Frontex and Europol want to create an indivdual file for all travellers and check it against various databases. The analysis is to be carried out with AI.
EU agencies Europol and Frontex are proposing to link different databases to improve the screening of business travellers and tourists. A profile is to be automatically created for every person who wants to cross an external European border. The information contained in this “traveller file” would then be subject to risk analysis.
The proposal can be found in the final report of a “Future Group for Travel Intelligence and Border Management”, in which Europol and Frontex have joined forces with unspecified experts from police, secret services, border and customs authorities. The envisaged platform is called the European System for Traveller Surveillance (ESTS).
Third-country nationals and EU citizens
With pre-screening, the agencies want to make predictions as to whether travellers might be dangerous. This is aimed primarily at persons from third countries. However, a “traveller file” is also to be created for EU citizens when they cross the border.
The personal profiles will then be compared with various information systems. A further check will be carried out on the basis of so-called “watch lists” of suspected dangerous persons, which will be kept within the framework of two EU databases.
The paper also contains several proposals to centralise individual operations. Europol and Frontex offer to set up a “common analysis capacity” in each member state for the evaluation of the “traveller file”. The agencies want to support this “back office” with their own staff.
The ETST is also to be allowed to use artificial intelligence ” implement self-learning processes from previous case handling, including actions or decisions taken without the need to store additional personal data”.
Currently, EU member states are discussing their position on a Commission proposal to enact a law regulating algorithmn-based decision-making. According to this draft, however, the use of artificial intelligence, as it is to be done in ETST for border controls, would be inadmissible.
This would also apply to national border control systems that are to be connected to the ETST and analysed by Europol and Frontex.
Barn door-sized exception
According to the Future Group, the “back office” could carry out manual processing of the “travellers file” if there are doubts about the identity of persons and suggest follow-up measures – such as in-depth checks.
After crossing the border, the information in the “traveller file” should be quickly deleted again. However, the Future Group proposes the barn door-sized exception “unless they need to be kept longer for law enforcement purposes”.
Profile from passenger data
The “traveller file is initially created from information that airlines and other travel service providers are required to provide to the authorities. In 2004, the EU issued a Directive on the transfer of Advance Passenger Information (API). Airlines have to read personal data from travel documents at check-in and send it to the authorities of the destination country.
In 2016, the Passenger Name Record Directive (PNR) followed, requiring additional information, including baggage details, contact details or hotel booking details. This data set must already be forwarded when booking a flight.
The API and PNR data may be used by police and intelligence agencies to prevent and prosecute terrorist offences and serious crime.
The databases with which the “traveller file” is compared include the Schengen Information System (SIS II), which contains wanted persons or exit orders. Since 2003, the EU has also kept the Eurodac fingerprint file to detect duplicate applications by asylum seekers. In 2011, the Visa Information System (VIS) went into operation, which contains biometric data of nationals of those states that require a short-term visa for entry.
People from visa-free countries will also be subject to much stricter controls from next year. They will have to pre-register in a Travel Information and Authorisation System (ETIAS), providing personal data and travel itinerary. Their border crossings will then be logged in an Entry/Exit System (EES), which is also new, and travellers will have to leave fingerprints and facial images.
In the large-scale Interoperability project, all biometric data from Eurodac, VIS, ETIAS and EES are currently being brought together in a “Common Identity Repository”. They are searchable with the help of fingerprint and facial recognition and may be used for border controls, but also by police forces and intelligence services.
Expansion of passenger data collection
The matching of the ETST with the databases described would be fully automated via the overarching search portal that will be made available to tens of thousands of government employees next year as part of the EU’s interoperability project.
The Future Group is also pushing for an improvement in passenger data. It says PNR data provided by airlines is often incomplete or of poor quality. According to the report, they are also not collected uniformly at EU level. This is because the member states determine on their own which elements of the API passenger data the airlines have to read from the machine-readable area of passports and transmit to the authorities of the destination country.
The agencies are therefore calling for “a common front” by the member states to put increased pressure on the “transport industry” to improve data sources.
Europol and Frontex also want to impose common standards for passenger data. These should no longer be pushed by carriers in a decentralised way, but via a uniform interface to national authorities.
The Future Group describes such an “EU gateway” for personal data as beneficial because it would also enable the collection of statistical data. These would have an “invaluable analytical potential”.
The proposal is presumably aimed at the planned new regulation of the API Directive. The EU Commission has already presented a roadmap for this, but so far there is no mention of a centralised interface.
Data exchange also for intra-EU flights
Among the other proposals is that the member states insist on the transmission of API data also for flights within the Schengen area. In the PNR Directive, this was not required at the insistence of the Parliament because it would be a de facto internal border control. This would contradict the freedom of movement enshrined in the Schengen Borders Code.
However, the directive leaves the backdoor open for governments to voluntarily decide on such checks on intra-European flights. All member states in the Council had subsequently made a declaration to this effect.
In addition, Europol and Frontex want to extend the mandatory collection of passenger data to ferries, cruise ships, bus and rail connections. Proposals of this kind have been circulating again and again at the EU level, but have so far not been able to gain acceptance. In addition, the Future Group notes a “significant gap” in the collection of passenger data from business aircraft and calls for this to be closed.