goTravel FAQ
1 General
1.1 Q: What is the Countering Terrorist Travel (CTT) programme?
A: , led by the United Nations Office of Counter-Terrorism (UNOCT), seeks to build Member States capabilities to prevent, detect, investigate and bring to justice individuals suspected of terrorism or other serious crimes by using passenger data, in accordance with Security Council resolutions 2178 (2014), 2396 (2017) and 2482 (2019) international standards and recommended practices and human rights principles..?
The Programme utilizes an “All-of-UN” approach in partnership with the Counter-Terrorism Committee Executive Directorate (CTED), the International Civil Aviation Organization (ICAO), the United Nations Office on Drugs and Crime (UNODC), the Office of Information and Communication Technology (OICT), and the International Criminal Police Organization (INTERPOL).
Each CT Travel Programme Partners CTED, UNODC, ICAO, OICT, and INTERPOL contributes crucial inputs for the overall implementation process. In tandem with awareness raising activities, CT Travel focuses on arranging and conducting prerequisite assessments of confirmed beneficiary Member. The assessment process involves the use of “deep-dive” missions with CTED leading the technology?assessment component. After determining a state’s existing level of implementation, the Programme produces a “roadmap” for the Member State that identifies subsequent steps for implementation across the four pillars:
-
Pillar I involves the provision of legislative assistance to establish a legal framework or update existing legislation governing the Passenger Information Unit (PIU) based on expertise provided by UNODC.?
-
Pillar II involves institutional set-up of Passenger Information Units (PIU) and capacity-building support, including training, drafting standard operating procedures, and sharing expertise among countries on the use of travel data to stem the flow of FTFs, by UNODC and UNOCT.?
-
Pillar III covers supporting beneficiary member states in setting up carrier engagement and connectivity, by actively coordinating with the airlines in beneficiary countries, led by ICAO with support from UNOCT and OICT.?
-
Pillar IV covers the provision of technology adoption and support and expertise under the overall strategic guidance of OICT, in the deployment, installation, enhancement and maintenance support of “goTravel”, the 缅北禁地owned/configured version of the Travel Information Portal (TRIP) system donated by the Kingdom of Netherlands as an effective software solution for countries to collect and process API/PNR data. INTERPOL also supports this pillar by linking goTravel to its databases on known terrorists and serious criminals.
1.2 Q: Which international obligations does the Programme support Member States to comply with?
A: The CTT Programme helps Member States to comply with Security Council resolutions 2178 (2014), 2396 (2017) and 2482 (2019) which requires Member States to: a) receive and analyze advance passenger information (API); b) develop capabilities to receive and analyze passenger name records (PNR); c) make full use of relevant watchlists; d) and share information about foreign terrorist fighters (FTFs) and serious criminals using commercial air transport within their jurisdiction and across jurisdictions. Additionally, the CTT Programme supports compliance with the Standards and Recommended Practices in ICAO annex 9 of the Chicago Convention.
1.3 Q: What is goTravel?
A: goTravel is the United Nations-owned software solution supporting Member States in enhancing their capacity to use Advance Passenger Information/Passenger Name Records to detect terrorists and serious criminals analyzing their travel movements in compliance with Security Council resolutions 2178, 2396 and 2482 and human rights and data privacy norms.?goTravel supports the end-to-end process for PIUs and law enforcement to obtain passenger data from (airline) carriers and conduct targeted analysis as well as share the findings of their data assessment. Member States adopt the UN-owned and operated goTravel solution to enable the automated analysis of large data volumes on passengers on all inbound and outbound traffic and to remain in compliance with international human rights and privacy standards.
1.4 Q: What is the process of engagement and licensing of goTravel with a Member State?
A: Engagements with Member States for the implementation and licensing of goTravel are established through a Memorandum of Agreement (MoA) signed between the requesting government and the United Nations as part of the CTT Programme, following the assessment of the capacity of the Member state to implement API/PNR. The legal terms for the adoption of goTravel rely on treaties, conventions and international agreements in place between the United Nations (UN) and its Member States, providing the framework for the MoA to form a legally binding document.
1.5 Q: What is the goTravel International User Community?(IUC)?
A: The IUC membership includes representatives of Member States who are users of the goTravel solution. The objective of the goTravel International User Community is to provide a platform for Passenger Information Units (PIUs) to exchange strategies, knowledge, skills, expertise and opinions with respect to the tool, goTravel, as well as support innovation and continuous development of goTravel. By using the same platform, PIUs enhance standardization, becoming more effective in their work to combat terrorism and organized/serious crime. The IUC is responsible for the governance structures and processes for the continuous development and maintenance of goTravel.
1.6 Q: What is a goTravel Technology Working Group Task Force (TWGTF)?
A: The TWGTF is composed of a team of national substantive and technology?experts from the Passenger Information Unit (PIU), that are the main parties in assessment, pre-production and production activities including the elaboration of requirements/needs, trainings, technology?deployments and support activities onsite (installation, configuration, data migration, etc.).
1.7 Q: How many Member States are currently using the goTravel solution?
A: The earlier version called TRIP, was provided to 10 countries before it was donated to the 缅北禁地and renamed goTravel. TRIP is still fully functional in The Netherlands and other countries. Botswana and Norway are using the UN-Owned goTravel?solution for their daily API/PNR data collection, analysis and dissemination. 23 countries are in the process of adopting the goTravel solution at different stages of the process.
1.8 Q: What are architecture and hardware requirements?
A: goTravel is a software solution that is installed within a Member State’s administration. It runs on Windows x64 architecture and the hardware requirements depend on the yearly average number of passenger data and the local context. The system can be scaled seamlessly to meet the country's high availability standards and growth.
1.9 Q: What types of ICT Technology trainings, workshops and knowledge transfer mechanisms are provided?
A: Configuration and end-user trainings are provided to PIUs and other stakeholders. The CTTP Pillar IV technology team aims at building capacity within the host country so that the goTravel Technology?Working Group Task Force (TWGTF) can administer and maintain the system independently. Documentation, end-user manuals and trainings are provided.
?
2 Data Acquisition
2.1 Q: What types of air traveler’s data can the system process?
A: goTravel can process both API and PNR data. iAPI (interactive API) is currently not supported (For further details, please refer to paragraph 3.11). API and PNR data are provided by air carriers.
2.2 Q: What are the supported data standards??
A: goTravel performs as a single window accepting multiple data transfer standards including receiving API/PNR data from carriers in PNRGOV EDIFACT (version 11.1 to 18.1), PNRGOV XML (version 13.1) or UN/EDIFACT PAXLST (version 05b) formats. goTravel functionalities are?being extended to support all PNRGOV versions.?Supported transmission protocol: MQ, Type B, REST, SOAP, Webservices, SFTP, AS4, SMTP, ebMS 3.0 ?
2.3 Q: Does the system support other modes of travel?
A: There are plans to expand the scope to maritime, international high-speed rail and coach information (For further details, please refer to paragraph 3.11).
2.4 Q: How long can goTravel retain API/PNR data?
A: The system can be?configured so that data is stored (and masked) in line with Member State's legal provisions. The data retention provisions are fully configurable within the system depending on the legislation in each individual Member State.
2.5 Q: Does the 缅北禁地have access to the passenger data?
A: No. The 缅北禁地does not have mandate to access data on passengers travelling in any country in the world. The Country’s Passenger Information Unit is the passengers’ data owner.?goTravel processes and procedures ensure that no 缅北禁地staff members obtain access to goTravel (and any other) production systems and data, unless specifically authorized by the data owner to carry out specific, authorized, and time-bound set of activities (e.g. in case of troubleshooting problems and/or implementing emergency changes in systems for which 缅北禁地staff’s intervention is required).
?
3 goTravel Functionalities
3.1 Q: Can the solution generate traveler profiles?
A: goTravel allows for the configuration of rule based targeting and watchlists from a comprehensive list of available data elements from API and PNR data. Any action performed by goTravel operators in line with their defined?access profile?in the system is to be justified and is logged in the goTravel audit database.
3.2 Q: Is it possible to manage watchlists in the system?
A: Watchlists can be created and maintained in the system depending on the user's role. Watchlists can also be imported in the system. Any action performed by goTravel operators in line with their defined?access profile?in the system is to be justified and is logged for audit purposes. The creation of watchlists and rick indicators?happens when a competent authority requests the PIU to perform such action.
3.3 Q: Does the system provide comprehensive user management features including multi-agency and multi-role access??
A: goTravel follows best practices in terms of role-based access management, supporting different entities and groups accessing the system and performing different functions in goTravel itself. All actions performed in the systems are logged for audit purposes.
3.4 Q: Can a known person of interest be identified before boarding the aircraft?
A: Searching for known individuals is possible before departure as soon as the data has been provided by the airline therefore also several hours in advance of the flight. This search can also be automated in the system and trigger?at any moment the airline provides fresh data.
3.5 Q: What is the data processing time??
A: Data is processed in real-time from airlines and is accessible within a Passenger Information Unit (PIU) with no delay.
3.6 Q: How can the system ensure data quality? What are the processes for data quality checks?
A: goTravel data ingestion mechanisms filter incoming data and check for semantic validity based on international standards. Missing data pushes from airlines are monitored through the goTravel Compliance module. Privacy sensitive data (like?dietary preferences) contained in the Passenger Name Record (PNR) data sets are filtered out and can not be used for rule based targeting?easing Member State's efforts to remain in compliance with human rights and privacy protection international?standards.
3.7 Q: What types of user and management reports can the solution generate/provide?
A: Every single goTravel operator?action in the system is logged for audit purposes. A series of reports is available which provide detailed compliance statistics. goTravel follows best practices in terms of role-based access management, supporting different entities and groups and their processes.
3.8 Q: Does goTravel use Artificial Intelligence (AI), Machine and Deep Learning Algorithms to support the analysis of behavior patterns?
A: AI capabilities are currently not available and might be engineered?in the next generation of goTravel. AI might be introduced within a supervised?environment and relevant algorithms that might be enabled in future will be producing results that will have to be vetted and actioned (or otherwise) by?PIU?human operators.
3.9 Q: Is goTravel able to provide access to other government agencies to request information?
A: Yes, through the?goTravel claims and provisions module, information can be requested by and provided to?the Borders/Customs and other competent authorities as provided by the Member State's legislation.
3.10 Q: Is the system integrated with government’s watchlists and databases??
A: goTravel can import watchlists from other national/international watchlists and databases. goTravel also features the ability to query Interpol’s I-24/7 databases.
3.11 Q: Does goTravel provide for a functionality to request the erasure of my personal data from the system?
A: Yes. Through the "Public Access Window" individuals can request the PIU to erase their personal data from goTravel.
3.12 Q: What other goTravel functionalities the CTTP technology team is currently working on?
A: The CTTP Pillar IV Technology Team is adopting a modular approach to deliver add-ons to the main goTravel core functionalities following strict governance processes and oversight offered by Member States' users of the solution. The International User Community is prioritizing work?on:?
- goTravel (iAPI): The interactive API (iAPI) module will provide national authorities the opportunity to issue a board/no-board advisory message to the airline operators.
- goTravel (Maritime): API/PNR ingestion module for maritime transportation data.
- goTravel (Road): API/PNR ingestion module for road transportation data.
- goTravel (Rail): API/PNR ingestion module for rail transportation data.
- goTravel (Integration): Effective mechanisms in place to enable PIUs and other stakeholders to cooperate, coordinate and exchange information domestically and internationally. The Integration module will interface goTravel with national and international databases including the watchlist system, Interpol’s I-24/7,MIDAS and PISCES through the middleware goConnect and PIU Matching Interface.
- etc.
?
4 Infrastructure and Technology
4.1 Q: What is the time period to deploy the solution? What types of support and services are provided within this period?
A: The goTravel solution can be installed within few days, if the Member State?has the required hardware and software prerequisites in place. The CTTP Pillar IV Technology Team provides ICT technology support throughout the engagement also with assistance on the cyber security posture of the ICT infrastructure and network hosting goTravel.
4.2 Q: Is it Cloud, or Locally hosted??
A: Typically, goTravel is deployed and hosted within Member States data centers, and no data is managed by the United Nations. Additionally, goTravel can also be provided as a cloud solution based on Member State's request in their own cloud based environment.
4.3 Q: How often is the software updated?
A: The International User Community through its governance processes is the key driver?for the further development of goTravel and the introduction of new?features. The Member States' International User Community?can prioritize new?functionality in close cooperation with the CTTP Pillar IV technology team. Support requests?and bug fixes are addressed?in line with service provision key performance indicators outlined in the Memorandum of Agreement signed between the Member State and UNOCT.
4.4 Q: Does goTravel support high availability?
A: All parts of the system can be scaled and?configured for high availability as needed.
4.5 Q: How does the solution ensure system security?
A: To satisfy security requirements and standards critical to the application and data, a security audit of the IT infrastructure including penetration tests are performed, generally by external third party expert providers tasked to identify security risks affecting the infrastructure/network/system layers underneath goTravel that may undermine the whole implementation. Furthermore, the CTTP Pillar IV?Technology Team supports government entities of Member States to continuously perform security assessments in line with international standards (ISO27000).
?
5 Cost
5.1 Q: Will all licenses for the software, databases, utilities, etc. related to the goTravel be provided free of charge?
A: If not already available, some software licenses like Microsoft Windows Server and ElasticSearch will need to be purchased by the Member State to run their local instance of goTravel.
5.2 Q: What will be the cost of the maintenance and support services?
A: For the initial two years period from the date of the signature of the Memorandum of Agreement (MoA), all new releases and updates of the goTravel software and related support services are free to the recipient Member State, as they are covered under the United Nations Countering Terrorist Travel Programme (CTTP) which is generously funded by a number of Donor countries. Should the country using goTravel decide to continue to use the software beyond the initial two-year period, it can opt-in to a non-profit partnership with all other participating states sharing the costs of maintenance, updates and 3rd level ICT support, calculated based on the number of Member States using goTravel and proportionate to their Gross Domestic Product (GDP) per capita. The GDP per capita is a country's GDP divided by its total population. The GDP PPP?index is maintained and published by the World Bank () and is provided at Purchasing Power Parity (PPP). PPP takes into account the relative cost of living, rather than using only exchange rates, therefore providing a more accurate picture of the real differences in income. Based on the GDP PPP index, four bands for contribution for the CTTP goTravel solutions are established and automatically assigned to each country (Band A: $50,000, Band B: $100,000, Band C: $200,000, Band D: $350,000). These amounts translate into a yearly Member State contribution to the UNOCT CTTP programme earmarked to goTravel activities (development, support and maintenance of the software solution).?These yearly rates will start applying for any Memorandum of Agreement for adoption of goTravel signed after 1 January 2024.
6 Data Privacy
How does goTravel address privacy and data protection concerns?
goTravel embeds robust human rights and data privacy safeguards directly into its code, aligning with international standards. Each Member State controls its goTravel instance, meaning the 缅北禁地does not have access to production data, ensuring data sovereignty. PIUs set retention and processing policies based on national legislation, and all data handling actions are logged for transparency and audit purposes
Who is responsible for data retention and deletion in goTravel?
The Data Protection Officer (DPO) in each Member State configures data retention settings within goTravel. Passenger data is automatically deleted after the specified retention period, ensuring compliance with international privacy standards.
What functionalities does goTravel offer for managing watchlists and risk-based targeting?
?
- Watchlists: goTravel can handle unlimited conditional clauses for watchlists, which minimizes false positives. PIUs can configure and justify watchlists according to privacy regulations.
- Risk-Based Targeting (RBT): RBTs are customizable to identify patterns or relationships between passengers (e.g., phone numbers, flight routes) but require justification to prevent unwarranted use. The system triggers only significant risk matches, reducing unnecessary data exposure
?
How does goTravel handle sensitive data matches and alerts?
Sensitive data is only accessible to authorized users. Matches trigger notifications that can be sent via email or SMS, but only at the request of competent authorities after a confirmed hit. Justifications are required for creating watchlists and risk indicators, with all actions logged in goTravel’s audit tables for transparency.
What privacy protections are in place for goTravel’s integration with external databases?
Through the goConnect middleware, goTravel securely integrates with external databases like INTERPOL and MIDAS. PIU case officers can follow up on matches and request additional information from external systems, adhering to standard operating procedures and minimizing sensitive data exposure.
Does goTravel require manual data verification by PIU analysts?
Only for data matches. 99% of passengers are screened without requiring manual verification. PIU analysts receive only records of matches, which significantly reduces the exposure of sensitive data and enhances operational efficiency.
How does goTravel handle manual data queries from competent authorities?
Requests for information (RFIs) are managed through the Claims and Provisions functionality in goTravel, ensuring transparency and auditability in data access. Searches involving data older than the standard retention period require oversight and justification to maintain privacy
What are the reporting and auditing capabilities of goTravel?
goTravel provides detailed reports on data processing and compliance. It identifies and alerts for any missing data pushes, allowing timely corrective actions. All system actions are auditable, ensuring compliance with privacy and data protection standards.
What are the deployment and cost models for goTravel?
?
- Deployment: Member States host and manage their own goTravel instance; it is not hosted by the UN, ensuring national control over data.
- Cost Model: Initial capital implementation costs are covered by UNOCT funding partners. Recurring fees are proportional to each Member State’s GDP and PPP index, with potential reductions as more countries adopt goTravel, reducing the overall cost burden.
?
How does goTravel support international cooperation?
goTravel promotes collaboration among Member States through the International User Community, enabling data sharing and cooperation using the same system. This support bolsters efforts in counter-terrorism by enhancing cooperation and aligning with best practices across participating nations.
goTravel Links
goTravel Demo
To learn more about the goTravel demo version with Member States, please contact the CT Travel Programme team via email.