1.  In the mid to late 1990s, successive UK governments decided to abandon the paper-based system of embarkation controls on passengers. With the growth of political interest in determining the extent of migration, and increased fears over terrorism and other serious cross-border crime, the Government decided to institute a system to gather information electronically on all travellers entering or leaving the UK, whether by air, sea or rail—the e-borders programme. Work on the e-borders programme began in 2003.

2.  In the autumn of 2008, TUI Travel (acting on behalf of the charter airline industry in general) contacted us arguing that the programme was being rushed into place without proper consideration of the operational requirements on the travel industry. We were unable to consider the issue at that stage, but in June 2009, when our work programme allowed, we asked whether the company still had significant concerns about the programme and were told that not only they but many other sectors of the travel industry had a variety of concerns about the implementation of the scheme. A representative sample of the companies involved was therefore invited to give oral evidence to us on 30 June: TUI Travel, representing the chartered airlines industry, the Chamber of Shipping, the Port of Dover and Eurostar.[1] We subsequently took evidence from Lin Homer, Chief Executive of the UK Border Agency (UKBA).[2] We received written evidence from these witnesses and also from the Board of Airline Representatives UK (BAR UK); the British Air Transport Association (BATA); the airlines bmi, Flybe and Virgin Atlantic; and the Royal Yachting Association. A number of other companies and organisations wrote to us associating themselves with the comments made by these witnesses. We also visited the Ports of Dover and Calais to look at the current configuration of these ports, and in particular the juxtaposed border controls. We wish to thank all those who provided evidence and who arranged the visit for their help in enabling us to understand this complicated project.

Outline of the e-Borders programme

3.   The e-Borders programme provides for electronic collection and analysis of information on all passengers entering or leaving the UK from carriers (including airlines, ferries and rail companies). UKBA says this will allow them to:

significantly strengthen the security of the United Kingdom by:

• identifying in advance passengers who are a potential risk;
• telling us who plans to cross our border;
• checking travellers against lists of people known to pose a threat;
• provide background checks to other agencies; and
• compile a profile of suspect passengers and their travel patterns and networks;

enable us to focus staff resources better to:

• stop passengers most likely to pose a risk; and
• allow the vast majority of passengers to pass through our border more quickly; and
• improve our ability to arrest criminals and people who break our immigration rules, and prevent them from returning to the United Kingdom;

automate processes to enable us to deal with the forecast 50% increase in passenger numbers over the next 10 years;

help identify those who avoid paying tax by claiming to be resident outside the United Kingdom; and

provide more accurate information on migration to and from the United Kingdom, allowing us to plan public services more efficiently.[3]

Responsibility for the e-Borders programme lies with UKBA (which has recently been merged with the border-related section of HM Revenue & Customs) and the police. On its website in June 2009, UKBA claimed to be "working closely with the travel industries, whose support is crucial to the programme's success."

THE LEGISLATIVE FRAMEWORK AND THE DATA TO BE COLLECTED

4.  The Immigration, Asylum and Nationality Act 2006[4] created powers for the UKBA and the police to obtain passenger, crew and service data from carriers in advance of all movements into and out of the United Kingdom and a duty for the border agencies to share that data among themselves. The requirements on carriers were set down in more detail by five statutory instruments in 2007 and 2008.[5] These commenced the powers; extended the powers to cover Channel Tunnel trains; specified the data that can be requested by the UKBA and the police; specified the data that must be shared between the border agencies; and brought the code of practice regarding data sharing into force.

5.  The legislation defines two types of data: mandatory data, which must be collected and supplied when requested at particular times; and additional data which must be supplied only to the extent that the carrier knows the data. It is mandatory to provide certain types of data when passengers and crew have boarded and are ready for departure, and no one else can join them. The mandatory data for passengers and crew comprise service information (for example number, name of carrier, departure and arrival points) and the travel document information (TDI) which are the data held in the machine readable zone of the passport or identity document. (TDI is known in the airline industry as advance passenger information data or API.) This information can be requested on more than one occasion; but if the request is made before boarding, the information needs to be provided only to the extent to which it is known to the carrier.

6.  The additional data are other passenger information (OPI), which airlines call passenger name record data (PNR). This is information collected for a carrier's own commercial purposes and includes details such as the passenger's name, address, telephone numbers, ticketing information and travel itinerary. This information need only be provided to the extent to which it is known to the carrier, regardless of when it is requested.

7.  Border agencies must share specified travel information with one another where it is likely to be of use for immigration, HM Revenue & Customs, or police purposes. They may also disclose this information to the security and intelligence agencies, if the information is likely to be of use for certain security purposes. The sharing of this information is covered by a code of practice which sets out what data may be shared, the ways in which and purposes for which it may be shared and the safeguards that must be applied.[6] In particular it highlights that the data must be handled and shared in compliance with the European Convention on Human Rights and the Data Protection Act 1998. The code of practice also sets out the sanctions which may be imposed on staff for the misuse of data.

PRECURSOR PROGRAMME: SEMAPHORE

8.  Project Semaphore was the e-Borders operational pilot launched in November 2004 on selected routes. It enabled the UK authorities to monitor the movements of passengers before they left or arrived in the United Kingdom. UKBA considers it very successful, listing on its website a variety of cases where people suspected of criminal activity or illegal immigration have been arrested or detained as a result of the project.

9.  The joint border operations centre (JBOC), established in January 2005, is the operational centre of Project Semaphore. Staffed by officers from the UKBA and the police, JBOC is responsible for providing detailed information to border agencies about passengers who are suspected of crime or who are of other interest to the agencies. JBOC is evolving into the e-Borders Operations Centre (EBOC), which will, according to the UKBA's website, enable UKBA "to create travel histories for passengers".

TIMETABLE FOR IMPLEMENTATION OF E-BORDERS PROGRAMME

10.  According to UKBA's website at the time of writing, the timetable for implementing the e-Borders programme is:

2009: the e-Borders operations centre, the National Border Targeting Centre (NBTC) starts operating;

December 2009: e-Borders aims to collect details of 60% of all international passengers and crews from a range of carriers and to check that 60% against lists of people who are of interest to authorities;

December 2010: e-Borders aims to collect details of 95% of passengers and crews;

April 2011: UKBA starts to "activate modernised entry methods" at UK ports;

July 2012: improvements including an ability to give clearance to passengers who are already on a train;

March 2014: e-Borders is fully operational, covering all international travellers using all UK ports, including matching passengers' arrivals to their departures.

NEED FOR CO-OPERATION OF FOREIGN GOVERNMENTS AND BORDER AUTHORITIES

11.  Because carriers bringing passengers to the UK will be required to gather the TDI/API from their customers, they need to organise their operations outside the UK in such a way as to achieve this. There are two major problems. One is logistical—whether foreign port authorities are both willing and able to re-organise their facilities to enable the carriers to obtain the required information from passengers. The other is legal—there are concerns that the collection of the data required by UKBA may be contrary to the data protection laws of some countries, and it may also be in breach of EU data protection law. We discuss this legal problem more fully in paragraph 40 below.

12.  UKBA recognises the role played by foreign governments in the scheme but its published information merely says: "We will market e-Borders widely internationally. We will address any issues in requesting data from certain countries on an individual basis through established communication channels".[7]

2   Lin Homer's oral evidence has been published with another Report of the Home Affairs Committee, The work of the UK Border Agency, Second Report of Session 2009-10, HC (hereafter referred to as 'Work of UKBA evidence') Back

3   UKBA's website: http://www.ukba.homeoffice.gov.uk/managingborders/technology/eborders/ Back

4   Sections 32 to 38. Back

5   The statutory instruments are: the Immigration, Asylum and Nationality Act 2006 (Commencement No 7) Order 2007; the Channel Tunnel (International Arrangements and Miscellaneous Provisions) (Amendment) Order 2007; the Immigration and Police (Passenger, Crew and Service Information) Order 2008; the Immigration, Asylum and Nationality Act 2006 (Duty to Share Information and Disclosure of Information for Security Purposes) Order 2008; and the Immigration, Asylum and Nationality Act 2006 (Data Sharing Code of Practice) Order 2008.

 Back

6   Code of Practice on the management of information shared by the Border and Immigration Agency, Her Majesty's Revenue and Customs and the Police brought into force on 1 March 2008 Back

7   UKBA's website: http://www.ukba.homeoffice.gov.uk/managingborders/technology/eborders/

 Back