Passenger Name Records: the challenges of identification and authentication


"Looking for bad people, rather than bad objects"

Processing of "passenger data" will be a major project of the coming years, but it will require the implementation of high-performance infrastructure, in particular to authenticate individuals and check the integrity of travel documents. The challenge is considerable as governments are also now interested in a PNR for maritime and international land transport.PNR

 

This new web report describes:

  1. The IATA model: "Looking for bad people, rather than bad objects"
  2. The European project and Passenger Name Record or PNR directive
  3. The challenge of detecting atypical profiles
  4. The central challenge of traveler identification

Assessing the potential risk of a passenger

Since September 2001, the annual cost of aviation security has exceeded €6 billion, with a French budget now standing at €900 million. Malevolent acts using explosives hidden in shoes (December 2004) and underwear (December 2009), as well as liquids (August 2006), have led to the escalation of equipment in airports.

International air transport organizations – ICAO, IATA, ACI – which are concerned about disaffection with air travel, have therefore recommended that checks and controls can vary in accordance with the potential risk of a passenger.

This is excellent news for "trusted" travelers, which includes all of us, and it should therefore make it easier to get through the multiple stages of the airport marathon!   

"PNR and API passenger data" is currently an area that has been little exploited. However, this data contains powerful indicators which may be used to attract the attention of the authorities.

The United Kingdom in the context of the Olympic Games, but also France, recognize their effectiveness in the fight against terrorism.

An expired visa or invalid passport requires the traveler to get their paperwork in order; but there is no question of malevolence in such situations.

In contrast, special attention is justified in the case of recent passports and last-minute tickets, as suspicious individuals tend to change identity and avoid advance bookings.

A cautious, case-by-case approach is therefore needed when investigating such matters, with data processing being only one part of the whole procedure; decisions must then be taken by authorized agents in conformity with data protection regulations.

PNR directive Recent events demonstrate the limitations of security equipment, especially when it comes to locating explosives that are difficult to detect, or that may even be hidden in implants and body cavities.

Hence...

The IATA paradigm of "Looking for bad people, rather than bad objects", which recommends focusing attention on people rather than increasingly hard to locate objects.

Processing of travel data should not though be seen as an alternative to security equipment.

Rather, it represents a new filter within what is a "layered" approach. Considering that no single filter is infallible, it forces terrorists to thwart multiple levels of checks and controls, thus making it increasingly difficult to commit a malevolent act.

PRN directive: history and objectives

More than 10 years after the events of September 11, 2001, the European Commission realized that certain non-EU countries – the United States, Canada, Australia – had a mine of information on passengers following agreements negotiated on transmission of travel data.

However, until that point, the European Union had no proactive strategy despite the fact that booking systems can highlight risk factors.

Advance Passenger Information

A first Directive in 2004 allowed Member States to require airlines to transmit passport data – known as API or Advance Passenger Information – before the departure of flights.

The objective here was to intercept people flagged in a database. However, this Directive only applies in the case of border checks, and cannot therefore be used for flights within the European Union.

Its main purpose was to combat illegal immigration and not organized crime and terrorism.

In response to the multiple attacks carried out over the last few years in Member States, France has been particularly active in advocating adoption of a regulatory framework that can be used to identify individuals likely to commit malevolent acts before they actually travel.

Passenger name record
 

The Passenger Name Record Directive

The PNR Directive falls within the police and judicial co-operation framework on crime under the Stockholm program (December 2009), which sets out the Union's priorities in the areas of freedom, security and justice.

This allows each country to set up a Passenger Information Unit (PIU) to assess the risk level of travelers and conduct wide-ranging checks and controls in the event of a known threat. 

This Directive was negotiated for more than 10 years between the Commission and Parliament until its adoption by a large majority in April 2016.

Given the potential for data protection breaches, the CNIL (French data protection agency) and its European counterparts fought hard to limit the amount of data transmitted by airline companies.

The Directive came into force in May 2016, and national parliaments have two years to transpose it into their own legislation. It is therefore likely that before the end of the decade, most Member States will have a new tool at their disposal to mitigate threats!  

Given the costs incurred for airline companies, international customs (WCO) and aviation (IATA, ICAO) organizations have developed an exchange standard with governments. Once the procedure has been implemented for one country, the airline can replicate it and thus reduce costs related to development and conformity with standards.

In a wider context of combating malevolent acts, booking systems can cover multiple travel and tourism companies:

  • hotels,
  • car hire companies,
  • maritime and land carriers, etc.

If the regulatory context allows it, all this data could be processed and used to identify threats.

PNR data protection
 

Widespread vigilance on data protection

The European Parliament and bodies responsible for data protection are particularly vigilant in relation to these initiatives, given the possibility of deducing membership of a religious faith, or a traveler profile, based on food preferences or specific requests. Regulations are equally strict on the amount of time data can be kept for, and the recipients of information known as "competent authorities".

The majority of travelers will pass through the mesh of this ambitious net without difficulty. The objective targeted is the "prevention, detection, investigation and prosecution of terrorist offenses and serious crime," as stated in Directive (EU) 2016/681.

The United Kingdom is the first country in the European Union to have implemented such a system, with a view to preventing threats at the London Olympic Games in 2012. France has also anticipated the PNR Directive by including its project in the country's military planning law for the years 2014 to 2019. It has played a pioneering role with its Passenger Information Unit (PIU), operational since 2016..

Detection of atypical profiles

Suspicious profiles are identified through analysis of the data transmitted: last name, payment method, agency, destination, credit card, etc.

More sophisticated processing operations aim to identify movements which do not match normal standards of travel:

  • late booking,
  • absence of (or excess) luggage,
  • illogical connections,
  • last-minute boarding, etc.

A booking can include several legs and modes of transport, including over land and sea, hence the concept of "master" and "slave" PNR, processing of which may justify the suspicions of the police authorities.

Combining travel data with information obtained from social media also opens a vast area of investigation.

Booking systems may not reveal a threat, given the passenger's absence of history; however, exchanges on the Internet, dissenting tweets or explicit messages could attract attention, and even block a departure, or be used to plan arrangements for the return of a suspicious individual.

The French government is particularly vigilant about the return to France of individuals coming from combat zones known as "Foreign Fighters". As they are managed "case-by-case", it is essential to assess the potential threat on the basis of a set of data available.

Traveler identity, a major challenge

If airports and police forces decide to adapt check and control procedures to the level of risk, it will be essential to identify travelers correctly.

PNR data protection Roissy Charles de Gaulle – September 2017 – new generation of Parafe biometric smart gates

Passports and biometrics are therefore becoming a major issue in combating fraud and the exchange of travel documents.

Online check-in, bag drop and automatic check-in procedures are tending to eliminate points of contact with airline companies. A check on the traveler's passport as soon as they arrive therefore seems essential.

Firstly, to avoid fraud, but most importantly to ensure that the data communicated when buying the ticket online is accurate (last name, first name, date of birth, nationality, etc.). This information, contained in the two lines of biographical data in a passport, known as the MRZ, or machine-readable zone, can be scanned to prevent errors! This standard was enacted by the International Civil Aviation Organization (ICAO), and all states must comply with it when producing identity documents.

In the current security context, and because of the need to make the risk "stick" to incriminated individuals, biographical and biometric data are an issue of significant impact.

Biometric gates can also block suspicious individuals and force them to go to manned police windows. Either biometric authentication fails, or the surveillance unit indicates a high level of risk!

In both cases, it is a person who will decide on the next steps and not the machine, in conformity with current regulations (GDPR, General Data Protection Regulation).

The introduction of biometric technologies

As transcription of non-European last names is not standardized, it is essential to scan this MRZ strip to correct any errors made during an online purchase. This step is particularly critical, given that successful connection to the databases of Schengen (SIS, VIS) and Interpol requires spelling to be correct..

PNR Passport To identify a traveler at risk, "declarative" data does not therefore go far enough. Document readers and biometric equipment will soon become standard in airports, as in the Gemalto Fly to Gate procedure. The traveler is authenticated on their arrival and biometrics act as the common point of reference for different stages through the terminal, therefore avoiding any risk of fraud!

This ensures that it is still the same individual until boarding takes place, while assigning a level of checks and controls based on their risk.

We believe that a large majority of travelers will benefit from faster checks, and it will also allow the police force to focus their attention on suspicious individuals.

All parties are set to benefit from this renewed interest in identity, and particularly airline companies which can be fined if they fail to check the validity of passports and visas, and made to pay accommodation and legal costs if they transport unauthorized individuals.

Several thousand models of identity documents are currently in circulation around the world: the majority of countries, over 120, have migrated in several phases to the electronic passport.

Solutions for strong identification and authentication

To thwart attempted fraud, Gemalto has developed sophisticated equipment to check their authenticity through comparison with the models in circulation.

It can also check their validity by connecting to the databases of the European Union (VIS, SIS, Eurodac) and databases of fraudulent documents (Europol, Interpol). It should also be remembered that the ICAO manages a database of state certificates known as the PKD (Public Key Directory) to detect fraudulently obtained documents created from stolen unused passports, which can look like exact replicas of official documents, but without the electronic signature.

For border control, beyond its biometric smart gates, Gemalto offers a range of passport readers, biometric authentication equipment and software, thanks to the acquisition of 3M Identity Management Solutions, one of the pioneers in biometric technology.

Biometrics also key in transforming the passenger experience as we illustrate in our recent web dossier on biometrics and the passenger experience.