Using data collection to fight crime while preserving passenger rights
Data collection and usage remain controversial, with passenger screening professionals needing to strike the right balance between protecting us from criminal and terrorist activity, while preserving our privacy rights.
On the surface these might appear incompatible, yet equally important objectives. Lawmakers have needed to consider some complicated perspectives to arrive at a workable solution with regards to legislation. With the policy clarification from the UN plus new standards on data collection leaning toward proactive management and profiling, what is the right way to approach this in 2023?
Smart practice in passenger data collection
API (Advance Passenger Information) and PNR (Passenger Name Record) data is now UN-mandated for use in counter-terrorism and serious crime activities, with standards and recommendations relating to data collection via these methods now contained within the Convention on International Civil Aviation (Chicago Convention).
Likewise, air carriers have the ability to articulate and manage the complexity of data as it is collected, retained and retrieved for security purposes. With different systems such as the Departure Control System (DCS), Computer Reservation System (CRS) and other IT platforms, the varying functionalities bring the possibility to test and explore processes before arriving at the right solution.
However, we introduce further complexity when considering the range of travel modes – air, maritime, land – and how these intersect and inter-relate.
To navigate these channels, we need active involvement from the private sector and shared knowledge of each party’s respective procedures. Furthermore, it’s imperative that law enforcement agencies acknowledge and support legitimate data collection, retention and usage with a complementary legislative framework.
API & PNR around the world
Following the 9/11 attacks in 2001, the USA started the systematical collection of API and PNR data. In the European Union, the “API directive” (2004/82/EC) started the collection of API few years after. Subsequently, the “PNR directive” (EU 2016/681) required all member states to establish operational Passenger Information Units by May 2018. Now, around 110 countries worldwide have either API or iAPI (interactive API) capability, and approximately a further 65 have PNR collection capability.
This still leaves many countries without these capabilities, although many have developed alternative methods in passenger targeting. Some may receive passenger manifests, tickets and reservation files in hard copy. Others will receive access to the air carriers’ reservation systems or will be supplementing operational decisions with behavioral detection and other available intelligence.
Training our focus on terrorists and criminals, making travel safer for all
Training is key to refining the focus to target potential criminal and terrorist threats. Establishing PIUs will address cross-border issues and ease the complexity of the profiling process. Furthermore, strong risk policing, horizontal and vertical cooperation, robust risk treatment measures, and risk review, also form essential ingredients in this mission. Their support can transform a powerful tool into an effective instrument for border management.
Without a doubt, the quality of training provided for all of the responsible parties is key to ensuring the operation’s success. It should create standards of expertise for everyone involved. Specifically, this must cover risk identification, risk evaluation, risk treatment and risk review, recognizing that they are mutually connected and belong to the same process. Open-source intelligence is now widely available but must be handled carefully. Dedicated training should ensure that investigations are carried out without detection by the target, which can impact their legitimacy.
Streamlined training programs must include a thematic focus on targeting criminal and terrorist activity, and guidance on capacity building that encompasses all of the operational aspects of border management. Moreover, these PIUs must integrate with existing security structures to avoid delays and costly mistakes.
Upholding the rights of legitimate passengers and creating smooth travel experiences
With greater surveillance and passenger analysis, of course, comes apprehension regarding the handling of personal, private data belonging to the vast majority of legitimate passengers.
Preventing misuse of data should form a core element of training and a parallel aim alongside data collection to thwart crime. The Integrated Border Management concept consolidates border management operations, hosting immigration and customs within the same operational streamline. Correctly implemented, this concept facilitates the smooth departure, arrival and transit of legitimate passengers. As a result, this frees capacity to focus on those who match with risky profiles.
Article by: Manu Niinioja and Chistian Fanelli