In the second of this two-part series, Simon Deignan, Counter Terrorism Officer at Organization for Security & Co-operation in Europe (OSCE) and Thomas Wuchte, Executive Director, International Institute for Justice and the Rule of Law (IIJ) examine the impact of the increasing the collection and use of passenger data and biometrics.

 

Both commercial and security priorities have led to great technological advances being made at formal points of entry to facilitate bulk movement of travellers and to detect potential threats. Although the technologies exist, they were often viewed as nice to have rather than necessities.

 

UNSCR 2396 has changed that by mandating that all States collect Advance Passenger Information, Passenger Name Record, and biometric data.

 

On 24 May 2014, four people were killed at the Jewish Museum in Brussels by a man armed with a Kalashnikov rifle. This man was Mehdi Nemmouche, the first Daesh returnee to carry out an attack in Europe. He managed to do so despite being on several terrorist watch-lists. Because his data was not checked against these watch-lists before he travelled, he managed to fly back to Europe undetected.5 If his API data had been checked in advance against these watch-lists, he would likely not have been allowed entry.

 

But what is API? It is the biographic data contained in a passenger’s travel document that is submitted to the airlines during check-in, as well as the flight information of that airline. When it is received in advance of a passenger’s arrival it allows law enforcement authorities the time to do two things. Firstly, to check the name, date of birth, nationality and other travel document information in the MRZ (Machine Readable Zone) against watch-lists and databases. If the traveller appeared on one, like Mehdi Nemmouche, they would be stopped at the border for further questioning.

Secondly, it allows law enforcement authorities to compare the traveller’s details against risk profiles. For example, a young male, travelling alone, with no luggage, from Algeria to Madrid via Kiev, would be more suspicious than an old French couple travelling to Spain for the weekend.

 

Put simply, API allows States to check travellers against known suspects and known risks, as well as unknown suspects and known risks.

 

API has been a global requirement since September 2014 when the UN adopted Resolution 2178 to prevent the movement of FTFs. Since then, ICAO, the International Civil Aviation Organisation, has established API as a binding standard, and many international and regional organisations are supporting States to overcome the technical, financial and legal issues to establish national API systems.

 

A second, more detailed type of border screening involves PNR, passenger name record data. This is the information a traveller gives to an airline when booking a flight – phone number, email address, home address, credit card details and so on. It is much more detailed information; hence there are more concerns regarding data privacy, particularly in Europe.

 

Although the information is not backed by a government-issued travel document, like API, PNR data can be very useful for intelligence, analysis and border security because it can identify suspicious travel patterns by examining what other flights that person has booked using that credit card. This can flag threats that otherwise might have escaped attention.

 

With the adoption of UNSCR 2396, all States are required to collect passenger data in advance and cross-check this information against watch-lists and databases.

 

To read the full story:

Click to download your copy of Border Security Report 

http://world-border-congress.com/BSR (PDF)