
The UK authorities made illegal copies of the Schengen Information System - zoobab
https://twitter.com/SophieintVeld/status/1154689216170926080
======
dangerface
> UK made illegal copies of classified personal information from a database
> reserved for members of the passport-free Schengen travel zone.

The UK is not in the Schengen travel zone and had no right to be accessing the
data or sharing it with other foreign powers.

The problem is that too much power is collected in one place that encourages
bad actors to weaken security so that they can later do a grab and dash with
"Plausible deniability".

When people raise this warning it is dismissed as fear mongering, when the
fears turn out to be justified people side step the issue and argue that the
title should be millions instead of all.

Some people have argued that the EU do not have a database of EU citizens
fingerprints, but they have been building that database since 2004 [2].

These massive databases of personal information represent too much of a risk
and should not exist. The only way to protect power from corruption is to
distribute the power rather than consolidate it.

[1]
[https://euobserver.com/justice/145530](https://euobserver.com/justice/145530)
[2] [https://uk.reuters.com/article/uk-eu-
fingerprints/fingerprin...](https://uk.reuters.com/article/uk-eu-
fingerprints/fingerprints-in-european-passports-legal-eu-court-
idUKBRE99G0FX20131017)

~~~
miahi
Other countries that are not in the Schengen area do have access to the SIS.
Their access rights were given by them signing various agreements (the status
is quite complex, you should check the SA status[1] for more details).

Yes, the title should be millions. Of mostly missing or wanted persons or lost
passport and national IDs. Not sure how you would propose to ensure the
security of a zone without a massive database of people that are not desired
in that zone or documents that should not be used because they are reported as
lost by their owners.

[1]
[https://en.wikipedia.org/wiki/Schengen_Area](https://en.wikipedia.org/wiki/Schengen_Area)

~~~
dillonmckay
Do you think they have both a blacklist and a whitelist?

~~~
miahi
The SIS database is 100% blacklist - people who should be stopped at the
border, arrested, reported or followed, objects that should be seized (like
stolen cars), objects that prompt for more inquiries (like stolen/lost
passports).

Source: worked on SIS

~~~
eecc
And on what basis is a person added to this database? I'm referring to the
"reported and followed".

Activists perhaps?

You know, those perfectly legitimate parties that rapidly tend to get labelled
"terrorists" because reasons.

~~~
zaat
A dismissive cynical attitude helps no one. Sure, some perhaps many, people
are corrupt and exercise power given to them for wrong ends. Nevertheless, at
large, people want law enforcement, they want stolen goods returned to them,
they want criminals to be stopped. You have better suggestion to maintain law
and order?

~~~
southerntofu
> Sure, some perhaps many, people are corrupt and exercise power given to them
> for wrong ends.

That's in the nature of power dynamics. Not abusing power is the exception to
the rule.

> You have better suggestion to maintain law and order?

I think having the rules decided upon and enforced by the people (not some
centralized institution that's disconnected from the social fabric) would help
a lot.

What would help even more is to address the roots of criminality. There are
for example many studies in the past two centuries showing that social
inequalities necessarily lead to theft and violence (whether institutionalized
or de facto), and that reducing unemployment (not with shitty uberized jobs)
is an effective way to lower crime rates, if that is your objective.

Other root causes include the repression itself of crime: prisons and
psychiatric hospitals are themselves fostering very violent human
interactions.

Emma Goldman had a very good piece back in 1911 on prison as part of the
problem:

[http://dwardmac.pitzer.edu/Anarchist_Archives/goldman/aando/...](http://dwardmac.pitzer.edu/Anarchist_Archives/goldman/aando/prisons.html)

~~~
jfk13
> I think having the rules decided upon and enforced by the people (not some
> centralized institution that's disconnected from the social fabric) would
> help a lot.

And how exactly are "the people" going to decide upon and enforce the rules?
Just gathering all the people together to talk until they come to consensus is
hardly scalable to the size of a small town, let alone a country or continent.
Hence representative democracy, institutions, governments, police forces,
court systems.... all that stuff. It may be far from perfect, but it's not
clear anyone has come up with a better mechanism.

------
miahi
The title is incorrect. The Schengen Information System does not keep data for
"all EU citizens", it only keeps such data for wanted persons, missing/stolen
identity documents or objects (like cars, boats and so on).

There is no centralized database for EU citizens photos or fingerprints (not
even at national level in many countries).

~~~
bonjurkes
It also includes information of 3rd world country citizens'. Like passport
info, photos, fingerprints, their visit to Schengen countries.

When you apply for visa for Schengen countries, your info will be recorded on
SIS. And stored there for 5 years.

Note: EU uses the term "3rd world country" term themselves and Im citizen of
one of those countries.

~~~
cromulent
The EU uses the term "third country" which means a country that is not part of
the union.

[https://www.eurofound.europa.eu/observatories/eurwork/indust...](https://www.eurofound.europa.eu/observatories/eurwork/industrial-
relations-dictionary/third-country-nationals)

~~~
nmstoker
Well done posting that link. This topic seems to have brought out a lot of
(unnecessary) confusion in the comments!

------
2a0c40
Sometimes I can‘t help thinking whether the UK is just the US‘ trojan horse in
the EU. Well, things might change quite a bit after October 31st, so hurry up!

~~~
malka
as a french, I cant wait for them to be out. They spent the last 50 years
trying to sabotage the EU. They want to leave ? Good riddance.

~~~
tomxor
> They want to leave ? Good riddance.

As citizens at least, it's pretty well understood that in majority we don't
want to leave, one half definitely doesn't, the other half are mostly a
combination of naive, manipulated and coerced based on false claims and social
media, some portion are not manipulated or naive but have settled on some
narrow view of a very large and complex decision... and finally the minority
(the small number of racists and xenophobes you inevitably get in any country
who want to cut off the rest of the world and built walls or some shit).

We've been fucked over because we let the vulnerable portion of the other half
get manipulated. The only valid vote was no, because the premise was entirely
flawed... it's like having a referendum for "Do you want lower taxes" without
saying exactly how, but "leave the EU" is even more complex not only in how
but what that even means and what that affects which is so broad, it's like
taking a huge list of very specific not necessarily related things putting
them in a bag and then saying "you wana change this stuff in undefined ways"
\- fuck no, if you want to watch the world burn at least be up front about it.

~~~
_Understated_
> it's pretty well understood that in majority we don't want to leave, the
> other half are mostly a combination of naive, manipulated and coerced based
> on false claims and social media...

What?

There was a vote. A vote where everyone elligible had the chance to voice
their opinion and the majority (albeit slim) said "we want out".

As for the slur of being naieve and manipulated that's bullshit (from my
standpoint anyway).

You seem to be referring to people getting their news from social media... if
that's their source then hell-mend them. Social media is an echo chamber. It's
not designed for two-sided debates.

WRT to the false claims: If anyone actually believes that a politician has
their interests at heart then they're delusional.

You seem to just be bitter that you (I assume) voted to stay in... I suppose
you want another one until you get the result you would prefer!

~~~
mdpye
But the vote was poorly informed and actively manipulated. Many people voted
leave as a protest against the state of the country, not the EU, and have said
so. And many of the most persuasive statements made by the leave campaign were
shown to be deliberate falsehoods.

I respect the desires of those who genuinely wish to leave the EU, but the
referendum result was not anything close to a true measurement of that, and
any measure since has been grossly polluted by the ensuing acrimony.

The referendum was about many things, and most of them weren't our membership
of the EU.

~~~
_Understated_
Perhaps I live in a bubble but to me it was pretty clear: In or out.

As for the result not reflecting the people that's nonsense: Everyone with the
ability to vote and the right to vote could and should have voted. If they
didn't then tough.

If people were swayed by politicians promising one thing or another and all
the nonsense that flowed through social media then that's on them.

I don't get this attitude that people have of "oh, it's not fair, we were lied
to". We are talking about policicians here: they are only going to say
whatever makes them popular and gets/keeps them in power.

~~~
Lio
Except that in or out isn't clear because it doesn't cover the details of what
out means.

I'm assuming you wouldn't expect the Brexiteers to stop campaigning if they
had lost the vote? They'd just carry on trying to smash things up until they
got their way.

There were supposed to be rules follow with regard to funding and truthfulness
on the part of the Leave campaign and it's now clear that those rules were
broken. [1]

So in short, those of us in the UK that think the UK would be better off as a
member of the EU are still going to fight for that because we care about doing
what we think is best for the country.

[1] [https://news.sky.com/story/vote-leave-broke-campaign-
spendin...](https://news.sky.com/story/vote-leave-broke-campaign-spending-
rules-says-electoral-commission-11425636)

------
submeta
I reckon the five eyes were sharing these kinds of infos for years. After the
Snowden revelations I tend to think that there ain‘t no info about us citizens
that the three letter organizations don‘t have or cannot have. Phone call
logs, personal infos, medical records, everything we can think of. If they are
interested in something, they‘ll get it. Sucks big time. But it seems ain‘t
nothing we can do about it.

~~~
submeta
The thing is: The moment you feel you could be observed or that you have no
room for private thought or discussion, you start to censor yourself.
Political discourse starts to get weakened.

My gut feeling is this: Many people don't dare to express their true opinions
even in supposedly private channels, fearing that these thoughts / ideas might
come back at them years later. And I don't even mean radical thoughts.

In a world where we non-americans are asked for our cellphone passwords,
laptops, social media handles and passwords, how can we dare to criticize
world affairs?

Or imagine you are a young ambitious person who wants to change something by
participating in the political process. You spend years getting somewhere, and
then comes an info out of nowhere about your past and stops your carreer
abruptly (like you cheated on your university diploma or something like that).

~~~
carapace
> Many people don't dare to express their true opinions

If there's one thing the Internet has taught us is it not that most people's
"true opinions" are _merde_?

I don't like it either, but I think we have hope of stabilizing on a kind of
"greatest common denominator" of behaviour, but only if the systems that do
the surveillance are self-referential: they must apply to the powerful as much
as the little guy.

------
daviddumenil
This is a misleading title.

The UK government gave access to US companies. There's currently no suggestion
that the data moved to the US.

More details here:
[https://euobserver.com/justice/145530](https://euobserver.com/justice/145530)

~~~
dangerface
You are posting a false narrative according to your own link.

> UK made illegal copies of classified personal information from a database
> reserved for members of the passport-free Schengen travel zone.

Why?

~~~
tzs
His link says that the UK made copies, and that private contractors hired by
the UK government such as IBM were given access. IBM, and most other firms
that the UK government likely uses as contractors, have offices and data
centers in the UK.

I didn't notice anywhere in his link that said that anyone moved copies of the
data to the US.

------
davengh
Reading the comments in this thread and others, it seems to me that a lot of
people want to argue about how many canaries have to die before the threat to
the miners is taken seriously.

That any of the Schengen information made it to the US _at all_ is a dead
canary.

------
an_ko
Anyone have a less sensationalist primary source link? I'd like to see backed
up facts, not outrage bait.

~~~
ddebernardy
The tweet _is_ the primary source. See who signed the letter.

The story referenced in the first point is:

[https://euobserver.com/justice/145530](https://euobserver.com/justice/145530)

The second point raises a non-answer by the EC that led to the EP letter and
the tweet.

------
draugadrotten
This begs the question if UK/EU got a copy of all the US citizens '
fingerprints in return.

It is possible to commit treason against your own country. Can someone commit
treason against the EU? Is it a criminal offense?

~~~
Normal_gaussian
The title is misleading.

The allegation is not that the UK authorities made a copy and gave it directly
to the US authorities.

The allegation is that the UK authorities made copies for its own and its
contractors use. These contractors include US companies- IBM is one example.

It really sounds like poor regard for security measures / lack of ownership
and enforcement in the UK rather than anything malicious.

It is also noted that several other member states have similar issues.

It should also be noted - certain US authorities probably have or can get
copies from various non-uk states and the UK. But that isn't what this
incident is about.

~~~
dangerface
> It really sounds like poor regard for security measures / lack of ownership
> and enforcement in the UK rather than anything malicious.

The UK understand exactly how to do Passport security if they did it in a
insecure way it was with malicious intent that gives them "plausible"
deniability.

~~~
notimetorelax
UK is not a single person, what one government body does may be very different
from the other.

------
hestefisk
As a Danish citizen I’m deeply concerned about this and am strongly
considering an FoIA request and lawsuit for lack of disclosure... if this is
really true.

~~~
cat199
> FoIA

honest question: Does this exist in EU or UK?

~~~
bpye
This very much exists in the UK [1] - I cannot speak for the EU as a whole.

[1] - [https://www.gov.uk/make-a-freedom-of-information-
request](https://www.gov.uk/make-a-freedom-of-information-request)

------
dandare
Is this news?

> Schandal already made public in 2018: (link:
> [https://euobserver.com/justice/141919](https://euobserver.com/justice/141919))
> euobserver.com/justice/141919

[https://twitter.com/Ellen_Timmer/status/1154720007089266688](https://twitter.com/Ellen_Timmer/status/1154720007089266688)

------
jotm
While this is bad and they should increase the security of this data, for now,
I don't see how it would affect EU citizens.

Any ideas?

If you applied for a visa to the US, they already have your photo and
fingerprints (hell, they had mine before my own country, before biometric
passports). If not, what can they possibly do with that information?

------
sailfast
Reading the actual memo in the Tweet, it says that US Companies contracted by
the UK were provided access to the data.

So, as a made up example, [Massive US-based multinational consulting firm -
IBM was listed in the euobserver article)] was contracted to do work for the
UK government in this specific area and was provided access to the data
(probably after being cleared to do so via a lengthy process that is typical
for contracting with governments).

Do we have any indication that this data was "copied to the US" in this memo,
instead of being worked with in accordance with data security policies to keep
it in the EU / UK?

That said - if the UK is making illegal copies that's bad, but I wouldn't
overreact to the submission title which is not correct.

------
ChuckMcM
Wouldn't be the first time someone about to leave the company exfiltrated a
bunch of proprietary information they wouldn't have access to after they left.
:-)

------
BlackLotus89
It would be actually nice if someone had the foodnotes.

I will be happy when the UK is brexed out, but someone has to take
responsibility for this.

------
jeffk_teh_haxor
The threat to privacy and security is more fundamental than anything that can
be remedied by a GDPR nastygram.

------
scarejunba
I wonder how much the ICO is going to fine them.

------
Iwan-Zotow
Putin is laughing hard...

~~~
dang
Please don't do this here.

------
lugg
Meh?

If anyone thinks they didn't already have it ..

------
sgt101
The give away is (twitter.com) - nothing from that source is even close to
true.

~~~
Zenst
Only recently it was the the best source of the whole VLC issue.

Sure twitter has it's issues, anything of scale with that level of user-base
will and you get truths, lies and twisted statistics.

Why the better media outlets have standard about two independent sources (BBC
one example), however I'm mindful that you can get second sources that are
just an echo-chamber of the first and it steam-rolls from there - VLC a good
example again upon that.

