1.1 Q: What is the Countering Terrorist Travel (CTT) programme?
A: The CT Travel Programme, led by the United Nations Office of Counter-Terrorism (UNOCT), seeks to build Member States capabilities to prevent, detect, investigate and bring to justice individuals suspected of terrorism or other serious crimes by using passenger data, in accordance with Security Council resolutions 2178 (2014), 2396 (2017) and 2482 (2019).
The Programme utilizes an “All-of-UN” approach in partnership with the Counter-Terrorism Committee Executive Directorate (CTED), the International Civil Aviation Organization (ICAO), the United Nations Office on Drugs and Crime (UNODC), the Office of Information and Communication Technology (OICT), and the International Criminal Police Organization (INTERPOL).
Each CT Travel Programme Partners CTED, UNODC, ICAO, OICT, and INTERPOL contributes crucial inputs for the overall implementation process. In tandem with awareness raising activities, CT Travel focuses on arranging and conducting prerequisite assessments of confirmed beneficiary Member. The assessment process involves the use of “deep-dive” missions with CTED leading the technical assessment component. After determining a state’s existing level of implementation, the Programme produces a “roadmap” for the Member State that identifies subsequent steps for implementation across the four pillars:
Pillar I involves the provision of legislative assistance to establish a legal framework or update existing legislation governing the Passenger Information Unit (PIU) based on expertise provided by UNODC.
Pillar II involves institutional set-up of Passenger Information Units (PIU) and capacity-building support, including training, drafting standard operating procedures, and sharing expertise among countries on the use of travel data to stem the flow of FTFs, by UNODC and UNOCT.
Pillar III involves supporting beneficiary member states in setting up carrier engagement and connectivity, by actively coordinating with the airlines in beneficiary countries, led by ICAO with support from UNOCT and UNOICT.
Pillar IV involves the provision of technical support and expertise by OICT, in the deployment, installation, enhancement and maintenance support of “goTravel2.0”, the UN configured version of the Travel Information Portal (TRIP) system donated by the Kingdom of Netherlands as an effective software solution for countries to collect and process API/PNR data. INTERPOL also supports this pillar by linking goTravel to its databases on known terrorists and serious criminals.
1.2 Q: Which international obligations does the Programme support Member States to comply with?
A: The CTT Programme helps Member States to comply with Security Council resolutions 2178(2014), 2396 (2017) and 2482(2019) which requires Member States to: a) receive and analyse advance passenger information (API); b) develop capabilities to receive and analyse passenger name records (PNR); c) make full use of relevant watchlists; d) and share information about foreign terrorist fighters (FTFs) and serious criminals using commercial air transport within their jurisdiction and across jurisdictions. Additionally, the CTT Programme supports compliance with the Standards and Recommended Practices in ICAO annex 9 of the Chicago Convention.
1.3 Q: What is goTravel?
A: goTravel is the United Nations-owned software solution supporting Member States in enhancing their capacity to use Advance Passenger Information/Passenger Name Records to detect terrorists and serious criminals analyzing their travel movements in compliance with Security Council resolutions 2178, 2396 and 2482. goTravel supports the end-to-end process for PIUs and law enforcement to obtain passenger data from (airline) carriers and conduct targeted analysis as well as share the findings of their data assessment. Member States adopt the UN-owned and operated goTravel solution to enable the automated analysis of large data volumes on passengers on all inbound and outbound traffic.
1.4 Q: What is the process of engagement and licensing of goTravel with a Member State?
A: Engagements with Member States for the implementation and licensing of goTravel are established through a Memorandum of Agreement (MoA) signed between the requesting government and the United Nations as part of the CTT Programme, following the assessment of the capacity of the Member state to implement API/PNR. The legal terms for the adoption of goTravel rely on treaties, conventions and international agreements in place between the United Nations (UN) and its Member States, providing the framework for the MoA to form a legally binding document.
1.5 Q: What is a goTravel Technical Working Group Task Force (TWGTF)?
A: The TWGTF is composed of a team of national substantive and technical experts from the Passenger Information Unit (PIU), that will be the main participants in assessment, pre-production and production activities including the elaboration of requirements/needs, trainings, technical deployments and support activities onsite (installation, configuration, data migration, etc.).
1.6 Q: How many Member States are currently using the goTravel solution?
A: The earlier version called TRIP, was donated to 10 countries before it was donated to the UN and renamed goTravel. TRIP is still fully functional in The Netherlands and other countries.
1.7 Q: What are architecture and hardware requirements?
A: goTravel is a software solution that is installed within a Member State’s administration. It runs on Windows x64 architecture and the hardware requirements depend on the yearly average number of passenger data and the local context. The system can be scaled seamlessly to meet the country's high availability standards and growth.
1.8 Q: What types of ICT Technical trainings, workshops and knowledge transfer mechanisms are provided?
A: Configuration and end-user trainings are provided to PIUs and other stakeholders. The United Nations Office of Information and Communications Technology (OICT) aims at building capacity within the host country so that the goTravel Technical Working Group Task Force (TWGTF) can administer and maintain the system independently. Documentation, end-user manuals and trainings will be provided.
2 Data acquisition
2.1 Q: What types of air traveler’s data can the system process?
A: goTravel can process both API and PNR data. iAPI (interactive API) is currently not supported (For further details, please refer to paragraph 3.11).
2.2 Q: What are the supported data standards?
A: goTravel performs as a single window accepting multiple data transfer standards including receiving API/PNR data from carriers in PNRGOV EDIFACT (version 11.1 to 13.1), PNRGOV XML (version 13.1) or UN/EDIFACT PAXLST (version 05b) formats through ebMS (electronic business Messaging Service). Supported transmission protocol: AS4 Profile of ebMS 3.0 Version 1.0.
2.3 Q: Does the system support other modes of travel?
A: There are plans to expand the scope to maritime, international high-speed rail and coach information (For further details, please refer to paragraph 3.11).
2.4 Q: How long can goTravel retain API/PNR data?
A: The system is by default configured so that data is stored for 5 years. After 6 months, the personal details are masked out and can be “de-masked” if needed. This standard setup is configurable within the system depending on the legislation in each individual Member State.
2.5 Q: Does the UN have access to the passenger data?
A: No. The UN does not have mandate to access data on passengers travelling in any country in the world. The Country’s Passenger Information Unit is the passengers’ data owner. OICT’s goTravel processes and procedures ensure that no UN staff members obtain access to goTravel (and any other) production systems and data, unless specifically authorized by the data owner to carry out specific, authorized, and time-bound set of activities (e.g. in case of troubleshooting problems and/or implementing emergency changes in systems for which UN staff’s intervention is required).
3 goTravel functionalities
3.1 Q: Can the solution generate traveler profiles?
A: goTravel allows for the configuration of rule-based risk indicators and watchlists from a comprehensive list of available data elements from API and PNR data.
3.2 Q: Is it possible to manage watchlists in the system?
A: Watchlists can be created and maintained in the system depending on the user's role. Watchlists can also be imported in the system.
3.3 Q: Does the system provide comprehensive user management features including multi-agency and multi-role access?
A: goTravel follows best practices in terms of role-based access management, supporting different entities and groups accessing the system and performing different functions in goTravel itself.
3.4 Q: Can a known person of interest be identified before boarding the aircraft?
A: Searching for known individuals is possible before departure as soon as the data has been provided by the airline therefore also several hours in advance of the flight. This search can also be automated in the system and trigger at any moment the airline provides fresh data.
3.5 Q: What is the data processing time?
A: Data is processed in real-time from airlines and is accessible within a Passenger Information Unit (PIU) with no delay.
3.6 Q: How can the system ensure data quality? What are the processes for data quality checks?
A: goTravel data ingestion mechanisms filter incoming data and check for semantic validity based on international standards. Missing data pushes are monitored through the goTravel Compliance module.
3.7 Q: What types of user and management reports can the solution generate/provide?
A: Every single user action in the system is logged for audit purposes. A series of reports is available which provide detailed compliance statistics. goTravel follows best practices in terms of role-based access management, supporting different entities and groups and their processes.
3.8 Q: Does goTravel use Artificial Intelligence (AI), Machine and Deep Learning Algorithms to support the analysis of behavior patterns?
A: AI capabilities will be available in the next generation of goTravel. In fact, AI will be used within a supervised and unsupervised (automated) environment to deploy machine/deep learning and big data techniques to correlate data flow and support in offering an accurate assessment of the data used in the delivery of outputs and intelligence products. One of the most important parts of the next generation of goTravel would be to ensure user friendly ingestion and processing of structured, semi-, and unstructured data.
3.9 Q: Is goTravel able to provide access to other government agencies to request information?
A: Yes, using goTravel claims and provisions functionalities, information can be provided to goTravel from the Borders/Customs/other agencies, and if there is a hit on a person or profile, this can be communicated back.
3.10 Q: Is the system integrated with government’s watchlists and databases?
A: goTravel can import watchlists from other national/international watchlists and databases. goTravel also features the ability to query Interpol’s I-24/7 databases.
3.11 Q: What other goTravel functionalities OICT is currently working on?
A: The OICT team is adopting a modular approach to deliver add-ons to the main goTravel core functionalities. This includes:
- goTravel (iAPI): The interactive API (iAPI) module will provide national authorities the opportunity to issue a board/no-board advisory message to the airline operators.
- goTravel (Maritime): API/PNR ingestion module for maritime transportation data.
- goTravel (Road): API/PNR ingestion module for road transportation data.
- goTravel (Rail): API/PNR ingestion module for rail transportation data.
- goTravel (Integration): Effective mechanisms in place to enable PIUs and other stakeholders to cooperate, coordinate and exchange information domestically and internationally. The Integration module will interface goTravel with national and international databases including the watchlist system (iWatchlist), Interpol’s I-24/7 and PIU.net (PISA) through the middleware iConnect and PIU Matching Interface.
4 Infrastructure and Technology
4.1 Q: What is the time period to deploy the solution? What types of support and services are provided within this period?
A: The goTravel solution can be installed within two days, if the country has the required hardware and software prerequisites in place. The OICT team provides ICT technical support throughout the engagement.
4.2 Q: Is it Cloud, or Locally hosted?
A: Typically, goTravel is deployed and hosted within Member States administrations, and no data is managed by the United Nations. Additionally, goTravel can also be provided as a cloud solution. This is to be decided by the Member State.
4.3 Q: How often is the software updated?
A: The Member States are the key drivers for the development of new goTravel features. The Technical working group can suggest additional functionality. All requests are addressed on a priority basis. Upgrades and bug fixes are provided at regular intervals.
4.4 Q: Does goTravel support high availability?
A: All parts of the system can be scaled or configured for high availability as needed.
4.5 Q: How does the solution ensure system security?
A: To satisfy security requirements and standards critical to the application and data, a security audit of the IT infrastructure including penetration tests are to be performed, possibly by an external third party expert provider to identify security risks affecting the infrastructure/network/system layers underneath goTravel that may undermine the whole implementation. Furthermore, the OICT team supports government entities of Member States to continuously perform security assessments in line with International standards (ISO27000 and NATO Secret Defense). OICT is continuously assessing the goTravel security posture also through the expertise offered by the OICT Digital Blue Helmets team.
5.1 Q: Will all licenses for the software, databases, utilities, etc. related to the goTravel be provided free of charge?
A: If not already available, some software licenses like Microsoft Windows Server 2016 and Elastic Stack will need to be purchased by the Member State to run their local instance of goTravel.
5.2 Q: What will be the cost of the maintenance and support services?
A: For the initial two years from the date of the signature of the Memorandum of Agreement (MoA), all new releases and updates of the goTravel software and related support services are free to the recipient Member State, as they are covered under the United Nations Countering Terrorist Travel Programme which is generously funded by a number of Donor countries. Should the country using goTravel decide to continue to use the software beyond the initial two-year period, it can opt-in to a non-profit partnership with all other participating states sharing the costs of maintenance, updates and 3rd level ICT support, calculated based on the number of Member States using goTravel and proportionate to their GDP and HDI. This would translate into a yearly invoice for the development, support and maintenance services.