PDA

View Full Version : Passport details


davidjohnson6
4th Nov 2009, 01:56
On some airlines, flying on routes to certain countries within the EU, there is a requirement to provide passport details prior to being able to check in online. An example is flights from the UK to Spain. I don't with to go into the merits of the system (i.e. Gordon Brown is turning us into a police state versus the argument that it's a necessary method to defeat terrorism) - but instead stick with the day-to-day technicalities of the operation of the system.

If I were to provide details of a fake passport when checking in online, but using my genuine EU passport when actually travelling and to present to the immigration official in person, what would actually happen ? I've experimented in the past more than once by declaring an incorrect date of birth for online checkin and never had any problems at the airport !

Does the online checkin process gain any sort of verification from national Govt prior to issuing the boarding card for printout ? Is any comparison performed between the passport details provided by the airline to the Govt of the country where the flight arrives, and the passport presented by the passenger ? Do staff at the gate even care beyond ensuring that the name on the boarding card matches the name in the passport ?

heidelberg
4th Nov 2009, 04:20
Actually it has nothing to do with the UK authorities. I fly from DUB and have to provide my Passport details because its the Spanish authorities who require it.
Re providing false info I can't help you because I do not know the outcome if you provide false info online.
At a guess probably makes no difference what info you provide - anyone know if I'm right or wrong with this assumption?

Donkey497
4th Nov 2009, 07:18
As a fair guess, I'd say that as you have to present the ID you provided when booking at check-in, then if the booking details on file don't match the ID handed over, you don't fly.

The only caveat that I can think of is that it's a case that you booked some time in advance & your passport, for example has had to be renewed in between.

However, I do know that in the US when you use a credit card as ID (even a UK card) at self check-in, if it is renewed between booking and travel, then that is not a problem, as I've done that, but I was quite surprised that it did, especially as I was checking in for a return trip back home.

Malone
4th Nov 2009, 08:29
These passport details have been required by certain countries for some time now. The US started the ball rolling and the aircraft were not able to leave until the information had been transmitted to the US immigration authorities, indeed I believe that there was the possibility that it would be returned straight back if this was not done. I assume that the reason was to enable the US to check all the passengers against their records in advance of arrival, which seems fair enough.
Then a number of other countries jumped on the bandwagon and I am not so sure that anyone bothers to check this information at their end!!
Whether it would be picked up or not if you used false details, I do not know, but I personally would not risk it.
I do not quite understand what the big problem is unless you have something to hide :confused:

TightSlot
4th Nov 2009, 08:37
I'm having problems understanding what the point of this thread is?

Is it some kind of misdirected protest against the UK Government? Is it a publicity stunt? Why on earth would a presumably sane adult want to experiment with providing false data? Why would that person then want to discuss it in public? What would be the point?

:confused:

Malone
4th Nov 2009, 08:43
Tightslot,
Couldn't have put it better myself!

:D:D:D

davidjohnson6
4th Nov 2009, 09:36
The rationale comes from concern about identity theft. I would guess that IT departments in some airlines are not *that* concerned about the security of the passport details of their passengers - they'll follow standard procedures but are unlikely to make strenuous efforts over it. When a company is known to be handling the identity details of over 1 million people and subsequently retransmitting this data on to various Govt bodies, it becomes something of a target for hackers and rather dubious groups.

I agree that I am unlikely to be affected, but more than once identity details under the care of Govt and companies have somehow leaked out. When this refers to a highly trusted document like a passport (as opposed to just a phone number), the potential for identity theft becomes much larger.

Plenty of companies will give assurances about how secure your details are. It's not possible for the average individual to verify these claims in any meaningful way. Furthermore, where data has leaked, the organisation has typically give great assurances about the security of people's personal details !

Take the risk enough times, and someone will start to impersonate me

raffele
4th Nov 2009, 10:14
I would imagine that the personnel in airline ICT departments who are entrusting with the API data transmission side of their networks have had to undergo stringent enhanced security clearance. I would also guess that how the data is transferred airline to government is over a very secure, encrypted, confidential network detached from the airline's other networks (in a similar manner to the military having a confidential network for sensitive applications and data). Bearing these assumptions in mind - lets face it, no one except those directly working within the system will know how it works and the security involved - it would take a very determined, inside man to get at your information.

You could always stop yourself from becoming a victim full stop. Just don't fly, don't have a passport, don't travel outside the UK whatsoever...

deep_south
4th Nov 2009, 11:50
--------
I would imagine that the personnel in airline ICT departments who are entrusting with the API data transmission side of their networks have had to undergo stringent enhanced security clearance. I would also guess that how the data is transferred airline to government is over a very secure, encrypted, confidential network detached from the airline's other networks (in a similar manner to the military having a confidential network for sensitive applications and data). Bearing these assumptions in mind - lets face it, no one except those directly working within the system will know how it works and the security involved - it would take a very determined, inside man to get at your information.
---------

You would think so, wouldn't you - unfortunately this is often not the case, and it doesn't matter whether this data is processed in the UK, or the EU, or wherever. Remembe that the reported cases of data loss & theft are only the tip of the iceberg - but I don't want to hijack this thread, so will leave it at that.

Rusland 17
4th Nov 2009, 13:16
Take the risk enough times, and someone will start to impersonate meOr, deliberately provide false information enough times and you may either (a) be denied boarding, (b) be denied entry to your destination country or (c) attract the attention of the authorities.

Why do so many people seem to go out of their way to make things difficult for themselves? Just fill out official forms truthfully.

Donkey497
4th Nov 2009, 20:46
Take the risk enough times, and someone will start to impersonate me

And the odds that someone will pick on YOU out of all of the other airline passengers is?????????

davidjohnson6
4th Nov 2009, 23:28
Donkey - identity theft works by selling the details of a batch of inidividuals to a 3rd party - maybe 1000 people at a time. The 3rd party can go through that list of 1,000 ID details, and attempt to use their identity for fraud. Sure, plenty of those attempts will fail, but at least a few out of those 1,000 will work. If I saw in a list of 1 million people a subset of people who had been flying frequently, I would target them as more likely to be wealthy and better candidates for fraud.

ID theft doesn't necessarily work by targetting specifically Mr John Smith of 32 Cherry Tree Lane - it's done by systematically going through a list of essentially (but promising) random IDs and just picking off the ones that work. The details that don't work can be simply discarded while the ones that do work can be milked for benefits

Amending relatively minor details like date of birth - perhaps out by a year being put down as a typo - in online checkin mean a busy gate agent probably won't even bother performing a rigorous check (boarding card may show only name and passport number, and as an EU passport is almost always good for entry to any EU country there is no need to worry about immigration fines) - but it's enough to mean that any attempt of using my details fails in any form of fraud through impersonation.

Anyway, this is digressing - can anyone provide info on what validation checks are performed in the process of providing passport details by the airline to the Govt of the arrival country ?

Final 3 Greens
5th Nov 2009, 05:18
Two points here


Spain requires APIS from the UK, because the UK is not a Schengen signatory. I have to provide APIS to the UK when visiting for the same reason.
The UK government's record on data security is abysmal, e.g. losing a CD with 28 million personal records last year. I can understand DavidJohnson6's concerns, even if I do not agree with his methods

raffele
5th Nov 2009, 13:31
Can anyone provide info on what validation checks are performed in the process of providing passport details by the airline to the Govt of the arrival country?

Probably not because, as I mentioned in an earlier post, it's probably classed as confidential.

At a guess, based on what used to be taught in A level ICT - there will probably be a validation check on the passport number (they tend to be 9 characters long). Where an address is needed, like USA, it'll probably check it's a valid address within the territory against the local address database. And other standard data validation checks - names can only contain letters, etc... For the transfer of data, there will be a check digit within the record which the system at both ends uses to make sure the data was transmitted correctly.

EastMids
5th Nov 2009, 16:00
I think this issue has a degree validity for those of us who have two passports - provide details of one passport when "registering" and [could be many weeks/months later] then through oversight take a different passport when actually travelling.

I have often wondered what would happen when I travel to the USA if I use one passport at checkin or for ESTA, and then show the other one to the nice man at US immigration upon arrival, but haven't come anywhere near to having the courage to actually try it to see what happens!!!

OFSO
5th Nov 2009, 17:30
Spain requires APIS from the UK

Although passengers arriving from the UK do pass through Spanish immigration and have to show their passports, I have never seen the passports being checked against any sort of list. For the past few flights (of many) the FR website hasn't even asked us for the APIS info., and I have the feeling it's either now derived from the check-in, or has been dropped as meaningless.
There are other ways for British to arrive in Spain which don't involve any form of ID check whatsoever.

Final 3 Greens
5th Nov 2009, 17:39
OFSO

Nonetheless, Spain does require APIS information from air travellers outside the Schengen area.

Here are some references

BritishAirways - Advance Passenger Information (http://www.britishairways.com/travel/ba6.jsp/imminfo/public/en_gb)

Ryanair - Notice : Flying to Spain-Submit Your*Passport/ID Details Now (http://www.ryanair.com/site/EN/notices.php?notice=gops&code=070911-api-notice-en-GB)

Advance Passenger Information Requirements :: Spain and Portugal for Visitors :: The travel guide to Spain and Portugal (http://spainforvisitors.com/module-News-display-sid-221.htm)

Advanced Passenger Information (http://www.cheap-holidays-travel.co.uk/information/advanced-passenger-information.htm)

Skipness One Echo
5th Nov 2009, 17:51
Strathclyde Plods were checking passports at Prestwick on the Stansted flight. We MUST be seen to be doing something against the EVIL terrorists.

*Seen to*

I cross my fingers that MI5 and MI6 are a little better at actually DOING something on this issue.

racedo
5th Nov 2009, 20:44
For the past few flights (of many) the FR website hasn't even asked us for the APIS info., and I have the feeling it's either now derived from the check-in, or has been dropped as meaningless.

If you check in online then you giving the details for APIS at same time.

bealine
5th Nov 2009, 21:50
The UK government's record on data security is abysmal, e.g. losing a CD with 28 million personal records last year. I can understand DavidJohnson6's concerns, even if I do not agree with his methods

Identity Theft is big business and I fully share DavidJohnson6's concerns too!

I asked questions about the "Disclosure Scotland" Enhanced Criminal Record Checks that we have to have done as workers with airside access for the same reason and just got a curt "if you don't get a CRC, you can't work!" response.

All the same, I am a little worried about faceless bureacrats and a private company having access to all of my personal data - considerably more, I have to say, than that contained in a passport!

jackcat
5th Nov 2009, 22:41
I asked questions about the "Disclosure Scotland" Enhanced Criminal Record Checks that we have to have done as workers with airside access for the same reason and just got a curt "if you don't get a CRC, you can't work!" response.


I believe that you would only need an enhanced CRC if you work with children or vulnerable adults, so cabin crew would have to undergo the same procedure as teachers, medical personnel and prison officers for example. For other airside passholders I understand just a basic check suffices...

Seat 59A
6th Nov 2009, 02:39
I have often wondered ...

Well, I can tell you. Six burly operatives in black suits and dark glasses descend upon you, hood and cuff you and you wake up 18 hours later in Azkaban.

No, really .... absolutely nothing! I know, because I have done it. The first time I used ESTA I was terrified, because I changed flight and carrier between registering and travelling. Nothing happened. It was not even commented on. Thereafter, I have (inadvertently) used one ppt to register and another to travel. Again, nothing happens. I've also lost count of the number of I-94 stubs that I have in my ppt that were simply not collected from me on exiting the US.

So, my conclusion is that this silly ESTA system is nothing more than a massive data-mining exercise by the CIA and has nothing whatever to do with Homeland Security. I don't know if the original concerns expressed in this thread are valid or not, but it seems to me that there must be a mountain of data out there that is simply so mind-bogglingly large that it is utterly useless for any conceivable security purpose. Has anyone noticed, by the way, that the visa waiver form has now changed to require telephone numbers and email addresses - what the hell for? Completely redundant data to add to the pile. Anyone can buy a SIM card off the street and change it tomorrow, or open and close an email address. Pure application of Parkinson's Law to an overmanned, overfunded and overstaffed bureaucracy.