kids going off on gap years with their big backpacks and nothing else. Yeah, they don't have a lot of luggage. But also the piana, no, no acronyms. The passenger name record includes your in flight meal choice. And what information can someone get from your in flight meal choice? That seems really innocuous, except of course, quite a lot because they can get information, you know, which again, seems fairly not because. Are you vegan, are you vegetarian, do you eat halal, do you eat kosher? And those things obviously can then lead to discrimination and targeting on the basis of religion.
A
Yeah. And don't forget, it's also health information, because if you ask for a low
B
salt, yes, it is health information, you
A
know, and under law, data protection law, European law, these are sensitive characteristics, these are sensitive personal information functionally being collected by proxy process.
B
Yeah. And it's something you see not infrequently so we've looked at, in school contexts, ed tech stuff, but you look at schools that implement external catering systems and they go, well, it's not sensitive data. And it's like, well, if you're telling an external party who eats kosher, who eats Halal, who has medical conditions, yes, it is sensitive data. It just feels like it shouldn't be because it's food. And for some people, yeah, food is not sensitive and for some people it's hugely sensitive. And so that I read and went. Interesting. There are other issues you'll never guess. So one is what Statewatch describes as pre crime watch lists. Yes. So already, and this is before the new Etias, a European travel information authorisation system, but the Schengen Information System, which is again the database that should in theory get checked on entry and exit of anyone entering or leaving Schengen, including Schengen citizens. It contained alerts on over 126,000 people for different kinds of checks. So there was a little flag on your record that you should be pulled aside for either discreet or specific checks. And this was in 2019. The number is from 2019. And so if you were wanted for discreet checks, you would get questioned as you handed your passport over by the man in the little booth. You would get additional information asked. And the idea was it would be fairly subtle. You wouldn't know that the flag was there or the specific checks of where you get pulled into a back room. And someone asks you a lot more questions, a lot more detail, and it's a lot less subtle. But the new system creates new lists, including people who are suspected of maybe in the future, who knows what we think possibly could take part in terrorism or other serious crimes, which, again, how much information is required to make that determination? How do you challenge that determination? Because you probably will never know that it's there. How do you guarantee that it's accurate? You can't, because it's on the basis of crimes you haven't committed or you've made no attempt to try and get involved in committing, because most of the things that that would include would include crimes. So there are all these kind of things that people are trying to make data do to prevent hypothetical crimes or hypothetical problems that are going to cause problems for people now who are trying to travel for any number of reasons, whether it's a family holiday, visiting relatives, funerals, weddings, all the reasons that people travel. There's also a long history of really weird visa requirements, which this is something I thought was really interesting. So I didn't know, but apparently it was released by WikiLeaks in 2004. So the fact that I didn't know it doesn't mean it hasn't been around a while. But some nationalities, when they apply for a visa for entry into the Schengen area, require prior consultation. And these apparently, to quote, generally follow colonial patterns. For instance, before any member state issues a visa to an Algerian citizen, France must be given the name of the applicant.
A
Oh, God.
B
And France can refuse to allow the partner member state to issue the visa?
A
No.
B
Algeria being a former French colony. Yes. Which is, again, it's been around 22 years. The census cable was released by Wikideeks. But that is astonishingly bizarre information. And apparently they do largely follow colonial patterns.
A
And so if you know the history of surveillance, and you know the history of, say, biometric surveillance or databases generally, or pass cards, and if you know anything about the history of European colonization. You combine those two together and you can imagine that the French government still has a database and active monitoring and surveillance of its former colonies. As the US government says, following colonial patterns. But they can be trusted by the Germans and the Italians to keep an eye on their former colonies and the people who are troublemakers there. That is the grossest thing. And all that data is going to be shared with the Americans.
B
And it's also worth noting that part of what they're trying to make these digital systems do is digitize the surveillance that's already happening in the sense that they will already sending people into. Can't totally remember, I think countries to basically check people out and they're trying to get the databases to do the same job. And then last but not least, one of the things Statewash really flagged is that there's loads of well documented ethnic profiling throughout policing across the Schengen area. And they flag particular countries where it's worse. But it's pretty well understood that ethnic profiling is a pretty serious problem across this part of the world. And what Statewash worries about is that the encouragement to use this new common identity repository, which is the identity information from these various databases that the police can query for incredibly permissive reasons. So police are already allowed to have a look at the visa information system, but the standards are higher, usage of which has already been increasing, but it's less permissive. Whereas the common identity repository, they're allowed to query for a much, much longer list of reasons and they're allowed to see potentially a lot more information from their common identity repository. And so the concern is if you're being told do more identity checks, like run people through this new system, the people that you're going to be running through those system are the brown ones. It's going to be the same people still being pulled over, but more with more information and more potential risks because of the integration of all these systems with all these sketchy other systems that already have huge data quality control problems. And it's just a house of really S cards. And the end point of which is a nightmare at the physical border that you've got to arrive four and a half hours early to make sure you can actually get on your flight.
A
Yeah, after you spent thousands of dollars or euros or pounds in order to get that flight.
B
Foreign.
A
Let's imagine there are some of you who are listening who are saying, well, this doesn't apply to me. I'm a U.S. french citizen of no Algerian heritage whatsoever. And all my kids don't use social media at all. And so there's no way in hell I'm going to get caught up in any of these systems because I'm a good person and the Turkish government has no reason to be angry at me and to declare my passport non valid or anything like that. And every database that has my data that could ever lead to it being accumulated in this massive new database, all my data is crystally clear and clean and unproblematic. Then you get to the actual domain that PI covers on top of how is US Border policy and European border policy. And that's when you get to the un. So look, everybody has this approach to the UN that it's kind of pointless or it's where all the good people go and work and all the good work happens because we're all trying to keep peace and all of that. And yeah, we agree the UN and some of its institutions can be quite cuddly. But in those assessments of its cuddliness, people often forget that there's something called the Security Council where all the most powerful governments come together and make the real decisions. There's the Office of Counterterrorism that is always trying to pretend that it is very serious, working on terrorism and serious things. And again with my old fartedness, there's the International Civil Aviation Organization, which is a Montreal based UN agency. And they're the ones who essentially determine the fact that you now have a biometric passport and your biometric data is collected by governments around the world. From that, we've been engaging with these UN institutions for years on their various problematic policies. But the one that we wanted to talk about now in the context of all this, and I don't want to get triggered into talking about biometric passports again because that was my post 911 help of having to try to work on that policy. It's actually talk about travel policy and that is the UN Office of Counterterrorism. It must have looked at the world and said, oh, it's unfair that these Americans can build these advanced surveillance systems for travel. And it's unfair that Europe can do this. Why can't we help every government do this? And so they created this Go Travel system like Go Travel. They actually gave it a stupid name with even with stupid capitalization. So it's a lowercase G for go and an uppercase T for travel. And then they thought they'd be really cool and bring those two words together into one word. So it's called the Go Travel system. Is that to make it more friendly or to make it sound more Internety, I don't know. Anyways, it's a system that they want to provide to any UN Member state, which is any government across the world, to allow for the processing of the exact data we're talking about, that is all advanced passenger information and all passenger name records. Because again, it's unfair that only some, some governments get to exploit all this data. They want to make sure that you, as that French, American, non Algerian, non Turkish implicated person, as you're traveling around the world with your friendly family members who don't have social media accounts, you can still face the same level of scrutiny all around the world. And it's just, you know, when we were looking at this system at PI, it just blew our minds that the United nations would be endorsing such a system. Like, when they deploy this system around the world, there's no compliance monitoring of whether or not governments are abusing this. There's no monitoring for abuses generally. And, oh, by the way, just to go to the Basics of Privacy 101, there's no privacy policy. And so, you know, if we're talking about really advanced bureaucracies when it comes to immigration in the form of the US and the eu, if they can still screw this up, can you imagine how this gets deployed elsewhere the world? But the UN is building it. But, you know, we can't have a podcast where I don't also get angry at the UK government. I'm going to bring this home for Caitlin and I. You know, she thinks she's being wise this summer by not traveling outside the UK and that she'll somehow be fine. And oddly enough, to some degree she would be. But the closer she gets to a border, which is basically the water, she's got to get closer and closer through problematic practices because, like, the UK government loves to police its borders. Like, for years, even as you are traveling to the UK from somewhere else in the world, you'll notice that you get extra checks at whatever airport you're at. And it's because the UK government has already negotiated that level of additional scrutiny. And it just. It's the beauty of having His Royal Majesty as your leader and head of church. But what's interesting is that Parliament in the past few years has also been very keen to give the government powers at the border. So when you land at the border, they are increasingly doing searches. So one data point we could find, because there's so little data on this, is that There are about 1.5 million searches of people at the border of the United Kingdom annually. And that includes body searches and so on and so forth. But like the power that PI looks at, particularly is the power under the UK Terrorism act of 2000. So again, pre 9 11, where there's a Schedule 7 that allows them to stop people at the border with no prior suspicion of terrorism. You can be detained for up to six hours, they can collect your fingerprints and DNA and you may be required to provide any information that they request, including pins and passwords. And it could actually be an offense to comply. And so that's why again, I get really annoyed with all this travel guidance that people give to say, oh, you know, just turn off the biometric on your phone so then they can't force you to look into your phone in order to open up your phone in order to give access. And they also say, oh, store data in the cloud rather on your phone, then you'll be fine. Actually, that doesn't help you in the uk, the UK can force you to disclose your password whether you like it or not. And if you don't comply, then that's
B
an offence and that's UK and non UK citizens. It doesn't matter if you're a UK citizen, there are no additional protections that you get. And if you are convicted, which many people have been, of a Schedule 7 terror offence, it's a terror offence. So when you're disclosing, for example, because you want to get a job in the uk, you have to say, I've been convicted of a terror offence. Even if that terror offence was, I'm a lawyer carrying information about the torture of a guy that the UK participated in torturing someone with the us and I don't want to give you that information then nonetheless, you can be convicted of a terror offence.
A
And so the irony is that I hate to use the word irony in this context, like this power to stop and search people's devices. The UK is expanding and it's because of this so called migration crisis that's happening. And it is, I guess this is the appropriate use of the term irony, where the people who are angry about migrants are pretending to stand up for the rights of British people and this power is actually being used against them too. There's a fascinating case involving, I really have to avoid swearing in this one, but it's a case that deserves to be heard, which is there's a far right activist leader in this country called Tommy Robinson. Well, that's what he wants to call himself. His real name is Steven Yaxley. Lennon and he was stopped while traveling with his car and he was at the Eurotunnel and he got stopped. And because he was giving vague replies to the questions being asked of him, he was was forced to hand over his phone. It was an iPhone in this circumstance. And he was being compelled to disclose his pin for the phone and he refused. And so he was prosecuted. As Caitlyn said, you get prosecuted as a result of this. And actually, well, his case was thrown out. It went on for a good while and he needed financial support for his case and it was provided by the small unknown tech trillionaire called Elon Musk. So Elon Musk funded the legal case to support Tommy Robinson or Stephen Yaxley Lennon on this case, because Tommy Robinson said, look, I'm not going to give you my phone data because there's journalist material on it. And so he was trying to fall into the protections that might exist for journalists. And then he argued in court, or his lawyers, funded by Elon Musk. This case was brought to you by X. They argued in court that he was being discriminated against because of his political beliefs. And actually the judge agreed. The judge agreed that he was targeted for his political beliefs and that he was targeted based on an arbitrary decision based on who he was and it was a protected characteristic under law. So he was. Yeah, he was forgiven and all was fine. Not many people get that level of protection or legal support.
B
No, it's extraordinary and it's worth in some respects noting that Tommy Robinson, Stephen Yaxley Lennon is not a friend. But it's a good thing that this case was thrown out. This isn't a power that should be allowed to exist. And challenges to Schedule 7 and that power, they're a good thing. If you're the director of Cage, which is an anti torture organization in the UK who gets pulled over and gets done with terror offenses. He got convicted and all of his appeals failed for refusing to hand over passwords and your PIN number to your phone and your computer because you have, in that case, protected information about your client who has been tortured. It's good that that is undermined.
A
So should we be asking Elon Musk to set up a legal fund for all people who are stopped at the border? Or do we have to say it's only for some reason?
B
I think it's worth noting that Elon Musk's political opinions and who he believes to be worthy of defence and legal defence is not predicated on any persistent moral principle. Instead, it seems to largely be predicated on People he likes. For now. But, yeah, the possibility of being done for a terror offence because you didn't want to hand over your PIN number for your phone or your password for your computer, particularly where you have protected information or information over which you are, for good reason, protective. It's a bad power. It shouldn't exist. And the lack of safeguards involved in that power, like the lack of suspicion required, like everything else that you've already said, they're bad. There needs to be safeguards. If you want the power to exist. There needs to be a minimum level of reasoning why you pulled something over in Tommy Robinson's case. It can't be, because I saw it was Tommy Robinson and I thought, oh, that's Tommy Robinson. I'm gonna pull him over. Like, there needs to be a genuine basis and a reason and a safeguards,
A
you know, and this is why we're talking about borders, ultimately, and why we're talking about travel. There's nowhere in the world, no matter how American, French you are, there's nowhere in the world where you're more powerless than the border of a country, even if it is your own. You are still powerless at that border. Unless Elon Musk is your friend.
B
Well, even if Elon Musk is your friend while you're in the room with the border agents who are yelling at you like, you're really hoping that Elon Musk comes through for you in the ensuing court case, which I don't think he's the most reliable of people.
A
And then the final aspect is, okay, you're a French American with no links to any government around the world who might not like you, but you might have to deal with the shifting geopolitical patterns. And the most recent example that is worth ending this podcast with is one that's so insular, so inside baseball, that I'm amazed Caitlin is allowing me to talk about it. Mostly because I think she's going to see if I'm going to swear, which is. Every year in the NGO world that we are a part of, there is a huge, I'll use a proper terminology, conference. I've called it More Nefarious Things, where people come together and they fly in from all around the world. They come together to talk about digital rights. And this year, that conference was supposed to take place in Zambia, and the conference was going to include speakers from Taiwan, and it was going to talk about issues relating to China. And the conference organizers had negotiated very intensely and openly with the Zambian government about making sure that people from around the world could travel into this conference. So let's imagine that American French person with very kind kids was traveling in to Zambia for that conference. Well, at the last minute the conference was canceled. And when trying to make sense as to why the Zambian government had all of a sudden gone cold on the conference conference, the conference organizers claim it was because the Chinese government put pressure on Zambia and the Zambian government. And in fact, one piece of reporting from Zambian media said that the conference venue itself had been a donation from China. And this hints to China's increasing role in the world, particularly let's say in Africa, where Chinese government funding and Chinese industry funding is part of the economies of these countries now and you can't afford to annoy the Chinese government. So the conference was essentially canceled at the last minute, inconveniencing countless digital rights advocates from around the world. And it got so high profile that even the un, the United nations office of the High Commissioner, who was a much we love this office, but because you can imagine we love this office. So it has very little currency within these kinds of fights. Unfortunately, it was demanding why the Zambian government had decided, based on national values and policy priorities, to essentially stop freedom of assembly of people from around the world and from Zambia. Interestingly, Zambia has an election coming up and so things like this don't bode particularly well.
B
So RightsCon is immensely complicated, right? Like in the ideal world or the ideal vision for RightsCon, like people from every single country in the world can
A
go, but they shouldn't.
B
It's.
A
Well, sorry, I shouldn't say that, but I do say that they should not be traveling to a conference. Why do we need a conference anyway?
B
But the idea is that every single person in the world gets to travel to it. But in practice, visa rules have not been kind to this concept. And so the one time that I went, it was in Costa Rica and a specific fast track visa scheme had kind of been negotiated. The idea was to make sure as many people from as many countries as possible could get into a Costa Rica. And the first day, the introduction announcement to the conference, they had to bring out a Costa Rican government official basically because everyone was so mad because this visa system had not been working. And lots and lots of people who were supposed to come had not been able to use this fast track visa system to get the visas. But because it was supposed to be a fast track visa system, they didn't have the time basically to get the proper big fancy visa. And whilst the geopolitical implications of this cancellation is Much more dramatic than the kind of yearly visa nonsense that people have to deal with. There is visa nonsense every single year. And we have global partners that we try and invite to places. And our Ugandan colleagues can never get UK visas. And it's because the presumption is that they will want to stay. And one of our Ugandan colleagues got basically a letter from the UK government saying that we don't think you'll leave if you stay. And she said, I've got an organization I run, I've got family, I've got a life in Uganda. And frankly, I don't like the UK that much. Of course I'm going home. It's just such a patently, like, shit
A
system and all the performance you have to go through in order to comply with even the ability to apply and to then get refused. So, like, in order for us to invite our Ugandan colleagues or any of our colleagues, Colleagues from anywhere around the world, we need to book a flight so they can show up and say, here's my flight booking. We need to book a hotel so they can say, this is where I'm staying. And these things have to be paid for all for them to be told, no, I'm sorry, you. You can't come to the uk and
B
it's not, I'm sorry either, to visit
A
an organization that is registered charity in the United Kingdom. And it's like, oh, it just blows my mind.
B
And the patent racism inherent in Uganda's not that nice. Makes the UK so much better. You definitely want to stay. Even when it's just not inherently true. It's just not true. Is infuriating.
A
Oh, and let's also remember, when people have to apply for visas, they need to go to the embassy. And guess where the embassy is? It's always in the capital city. And so if you don't live in the capital city, you have to travel for hours in order to get there at a specific time. And to be treated like a potential. Well, yeah, to be treated as though you're a criminal. Yeah. So that's why we've covered these issues. And so just to bring it all together, it's. And it's getting here. And if you think that because you're a citizen or because you have permanent residency or. The reality is governments are trying to treat everybody the same way, whether you are a citizen, whether you are a permanent resident. They want to find ways to get all of your social media accounts and even your DNA in order to put them into countless databases like the ones that Caitlin Very well summarized without using too many acronyms. And they want to make sure that this power exists for every government around the world. And they also want to make sure that all these governments are sharing this information. And it's like, this is the way that. This is the way that it is. And it's just extraordinary. I still remember a time when it wasn't like this, when it was considered outrageous to do these types of things. But there's something about the last five years particularly, and I think we know what it is, that has created this environment where there's no border policy that is too crazy, you know.
B
Yes. But it does mean it's new. Like it's a new trend, which means it's not an inevitable trend. It, it's not an inevitable part of your border security. It's a new trend and new trends can be undone. And the information in the various EU databases is not going to be made better by the fact that they're just going, these checks are not necessary because the queues are too long, you know. Anyway, we'll let you be free.
A
So on that note, Thanks for listening. You can sign up to be the first to learn more about our work@pbcy.org podsignup we'll include many, many links to relevant articles and information in the description, wherever you're listening or on our website@pbcy.com for what it's worth, we might have to apologize to you that the part of our website that hosts our videos is currently down. By the time this podcast is released, we hope it's back up and running. And we kind of blame, not ourselves, but the fact that there was a critical vulnerability found in the server application and we are trying to deploy the patch, but it's taking us a while. So it's better to have the system down than to have it unpatched. Specifically, the wonderful people at peertube have done a good job.
B
So we host stuff on our website through something called media.privacyinternational.org, which you can go to and you can look at, except you can't because it's down. But what that is it's PeerTube, which is like a federated, funky version of YouTube. The downside of it being a federated, funky version of YouTube is things like critical vulnerabilities, which suck, but that it's much better to take things down and fix them properly rather than have critical vulnerabilities lurking around our systems. So if you're like, ah, nuts, I only listen to the podcast on your website or Ah nuts. I only listen to your podcast on media.privacyinternational.org a the way that because PeerTube is federated, you should be able to listen to old episodes. So not this one, so go away. But old episodes on other people's peertubes who mirror ours or who follow ours. But also YouTube exists. It's not as good, privacy wise obviously as Media PI, which is why we use PeerTube and there are lots and lots of podcatchers that you can use. So obviously you've got the big ones, you've got your Spotify's, your Apple music. Unsurprisingly, lots of people don't like them privacy wise. Not always the best, but there are lots of others that exist for podcasts that take the RSS feedback.
A
But if you ever want to send some love to the people up here to do such good work at trying to have an alternative to YouTube, please do. And along the way, whichever platform you're using, don't forget to rate and subscribe to this podcast. Music courtesy of Sepia. This podcast was produced by Max Burnell for Privacy. Sam.
This episode explores how travel—particularly during major events like the 2026 World Cup—has become intertwined with escalating government and private surveillance measures. Focusing on the US, Canada, Mexico, Europe, the UK, and global policies, Gus and Caitlin dissect the ways border controls, databases, biometrics, and state cooperation (or coercion) expand data collection and erode traveler autonomy. The conversation pulls back the curtain on the integration of surveillance tech into international travel, profiling, and the far-reaching consequences for personal privacy.
On US border surveillance:
"If you're not a citizen, you have no rights. The answer should generally be, yes, sir or ma'am, I will comply. Otherwise you're going to have a hell of a load of pain coming at you." – Gus [06:29]
On profiling and discrimination:
"One EU member state already considers it suspicious if someone travels a long distance with too little luggage." – Caitlin [34:14]
On datasharing with the US:
"If you say no to the US in the same way if you say no to the United Kingdom, you should probably count on the fact they're going to hack in anyway." – Gus [30:08]
On border powerlessness:
"There's nowhere in the world... where you're more powerless than the border of a country, even if it is your own." – Gus [52:45]
On the inevitability of surveillance trends:
"It's a new trend, which means it's not an inevitable part of your border security… New trends can be undone." – Caitlin [60:10]
Travel, whether for leisure, work, or activism, now involves deep and often opaque scrutiny from governments armed with vast, interconnected databases. Despite frequent promises of security or efficiency, these systems too often foster discrimination, error, and arbitrary denial—and rarely provide clear routes for redress. For the PI team, these systems mark a massive shift from the norms of just decades ago—and yet, as Caitlin points out, these are new trends, not irreversible destinies. Vigilance, resistance, and legal challenge remain vital.
For further reading and references, visit Privacy International’s website and episode description.