How can airports limit the impact of EU-EES on border control?

The EU-EES imposes the secure enrolment of all Third Country Nationals (TCN) to verify the identity of each person that is entering the Schengen Area. This data is then securely shared with external data management systems at both a national and European level. Inevitably, these additional checks will increase the traveller processing time, resulting in longer queues and longer waiting times. There will also be a need for extra space, equipment and trained border guards to manage the flows and provide supervision over processes. The additional checks mean that border guards will have further, and somewhat repetitive, duties to perform, which is why their daily jobs need to be streamlined as much as possible, enabling them to perform their core mission with ease.

How can airports and border control agencies limit the impact of EU-EES on border control personnel and travellers? Helping border guards focus on added-value activities thanks to biometrics and automated solutions and pre-processing API and PNR data can significantly anticipate threats and save time at arrivals.

Capturing high-quality pictures of a traveller’s face and guiding them on how to properly put their fingerprints on the sensor are not added-value tasks for border guards. In order to help them focus on fraud attempt detection, suspicious behaviours and security-related situations, the three concepts below are key.

Travellers can complete certain tasks such as scanning travel documents, capturing biometrics and answering simple questions required for border clearance by themselves at a self-service kiosk. This kind of equipment ensures the quality of data acquired and guides the traveller through the various steps of data acquisition. The kiosks can easily adapt to the traveller and therefore ask the specific questions and enrol accurate data. This will enable border guards to focus on critical tasks, such as the decision-making process or investigating suspicious cases. After data capture at a self-service kiosk, the traveller can then use an automated system or a traditional manned border control counter to finalise the border control operations. In parallel, background verifications can be performed, optimising the time spent at each stage.

Automated Border Control gates are widespread in Europe for Schengen Area citizens. The use of similar equipment could be extended to TCNs providing they come under one of the following categories: bona fide traveller, exit process, re-entry of a known traveller etc. Biometric eGates are field-proven and reliable, and help reduce the volume of genuine travellers that border guards have to process, enabling them to focus on cases that require special attention.

It is a given that all self-service and automated solutions must be monitored. Operational supervision tools enable border guards to simultaneously monitor several eGates and/or kiosks. Centralised supervision permits border guards to follow data collection and result verification in real-time, taking any necessary actions needed. CCTVs can be displayed to the monitoring officer in order to see what happens during the biometric acquisition. Compliant with mobile usage (smartphone or tablet), this method enables border guards to handle exceptions or perform further checks while maintaining a steady flow in the immigration area.

Each Member State will have to collect alphanumeric and biometric data (four fingerprints and face) from TCNs. This data will be verified and securely stored for a maximum of three years. However, we cannot forget that collecting and checking biometric data in heterogeneous environments such as borders is not an easy task. Member States should only consider top-tier suppliers that have been independently benchmarked by official authorities, such as the National Institute Standards and Technology (NIST).

The current regulation requires a frontal face capture of 120 pixels between the eyes and a minimum framing of 800×600. In order to comply with the European requirements, various technical strategies can be implemented, but they all have an impact on the design and cost of building the equipment as well as the maintenance. For example, using a camera that moves up and down to capture a face is an interesting concept that complies with the regulation that requires a frontal picture. However, the moving mechanism will not only slow the process down due to camera adjustments, but it will also increase the maintenance costs. Noise can be an aspect as well. Other solutions can meet this quality criteria: tilting cameras, the use of several cameras at different heights, etc. Member States and all other operators should, above all, make sure the implemented solution is user-centric, efficient, robust, compliant with the regulations and is cost-effective to use and maintain for the long-term. The latest innovations in the field of biometrics include on-the-move face capture and matching. This optimised and contactless solution will significantly reduce the overall traveller processing time. When applied to a border control counter, it will allow the border guard to automatically retrieve the data collected at the self-service stage and the background verifications performed, while the person is heading to the counter, saving a few precious seconds.

Contact fingerprint systems are currently used. However, high-tech contactless fingerprint solutions are now also available on the market, allowing data capture to be done quickly and hygienically without compromising the level of security or matching precision. In this regard, the NIST recently published the results of the Interoperability Assessment 2019: Contactless-to-Contact Fingerprint Capture. This study aimed to assess how well touchless systems work with legacy databases. The study ranked certain contactless devices better than others in terms of matching rates, image capture sample rates, areas of overlap between probe and exemplar fingerprints, finger ridges and minutiae similarity.

Biometrics capture is a critical step in the identity verification of a TCN, which is precisely why it is paramount that Member States are able to detect all spoofing attempts. Particularly when the capture of biometric data is to be done directly by the traveller using a self-service system. The system should have the capability to automatically detect fake fingers, masks, images and/or video feeds etc. This is known as presentation attack detection. For ergonomics and ease of use, passive detection systems are recommended.

The quality of the biometrics acquired is key for the effectiveness of the EU-EES. Embedded, real-time quality control of the all captured biometrics is necessary in order for each Member State to comply with the EU-EES service level agreement. This will ensure the optimal matching accuracy for the future European sBMS, which is crucial for embedded quality control.

The capture of biometrics, especially when being performed in a self-service system, should be as easy and clear as it can be for the traveller. Knowing where to place your hand and to position your face are elements that must be straightforward and obvious. The ergonomics of a system is important for a traveller’s comfort, but also to reduce stress and the overall processing time.

When it comes to pre-processing API and PNR data, implementing such a solution can significantly anticipate threats and save time at arrivals.

Risk assessments enable governments to analyse travellers’ available data before their travel date to determine whether or not they may pose a risk. This helps to build a traveller profile, assisting border guards to make informed decisions and to spend time on those who present a threat, consequently streamlining border-cross checks for bona fide travellers. Advanced Passenger Information (API) and Passenger Name Record (PNR) data is transmitted by airlines to governments prior to travel. This data allows border authorities to perform risk analysis on travellers a short while before they arrive at their destination. Leveraging this data along with other types of information such as visa applications, electronic travel authorisations (ETIAS) and data securely stored within national lists of interest, offers in-depth insight for border agencies.

At an EU level, directive 2004/82/AC regulates the collection and transmission of API data for all Member States. The use of PNR data is regulated by directive 2016/681. API-PNR data is available in the departure control and reservation systems of airlines. Preprocessing and integrating this data into an Entry/Exit solution provides border management authorities with additional time to allocate resources and examine possible issues with travellers before their arrival at the border. In addition to immigration, the risk assessment of traveller’s data brings value to other border security missions such as customs, intelligence and national security. The United Nations Security Council resolutions 2178 and 2396, encourage all countries to collect and process API-PNR data in order to fight against trans-border crime and terrorism.