Every time you board a plane you leave a digital breadcrumb trail: who you are, where you sit, how you paid, who you travel with, where you stayed last night. This record – called a Passenger Name Record (PNR) – is gold dust for security analysts who hunt suspicious travel patterns. Yet real PNRs are locked behind strict privacy laws and commercial secrecy, starving researchers of the data they need to build smarter, fairer screening tools.

A team from the University of Sheffield has now released an open-source pipeline that fabricates millions of realistic, privacy-free PNRs. The synthetic dataset mimics the statistical quirks of genuine traveller behaviour – down to the hour-of-day you are likely to buy a ticket – while keeping every single “passenger” fictitious. The work, presented at the ISCRAM 2025 conference, offers aviation-intelligence projects a safe sandbox in which to test machine-learning models, risk-scoring engines and what-if epidemic simulations without touching sensitive records.

Why not just anonymise the real thing?

Traditional anonymisation (remove names, hash passport numbers) still leaks identity through combinations—your birthday, route and credit-card vendor can re-identify you in milliseconds. Once data are open, re-identification is a one-way street. Regulators therefore keep PNRs under heavy lock-and-key, slowing innovation. Synthetic data sidestep the problem by growing entirely new people, flights and social networks that never existed.

Five-step flight factory

The Sheffield framework, dubbed SynPNR, builds a fake world in layers:

1. Population engine
   Country-level census tables (UN & World Bank) are expanded into 4.7 million synthetic residents across 36 nations. Households get believable age gaps, marriage patterns and even transliterated names that fit local alphabets.
2. Social glue
   Algorithms weave family, friend and co-worker ties inside cities, then add weaker long-distance links. Shared nationality boosts link probability by 50 %—a nod to sociological studies on homophily.
3. Agent minds
   Every adult becomes an autonomous software agent with a calendar, bank card and frequent-flyer status. Agents decide how often they can travel (propensity), pick a purpose (business, holiday, family), choose companions from their network and select destinations weighted by real 2019 flight capacities.
4. Seat allocator
   Valid airline routes (minimum 210 operating days/year) are loaded from OpenSky crowd-sourced data. The engine books parties into flights, respects seat availability, adds baggage drawn from purpose-specific distributions and timestamps the purchase.
5. XML printer
   Output is a stack of industry-standard PNR files that plug straight into existing analyst tools.

Does it look authentic?

The group benchmarked their 4250-flight French–Greek subset against 2019 Eurocontrol and national statistics:

* Over-generation of solo trips is already flagged for tuning in the next release.

Age–sex pyramids for France and Greece diverge by <0.05 Kullback-Leibler—a difference smaller than typical sampling error in official micro-censuses.

What can you do with it?

• Train risk-scoring AIs without GDPR headaches.
• Stress-test border-screening rules under synthetic epidemics or mass-events.
• Model group-based threats (e.g., small cells booking separate flights).
• Share full datasets with external collaborators—no data-use agreements needed.

Limits & next hops

• Group travel is still too rare; social-network density will be dialed up.
• Seasonal travel dips in late-summer are weaker than reality.
• Expert usability review with border police is under way.
• Code already on GitHub; larger 20-million-passenger run scheduled for late-2025.

Take-away

SynPNR reproduces the statistical soul of air-travel data while surgically removing privacy marrow. For researchers boxed out of real PNR vaults, fake flights may finally unlock real insights.

Try it yourself

Code & sample data: github.com/fafadlian/Synthetic-PNR-Generation
Citation: Fadlian et al., “Generating Realistic Passenger Name Records with Privacy Compliance for Security Analysis”, ISCRAM 2025.

Every year, billions of people board flights. Each reservation leaves a digital footprint—names, travel dates, seat numbers, payment details—collectively called a Passenger Name Record (PNR). After the 9/11 attacks, security services worldwide realised that, if pooled and analysed, these records could reveal hidden plots before anyone reaches the airport. The European Union therefore passed the PNR Directive in 2016, asking every member state to set up a special office—a Passenger Information Unit (PIU)—to gather, check and share these clues.

In the context of TENACITy, between December 2023 and February 2024 researchers circulated a confidential questionnaire to PIU analysts, technicians and directors across 14 countries. Their frank answers sketch a picture of promise, but also of potholes that slow the road to safer skies.

1. The Good News First

• PIUs are up and running. All units that replied already collect PNR data and most can perform basic computer searches.
• Staff overwhelmingly believe the data do help: hidden links between suspects, suspicious money trails and even drug routes have been spotted sooner than old-fashioned police work would have managed.
• International cooperation is alive: PIUs swap tips with sister units, Europol and, in some cases, non-EU partners.

2. Six Headaches Revealed by the Survey

2.1 Data Transmission – “Same Language, Different Accents”

Airlines are free to pick how they send spreadsheets or XML messages. Some still email Excel files. Result: formats differ, fields swap places, and one in five messages arrives unreadable without manual tidying.

2.2 Data Collection – “Plenty of Noise, Not Always Signal”

Budget tickets bought through travel agencies often lack phone numbers or correct spelling. Because carriers are not obliged to double-check typing, analysts later waste hours guessing whether “J. Smiht” is simply a typo or a deliberate smokescreen.

2.3 Data Quality – “Missing Puzzle Pieces”

Optional fields (date of birth, payment method, baggage details) are frequently blank. Missing birthday information is especially frustrating; without age, risk-scoring algorithms misfire and toddlers can be flagged next to terror suspects.

2.4 Data Analysis – “Broken Travels, Blind Spots”

Europe currently collects air data only. Clever offenders dodge detection by flying into Istanbul, then continuing overland by bus or ferry. PIUs call this “broken travel” and warn they are blind to the second leg.

2.5 Staff Matters – “Too Much Haystack, Too Few Hands”

Most units operate with fewer than twenty specialists. Manually eyeballing every record is impossible, yet many PIUs lack funds for data-science training or modern visualisation tools.

2.6 Legal Matters – “Navigating a Maze”

A 2022 EU court ruling tightened the screws: data may be stored longer than six months only if a concrete security threat is documented. Staff now juggle shorter retention windows, extra paperwork and the need to show “human eyes” reviewed every automated alert.

3. Practical Fixes Proposed by the People in the Trenches

1. Mandatory fields: Make date of birth, citizenship and contact details compulsory at the booking screen; a simple pop-up could block incomplete orders.
2. Automatic spell-check on entry: Airlines already verify credit-card numbers—why not names and passport digits?
3. Shared templates: One common Europol form, with drop-down menus, for state-to-state queries would cut email ping-pong.
4. Robot helpers: Small “quality bots” that highlight misspellings or impossible travel itineraries the moment files land, freeing analysts for real detective work.
5. Smarter rules engines: Software that learns from past hits and suggests new risk patterns, always keeping a human in the final loop.
6. Multi-modal vision: Explore extending PNR-style collection to ferries, international trains and long-distance coaches, but only where necessity is proven and privacy safeguards travel alongside.

4. Why This Matters Beyond Airports

The study is a reality check for “big data” security more generally. Simply pouring oceans of information into computers does not automatically produce answers. Standard formats, data hygiene and well-trained humans remain the secret sauce. Policymakers worldwide – whether crafting health, climate or cyber-risk databases – can draw the same lesson: invest first in quality and cooperation, then in fancy algorithms.

1. The privacy-versus-security headache

Every year Europe’s Passenger Information Units (PIUs) collect hundreds of millions of booking records—names, seats, bag weights, payment slips—known as Passenger Name Records (PNRs).
The data are vital for spotting drug mules, trafficking routes or terror suspects, yet they are also deeply personal. EU law therefore demands:

• mask identities after 6 months
• delete everything after 5 years
• log every single access
• share only with vetted partners

Traditional file exchanges or e-mail satisfy none of these points: logs can be edited, copies leak, and nobody can prove later who touched which record when.
Enter blockchain—a technology famous for cryptocurrencies but far better at tamper-proof audit trails.

2. Why a simple database is not enough

A central warehouse (think “PNR cloud”) looks convenient, but is subject to risks:

What security engineers need is decentralisation, cryptographic logging and fine-grained access control without building separate national silos.

3. Blockchain 101 for aviation intelligence

Key ideas in blockchain:

• Ledger = append-only spreadsheet copied to every approved node
• Each row = hash of content + previous row → change one letter, break the chain
• Smart contracts = small programs that fire only when pre-defined rules are met
• Permissioned network = only accredited PIU nodes may join; no anonymous miners

4. How TENACITy wired a blockchain into real border policing

TENACITy is building a modular toolbox that helps PIUs fuse PNR with open-source intel, risk-scoring AI and pattern-mining engines. Its blockchain communication module, developed by Brno University of Technology, handles the most sensitive step: unit-to-unit data exchange.

4.1 Design choices

4.2 Life of a typical request

1. Officer in PIU-A opens TENACITy dashboard → hits “Request legs for passenger XYZ”
2. API server writes a hashed request onto the channel; only PIU-B can decrypt the blob
3. PIU-B chaincode checks endorsement policy, attaches encrypted PNR, timestamps response
4. Both sides confirm receipt; payload hashes remain, blobs are cryptographically erased
5. Any auditor can later verify: “Yes, hash ABC was written by PIU-A at 09:14:07 and answered by PIU-B at 09:18:22”—without ever seeing the raw PNR

5. Early numbers & lessons

• Pilot network spans 6 EU PIUs, 12 peer nodes, <1 s latency inside Europe
• Throughput tested at 2 000 request/response pairs per hour—enough for daily peaks
• Over 80 % of test users rated the blockchain log “more trustworthy” than classical e-mail exchange
• Legal team likes built-in deletion: no forgotten files lingering on FTP servers

6. Take-away

Blockchain is not magic, but tamper-proof logging + programmable deletion + mutual distrust is exactly what PNR law demands. Within TENACITy the ledger is no cryptocurrency – it is a digital notary that lets border analysts share vital clues while proving, beyond doubt, that citizens’ rights were respected every step of the way.

Article by UCSC-Transcrime

Globalization has led to a growing interconnection between countries in terms of transport supply chains and movement of people. Although providing relevant opportunities for both EU companies and citizens, such interconnection also poses serious risks in terms of security of external and internal EU borders. EU Border Guards agencies and Law Enforcement Agencies continuously screen incoming passengers and goods to proactively identify potential threats.

Criminal organizations and individual offenders exploit a variety of transportation modi operandi to move illicit products. These modi operandi depend on several factors, such as the risk of detection, the scrutiny level of the border controls, the quantity of the illicit products, and the geographical distance to be covered.[1] Time to time, based on these factors one out of maritime, air or land modes of transport is preferred against the others.

Maritime mode of transport

Criminal organizations and individual offenders frequently exploit sea transport for smuggling illicit products due to its facilitation of large-scale shipments and the relatively lax legal obligations in terms of information to be provided to and controls performed by authorities. In addition, there is a variety of techniques available to hide illicit products in legitimate cargos (see image below).[2]

Rip-on/rip-off: Illicit products are loaded in the port of departure and recovered in the port of destination. Often neither the senders nor the recipients are aware of their legitimate cargo being exploited for illicit purposes.

Switch: This is a variant of the rip-on/rip-off method. In the port of departure, illicit products are placed in an accessible place in the container. At the destination port, before the container is inspected, the products are removed and transferred to another container that has already been inspected or it does not need to be inspected.

Within legitimate goods: Illicit products are concealed or incorporated into the legitimate goods transported in the container. This method typically requires the involvement of the owners of the legal cargo and possibly also of corrupted dock workers.

In container structure: Illicit products are concealed in areas of the container such as insulation materials within the walls and floorings, cooling compartments, or in the exterior beams. This technique requires the involvement of corrupted port employees to place and retrieve illicit goods.

Commercial vessels and drop-off: The illicit products are transported by a variety of commercial vessels such as cargo ships, fishing vessels and tankers. In the proximity of the destination, the consignment is dropped off in the sea for collection.

Pleasure vessels: Due to the less stringent checks, pleasure vessels, such as yachts, are frequently used for the transportation of illicit products.

Inflatable and speed boats: In the case of illicit consignments of short-medium distances and/or in coastal waters, small custom-made vessels are sometimes used.

Underwater attachments and semi-submersibles: Illicit products are transported in missile-shaped containers attached to the hull of the vessels below the water. This method requires the use of specialised divers at both the origin and destination ports.

Despite the specific method, in most cases, corruption has a relevant role in the success of the trafficking as it helps to undermine transport infrastructure or gain access to EU ports.[3]

Air mode of transport

Another common transportation modus operandi exploited by criminals involved in illicit trafficking is air transport. The usage of air transport for criminal purposes mostly relies on commercial aviation through the misuse of scheduled air transport (e.g., passengers and cargo flights) and general aviation (e.g., wide variety of private civil flights). Criminal flights may be operated in three ways: (i) “white” flights are operated in full compliance with general aviation rules; (ii) “grey” flights apparently follow existing regulations, but at some points they deviate from standard procedures (e.g., abuses of reporting, unscheduled stops/touch-and-go and drop-off); (iii) “black” flights are fully unreported, they consist of clandestine flights operated at low altitude, on radio silence, etc. The reliance on air transport for illicit trafficking purposes has as main advantage the possibility of organizing large consignments that can be transported over long distances in relatively short time. The risks associated with this mean of transportation vary greatly according to the typology of flights. Commercial flights are the riskiest and thus, the least exploited, due to the intensive security checks both on passengers and goods. Instead, private planes are less targeted by security checks and need to comply with less security requirements; as a consequence, they are subjected to the misuse by criminals to a greater extent.[4]

The most common aircrafts and related techniques used for the purpose of illicit trafficking through aviation are displayed below.[5]

Commercial passenger flights: Illicit trafficking trough commercial passenger flights mostly involved passengers concealing some illicit products in their luggage or in/on their bodies. This method usually does not necessitate the assistance of corrupted personnel. Generally, this modus operandi is used for the transportation of limited quantities of illicit products.

Cargo flights: In the case of the exploitation of cargo flights, illicit products are usually concealed in parcels or incorporated in the legitimate goods transported by the sender of the legal cargo.

Private jets: Criminal networks often rely on private jets to smuggle large quantities of illicit products over long distances, including transatlantic flights. This modus operandi is typically chosen due to the perceived less stringent controls private jets are subjected to. Very often the crew members of the flight are aware and complicit.

Helicopters: Sometimes also helicopters are used by criminal networks to traffic illicit products on short distances as they offer the possibility of avoiding land security checkpoints.

Unmanned Aerial Vehicles (UAVs): UAVs (i.e., drones) consist of an increasingly used modus operandi exploited by criminal networks to smuggle illicit products. This method is especially used to deliver drugs in harshly reachable places (e.g., prisons) or to avoid land borders.

Land mode of transport

Besides maritime and air transportation, illicit products are often trafficked by land. This mode of transport is very frequent for intra-EU trafficking. Indeed, once the illicit products have reached the European mainland most often by sea or air, the distribution to EU MSs mostly occurs by land. This mode of transportation for intra-EU trafficking is often selected by criminal networks due to the advantages brought by the Schengen area that allows free movement of people and goods without systematic controls at the borders. To a lesser extent, the land mode of transportation can also be used for the transferring of illicit products from the origin to the destination countries. Illicit products can alternatively be loaded on private vehicles (e.g., cars, trucks) and commercial trucks where they are concealed among legitimate goods.[6]

[1] UNODC, “Global Study on Firearms Trafficking 2020” (Vienna: United Nations on Drugs and Crime, 2020).

[2] EMCDDA and Europol, EU Drug Markets Report 2019 (LU: Publications Office, 2019), (SOCTA) 2021: A Corrupting Influence : The Infiltration and Undermining of Europe’s Economy and Society by Organised Crime. (LU: Publications Office, 2021).

[3] Europol, European Union Serious and Organised Crime Threat Assessment (SOCTA) 2021.

[4] EMCDDA and Europol, EU Drug Markets Report 2019; EMCDDA, EU Drug Market, Cocaine; Europol, European Union Serious and Organised Crime Threat Assessment (SOCTA) 2021.

[5] EMCDDA and Europol, EU Drug Markets Report 2019; EMCDDA, EU Drug Market, Cocaine.

[6] EMCDDA and Europol, EU Drug Markets Report 2019.

Article by UCSC-Transcrime

Migrant smuggling is the process of facilitating the unlawful entry, transit or residence of an individual in a country.[1] It is a market in which the commodity traded is the assisted illegal entry into a country for a profit.[2] Migrants constitute the demand-side of the market as they are willing to buy a service, that is the illegal entry into a country, for reasons that include leaving war zones, extreme poverty, economic hardship, or persecution.[3] The demand is satisfied by several sellers, namely the smugglers, who provide these services for a wide array of reasons, ranging from economic returns to assistance to individuals with similar social and cultural backgrounds.

Migrant smugglers rely on a variety of means of transport to facilitate irregular migration both into and within the EU. Migrant smugglers’ modi operandi depend on several factors, such as the origin of the smugglers, the type of travel used, the route and the price that the migrant is willing to pay for the journey.[4]

Most irregular migrants in the EU arrive via Mediterranean Sea routes, using several types of boats. The choice of boat depends on the migrants’ budget and the length of the journey. Options include speedboats, sailing boats, motor yachts, and small inflatable rubber boats. Smuggling organizations even construct their own boats. However, sailing yachts and speedboats are less common due to the high costs and risks involved if these boats are damaged or seized. Instead, stolen boats are frequently used to reduce costs and make it harder for law enforcement to identify the smuggling network. Various methods have been identified for transporting migrants. One typical approach involves using two vessels: a larger one like a fishing trawler or cargo ship to take migrants on open ocean voyages, then transferring them to a smaller boat for the final leg to the landing site. The boat crew and smugglers abandon the migrants, providing basic instructions for navigating the small boat, and return to shore in the second vessel. Another technique, known as the “mother ship technique,” is commonly observed between Egypt and Italy. It involves using fisher boats, often owned by recruited professional fishermen, to transport migrants in international waters. The migrants are then transferred to smaller vessels and left adrift to be intercepted by Italian authorities, while the fishermen return to the departure coast.[5]

Overland transportation is the second most common method used by irregular migrants. It serves as a means to reach departure points and for secondary movements during longer journeys after utilizing other transportation options.[6] Various vehicles, such as cars, buses, lorries, and trains, are commonly employed depending on the specific route. Migrants transported overland, including for secondary movements, are often confined in dark and airtight cargo compartments, exposing them to life-threatening conditions. Smugglers frequently use rented vehicles or vehicles with fake license plates to hinder traceability if intercepted by law enforcement. It is worth noting that migrants can also be smuggled unknowingly in vehicles, such as when smugglers target commercial trucks waiting at border crossings, cut the seals and let the migrants in[7]. Lastly, overland transportation can involve migrants simply walking to cross borders, forming what is known as “caravans of hope.” These large groups of migrants aim to cross the EU’s external borders in search of protection, companionship, and to convey a unified visual message to national governments.

Air facilitation to or within the EU is infrequent but may become more prominent due to heightened controls on land and sea routes. [8] Air smuggling offers increased safety, speed, and lower risks for smugglers. Typically, smugglers do not accompany migrants but instead coordinate their journeys remotely from the origin or a third country, using messaging apps or other channels. Major international airports are prime targets for air smuggling as they connect to various parts of the world through major airlines. Migrant smuggling by air often complements other forms of travel as part of a larger facilitation plan. Migrants initially fly to a neighbouring third country and subsequently attempt to illegally enter the EU by land or sea.[9]

Two main methods of air migrant smuggling in the EU have been detected. Firstly, irregular migrants may use EU airports as transit points to third-party countries, as transit visas are often not required for many nationalities. They book flights that pass-through EU airports but intentionally stay in the country instead of continuing their journey. Upon arrival, they destroy their original documents (e.g., passports, visas), purposely miss their connecting flights, and apply for asylum in the EU country. In other cases, smugglers instruct migrants to meet a member of the criminal organization in the international lounge of the transit airport, where they receive new (often forged) documents. After the meeting, migrants attempt to leave the EU airport. Another common method involves trying to directly enter an EU member state using fraudulent documents. Document fraud plays a significant role in irregular air entry into the EU, especially by air.

[1] Europol, European Union Serious and Organised Crime Threat Assessment (SOCTA) 2021.

[2] Veronica Bilger, Martin Hofmann, and Michael Jandl, “Human Smuggling as a Transnational Service Industry: Evidence from Austria,” International Migration 44, no. 4 (2006); Paolo Campana and Federico Varese, “Exploitation in Human Trafficking and Smuggling,” European Journal on Criminal Policy and Research 22 (2016): 89–105.

[3] Georgios A. Antonopoulos and John Winterdyk, “The Smuggling of Migrants in Greece: An Examination of Its Social Organization,” European Journal of Criminology 3, no. 4 (October 2006): 439–61.

[4] Luigi Achilli, “Irregular Migration to EU and Human Smuggling in the Mediterranean: The Nexus between Organized Crime and Irregular Migration, Mobility and Refugee Crisis in the Mediterranean,” IEMED POLICY Brief, 2016; Peter Tinti and Tuesday Reitano, Migrant, Refugee, Smuggler, Saviour (London: Hurst & Company, 2016).

[5] European Commission, “A Study on Smuggling of Migrants. Characteristics, Responses and Cooperation with Third Countries,” 2015.

[6] Europol and Interpol, “Migrants Smuggling Networks. Joint Europol-Interpol Report,” 2016.

[7] European Commission, “A Study on Smuggling of Migrants. Characteristics, Responses and Cooperation with Third Countries.”

[8] Europol, European Union Serious and Organised Crime Threat Assessment (SOCTA) 2021.

[9] UNODC, “Migrant Smuggling by Air,” Issue Paper, 2010.

Article by Center for Security Studies, KEMEA

Exploiting travel intelligence for security brings a broad range of different professional disciplines closer together, transferring knowledge between many competences: Border control including Entry Exit System (EES), European Travel Information and Authorisation System (ETIAS) & Advance Passenger Information (API); Visa/migration authorities; Police cooperation; Counterterrorism/Internal Security; Criminal investigation, Passenger Information Units (PIUs); Customs; Carriers and airlines; law enforcement officials, etc., to meet the challenges of the dynamic threat environment. This large scale of actors dictates common tools and approaches. TENACITy works beyond the current state of play, to propose an open architecture, applicable at European level. TENACITy’s vision of strengthening security authority’s role in fighting serious cross-border crimes, amongst others, is to provide for modern and effective tools for exploitation of travel intelligence data by security authorities and to implement and demonstrate a Travel Intelligence Governance Framework that will incorporate a holistic approach to crime prevention.

As a first step, in the context of the TENACITy project, it was considered as necessary to have an in-depth analysis of the current state of play of the processing of PNR and API data in European countries. In this respect, KEMEA prepared and distributed to Passenger Information Units (PIUs) a survey to gather necessary input from PIUs to conduct an in-depth analysis of the existing state-of-play of the technical, and other, capacities of PIUs on the usage of API/PNR data). More specifically, the survey aimed at the identification of i) the level of the implementation of the technical solutions to process PNR and API data, ii) the technical solution developed and iii) the user and system requirements and challenges faced by PIUs.

Twelve EU Member States and two non-EU countries replied to the survey. The majority of the PIUs confirmed that they have an up and running system to process PNR data and API data and highlighted that the existing technological solution covers a big part of their operational needs. In particular, some stressed the usefulness of the historical searches on a case-by-case basis or by comparing PNR data against relevant databases or by processing those against pre-determined criteria in order to identify the yet – unknown criminals.

As for the challenges identified, those vary. In relation to the exchange of PNR data, some mentioned that the exchange of PNR data is not standardised and some PIUs are not using the agreed PIU-PIU template. Most of them highlighted that the data quality is rather poor in order to perform quick and efficient analysis of the data, with an emphasis given at the ‘broken travels’. As a result, they mentioned a number of data that they would wish to become mandatory for the air carriers to collect (for e.g., the date of birth of the passenger was something highlighted). Additionally, some PIUs are already processing PNR data from air carriers that do not support automated transmission yet confirmed that there are limited datasets available to compare those data with. Similarly, the same challenge appears to those who collect PNR data from other modes of transport.   Overall, all the PIUs, that participated to the survey, have well set up their systems and other non-technological challenges, like the non-standardised process of exchanging PNR data or the quality of the data are more important. In those challenges, the legal obstacles and the financial challenges shall be added. Many of these challenges can be solved and need to be solved at a legal level. However, the participants have recognised that tools and technological solutions with many automations are needed as they can also solve a part of their operational problems