Passenger Targeting Trainings

The police officer in the West European Passenger Information Unit opens her passenger targeting software when coming to the office in the morning. She notices an interesting passenger matching the rule-based targeting criteria, but also that the flight has already departed. She knows it’s not her fault as due to the complexity of the passenger targeting, these things happen. At the same time, she reaches out to her phone and sends a message using Signal to her friend working for joint police and customs unit at an airport in the Western Balkans: “Hi Nicola, maybe you want to check one guy coming in the next flight?”. After three hours, Nicola comes back with a short message: “We got him! Good one!”.

This short story shows how effective passenger targeting training can create good results beyond the national border to foster international cooperation. The passenger targeting eco-system as such is very multifaceted mainly because of the complexity of the air industry but also the maritime and land transport operators. The use of Advance Passenger Information (API) and Passenger Name Record (PNR) or other similar passenger-related data aims at the collection and processing of all the passengers travelling in or out of the country, meaning that solid reasons back such a powerful implementation.

This leads us to the three United Nations Security Council Resolutions: 2178 (2014), 2396 (2017), and 2482 (2019). These resolutions mandate all the UN Member States to implement the use of API and PNR data to fight against terrorism and serious crimes. There is also the ICAO Annex 9 to the Convention on International Civil Aviation (Chicago Convention), which contains Standards and Recommended Practices (SARPs) for the implementation of API and PNR data collection. The legislative framework has been well described, for example, by Rovshan Namazov in his article in Border Security Report Jun/Jul 2022 edition, and it leads to highlight one of the most important training needs: how do we ensure that the lawmakers are well aware of the operational needs of passenger targeting, so that they are able to draft proper legislations to support the operational work while respecting privacy and human rights?

While this article focuses on targeting as a methodology to fight against cross-border crimes, it is worth remarking that the parallel aim is the smooth facilitation and movements of legitimate passengers. In this sense, as the different law enforcement agencies would be collecting the data of all travellers, data privacy and human rights setup play a key role, intersecting with the need to prevent and tackle different types of crimes, including human trafficking. Colliding needs to safeguard different interests made the lawmakers work hard as well: how to deal with data collection of all passengers? How to focus on terrorists and criminals and preserve the victims? And, as aforementioned, how to ensure, in parallel, that legitimate passengers’ rights are not infringed, allowing smooth, legitimate travel?

Existing processes
The use of systematical collection of API and PNR data is still relatively new. It started after the 9/11 attacks in the USA in 2001, but for example in the European Union, the “PNR” directive (EU 2016/681) obliged all the EU member states to establish operational Passenger Information Units by May 2018. Based on IATA, at this moment close to 110 countries have either API or iAPI (interactive API) capability and approximately 65 have the PNR collection capability.

Nonetheless, even though many countries still lack this capability, most of them developed experience in passenger targeting. This might be by receiving the passenger information as hard copies (passenger manifests/tickets/reservation files) or having access to the reservation systems of air carriers, or when this information is not made available, backing the operation decisions with behavioural detection and/or available intelligence. This leads to another important question mark that takes us to training-related aspects: how to make sure to use the existing experience to ensure that the PIUs will fit well into the current security structures?

We can’t forget that the private sector plays a relevant role in the whole process. Air carriers and IATA, as their representative, have the know-how that explains the complexity of data collection/retention/retrieval, the function and possibilities given using different systems, such as the Departure Control System (DCS), Computer Reservation System (CRS) or other IT platform for the management of the crew. Including further complexity given by the collection of data from other travel modalities (maritime, land), we are getting to realize the implementation of the capacity-building process needs the active involvement of the private sector. This ensures a wider understanding of private sector-related procedures and possibilities from the law enforcement agencies and, mutually, the acknowledgement of the legitimate use of data collection/retention/use made by the law enforcement agencies.

Holistic approach
The establishment of PIUs is generally seen as the master key to addressing cross-border-related issues, providing solutions to the complexity of the profiling process. This is only partially true because the systematic collection of API/PNR and the related analysis processes represent only one ring of the risk-management chain. The implementation of strong risk-led policing, the establishment of horizontal and vertical intra/inter-agency cooperation, the adoption of the correct risk treatment measures, and the risk review based on the outcomes of the activities are the other mandatory ingredients to turn a powerful but complex tool into an effective instrument for border management.

Accordingly, the creation of the necessary expertise should include all the “actors” involved, considering that risk identification, risk evaluation, risk treatment and risk review are mutually connected, and belong to the same process. This should be reflected as well in the conceptualization of streamlined training programs, inclusive of a thematic focus on “targeting” training to be accompanied by dedicated capacity-building covering the other operational aspects of border management, including intelligence.

The use of open-source intelligence (OSINT) has increased significantly in recent years, according to the wide availability of data given by the extended use of internet-based applications and tools. Nevertheless, as a powerful tool, it must be handled with care in the framework of passenger targeting, and dedicated training modules should be implemented to prevent misuse that may impact its legitimacy, according to the data protection provisions, and its effectiveness, according to potential disruptions of investigations since searches could be easily detected by the potential targets, often by a simple notification (more information about Person-Centric OSINT can be found in the Amr el Rahwan’s article in Border Security Report Jan/Feb 2023 edition).

Finally, the validation of the targeting process happens through the implementation of the appropriate measures by the frontline officers. In this phase, the necessary ascertainment against the selected targets should be supported by a strong knowledge of operations’ dynamics, including behavioural analysis, interviewing techniques, searching techniques, x-ray examinations. The risk treatment phase or operational phase, if structured and backed with the right capacity-building actions, represents the main source to address the activity of targeting units as the PIUs, also providing the necessary elements for the risk review aimed at steering and refining rule based targeting processes.

The variety of cross-border crimes, together with the use of new routes, technologies and elusive methodologies goes beyond the institutional assignment of tasks, duties, and responsibilities of the law enforcement agencies in charge of securing borders. Nowadays it’s universally acknowledged that the Integrated Border Management concept (IBM) builds on the necessity of consolidating border management operations, hosting the two main services at the airports (immigration and customs) within the same operational streamline. If the right operational conditions are met, IBM facilitates the smooth departure/arrival/transit of legitimate passengers, while focusing on those ones that, according to the determined patterns, match with risky profiles.

Therefore, cooperation, in its wider significate, is the key to the implementation of effective border management routines. Namely, it’s distinguished into:

  • intra-agency cooperation, aimed at coordinating efforts among sections, units, and departments of the same agency
  • inter-agency cooperation, whose objective is the creation of synergies and information sharing between law enforcement agencies involved in the same border management action, though with different mandates (i.e., Border Police and Customs)
  • international cooperation, as the tool to enhance the capabilities against cross-border crimes that may impact different jurisdictions

As part of the extended meaning of risk-led policing, the implementation of all the necessary actions to enhance intra-inter-international cooperation can be facilitated by capacity-building actions aimed at raising awareness on the use of dedicated, secured communication channels as the ones provided for example by Europol (SIENA), INTERPOL (I-24/7) and WCO (CENcomm). The regional/international framework is to be preferred for the delivery of the related training and for the creation of interactive panels.

Indeed, besides the technical expertise, the building of trust among the participating agencies is the key to enhancing the development of effective information sharing and, consequently, the enhancement of border management action. Similarly, the deployment of experts and trainers from foreign countries creates the conditions to establish those operational contacts, that, besides the official communication channels, often trigger the operational reactiveness and the execution of urgent cases.

Given what he have discussed earlier in this article, a wide and structured range of training is therefore recommendable to support the creation of the best conditions for the implementation of effective border management measures. The process starts by raising awareness to ensure a suitable legislation framework to enable the enactment of the targeting activities and it continues with the involvement of the private sector as an interested party, actively involved in the border management action, whose role is often paramount for the implementation of the targeting process itself, due to the relevance of the information provided.

The holistic approach enables the involvement of several components of the law enforcement sector to address and exploit the capabilities emerging from effective border management and to turn intra-inter-international cooperation into a global asset, fully and respectively integrated within the security structure of the countries. The training and the building of capacities, while promoting and supporting existing mechanisms for international cooperation, also give the possibility to detect gaps and blockages in it, proactively providing for the possibilities to improve the cooperation framework.

The “story” told at the beginning witnesses how the building of trust and reliable relationships among law enforcement officers from different countries is revealed to be the “invisible”, but powerful tool to contribute to the effectiveness of the action at the borders against all kinds of cross-border crimes, triggering the enhanced cooperation toward disruption of criminal networks.