Efforts by the UK to set up a data-gathering system across the airline industry backfired but it remains to be seen whether the EU learns from the past


Following the 9/11 attacks in 2001, a raft of legislation was introduced in the UK and in Europe mandating data sharing between the private sector and government. Private sector data about customers and their activities was seen by the US and UK governments as containing vital information about the activities of criminals and terrorists. Financial transactions, travel movements and, latterly, communications data all came under scrutiny.

Following the leaks of ex-CIA contractor Edward Snowden, the appetite for such surveillance waned, with the European Parliament suspending the transfer of PNR (Passenger Name Record) and SWIFT interbank data to the US government. However, after the attacks in Paris and Copenhagen earlier in 2015, this appetite seems to have been renewed.

Nowhere has this been observed more keenly at European level than in discussions about a new PNR directive intended to apply to all airlines operating into and out of Europe. Currently in draft form, the directive would oblige airlines operating in member states to hand PNR data – information about passengers’ bookings – to their respective governments in advance of travel.

The data would then be mined by law enforcement agencies for evidence concerning the past or future activities of crime and terror suspects, and for evidence of suspicious activity. The draft directive applies to flights from outside Europe, but could be extended to cover flights within Europe as well.

In considering whether to enact such a law, the European Parliament should look to the experiences of the UK government’s failed e-Borders programme, implemented under the Immigration, Asylum and Nationality Act 2006. A new book, The Private Security State?, by Professor Kirstie Ball and colleagues from the Open University, considers what went wrong with e-Borders. It suggests that governments should listen to air travel organisations before mandating them to provide passenger data on an even bigger scale.

The objective of e-Borders was to collect information about every journey into and out of the UK taken by rail, sea or air by 2014. The government legislated that between 24 hours and 30 minutes before departure data must be collected and transferred to UKBA’s National Border Targeting Centre, which allows data to be checked against watch lists, travel patterns and algorithmic surveillance measures to identify individuals about to travel. The information was held for five years in an active government database, where it was subject to all kinds of analysis. Then it was held for another five years in an archive with access on a case-by-case basis. It has since been abandoned as an expensive failure. The total cost was £750m (€1bn) and it came in €84.4m over budget.

When engaging with the private sector over information sharing, it is important to note that private sector infrastructures are set up to maintain competitive advantage. The problems with e-Borders stemmed from both the practical and legal aspects of its delivery in relation to the airline industry. The industry expressed concerns about the design of the programme from its pilot in 2004 to its roll-out in 2009. In particular, the Trusted Borders consortium – companies appointed to deliver the programme – was felt to ignore airline firms’ concerns relating to industry structure, operating standards and the legality of the programme.

The first concern was that it caused an uneven regulatory burden because not all airlines are alike. It is comparatively easy for a national legacy carrier such as British Airways or KLM to transfer passport data to government as their seats are sold via global distribution systems (GDSs) – large information systems used by travel agents to book airline seats across the world. In addition, after lobbying from travel agents association ABTA, it has become possible to enter passport details onto GDSs at the time of booking and automate the transfer from there.

Data disadvantage

Some low-cost and charter carriers, however, are not listed on GDSs – particularly charter carriers, whose seats are not available for independent sale. They had to build their own infrastructure to transfer data, at significant cost. Customer websites, mobile apps, self-service kiosks in airports and help lines also had to be set up at their expense to collect data from customers and make them aware of the new requirements.

Airlines also have long supply chains with multiple points of sale. Tour operators and travel agents had to juggle multiple data collection points for a range of airlines while taking care not to upset their customers’ travel experience by raising fears over security.

The low-cost and leisure airlines were further disadvantaged by the choice of operating standard for data transfer. SITA, one of the Trusted Borders members, insisted on its own standard, SITA type B, which is not standard across the industry and therefore costly for some to implement. Leisure airlines use an older, cheaper operating standard, UN/EDIFACT. As airports throughout the world upgraded to SITA-compliant systems, the costs were passed on to airlines in increased landing fees.

Border control battle

The problems didn’t end there. Raytheon, the lead partner of Trusted Borders, had responsibility for providing the e-Borders interface at border control in airports. It failed to deliver a useable system and was eventually sacked from the consortium in 2010. Last year it was awarded €315m in damages after suing the UK Home Office for unlawful termination of the contract. That decision was then overturned on appeal in March.

The final nail in e-Borders’ coffin was a set of legal objections from the European Commission. Potential legal problems with the programme were highlighted by the airlines to the Home Affairs Select Committee in 2009 but these were not heeded by the government. Early in 2010, the European Commission informed the British government that e-Borders compromised European citizens’ rights to freedom of movement. The scheme also breached Belgian, French and German data protection law.

The UK Information Commissioner suggested that citizens could opt out, but airlines across the sector then faced the enormous cost of amending systems to incorporate the opt-out. The result was a legal stalemate and patchy data collection.

Rather than gathering data from airlines, the UK Home Office is pursuing a system of universal exit checks using automated passport gates in airports. Passport data collection has effectively been re-centralised.

The incident is proof that mass data collection from the private sector for national security purposes is difficult to achieve at a systems level, as well as costly and legally and commercially compromising. Yet a draft directive on PNR data, which relies on airlines transferring PNR data en masse to national governments, has resurfaced in Europe.

The European Parliament now faces serious questions over mass PNR data collection in relation to human rights and data protection laws. It also needs to address industry concerns over the commercial implications of such a directive.

Avoiding extra financial pressures, unfair regulatory burdens and compromises to business models, supply chain and customer relationships will be of paramount importance to airlines, following the damage done by e-Borders. Sensitivity to these issues may help Europe decide once and for all whether mass surveillance is not only desirable from a human rights perspective, but feasible, prudent and sustainable.

Kirstie Ball is professor of organisation at the Open University