Passenger Name Records: the challenges of identification and authentication

This new web report describes:

1. The IATA model: "Looking for bad people, rather than bad objects."
2. The European project and Passenger Name Record or PNR directive
3. The challenge of detecting atypical profiles
4. The central challenge of traveler identification

Assessing the potential risk of a passenger

Since September 2001, the annual cost of aviation security has exceeded €6 billion.

Malevolent acts using explosives hidden in shoes (December 2004) and underwear (December 2009), as well as liquids (August 2006), have led to the escalation of equipment in airports.

International air transport organizations – ICAO, IATA, ACI – which are concerned about disaffection with air travel, have therefore recommended that checks and controls can vary with passengers' potential risk.

It's good news for "trusted" travelers, which includes all of us, and it should, therefore, make it easier to get through the multiple stages of the airport marathon.

PNR data can be revealing

"PNR and API passenger data" is currently an area that has been little exploited.

However, this data contains powerful indicators that may be used to attract the attention of the authorities.

The United Kingdom, in the context of the Olympic Games, but also France, recognize their effectiveness in the fight against terrorism.

An expired visa or invalid passport requires the traveler to get their paperwork in order, but there is no question of malevolence in such situations.

In contrast, special attention is justified in the case of recent passports and last-minute tickets, as suspicious individuals tend to change identity and avoid advance bookings.

A cautious, case-by-case approach is therefore needed when investigating such matters, with data processing being only one part of the whole procedure; authorized agents must then take decisions in conformity with data protection regulations.

Recent events demonstrate the limitations of security equipment, especially when it comes to locating explosives that are difficult to detect or that may even be hidden in implants and body cavities.

Hence...

The IATA paradigm of "Looking for bad people, rather than bad objects", which recommends focusing attention on people rather than increasingly hard to locate objects.

But make no mistake here.

Processing travel data should not be seen as an alternative to security equipment.

Rather, it represents a new filter within what is a "layered" approach. Considering that no single filter is infallible, it forces terrorists to thwart multiple levels of checks and controls, thus making it increasingly difficult to commit a malevolent act.

PRN directive: history and objectives

Sadly, the European Union had no proactive strategy until that point even though booking systems can highlight risk factors.

Advance Passenger Information

The first Directive in 2004 allowed Member States to require airlines to transmit passport data – known as API or Advance Passenger Information – before the departure of flights.

The objective here was to intercept people flagged in a database.

However, this Directive only applies to border checks and cannot be used for flights within the European Union.

Its primary purpose was to combat illegal immigration and not organized crime and terrorism.

In response to the multiple attacks carried out over the last few years in the Member States, France has been particularly active in advocating adopting a regulatory framework that can be used to identify individuals likely to commit malevolent acts before they travel.

The Passenger Name Record Directive

The PNR Directive falls within the police and judicial cooperation framework on crime under the Stockholm program (December 2009), which sets out the Union's priorities in freedom, security, and justice.

This allows each country to set up a Passenger Information Unit (PIU) to assess the risk level of travelers and conduct wide-ranging checks and controls in the event of a known threat. 

2006-2016: Ten years of negotiation

This Directive was negotiated for more than 10 years between the Commission and Parliament until its adoption by a large majority in April 2016.

Given the potential for data protection breaches, the CNIL (French data protection agency) and its European counterparts fought hard to limit the amount of data transmitted by airline companies.

May 2016: The directive comes into force

The Directive came into force in May 2016, and national parliaments have two years to transpose it into their legislation. It is therefore likely that before the end of the decade, most Member States will have a new tool at their disposal to mitigate threats!  

Given the costs incurred for airline companies, international customs (WCO) and aviation (IATA, ICAO) organizations have developed an exchange standard with governments.

Once the procedure has been implemented for one country, the airline can replicate it and thus reduce costs related to development and conformity with standards.

In the broader context of combating malevolent acts, booking systems can cover multiple travel and tourism companies:

• hotels,
• car hire companies,
• maritime and land carriers, etc.

If the regulatory context allows it, all this data could be processed and used to identify threats.

Widespread vigilance on data protection

The European Parliament and bodies responsible for data protection are particularly vigilant about these initiatives, given the possibility of deducing membership of religious faith, or a traveler profile, based on food preferences or specific requests. 

Regulations are equally strict on the amount of time data can be kept for and the recipients of information known as "competent authorities."

The majority of travelers will pass through the mesh of this ambitious net without difficulty. The objective targeted is the "prevention, detection, investigation and prosecution of terrorist offenses and serious crime," as stated in Directive (EU) 2016/681.

UK first

• The United Kingdom is the first country in the European Union to have implemented such a system to prevent threats at the London Olympic Games in 2012. 
• France has also anticipated the PNR Directive by including its project in its military planning law for the years 2014 to 2019. It has played a pioneering role with its Passenger Information Unit (PIU), operational since 2016.

Detection of atypical profiles

Suspicious profiles are identified by analyzing the data transmitted: last name, payment method, agency, destination, credit card, etc.

More sophisticated processing operations aim to identify movements that do not match usual standards of travel:

• late booking,
• absence of (or excess) luggage,
• illogical connections,
• last-minute boarding, etc.

A booking can include several legs and modes of transport, including over land and sea, hence the concept of "master" and "slave" PNR, processing which may justify the suspicions of the police authorities.

Combining travel data with information obtained from social media also opens a vast area of investigation.

Booking systems may not reveal a threat, given the passenger's absence of history; however, exchanges on the Internet, dissenting tweets, or explicit messages could attract attention, and even block a departure, or be used to plan arrangements for the return of a suspicious individual.

The French government is particularly vigilant about the return to France of individuals coming from combat zones known as "Foreign Fighters." As they are managed "case-by-case," it is essential to assess the potential threat based on a set of data available.

Traveler identity, a significant challenge

If airports and police forces decide to adapt check and control procedures to the level of risk, it will be essential to identify travelers correctly.

Roissy Charles de Gaulle – September 2017 – new generation of PARAFE biometric smart gates

Passports and biometrics are therefore becoming a significant challenge in combating fraud and the exchange of travel documents.

Online check-in, bag drop, and automatic check-in procedures tend to eliminate points of contact with airline companies. A check on the traveler's passport as soon as they arrive therefore seems essential.

Firstly, to avoid fraud, most importantly, ensure that the data communicated when buying the ticket online is accurate (last name, first name, date of birth, nationality, etc.). 

This information, contained in the two lines of biographical data in a passport, known as the MRZ, or machine-readable zone, can be scanned to prevent errors. 

This standard was enacted by the International Civil Aviation Organization (ICAO), and all states must comply with it when producing identity documents.

In the current security context, and because of the need to take the risk "stick" to incriminated individuals, biographical and biometric data are an issue of significant impact.

Biometric gates can also block suspicious individuals and force them to go to operated police windows. Either biometric authentication fails, or the surveillance unit indicates a high level of risk!

In both cases, a person will decide on the next steps and not the machine, in conformity with current regulations (GDPR, General Data Protection Regulation).

The introduction of biometric technologies

As transcription of non-European last names is not standardized, it is essential to scan this MRZ strip to correct any errors made during an online purchase. 

This step is particularly critical, given that a successful connection to the databases of Schengen (SIS, VIS) and Interpol requires spelling to be correct.

To identify a traveler at risk, "declarative" data does not, therefore, go far enough. Document readers and biometric equipment will soon become standard in airports, as in the Gemalto Fly to Gate procedure. The traveler is authenticated on their arrival, and biometrics acts as the common point of reference for different stages through the terminal, therefore avoiding any risk of fraud!

This ensures that it is still the same individual until boarding takes place while assigning a level of checks and controls based on their risk.

We believe that many travelers will benefit from faster checks, and it will also allow the police force to focus their attention on suspicious individuals.

All parties are set to benefit from this renewed interest in identity, and particularly airline companies which can be fined if they fail to check the validity of passports and visas, and made to pay accommodation and legal costs if they transport unauthorized individuals.

Several thousand models of identity documents are currently in circulation worldwide: the majority of countries, over 120, have migrated in several phases to the electronic passport.

Solutions for strong identification and authentication

To thwart attempted fraud, Thales has developed sophisticated equipment to check their authenticity by comparing the models in circulation.

It can also check their validity by connecting to the databases of the European Union (VIS, SIS, Eurodac) and databases of fraudulent documents (Europol, Interpol).

It should also be remembered that the ICAO manages a database of state certificates known as the PKD (Public Key Directory) to detect fraudulently obtained documents created from stolen unused passports, which can look like exact replicas of official documents, but without the electronic signature.

For border control, beyond its biometric smart gates, Thales offers a range of passport readers, biometric authentication equipment, and software, thanks to the acquisition of 3M Identity Management Solutions, one of the pioneers in biometric technology.

Biometrics also key in transforming the passenger experience, as we illustrate in our recent web dossier on biometrics and the passenger experience.