During  its online annual general meeting this week, the International Air Transport Association (IATA) rolled out a  new proposal for an app-based system of control over air travel that IATA is proposing for use by its member international airlines and by governments.

The scheme is being promoted as a response to the COVID-10 pandemic, but would institutionalize structures and practices with the potential for continuing and wider abuse.

IATA is calling its scheme the IATA Travel Pass. As described in these slides,  it would require would-be air travelers to enter both personally identifying information (most likely passport or other ID-card details) and records of tests and/or vaccinations into an IATA  smartphone app.  The data would  be processed by the algorithms of a “rules engine” to detemine whether to issue an “OK to travel” permission message. The output of this algorithmic decision would be available for use by both airlines and governments.

The intent of the IATA proposal is to create an infrastructure for sharing of data and travel permission decisions, at any point before or after the journey, with both airlines and governments, on the basis of an open-ended ruleset:

Of course IATA’s new proposal has all the defects of any smartphone-based travel surveillance or control regime that we discussed back in April when Hawaii tried out such a scheme. IATA is silent on what is to happen to  a traveler who doesn’t have a smartphone, charged-up and operable, with them when they try to travel.

And what about travelers without passport? No passport is currently required, even for international flights, within some free-movement zones such as within Mercosur, ECOWAS, or the European Union, or between the UK and Ireland.

But that’s not the worst aspect of the IATA proposal. Unlike Hawaii’s app-based location reporting system, the IATA app would go beyond surveillance to incorporate an algorithmic decision-making system for prior restraint of the right to travel.  Very disturbingly, there’s no mention in the IATA proposal of who would control the algorithmic ruleset, leaving it wide open to mission  creep and abuse by governments worldwide.  There’s no apparent way to restrict the nature of the rules or the purposes — blacklisting? discrimination? profiling? retaliation? — for which they could be used. Deployment of a general-purpose algorithmic travel control app for use worldwide would invite abuse.

No distinction is made by IATA between data to be shared with governments and with airlines. IATA takes for granted that airlines are entitled to free use for their own purposes of whatever data travelers are required to hand over to governments:

As the diagram above shows, IATA conflates tests (not defined, and possibly including testing for infection and/or testing for antibodies) and vaccinations. But there’s no guarantee that any vaccination will produce immunity, or for how long. Nor is there any guarantee that any test will identify all those who are potentially infectious.

The point seems to be to make potential travelers feel safe, so that they will be wiling to fly again, so that airlines can return to profitability — not to actually eliminate the risks of infection from air travel and the activities incidental to it.

With respect to vaccinations, as we’ve noted before, there is already an international standard method method of recording immunizations and and making those records available to governments: the International Certificates of Vaccination (ICV) or “yellow book”:

The ICV was developed and adopted by the World Health Organization, not the travel industry. It has been endorsed by the US government, including by the CDC.

Curiously, there is no mention by IATA of the longstanding and internationally-recognized standard, the ICV, which the new “IATA Travel Pass” app is apparently intended to supplant. Also curiously, although there is an official CDC version of the ICV, published by the US Government Printing Office, the  page that formerly described the ICV and how to fill it out has disappeared from the CDC website.

It’s not clear what’s going on behind the scenes, but we are concerned by the much greater potential for abuse of the IATA Travel Pass., especially if any government in the world can insert its own rules into the permission-to-travel algorithm with no algorithmic transparency , oversight, or accessible pathway to judicial review of no-fly decisions.

Someone who is turned away at the door to the airport (there are already checkpoints at the doors of many international airports, before travelers get a chance to approach the check-in counters) or at a ticketing or check-in counter, is unlikely to have meaningful access to the courts of the country of their destination or where a foreign airline is based.

It’s unclear whether IATA will be pitching its new app to ICAO and/or the WHO as a new international standard and/or a replacement for the ICV. IATA isn’t waiting, though, but is apparently trying to start by selling its app to governments country by country. Without specifying the countries between which the trials will be conducted, IATA says that the International Airlines Group (the holding company for British Airways, Aer Lingus, Iberia,  and the low-fare airlines Vueling and Level) plans a pilot of the IATA Travel Pass by the end of December 2020.

We welcome any reports by travelers who use, try to use, or refuse to use this app.