Customs’ big data passenger analysis respects Australian, EU privacy controls

A big-data passenger matching system being implemented by the Australian Customs and Border Protection Service (ACBPS) will comply with Australian and European Union privacy-protection requirements despite offering unprecedented visibility into the personal details and movements of travellers, the agency has promised.

Australia is just the second country – after Canada – to implement a new passenger-matching system that conforms to the PNRGOV standard, which was developed by the International Air Transport Association (IATA) to facilitate the consistent exchange of passenger information between countries.

ACBPS worked with IBM Australia to implement the Passenger Name Record (PNR) analysis solution, which draws upon big-data analysis techniques to risk-assess passengers based on a variety of historical information.

By enabling this analysis before passengers have even boarded the plane, the system is designed to automate a process that has typically been done in ad hoc fashion by pulling data from a diverse range of systems – allowing them to “accurately zero in on potentially high risk passengers”, IBM said in a statement.

Designed to resolve past inconsistencies between various countries’ data collection practices, PNRGOV – described in IATA’s Recommended Practice 1701a – maintains a single, globally-agreed list of common data elements to support all current and future national data-exchange requirements.

PNR records are collected from travel agents, airlines, and other entities and comprise approximately 106 different data fields including passenger contact details – including residence, phone number, email and other addresses – as well as payment details, flight details, passenger and crew flight details, MRTD details, frequent-flyer numbers, itinerary, credit card number and expiry date, and more.

PNRGOV, which expands the data-exchange framework around PNR records, was rolled into ICAO DOC 9944, a Recommended Practice on Passenger Data Harmonization that covers the structure of passenger-data elements and a standard way to transmit them between countries and airlines – but does not specify laws or regulations, data transmission, data processing, filtering of data, storage of data, or data protection; those issues are addressed in the ICAO DOC 9944 setting out PNR Guidelines.

Use of PNR data is expected to expand to 29 countries as systems like the IBM-ACBPS platform are increasingly rolled out.

“Nearly 30 million airline passengers passed through Australia’s borders over the past 12 months which is an increase of approximately 5% on the year before,” said Terry Wall, ACBPS national manager for target assessment and selection, in a statement.

“With IBM’s advanced passenger analysis solution integrated with our existing risk assessment tools, we can look at a range of data, using the Government's criteria, and identify potentially high-risk passengers and ensure our resources are deployed with greater precision when it comes to securing Australia’s borders.”

The high level of detail and personal information increases the burden on government organisations to protect the privacy of that data, which will undoubtedly make the new system a target for hackers keen on harvesting large quantities of personal data.

Yet IBM and ACBPS claim the new system complies with the data privacy and access requirements of the Customs Act, Australian Privacy Act and the European Union-Australia PNR Agreement.

This latter protocol, introduced in 2008 and renewed on 1 June 2012, sets tight limits on the Australian government’s right to access PNR data. For example, only specific data can be accessed, and only when ‘pushed’ to ACBPS by airlines; individuals have the right to access and correct their personal data; ‘sensitive data’ related to racial, ethnic, political, religious, or union affiliation or personal health or sex life is to be filtered by ACBPS; data can be retained for 5.5 years.

Such requirements will be respected as part of the operation of the system – which, IBM ANZ managing partner for Global Business Services Steve Bingham said, highlights the ability for big-data analysis to improve operational capabilities.

“Big data has the power to revolutionize customs and border security efforts, enabling more intelligent, globally interconnected data gathering and analysis,” he said in a statement. “IBM’s strong relationship with the Australian Customs and Border Protection Service is the result of true collaboration over many years. We are pleased to have applied IBM’s proven global capabilities in customs and border protection to develop a solution that leads the way internationally when it comes to border security.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian Customs and Border Protection Service (ACBPS)big data

More about ANZ Banking GroupCSOIATA AustraliaIBM AustraliaIBM Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place