Passport data security for e-Borders programme

Passport data security for e-Borders programme

By Darren Cronian on Tuesday, August 4th, 2009

I’ve been reading up on the electronic system called e-Borders that has been in trial between 2005 and 2009 and monitors passengers in and out of the country. The UK Border Agency collects passport information from travellers prior to their travel through tour operators and airlines.

Passport data security for e Borders programme

Sending passport details securely

By December 2010 e-Borders aims to collect details of 95% of passengers. So you will find more tour operators and airlines will want you to submit your passport details at the time of booking or shortly afterwards. That concerns me.

It appears that they will be rolling out the e-Borders system in phase’s through-out 2009 and 2010 and while I have no problems with a system that can track the movements of terrorists, I do have some security issues that I wanted to address.

Email is not secure

The British government do not have the best track record at storing our data securely, but my concern is how consumers are going to have to send their passport details. I’ve heard rumours that some tour operators will want consumers to email their passport information, and I for one, aren’t happy with that.

Email is not the most secure method of transferring information.

Identify fraud on the increase

We all live in a world where identify fraud is on the increase. Only last week I read a news article on a Thomas Cook shop in Dundee where staff information was found in the street. What if a copy of your passport or passport information was left unsecure?

Full roll out of e-Borders by 2010

The data might be secure at the UK Border Agency system my concerns are with the systems that hold our passport information, especially if we are going to receive emails asking us to send them our details or print copies of passports etc.

Maybe I am concerned about something that does not exist, but let’s discuss.

Related posts

Please enter your email address to receive my free newsletter

16 responses to “Passport data security for e-Borders programme”

Nick | 5 August, 2009 at 8:23 am

Darren.

First off one thing I would like to say is HAVE YOUR PASSPORT when you book. We now as an agent already ask for passport details on upwards of 50% of our bookings.

Tour companies have already been collecting this data. Let’s not forget that countries like Spain, USA, and Australia have already been doing this…… But then so have we. There has been a full test of the system over the last few years with millions of records being collected.

As submitting your information securely, well the UK government has a good record on that (take tax etc.), the problem comes is what they do with the data when they have it. But with regards to your passport details, they already have it anyway…why do you think they scan passports at immigration.

Report this comment

Simon | 5 August, 2009 at 9:31 am

It’s not practical to ask people to have their passport with them when they book, and should never be made a requirement. So long as the details are provided in good time then there’s no problem. Personally, if there was a small charge for not providing the information in advance, I would take that option and queue to show it at the airport rather than have it passed around various third parties and systems before it getting to who needs it.

I think the issue doesn’t just lay with the government collecting the data, it’s the retail shops, tour operators and then them passing it on to the airlines for checkin etc. which is also in question.

Report this comment

TTH | 5 August, 2009 at 10:48 am

I agree with Nick on giving out the passport details to the Travel Agent at the time of booking. In Chennai (India) I had always given my details to my Agent.

But, Daren, yes email is definitely an unsafe method. A fake mail ID could be easily created with a wrong spelling mistake (may be just one character wrong) and people might think its an authenticated email ID and they will send their passport details to that ID. Also, what if travelers send the passport details to some other mail ids by mistake.

Report this comment

Peter (Crew captain) | 5 August, 2009 at 11:48 am

Hello Darren,

I think that you have raised interesting and valid points. I have been collecting passport details and sending them by fax and email for 10 years. In Asia. I am not aware of security being abused but maybe I wouldn’t know that. I always took the security of the passport and the copied data as paramount. I simply over-looked the issue of data loss enroute or data stealing anywhere on the line and the data does go from one to another, by email from one agent to another for bookings, authorities and head counts.

The issues of security are quite poor in ordinary transmission. You can see the indemnity clauses left right and centre on any official email. The guarantees have to be raised. The technology is probably available, it just needs to be analysed for incidents of breeches. The other point is that if there are good secure email sytems then even the small agents have to use them in any part of the world for true security. That’s certainly not happening now.

Report this comment

Darren Cronian | 5 August, 2009 at 11:24 am

@ Nick & TTH

I probably didn’t emphaze this in the post, but while I have concerns with government databases, my main concern is how this data is stored in the individual shops, and TO a lesser extent online.

@ Simon

Yep, my concerns are that this data has to go through two third-parties before the government get their hands on it. I also don’t like the idea of consumers carrying their passports around with them when holiday shopping.

We have to be careful that while we are trying to stop terrorists and other undesireables from travelling around, that we don’t open up more identify theft cases.

Report this comment

TTH | 5 August, 2009 at 12:36 pm

But, why is e-Borders collecting the passport data? What will they do with it? Whats the use? Can someone explain please.

Report this comment

David Whitley | 5 August, 2009 at 11:41 am

I’ve filled in so many of those immigration forms on planes that I can remember all the relevant passport details without looking, but I never like handing the actual passport over to third parties.

You may be overplaying the security implications though – you routinely have to hand over passport details when staying in hotels (and even when using internet cafés in Italy). I don’t see why a travel agent would be any different.

That said, if the UK signed up for Schengen, it’d cut a lot of this unnecessary faffing around out instantly.

Report this comment

Nick | 6 August, 2009 at 10:01 am

Darren

Travel agents have held passport details for decades (if you book a cruise or escorted tour for example). We also held all the details with regards to your payment; we have your date of birth. Security in the industry is very good, probably better than banks or even other business. In the report you mentioned staff details not customer, we are probably more aware of safe guarding the customers details then our own.

How do we enter passport details? Normally these are done via our internal systems, we even have our own postal service. However more and more we are using government secure websites, this is not our choice.

Report this comment

Nick | 6 August, 2009 at 10:14 am

@ David
Schengen is a visa system and would not affect issues like this as has been proven by the Spanish, who require passport or ID card details already. If the UK had an ID card it would make travelling in the EU easier.

@ TTH
Darren has provided a link; basically they want the data before you arrive instead of on arrival. The idea is if there is a problem it is flag up before instead of sitting at immigration.

Report this comment

Payam Minoofar | 6 August, 2009 at 5:38 pm

If memory serves, this is a practice that El Al, the Israeli airline, has had in place for a long, long time. Its broader adoption happened after 9/11. According to 60 Minutes, an American new magazine, El Al starts querying querying, interpol, fbi, and every crime database to which it has access the moment a reservation is made. Passport info only expedites the process, I imagine.

So, it’s probably a minor nuisance, but, I totally agree, sending passport info via email is a totally different proposition from entering it via a secured form to a trusted source. The mode of transmission must be secure, and email is definitely not.

It would be nice if laws were to catch up with technology. It’s a perennial lament, it seems.

Report this comment

Robin Fields | 7 August, 2009 at 12:15 am

We booked our holiday yesterday and surprisingly we were asked to email our passport details as we had not taken them to the travel agent. I refused to, and asked them what other methods were available.

I was told that we could take the passports in and photocopy them.

I am not happy with this. This is the first time that we have been asked.

Report this comment

Darren Cronian | 7 August, 2009 at 6:22 am

@ Robin

I guess you have handed in your passport to a hotel before, do you trust them the same as a travel agent? I agree that there’s a risk when you hand over your passport, because that information has to be securely secured.

It’ll be interesting to see if we hear of any issues with passport security once e-borders is in full flow.

Report this comment

Nick | 7 August, 2009 at 10:06 am

The main point here this rant is about the UK. But this will be standard across all G20 countries’ plus some others in the next couple of years. So every one will be affected. Also why it will be common to be asked for your passport details.

Remember agents do not wish to do this; we do not get paid to do it. We have to submit them to the government that requires them. Why do we take photocopies because it is easiest way, rather than you read out every piece of information on your passport and we right it down, this way mistakes are more likely and how pleased will you be to be banned from travelling because of a misunderstanding.

Report this comment

Gsp | 7 August, 2009 at 10:53 am

I’ve been happy to give my passport details to online travel agents, via their SSL encrypted websites, in the past for my own convenience. Same goes for a number of airlines with rewards programs.

However, as you say the British government do not have the best track record at storing our data securely.

The key things about online travel agents, (e.g. people like Expedia), are that a) they’ve worked hard to earn our confidence and trust, b) the choice is still up to the user, and c) they have to answer to their customers, whose data they take.

Looking at the e-borders website you link to, does not inspire me with confidence. Additionally, this type of ‘monopolistic’ position (for lack of a better word) in terms of having 95% of all passengers’ data creates one point of failure, and also tends to lead to complacency with organisations that basically don’t have any competition to drive them to continue proving themselves to the public.

Another key difference here, is that the people whose data e-borders is holding here, aren’t their customers – so they’re primary concern isn’t going to be to answer to them, unlike a commercial company.

Report this comment

Nick | 8 August, 2009 at 10:16 am

@ Gsp

Just wondered if you ever travelled to the UK and had your passport checked on entry. If so all your details are already on the database. This is not a new database, just a way of placing the information on the database earlier.

When you entered your information on web booking sites, where did you think the information went? (Because the only reason any agent/operator collects this information is to pass to a goverment).

Report this comment

richard | 30 August, 2009 at 1:54 am

everytime i go abroad and come back to the uk i get a strange long hard surprised stare from from the passport officer at manchester airport !
dunno why to this day ,but every year it happens

Report this comment