Does SAAS stand for “software as a service” or “surveillance as a service”?

As we’ve reported previously, the UN Security Council and ICAO have illegally ordered all UN and ICAO members to create national agencies for surveillance of airline passengers and global sharing of airline reservations (PNR) and passenger manifest (API) data.

Through bilateral and multilateral efforts and the UN Countering Terrorist Travel program, the US and Dutch governments have made available ready-made software for creating and managing travel watchlists, blocklists, and profiling algorithms and rulesets.

These aren’t the only options, though, for national governments wanting or feeling pressured by the US, UN, and/or ICAO to get on the traveler profiling bandwagon.

Caitlin Chandler of Wired, in conjunction with Andrew Couts, Crofton Black, Ariadne Papagapitos, and Daniel Howden of the European nonprofit newsroom Lighthouse Reports,  has a ground-breaking report putting the spotlight on four commercial providers of outsourced and privatized air travel surveillance, profiling, and control systems: Swiss-based SITA (an established joint venture formed by airlines to provide shared IT services) and Travizory, French-based Idemia, and Dutch-based WCC.

These are the companies that make presentations, lurk on the sidelines and in the booths, and negotiate public-private partnership agreements at the annual FTE Global trade show, ICAO’s  annual TRIP symposium in Montreal, and similar regional events.

Each of these companies offers a turn-key solution, either user-installed or cloud-based, to governments that want to jump-start their air travel surveillance and control programs  and “push their borders offshore”, as one of these vendors describes their service.

Another vendor quoted by Wired says that with their system and its interconnections, “Participating governments are then able to respond to the carrier … in real-time, authorizing or denying the boarding of each and every passenger.” These systems are also designed to interface with electronic travel authorization (departure permission) systems.

Each of these systems supports drag-and-drop importing of watchlists and blocklists from other countries, creation and addition of entries to new watchlists and blocklists, and creation of new profiling and travel blocking algorithms and alerts. Each also allows government customers to enable the vendor’s preconfigured pre-crime and artificial unintelligence profiles and algorithms as part of their surveillance, blocking, and alert ruleset.

In interviews reported in Wired, these companies disclaim responsibility for how these tools are used by government customers or what rules customers add to their algorithms — a claim that is at best disingenuous, especially when government customers turn on pre-crime and AI profiling and scoring algorithms provided by the vendor as part of a black box.

It would be a mistake to focus too much on these surveillance-as-a-service providers, to the exclusion of the governments that have contracted and paid for their services. That governments and their commercial partners are illegally interfering with the right to freedom of movment, the right to leave any country, the right to travel by common carrier, and the right to asylum is more significant than the specific systems they are using to do so. But the report in Wired outing these companies and their role in travel surveillance and control is an important step. These vendors and their surveillance-as-a-service products, as well as the government agencies they work with, deserve continuing scrutiny and oversight from human rights activists and international human rights bodies alike.