Full Report
Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict who’s safe—and who’s a threat.
Analysis Summary
# Main Topic
The deployment and implications of opaque Artificial Intelligence (AI) tools used by companies and governments to analyze international traveler data (specifically Passenger Name Records or PNR) for predictive risk assessment, aiming to identify potential threats or undesirable travelers at international borders.
## Key Points
- **Data Source & Exchange:** Airlines exchange detailed PNR data (containing addresses, payment info, itineraries, baggage details, etc.) with destination governments 48-72 hours before departure globally.
- **AI Profiling:** Technology companies are employing algorithms to process combined data streams (like PNR and visa applications) to profile passengers, assigning risk scores to sort travelers for enhanced screening or rapid passage.
- **Case Study of Surveillance:** Dutch activist Frank van der Linde was subject to heightened scrutiny, with his PNR data being shared internally with border police despite prior removal from a municipal watchlist, demonstrating the persistence of data linkage and analysis.
- **Data Accuracy Concerns:** The subject found inaccuracies in his own PNR records held by the government, including records of flights he never took, raising concerns about flawed conclusions drawn by algorithms based on incorrect inputs.
- **Expansion of Scope:** There is a clear push by governments and vendors to scale this targeting system beyond air travel to include multi-modal transport like rail, bus, and potentially ships, leveraging AI analysis across all movement patterns.
## Threat Actors
- **Governments/State Agencies:** Responsible for collecting, storing, and sharing PNR data, and using the algorithmic outputs for border control and internal scrutiny (e.g., Dutch Police, border police).
- **Commercial Technology Vendors:** Companies developing and selling the AI/algorithmic software facilitating risk assessment (e.g., Idemia, SITA, Travizory, WCC). These entities profit from expanding surveillance capabilities.
## TTPs
- **Data Collection:** Systematic collection and retention of Passenger Name Records (PNR) data for international travelers.
- **Risk Scoring/Profiling:** Application of proprietary algorithms, including Artificial Intelligence, to combine PNR/API data streams for risk assessment (e.g., WCC claiming to be the first to use AI on travel data for risk assessment in 2021).
- **Internal Data Sharing:** Government units (like Dutch Passenger Information Units) sharing traveler PNR details with internal enforcement bodies (border police) ahead of arrivals based on profiling flags.
- **Targeting Center Operations:** Centralization of traveler and transport information in "national targeting centers."
## Affected Systems
- **Passenger Name Record (PNR) Systems:** The fundamental dataset queried and analyzed.
- **Airline Reservation/Booking Software:** The source of the initial sensitive data captured before transfer to governments.
- **Border Control/Immigration Checkpoints:** Systems used for traveler processing where algorithmic flags trigger different levels of scrutiny.
- **AI/Algorithm Platforms:** Specifically software like WCC's Hermes, used for passenger screening computations.
## Mitigations
- **Data Auditing and Legal Challenges:** Utilizing Freedom of Information laws to uncover the extent of personal data collection and challenging its use (as demonstrated by Frank van der Linde).
- **Demand for Data Deletion/Retention Review:** Monitoring compliance with data retention policies (e.g., the context mentioning Europol ordering the deletion of vast stores of personal data).
- **Scrutiny of Vendor Software:** Heightened awareness and technical evaluation of the commercial software used in screening processes to understand the basis for algorithmic flagging.
- **Advocacy for Multi-Modal Data Segregation:** Resistance against the expansion of predictive profiling systems across rail and bus lines without robust oversight.
## Conclusion
The intelligence indicates a significant, ongoing effort by state actors, facilitated by commercial technology providers, to enhance border security through AI-driven predictive passenger profiling based on extensive PNR data retention. The primary threat is the opaque nature of these algorithms, the potential for incorrect flagging due to data errors, and the rapid expansion of this tracking apparatus across modes of transport, fundamentally risking individual liberties based on non-transparent automated conclusions.