Passenger Information Units (PIUs) are specialised entities within aviation security that collect and analyse passenger data, primarily to identify potential threats such as serious crime and terrorist plots. They utilise the Passenger Name Record (PNR), a vital six-digit code on each ticket, to track and scrutinise passenger information. Operating quietly and invisibly, akin to clouds hovering in the sky, PIUs gather data from various sources, detecting patterns and anomalies that could indicate security risks. This article aims to shed light on their discreet yet vital surveillance, which plays a crucial role in safeguarding air travel, providing an essential but often unnoticed layer of security.

By Denisa Damian

Introduction

Passenger Information Units (PIUs) are akin to clouds in the vast expanse of aviation security. Invisible to the naked eye, they hover quietly, gathering and analysing data from various sources to form patterns that reveal potential threats. Much like how clouds collect moisture and signal changes in weather, PIUs consolidate passenger information, detecting anomalies that could signify security risks. Their presence, while subtle, is critical in providing a protective layer that ensures the safety and security of air travel.

Although not a secret, very little is known about the PIUs. These units meticulously filter and analyse vast amounts of passenger data to bolster security against terrorism and serious crime [1]. They collect information from sources such as Passenger Name Records (PNR) and Advance Passenger Information (API), sifting through these to identify potential threats. Using sophisticated algorithms and analytical tools, PIUs detect patterns and anomalies that may indicate suspicious behaviour. This process helps isolate high-risk individuals and activities, allowing for targeted security measures. By sharing intelligence with law enforcement and international agencies, PIUs play a crucial role in preventing criminal activities and ensuring the safety of air travel, acting as the guardians of aviation security.

What is PNR and how is your personal information used?

Passenger Name Record (PNR) is a crucial digital document used by airlines and travel agencies to store and manage detailed passenger information related to their bookings and travel itineraries. It is usually a 6-digit code that one can find on their flight ticket, encompassing a random mixture of letters and numbers. A typical PNR contains a wide range of personal details, including the passenger’s full name, contact information, date of birth, and passport number. It also encompasses travel-related information such as flight numbers, departure and arrival dates and times, connections, and final destinations [2]. Financial data, including payment methods and billing addresses, are integral components of a PNR, along with specific preferences like meal choices, seating arrangements, and even requests for special assistance. Equally, frequent flyer details and emergency contact information are also part of this record. This is because the primary function of PNR data is to facilitate efficient travel management by enabling airlines to streamline operations, such as booking, ticketing, check-in, and baggage handling, ensuring a seamless experience for passengers. Additionally, this data allows for personalised services, catering to the unique needs and preferences of individual travellers, thus enhancing customer satisfaction.

Beyond its operational utility, PNR data plays a pivotal role in the realm of security, particularly in counterterrorism and crime prevention. Security agencies use PNR information to conduct thorough analyses aimed at identifying potential threats. By examining travel patterns and behavioural anomalies, such as frequent travel to high-risk areas, use of multiple passports, booking a flight for yourself and someone else but without seats next to each other, and suspicious payment methods (mainly cash) [3], authorities can detect individuals who may pose security risks. This is crucial for pre-emptively identifying and mitigating threats to ensure the safety of passengers and the broader aviation system. PNR data is a key component in complying with national and international security regulations. Airlines are required to share PNR information with government agencies to facilitate border security and law enforcement efforts. This multi-agency work helps in screening passengers for security threats, supporting international efforts to combat transnational crimes such as terrorism, drug trafficking, and human trafficking.

Given the sensitive nature of the information contained within PNRs, stringent data protection laws govern their collection, storage, and use. These regulations ensure that personal data is handled securely, with measures such as encryption and access controls in place to prevent unauthorised access and or potential misuse. Regular compliance checks are conducted to uphold these standards and protect passenger privacy. Despite potential privacy concerns, the use of PNR data is balanced with the necessity to maintain national and international security, as well as operational security and efficiency in air travel. Thus, PNRs are indispensable not only for facilitating smooth travel experiences, but also for supporting security matters, making them a critical component of the modern aviation landscape.

Algorithmic biases and human intervention

Having said that, it is important to notice that these units face significant limitations when viewed through the theoretical frameworks of predictive policing and big data analytics. Predictive policing, which aims to anticipate and prevent crime through data analysis, inherently assumes that past behaviour and patterns can reliably forecast future actions. While this approach can be effective, it often overlooks the complexity and unpredictability of human behaviour that can never be measured accurately. PIUs rely heavily on big data, collecting and processing extensive datasets such as PNR to profile and assess risks, which introduces several issues. Firstly, the quality and completeness of data are often inconsistent, leading to potential inaccuracies in risk assessments. Data inaccuracies or gaps can result in false positives [4], where innocent individuals are flagged as threats, or false negatives, where genuine threats go undetected (although very rarely). Moreover, the algorithms used to analyse this data can perpetuate biases present in the original datasets. For instance, certain demographics may be disproportionately scrutinised due to historical data reflecting biased law enforcement practices [5]. In turn, this fuels systemic inequities and discrimination.

Another limitation is the issue of data privacy and the ethical use of personal information. The extensive data collection required for predictive analysis raises significant privacy concerns [6], as individuals' travel details, personal habits, and preferences are scrutinised often without their explicit consent. This data usage can lead to a sense of intrusive surveillance and mistrust among members of the public, undermining the security goals PIUs aim to achieve. Additionally, legal and regulatory frameworks often lag behind technological advancements, creating further grey areas around data governance and accountability measures [7]. 

What is more, the dynamic nature of security threats implies that static data models may quickly become obsolete, thus failing to effectively adapt to new and emerging threats [8]. As such, whilst PIUs embody a sophisticated application of predictive policing and big data [9], their limitations highlight the need for continuous refinement of data practices, ethical guidelines, as well as the development of more flexible and fair predictive models to enhance their efficacy and legitimacy.

Conclusion

To sum up, Passenger Information Units (PIUs) serve as indispensable pillars of aviation security, navigating complex challenges to uphold safety and efficiency. By harnessing advanced technologies and comprehensive data analysis, PIUs effectively mitigate security threats while enhancing the seamless flow of air travel. However, they face significant challenges, particularly in combating algorithmic biases that can skew security assessments [10]. Looking ahead, continual advancements in technology and ongoing collaboration with stakeholders will be essential for PIUs to remain agile and effective in an ever-changing security landscape. By addressing challenges head-on and maintaining a proactive stance against emerging threats, PIUs ensure that air travel remains secure, reliable, and accessible for passengers worldwide.

References

[1] Aradau, Claudia, and Tobias Blanke. "Politics of prediction: Security and the time/space of governmentality in the age of big data." European Journal of Social Theory 20, no. 3 (2017): 373-391.

[2] Amoore, Louise, and Marieke De Goede. "Governance, risk and dataveillance in the war on terror." Crime, law and social change 43 (2005): 149-173.

[3] Bigo, Didier, and Stefan Salomon. "Passengers Name Records and Security: Origins, transnational trajectories, and current dilemmas." Verfassungsblog (2023).

[4] Glouftsios, Georgios, and Matthias Leese. "Epistemic fusion: Passenger information units and the making of international security." Review of International Studies 49, no. 1 (2023): 125-142.

[5] Haitsma, Lucas Michael. "Regulating algorithmic discrimination through adjudication: the Court of Justice of the European Union on discrimination in algorithmic profiling based on PNR data." Frontiers in Political Science 5 (2023): 1232601.

[6] Kanellopoulos, Anastasios-Nikolaos. "Travel intelligence as a tool for counterintelligence and border security." Security and Defence Quarterly 45, no. 1 (2024): 55-67.

[7] Kaunert, Christian, Sarah Léonard, and Alex MacKenzie. "The social construction of an EU interest in counter-terrorism: US influence and internal struggles in the cases of PNR and SWIFT." In The European Union’s Fight Against Terrorism, pp. 16-38. Routledge, 2016.

[8] Leese, Matthias. "The new profiling: Algorithms, black boxes, and the failure of anti-discriminatory safeguards in the European Union." Security Dialogue 45, no. 5 (2014): 494-511.

[9] Orrù, Elisa. "The European PNR Directive as an instance of pre-emptive, risk-based algorithmic security and its implications for the regulatory framework 1." Information Polity 27, no. 2 (2022): 131-146.

[10] Streamline. “API PNR – what it means for travel operators”. Available at: https://streamlane.tech/blog/api-pnr-data/what_api-pnr-means_to_flight_operators.