Feb 25 2021

Precog in a Box

[Flowchart of “goTravel” software package developed by the government of the Netherlands and offered to U.N. members through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT)]

National governments of all members of the United Nations are being pressured to implement new U.N. mandates for surveillance, profiling,  and control of air travelers.

These unprecedented mandates for the creation and deployment of new surveillance and “pre-crime” policing systems in every U.N. member state  are the result of a successful twenty-year campaign carried out by the US and its allies through the U.N. Security Council and the International Civil Aviation Organization (ICAO) as policy laundering proxies.

This U.N. mandate is illegal: it contravenes provisions of the International Covenant on Civil and Political Rights, to which almost all U.N. members are parties. It’s immoral: it goes against basic principles of justice, including the presumption of innocence and punishment for criminal actions rather than for inferred criminal states of mind. And it’s wrong: it presumes the existence of human and/or robotic “precogs” that can predict future crimes.

U.N. members that haven’t yet set up “pre-crime” police agencies to surveil and profile air travelers are being pushed by Security Council and ICAO directives, and pulled by offers of  their choice of free “Precog in a Box” software and other training and support from US Customs and Border Protection (CBP) through the World Customs Organization (WCO), or from the government of the Netherlands through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT).

But how did we get here? What’s going on? And what’s wrong with this picture?


The policy laundering path to a global air travel surveillance mandate

U.N. Security Council Resolution 2178, adopted on September 24, 2014, was essentially a trial balloon for comprehensive global surveillance and control of air travel. In Resolution 2178, the U.N. Security Council:

9. Calls upon Member States to require that airlines operating in their territories provide advance passenger information to the appropriate national authorities in order to detect the departure from their territories, or attempted entry into or transit through their territories, by means of civil aircraft, of individuals designated by the Committee established pursuant to resolutions 1267 (1999) and 1989 (2011) (“the Committee”), and further calls upon Member States to report any such departure from their territories, or such attempted entry into or transit through their territories, of such individuals to the Committee, as well as sharing this information with the State of residence or nationality, as appropriate and in accordance with domestic law and international obligations.

Resolution 2178, as quoted above, was non-binding and limited to advance passenger information (API) or “passenger manifest” data, which is a significantly more limited dataset than mirror copies of entire airline reservations or passenger name records (PNRs).

Resolution 2396, adopted by the U.N. Security Council on December 21, 2017, took the crucial next step from recommendations (“calls upon”) to requirements (“shall”), and expanded from API data to PNR and biometric data as well as “the capability to collect, process and analyse” this data. This is a US initiative to globalize US-style air travel surveillance and fly/no-fly decision-making. The US government has explicitly described Resolution 2396 as “requiring other countries to use U.S.-pioneered border security tools.”

U.N. Security Council Resolution 2396 includes the following directives as to what all U.N. members “shall” do, under penalty of potential U.N. sanctions if they don’t comply. In Resolution 2396, the U.N. Security Council:

11. Decides that, in furtherance of paragraph 9 of resolution 2178 and the standard established by ICAO that its Member States establish advance passenger information (API) systems as of October 23, 2017, that Member States shall require airlines operating in their territories to provide API to the appropriate national authorities…;

12. Decides that Member States shall develop the capability to collect, process and analyse, in furtherance of ICAO standards and recommended practices, passenger name record (PNR) data and to ensure PNR data is used by and shared with all their competent national authorities…;

13. Decides that Member States shall develop watch lists or databases of known and suspected terrorists, including foreign terrorist fighters, for use by law enforcement, border security, customs, military, and intelligence agencies to screen travelers and conduct risk assessments and investigations…;

15. Decides that Member States shall develop and implement systems to collect biometric data, which could include fingerprints, photographs, facial recognition, and other relevant identifying biometric data.

The mandate to U.N. member states in Paragraph 12 (above) of Security Council Resolution 2396 incorporates by reference the ICAO “standards and recommended practices” (a term of art in the aviation treaties administered by ICAO) for government acquisition and use of copies of PNR data. Those ICAO standards and recommended practices for PNR data didn’t yet exist  when Resolution 2396 was adopted by the Security Council in 2017, but were finalized by ICAO in 2020 and take effect on February 28, 2021.

The coming into effect at the end of this week of the ICAO standards for PNR acquisition, usage, and sharing by governments triggers the mandate, pursuant to Security Council Resolution 2396, for each U.N. member to implement some means of acquiring PNR data from airlines, processing it to generate watch lists and “risk assessments,” and sharing it with other government worldwide.

Compliance will take time but is, at least if conflicting international human rights treaty obligations are ignored, mandatory for all U.N. members. Resolution 2396 concludes with the understatement that the Security Council, “48. Notes that the implementation of aspects of this resolution, especially PNR and biometric data collection, can be resource-intensive and take an extended period of time to develop and make operational.”

[ [Regional presentation to members of the Association of Southeast Asian Nations (ASEAN) shows the options available to member states: the US Automated Targeting System (ATS),  GTAS or goTravel.]

Some countries are simply turning over surveillance and control of air travel to the US, by adopting the US Automated Targeting System (ATS). As of 2018, US Customs and Border Protection (CBP) had “over two dozen partnerships” with other countries using the global version of ATS for international flights to and from their countries. By 2019,22 countries were using ATS-G, with negotiations ongoing with 20 more, according to a report by the government of Azerbaijan on a sales pitch by ATS-G project manager Gregory Falcon.

What if you want to do it yourself, but your country doesn’t have any precogs and doesn’t know how to build a robo-precog? The US and U.N. have got you covered with a choice of (free) turnkey software and other hand-holding. (See the “We can help” presentation beginning at 56:00 of this video from U.N. Web TV.)

Two of the governments that have been in the forefront of traveler profiling, the US and the Netherlands, are offering versions of their national PNR-processing systems to other national governments, as discussed below. Each of these options is being offered through a different U.N. agency.

The US Global Travel Assessment System (GTAS)

In a 2018 interview, the head of US Customs and Border Protection (CBP) described GTAS as a counterpart to the Automated Targeting System used by CBP itself: “an open-source cloud protocol called the Global Travel Assessment System [GTAS] that we’ve created to really support capacity-building with any interested partner.”

GTAS is maintained and distributed on Github, and promoted and supported by USCBP,  the World Customs Organization (WCO), and Interpol. The WCO is a U.N.-affiliated treaty body, but generally concerned with the movement of goods rather than the movement of people. It’s not clear why the WCO is the lead UN agency in a passenger surveillance program, unless the real purpose of the scheme is to interdict drugs and smugglers rather than terrorists.

Github, which is owned by Microsoft, has come under attack in the past by its users and employees for collaborating with components of the US Department of Homeland Security. Hosting software intended for use by secret police around the world to profile travelers and surveil and control their movements seems likely to reignite that controversy.

GTAS includes functionality for importing, storing, scoring, profiling, search, and other analysis and data mining of API and PNR data obtained from airlines or other governments:

[Open-source USCBP “Global Travel Assessment System” (GTAS) on Github]

CBP advertises that GTAS can be installed in 25 minutes, and promises “instant compliance” with U.N. and ICAO mandates related to API and PNR data.

If you need help installing the GTAS package on a Linux virtual machine, CBP has posted a collection of video tutorials on Youtube on helpful topics like, “How to Create a Watchlist“:

The “targeting service” in GTAS is a flexible, extensible algorithmic engine for search, scoring, and profiling. Although the high-level descriptions pitch GTAS as a counter-terrorism tool, the demo makes clear that it is an all-purpose tool for general law enforcement. The  demo shows categories of rules including not just “Terrrorism” but also “Local Law Enforcement”, “Federal Law Enforcement”, “corona virus”, and “General”.

User governments can add their own categories of rules to reflect their own categories of persons of interest and biases, and assign them user-defined priorities in the algorithm:

[Should we call our next rule category “Dissidents”? “Journalists”? Muslims? Jews? Uighurs?]

The “link analysis” module is a suspicion-generating guilt by association engine designed to identify travelers who aren’t yet under suspicion or on any watchlist, on the basis of data (“lives at”, “used credit card”, “phone number”, etc.) similar to that of current suspects:

Here’s an individual entry ready for one-click “Add to Watchlist”:

There’s also a Youtube video on how to import airline data into GTAS. The demo uses data about passengers on flights between New York (FFK and EWR) and Reykjavik (KEF), in both directions, on June 20, 2020, transmitted to CBP on June 18, two days in advance:

[GTAS tutorial: Importing PNR and API data from Icelandair flights]

It’s unclear why these flights were chosen for the demo, whether the data used in the demo is real or fake, or whether Icelandair or the Icelandic government authorized the use of this data for testing and demonstration purposes.

The Dutch “goTravel” system

goTravel” is an alternative software package for API and PNR-based profiling, surveillance, and control of air travelers. “The goTravel sotware is a reconfigured version of the Travel Information Portal (TRIP) system donated by the government of the Netherlands to the United Nations.” goTravel is being made available for licensing to other U.N. members through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT), which sees global mobility as per se a “threat.”

Unlike GTAS, goTravel is proprietary software that runs on Windows rather than Linux.

From the FAQ, goTravel appears to have similar functionality to GTAS. (See the goTravel flowchart at the top of this article.)

As in GTAS, “risk indicators” or profiling and scoring criteria in goTravel are user-definable:

[Top-level goTravel user interface menu]

There are plans for modular goTravel add-ons to incorporate data about other modes of travel (road, rail, and maritime) and to extend the passive surveillance functions to also include active control, by sending “board/no-board” messages to airlines like the Boarding Pass Printing Result (BPPR) messages in the US travel control system.

[goTravel training concludes with the optional module for maritime travel.]

Along with the goTravel software, the U.N. Office of Counter-Terrorism offers U.N. member states advice and assistance in enacting laws to compel airlines to provide copies of PNRs to the government, and training (one online session is being conducted this week for precogs in training from the Gambia) in setting up a “Passenger Information Unit” (PIU) within the government to collect, analyze, and share PNR and API data.

What’s wrong with this picture?

The mandate imposed on U.N. members by Security Council 2178 and 2396 is, so far as we can tell, unprecedented.

National government are not merely authorized to carry out specified surveillance functions with respect to all air travelers, and to share data about the exercise of fundamental human rights with other governments.

All U.N. members are required to surveil travellers, to force airlines to handle over complete real-time copies of commercial reservation databases, to share this data with all other U.N. members — friend or foe — and to establish a new “Passenger Information Unit,” if one doesn’t already exist, to carry out these duties.

We know of no previous instance in which the U.N. has mandated the creation of a new surveillance agency and the deployment of a  new surveillance capability by all U.N. members. A similar mandate was imposed by the European Union on its member states in 2016 (see more in this report from Statewatch: Automated suspicion: The EU’s new travel surveillance initiatives), although legal challenges to that directive and its implementation as contrary to fundamental rights recognized by EU treaties are pending. But this time the mandate is being imposed globally by the U.N.

This is fundamentally wrong in many ways:

First, there are no precogs.

“Vetting” is Newspeak for predictive, pre-crime surveillance and control. But neither humans nor robots nor cyborgs like the government “Passenger Information Units” being established around the world are actually capable of predicting — with sufficient certainty to justify prior restraints on the exercise of fundamental rights  — which  people, with respect to whom there is no probable cause to suspect them of any crime, are likely to commit future crimes, terroristic or otherwise.

One of the two “original sins” of post-9/11 policy and practice in the US is the wholesale adoption of this “pre-crime” paradigm for policing. (The other is the complete disregard for existing legal and judicial procedures, especially with respect to air travel.) And one of the consequences of continuing untreated societal post-traumatic stress disorder in the US since 9/11 is that pre-crime  policing has become so normalized and unquestioned that the US government takes for granted that it can and should be imposed on the rest of the world.

The rest of the world should push back, firmly and unequivocally.

The essence of predictive policing is the imposition of restrictions on rights on the basis of predictions of future action, rather than past crimes. That violates the presumption of innocence, of course, but it also violates our fundamental concept of justice. We convict and punish people for having “committed a crime,” not for some inchoate state of “being a criminal” — a charge against which it is, almost by definition, impossible to defend oneself.

The concept of pre-crime policing implicit in traveler “vetting” and “risk-based” differential treatment of travelers on the basis of profiling by human or robotic or cyborgian precogs is the leading edge of a decades-long evolution of policing and prosecution in the US from punishment for past crimes to sanctions imposed on the basis of predictions of future “dangerousness,” and from judgment of actions to identity-based judgments of people. It’s time to say “NO!” before the whole world follows the US down this wrong path.

Second, globalizing the sharing of travel blacklists (“watchlists”) and “risk assessments” between governments would compel even the best-intentioned governments to collaborate with the most malign of governments and enforce the agendas against whomever they define, for whatever reasons, as their enemies.

Countries with which blacklists/watchlists are “shared” will be required to act on them, but in most cases will have no way to evaluate the basis for them (if any) before doing so. They are expected to deny boarding first, and ask questions only later, if at all — as happens today at airports where no-fly orders from the US government are acted on. Watchlists provided by US “advisors” are used as the basis for denial of boarding in Europe, Canada, and elsewhere, even when local authorities have no idea what, if any, “derogatory information” supports the watchlisting, or whether it would satisfy local legal standards.

The expectation is that an allegation by any U.N. member that a person (or perhaps a group defined by a rule in the watchlisting algorithm) is a “suspected terrorist” will be taken as conclusionary by all U.N. members, and that their travel will be blocked.

But governments around the world define dissent as subversion, label their opponents and critics as terrorists, and accuse them of being agents of hostile foreign powers.

Compelling other countries to accept these denunciations at face value, and act on them to interfere with the freedom of movement of the individuals and groups they target, is to provide a new tool to tyrants to project their power beyond their borders to harass their personal and/or political enemies and interfere with their movements worldwide.

Third, both the general concept of traveler “vetting” against watchlists and profiling criteria, and its implementations in GTAS and goTravel, contravene rights explicitly recognized by pre-existing international human rights treaties.

There are no fields in these databases for the judicial order (if any) that forms the basis for a watchlist/blacklist entry, the authority issuing that order, or the basis for that order, much less to include the evidence (“derogatory information”) supporting the watchlist entry. Watchlisting/blacklisting is presumed to be an extrajudicial administrative function, and watchlist entries are expected to propagate worldwide from PIU to PIU.

Importing a blacklist is a drag-and-drop function. There’s no provision for recording what official of the receiving government’s judiciary or PIU has reviewed and approved the addition to that country’s ruleset of a list sent by another country’s PIU. No such review is expected. A person flagged as a “suspected terrorist” by any country in the world is expected to be treated as such, without further question, by every other U.N. member.

You have right to an extradition hearing before your body is involuntary transferred from one county to another, but no right to a hearing before intimately revealing information about you is transferred across borders from one PIU to another or used to block your travel even between countries far removed from the one that has blacklisted you.

That’s a feature, not a bug, of this distributed global blacklisting and travel control system.

There’s no consideration, in these or other similar schemes for permission-based control of travel, of the criteria for restrictions on the right to freedom of movement  permitted by the International Covenant on Civil and Political Rights. That’s not surprising, given the decision-making forums through which these policies were laundered.

There’s no civil society representation at the U.N. Security Council, and no voice for human rights at ICAO. So far as we can tell, no country has ever included a member of its data protection authority in its delegation to an ICAO meeting, or nominated an independent human rights expert to an ICAO working group.

The U.N. Human Rights Committee (UNHRC) has responsibility, pursuant to the ICCPR, for interpreting its provisions, and has issued guidance on the limits of restrictions on the right to freedom of movement permitted by Article 12 of the ICCPR. But the UNHRC has no direct jurisdiction over ICAO, only over its member states, and has never been consulted by ICAO.

The U.N. High Commissioner for Human Rights and the U.N. Special Rapporteur on Human Rights and Countering Terrorism engage with other U.N. treaty bodies, but have not yet sought or been invited to participate in ICAO deliberations on API, PNR, and other ICAO standards and recommended practices that implicate the right to freedom of movement.

What should be done?

Engagement with ICAO by the OHCHR and the Special Rapporteur on Human Rights and Countering Terrorism, and independent assessment of ICAO standards against the norms and treaty laws of human rights, are overdue and urgently needed.

The public in all countries needs to know what is happening. Privacy International has focused much-needed attention on  the impact of U.N. “counter-terrroism” programs on the right to privacy, and on the international propagation of surveillance technologies, but the human right to freedom of movement is at least as important as the right to privacy.

National governments that care about human rights can, and should, reject the purported mandates of the ICAO API and PNR standards and U.N. Security Council Resolutions 2178 and 2396 as incompatible with their obligations pursuant to Article 12 of the ICCPR.

It’s time to stop the globalization of travel surveillance and control.

7 thoughts on “Precog in a Box

  1. Pingback: [Roundup] Trick To Saving $200 On Some Flights - View from the Wing

  2. Pingback: Links 26/2/2021: GNU Poke 1.0 is Out and Rocky Linux Leaves Microsoft GitHub | Techrights

  3. Sounds awful, and all happening below the surface, as usual. I wonder who is profiting from the implementation of this plan? And you’re right about how people are defined…putting a totally peaceful dissident on a list as a “terrorist” would deliberately create a (literal) world of hurt for them. (On the other hand, supporting violent groups a government wants to enable could make the entire exercise useless.) And in the US there isn’t even a single coherent “no fly list”, there seem to be at least half a dozen, so getting off one–if you even can–doesn’t help much. I can imagine what this would be like on a planetary scale.

  4. Pingback: Connecting the DHS to the airline industry – Papers, Please!

  5. Pingback: Sabre and Travelport help the government spy on air travelers – Papers, Please!

  6. Pingback: The #NoFly list is a #MuslimBan list – Papers, Please!

  7. Pingback: Germany follows US lead in misuse of airline reservation data – Papers, Please!

Leave a Reply

Your email address will not be published. Required fields are marked *