“These pieces are written at that border between what one knows and what one thinks it might be possible to think, between what little one grasps and the great gulf of ignorance which that partial grasp reveals.”
(Rose, 1999: 11)
57 Empirics
As has been indicated in the prelude, this PhD project evolved through the thematic layer of a research project (KRETA). Funded by the German Ministry of Education and Research (BMBF) and thematically focused on the multiple ethical, social, and political implications of body scanner technology, the project pursued a double approach of both empirical fieldwork and philosophical reflection. While conducting empirical research (ethnographic observations at the airport as well as a series of expert interviews with stakeholders from the aviation branch, broadly conceived), it quickly became clear that research on a specific security technology that was designed particularly for airport contexts could by no means stand on its own. As has been shown throughout the first two sections of this thesis, the notion of security is way too complex to be broken down to a mere, however multi-dimensional, analysis of checkpoint security and its transformation through a single technology. In order to do as much justice as possible to the myriads of notions and nuances of security, any analysis of airport security must thus proceed way beyond a single spatial and/or technological layer, and rather turn to a mode of problematization that incorporates the airport ‘as-a-whole’.
This is why I decided to extend my PhD project beyond the rather narrow (however highly intriguing) scope on body scanners. Still, as can be witnessed by the empirical inquiries to follow, body scanners make an appearance as the main focus of analysis in two of the six pieces. [Inquiry 4] centers around the question whether body scanners can be conceived of as an attempt of securitization. The manuscript analyses the reasons why body scanner technology has not been implemented at German airports, unlike in other EU member states.
Conceptualizing the struggle over the deployment of a new screening measure as a securitization process, the paper seeks to move beyond language and official discourse, in which the machines were framed as unsuitable in plain numeric terms. Sociological approaches to securitization theory thus can help to shift the scope to practices and expert knowledge in the aviation sector and to achieve a more profound understanding of securitization processes. Building on a series of expert interviews with representatives from relevant stakeholders, the piece argues that privacy requirements have created major obstacles for body scanner technology and finally contributed to the (preliminary) failure of a long-term securitization move. The analysis of body scanners as a thwarted securitization process obviously builds on the narrative of security as securitization, but it also explores some of the notions of security as technology and security as economy.
Body scanners are also the central building block in [Inquiry 2], co-authored with Anja Koenigseder, however from a much different, sociologically inspired angle. With the emergence of aviation as a target for terrorism and serious crime in the 1970s, the affective dimension of airport security changed drastically and is now carefully engineered as a zone of earnest and solemn protocol. Against the backdrop of bombings and hijackings, airport security today enacts a ‘no bullshit’ approach in the ‘war on terror’. Humor essentially has been banned from screening operations. From obvious signs that say ‘No bomb jokes, please’
to drastic consequences in the case of non-compliance, security appears as something that is not to be fooled around with. However, with the introduction of body scanners at the airport, this atmosphere of earnest appears to change. The manuscript builds on ethnographic fieldwork at Hamburg airport during the German trial run with body scanners in 2011. During the time of observation, we found a surprising amount of reciprocal laughter and joking. We argue that this can be conceptualized as an attempt to break open a space for laughter, momentarily abandoning protocol in order to deal with issues of visualization, exposure and
58
shame that arise from the new scope on the fleshly anatomical body. The paper touches on the politicality of body scanners and more generally on the politics of counter-terrorism, but it takes a ‘detour’ through the sociality of technology. In this vein, the manuscript builds mainly on the narrative of security as (socio-technical) assemblage, but also on the narratives of security as technology and security as government.
Another empirical analysis that has directly emerged from the KRETA project is [Inquiry 5].
When analyzing the interview material, there was indeed a red thread throughout the transcripts that could hardly be missed: most of the experts at some point during the conversation highlighted the problematic state of security enactment on the ground level. In other words: they were concerned about the actual individuals who ‘produce’ security. Airport security both follows general trends of risk-based and technology-led policing, as well as it is determined by a neo-liberal economic mode of regulation, leading to privatization and out-contracting of most tasks, including actual screening of passengers at the checkpoint. The manuscript draws on those expert interviews from the aviation sector in order to scrutinize how German airport security governance can be located on the continuum between the public and the private. By combining both economic and political accounts of security, the analysis retraces how the particular German solution of a principal/agent relationship between the police and private firms remains stuck between a normative blueprint of state-provided security and the benefits of market regulation, and thus causes a series of problems. The manuscript is constructed around the narrative of security as government – more specifically:
around the criminologically coined perspective of security governance – and draws a close link to the narrative of security as economy.
As mentioned earlier, the aim for this PhD project was to provide an analysis of security and the airport as encompassing as possible, and the empirical material from the KRETA project could only serve up to a certain point here. In order to create more accounts that provide further perspectives of how security comes into being in complex airport assemblages, I have sought to explore additional dimensions. Two of the analytic pieces that follow are particularly concerned with the notion of “social sorting” (Lyon, 2003d). [Inquiry 1] evolves around a presumed conflict between risk and privacy, and the cross-cutting practices of data collection we find at the airport. Risk has become a ubiquitous tool for security governance. The manuscript analyzes the ongoing shift in airport/aviation security from rule-based to risk-based screening. Seeking to explore the effects of data risk-based passenger risk assessment on privacy through the collection and processing of personal data, the paper argues that risk is likely to enroll passengers into a partly voluntary, partly enforced membership in trusted traveler schemes in order to enhance the database, thus enabling a more precise assessment of risk levels. In a disciplinary spatial setting, the once distinct privacy dimensions of citizen-state and consumer-market become increasingly blurred, as law enforcement authorities seek to exploit data that was originally obtained for commercial purposes to improve risk calculations. The manuscript strongly builds on the narrative of security as surveillance, and on the underlying narrative of security as future.
The notion of security as future is in fact one that has particularly fascinated me, and [Inquiry 6] further explores the political modes of addressing the future at the airport. The paper argues that with increasingly large databases and computational power, profiling as a key part of security governance experiences major changes. Targeting mobile populations in order to enact security via controlling and sifting the good from the bad, profiling techniques accumulate and process personal data. However, as advanced algorithmic analytics enable
59
authorities to make sense of unprecedented amounts of information and derive patterns in a data-driven fashion, the procedures that bring risk into being increasingly differ from traditional profiling. While several scholars have dealt with the consequences of black-boxed and invisible algorithmic analytics in terms of privacy and data protection, the manuscript engages the effects of knowledge-generating algorithms on anti-discriminatory safeguards.
Using the European level efforts for the establishment of a Passenger-Name-Record (PNR) system as an example, and on the theoretical level connecting distinct modes of profiling with Foucauldian thought on governing, the paper finds that with pattern-based categorizations in data-driven profiling, safeguards such as the Charter of Fundamental Rights of the European Union or the EU data protection framework essentially lose their applicability, expressing a diminishing role of the tools of the anti-discrimination framework. Besides its strong focus on the narrative of security as future, the manuscript also explores the narratives of security as surveillance and security as government and re-connects them to the narrative of security as value.
The last empirical inquiry occupies a special position among the array of manuscripts on airport security. It is not directly concerned with aviation, but with the complex relation of security, technology, the industry, and the field of security research. As already indicated in the prelude, I have opted to incorporate questions of security research as part of the political program of security, as they have strong relevance for more general questions of the social, political, and economic role of security. [Inquiry 3] thus engages the storied relation of security and privacy and its transformations through the layer of security research. Privacy and security have long been framed as incommensurable concepts that had to be traded off against each other. While such a notion is rather under-complex, it has been quite persistent. In recent years, however, the relation has undergone a transformation and is now apparently conceived of as a technological issue that is set to be resolved through privacy by design. The manuscript retraces, through an analysis of EU security research funding, how this shift has come about, and critically assesses its potential to eventually resolve the conflict between privacy and security in a world of data-driven security measures. Thereby, it builds on the narratives of security as transformation and security as technology, and links them closely to the narrative of security as economy.
Besides highlighting specific registers of security individually, one common narrative that all inquiries touch upon is the initial one that has briefly explored security as value. They all raise normative questions, often from a critical standpoint that seeks to challenge the modes in which security is used as a means of re-ordering the social through distinct modes and rationalities of government. Particularly, they emphasize the colonization of the everyday which has become so crucial for a critical security studies agenda. The inquiries understand themselves as deeply indebted to, as Bigo (2008a: 16) frames it, “a political sociology of international relations that reintroduces international phenomena, by making them normal and banal social facts on a daily basis” and renders them challengeable through academic analysis. Quite naturally, as a researcher based in Germany and funded through both German and European security research frameworks, their main scope is the European Union – however without being geographically limited in the arguments they put forward. As has been shown, an analysis of mobility is by default an analysis that incorporates a global perspective.
As people, goods, and services travel, so do insights about the regimes that monitor and regulate such travel. The analytical inquiries presented here are at different points in their path of flight towards publication, as respectively indicated. They are presented in the form of finalized manuscripts.
60 [Inquiry 1]
Blurring the dimensions of privacy? Law enforcement and trusted traveler programs
On 27 September 2011, the European Commission held a High Level Conference in Brussels on “Protecting Civil Aviation Against Terrorism.” In the final document, the experts from Europe, partnering countries and the International Civil Aviation Organization (ICAO) recommended that aviation should turn to a more risk-based policy, stating that “security measures can and should relate to the risk they intend to mitigate” (European Commission, 2011c). The conference was followed up by another High Level Conference, this time held by the ICAO itself, that assembled more than 700 international representatives in Montréal, 12-14 September 2012. In its final communiqué, the conference “encouraged ICAO Member States and industry stakeholders to adopt a risk-based approach to aviation security” (ICAO, 2012: 2). Those are two striking examples of a security policy shift within an area that is considered both as highly symbolic and vulnerable, and thus has served as a prime target for any terrorist and/or criminal attempts. This paper seeks to explore the effects of this turn to risk as a key tool in the ‘war on terror’ on privacy in aviation. Theorizing the efforts as security governance (Wood and Dupont, 2006a), it will be shown how dispersed actors converge in their desire to create transparent individuals, using trusted traveler schemes as incentives, as they promise both rewards and the possibility to circumvent invasive secondary screening measures for passengers. Considering the contextual peculiarities for privacy (Nissenbaum, 2010) at the airport, it will be argued that individuals have little leverage in negotiating privacy boundaries, but are ‘softly forced’ into participation in trusted traveler programs.
The strong emphasis on risk in debates about aviation security has arguably emerged in a period of time when the cross-pressures on stakeholders have become more severe. In recent years, in addition to pressing security needs in the ‘war on terror’, aviation has faced rising numbers of overall flights and passengers and the need to work even more cost-effectively, while still providing maximum passenger convenience. At the intersection of these cross-pressures lies passenger screening at the airport, where in a spatial bottle-neck security becomes enacted through the evaluation of whether the passenger poses a threat or not.
Modern airports have been stacked with a variety of security and surveillance measures for a long time, ultimately culminating in intense screening procedures at the checkpoint that separates the publicly accessible landside area and the secured and ‘sterile’ zone of the airside area. Security screening has traditionally been carried out based on a principle of equality, meaning that everyone has to be screened with the same intensity. A simple problem has been identified within this current approach to airport security though, which is nonetheless hard to overcome. Past implementations of security measures and technologies in screening can be understood as a causal chain of incident and reaction – either in form of policy change or in form of new technological measures. Among the most prominent and controversially discussed examples of this sequential logic are the ban of liquids and the implementation of whole body imaging devices (‘body scanners’). However, there has been considerable critique towards such a reactive approach to airport security. The layering of security policies and measures at the checkpoint leads to “large increases in costs and inconvenience to travelers with a small corresponding increase in security” (McLay et al., 2006: 333), “but still [does] not manage to capture a clever and adaptive adversary” (European Commission, 2011c). Or, as Jackson, Chan and LaTourrette (2012: 1-2) have put it: “Questions have been raised about the basic philosophy of aviation security, which is that security is applied uniformly to all.” Thus,
61
aviation experts have deemed risk as a convenient and powerful remedy to the multiple concerns in aviation security. Airports appear to be a perfect fit for risk management strategies, since security screening channels large and mobile populations into a neat spatial setup in which security managers strive to examine the individual carefully. As Jones (2009) has noted, security mechanisms at the airport essentially come down to the checkpoint as the single valve that ensures the integrity of the secured sectors and prevents security breaches via the ability to stop and to sort out. Hence, in aviation’s struggles in the ‘war on terror’, the screening checkpoint can be considered the key tool against high-jackings, bombings, and whatever other worst-case scenarios security managers have mapped out as possible events.
Along with the introduction of risk, considerable change is coming to the checkpoint. Where in the past a rule-based or bureaucratic paradigm (O'Malley, 2006) prevailed, new concepts for future screening are taking up the notion of increased distinction based on risk categories and intend to introduce mechanisms for an a priori analysis and sorting of passengers, enabling airport authorities to either add or subtract layers of security measures, according to the assigned risk level of a given individual. At its 2011 conference in Singapore, the International Air Transport Association (IATA, 2011) has presented a concept for the
‘Checkpoint of the Future’. Much like the US CAPPS II system that intended to compute statistical risk estimates for each passenger (Barnett, 2004: 912), the IATA concept is set to collect and process as much passenger information as can be made available. While CAPPS II had been “eventually dismantled over privacy concerns” (McLay et al., 2006: 334), the IATA concept still intends to link multiple data sources, both from the public and the private sector.
The risk estimation model is supposed to be supported by passenger data, trusted traveler databases, behavior analysis, and biometric identity management (IATA, 2011: 6). Travelers would then be screened on different levels of intensity, depending on their assigned risk level.
A very similar approach is being pursued in a joint effort by the Airports Council International (ACI) and the Association of European Airlines (AEA). Their ‘Better Security’ concept states that “with greater focus on intelligence-based security, passenger name record (PNR) data has increasingly come under the spotlight” (ACI/AEA, 2011), and thus suggests that “closer international co-operation and data sharing should be used to strengthen the effectiveness of passenger profiling, flagging suspicious individuals” (ACI/AEA, 2011).
Within the multiplicity of identified data sources, the inclusion of trusted or registered traveler programs seems most notably unique, for it is based on voluntary participation. Passenger information is usually being obtained by airlines for commercial purposes in the form of
‘Passenger Name Record’ (PNR) or ‘Advance Passenger Information’ (API) files. While the latter contains only information about the individual’s identity and passport documents as well as the travel itinerary, PNR goes beyond that basic data and contains also the likes of contact and payment information, including credit card number, baggage details, the traveler status and even special dietary requirements on the flight. Thus, PNR data has been turned into an asset for security operations by the US Department of Homeland Security (DHS) via the 2007 EU-US PNR Treaty. Also, other forms of information gathering like behavior analysis and identity management (either biometric or conventional) may not be circumvented by the passenger. Data sources in risk-based passenger screening might thus be divided into ‘no opt-outs’ and ‘opt-ins’, with trusted traveler information being the only source that passengers can opt-in to. Or, as the IATA concept states: “Further assessment can be made through passengers voluntarily providing more information about themselves, through known traveler programs” (IATA, 2011). According to Jackson, Chan, and LaTourrette (2012: 2), successful passenger differentiation can be achieved via the identification of individuals who pose more
62
risk or via the identification of individuals who pose less risk to aviation. While the former is
risk or via the identification of individuals who pose less risk to aviation. While the former is