Tony Smith.

Q12 The Chair: Welcome, everybody, to another session of the Justice and Home Affairs Committee, where we continue to look into various issues to do with e-borders. I am delighted to have Tony Smith as our witness today. Tony, I will ask you to introduce yourself in a minute, but first I just remind you that there will be a transcript of this session and you will have an opportunity to make amendments or changes to it. As we say to all our witnesses, if at the end of the session there are things you really wanted to say but somehow we did not give you the chance to say, please feel free to write to us. We may well ask you a number of things that we would like you to write to us about anyway at a later stage. So, without further ado, would you be kind enough to introduce yourself, the organisations that you represent and those that you worked for?

Tony Smith: Good morning, everybody, and thank you for inviting me to give evidence today. I wear a number of hats. I suppose the most well-known one is that I am a former director-general of the UK Border Force, and I worked in the UK Home Office for 40 years, man and boy. I started on the border back in the 1970s, before computers were invented, and worked my way up to the top job. I was responsible for all the border security during the London 2012 Olympics, which was my last big job here. After my retirement, I set up my own border management consultancy company, Fortinus Global Ltd. We provide consultancy support and advice to Governments and to industry around the world on latest trends in borders and all aspects of borders—immigration, policing, customs, et cetera.

In 2017, I set up a non-profit association called the International Border Management and Technologies Association—a bit of a mouthful, but IBMATA for short. You can google that and see details of all the events. Last week, I came back from chairing an event in Prague. We hold two or three international events around the world where we talk about the latest trends in border management, what best practice looks like, digital disruption of borders, and so on.

I guess this has been my whole life, and I am very happy to answer any questions you may have about whatever I can help you with in your inquiry.

Q13 The Chair: Thank you. I will kick off with a basic question. As you say, you have just come back from an international conference looking at latest trends in border management, so perhaps you could summarise the latest trends in border management and what it is assumed they are there to achieve.

Tony Smith: As I say, I have spent an awfully long time working in borders, and apart from during Covid the number of travellers crossing international borders has grown year on year. It has become much more difficult to cover the border in the way you used to. I used to get your passport, look at you and see whether it looked like you. Many people said, “How would you know?” That is a good question. They were little booklets—there were no computers.

In time, we needed to find a different way of doing things, and we started to bring technology in. That kind of began about 25 years ago with the Sydney Olympic Games in Australia. The only effective way to get to Australia is by air, and the Australians already had a very good interaction with the aviation security systems and so could interact. So you could provide your data to the airline when you booked your flight to Australia, it could send it to the Government, and the Government could do some checks before you landed in Australia.

Then they developed something called interactive advanced passenger information where there was a two-way street. If you were an airline checking me in to go to the Olympics, it would scan your passport, get the data from it, and that would be sent electronically. I could then send a message back to the airline to say, “Don’t board this person”. It was the birth of something called no-fly lists, and that was extended in America in 2001. I was director of ports of entry in Canada between 2000 and 2003, when 9/11 happened, so it became an absolute requirement that passengers had to provide advanced passenger information before they could go to America.

The first real example of this was the Australian example of Sydney 2000, followed by the US ESTA, which you may know about and which you need to get if you are a British passport holder going there. That came in after 9/11, because the Americans wanted to know a lot more about you before you got on the plane rather than when you landed at their border. These are technologies that have developed over the last 25 years to now quite high-powered systems of intercommunication between the aviation industry and Governments, and risk assessment frameworks that are built on top of that so that the data can automatically be checked electronically in advance of arrival.

That has given birth to what we term best practice in international borders, which is what we call pushing the border out: in other words, checking people before they come rather than at the point of arrival. This has two effects. First, you can stop people getting here who you perhaps might not want to come, but, secondly, you can speed up the flow through your borders. I expect you have all used the e-gates when you travel now, which have been widely used in this country. That replaces a lot of the functionality that I used to do in a manual way before we had electronics, in that the passport can be read electronically by a machine, it can match your face—your live image—against the photograph in the chip on the passport, and the gate will open.

There has been an exponential growth of what I suppose we call digital disruption in the borders world and the end-to-end process, which is continuing apace.

Q14 The Chair: That is very helpful. We will come in a second to issues of best practice. Regardless of how good or not they are, if there has been an international conference bringing together people who are using these systems already, or, I assume, thinking of doing so, how many countries around the world are now engaged in this activity of electronic travel authorisation schemes of one sort or another?

Tony Smith: I would say that the vast majority of countries all over the world to a greater or lesser extent are now using digital technologies in their borders space. But there is not much of an international benchmark here. These are very much national programmes set up by national Governments, so some will be more advanced than others. You might not see the ETA electronic traveller permission in many countries, for example, but most countries certainly will have access to airline reservation data. Paper tickets have been done away with now; when you book a flight, you have to go online, and the overarching body for all this is the International Civil Aviation Organization, ICAO, which provides oversight, if you like, and has issued recommended standards and best practices to countries about how they might want to use this. I would say that it is pretty widespread now, but it is in different stages of development depending on where you go.

The Chair: You say that these standards are set. Given that entry into the country is in a sense an immigration issue, why has it been given to a body that represents airlines?

Tony Smith: ICAO started back in the day with the Chicago convention, when people started making passports and said, “What should a passport be like? How many pages should it have? What data should it include? You probably need someone to try to draw up some ground rules”. So although it is a civil aviation organisation, it has members from Governments. It has an annual event that I went to a few times. You do not have to sign up to the standards or the recommended practices, but that is where the birth of the machine-readable travel document happened. People said, “Can’t we put something on the passport so you can swipe it?” “Yes, you can, but do you want everybody doing that in a different way? That won’t be very helpful”. So they said, “If you’re going to use this, these are the sorts of characteristics that you should put in the MRZ”—the machine-readable zone of a passport.

That was monitored across the world, so now you find that all countries of the world have a machine-readable zone in their passports, an MRZ, which makes it easier for airlines to swipe passports and bring up the data straightaway, capturing data and checking watch lists.

It is really an overarching body. It is not really in charge of how you run your border, but I advise countries to be members of it and to look at the recommended practices and standards that are agreed there and make sure that, if you are looking at developing a system in your own country, you are aware of what ICAO is saying about it. There is a lot of documentation on the ICAO website about this.

Q15 The Chair: Thank you. Before we move on to look at best practice, where does the UK, which has started introducing the ETA for a few countries, stand, in your view? Have we been slow to do this, are we at exactly the right time to do it because we learn from other people, or are we ahead of the game?

Tony Smith: Good question. We are certainly not ahead of the game in introducing electronic travel authorisations. As I said, this was done 20 years ago in America, and since then Canada and a number of other countries have gone down that route. We are just getting around to it now. On the other hand, that is not necessarily a bad thing. The technology is moving ahead so quickly that you could find yourself introducing something and then a couple of years later having to refresh it, renew it, or reprocure a system. So the UK approach has been an incremental one. It is set out in the UK’s best border 2025 strategy, which says that incrementally these are the sorts of things we are going to do, and the electronic travel authorisation—the digital permission stuff—is part of a wider programme of development, if you like.

Q16 Baroness Prashar: Good morning, Tony. From your vast and impressive experience, can you tell us about best practice? Which are the good models in operation, from the point of view both of a traveller and of security?

Tony Smith: Good question. This is just me holding workshops around the world with lots of people and forming a view. Other people have different views about what best practice looks like. I would point to three fundamental principles that have emerged. The first is this idea of pushing the border out. How good are you at checking people, and goods for that matter, before they arrive at your frontier—the multiple borders strategy. What can be done from your sofa, on your mobile device, before you leave? What data can we get there, and what can be done at the airport before you board? Those that push the border out and are able to check more things before they arrive are doing rather better than those that are not doing that.

The second is integrated border management. In other words, what are you doing with the data you are getting when it comes to the Government? What are you checking against? There is lots of material in the 9/11 report, and going on from there, about how well Governments are identifying data elements and sharing them with the key agencies that need to see it. I did a lot of this, accrediting people in the London 2012 Olympics when we saw the birth of home-grown terrorism. We were not just checking foreign nationals anymore but checking our own people for risks. So lots and lots of data is coming in. The exam question is: how well do you share it? If that is another marker, if you are doing that well and covering more bases, you are doing rather better.

The third thing is biometrics and identity, which you might want to talk about in a bit more detail. I talked at the top of this about how I knew it was you when I looked at your passport and your photo. People change their appearance. Facial recognition is brilliant now. There are cameras that are so good now that they take points on your face. Some countries are actually putting a camera on the officer’s shoulder to do the visual match against the document. They do not have this in the UK.

So how good is your identity management system? Are you able to confirm that this person is who they say they are and that this document is genuine without an officer doing that physically? That would be my third benchmark. Those would be the three principles. People may say that they have the best border in the world—everyone is going to say that—but how well you are doing on those three things would be the source of my inquiry.

Baroness Prashar: Which countries are doing those things well?

Tony Smith: I have been a head of borders in two different countries now, and I am often asked which one I would prefer to be the head of. In one way, I would pick Australia, because the only way to get there is by air. You have an awfully long flight, probably at least 10 hours before it lands, so there are lots of opportunities to do all this. It is much more difficult if you have a land border or are part of an international agreement or arrangement. So it is really hard to say who does it best. Australia would probably claim that title, but there is not exactly a level playing field there.

At the moment, the Americans are probably driving ahead. We were in San Diego last year and are going to Miami in June. They are very keen to tell us and to share with other countries what they are doing. There is quite a lot of development in the US of things like mobile apps on your phone, so you can do a lot of this stuff on your mobile device before you get there. That is not to say that the Americans are perfect either; you probably all have experiences of landing at an airport in America and waiting for two hours to get through. So there is no perfect country, but I would probably look to north America and certainly Australia for best practice.

Q17 Baroness Prashar: You have given us benchmarks, but what are the pitfalls to avoid in setting up these systems?

Tony Smith: The first one is cost. You cannot do this for nothing. People are now paying to cross a border. People might say, “That’s one of my fundamental rights. You’re charging me to enter your country”. Different countries charge different amounts, and the validity varies. It could be a year, two years, three years or five years; it is up to the Government concerned. So that could be a downside: why are we charging people to cross our border?

The second pitfall is that technology is an imperfect tool. As I am sure you all know, things can go wrong. It requires significant rigour to ensure that it works. There is nothing much worse—it has happened to me, and it may well have happened to you—than when you get to a check-in desk somewhere and the check-in agent swipes your passport and says, “I’m so sorry. You haven’t got a permission to go. You can’t go on this flight”. There is a risk that that is still happening even now in a lot of countries, and it may well happen here.

The UK, in its favour, has told me that it will not enforce this from the outset. In other words, “If you haven’t got one, we’re not going to stop you from coming to start off with. We’ll still let you in but will just tell you that next time round you need to get one”. I think that is the right approach rather than a big-bang approach, where suddenly you have people stuck at airports all around the world who cannot get on their flight because something has not gone through the system. That is a potential drawback as well.

The Chair: That moves us neatly on to Lord McInnes.

Q18 Lord McInnes of Kilwinning: Thank you, Tony. I would not like to be the person on the airport refusing you authorisation. I think you would probably know more about it than them.

I want to follow up on those who are not eligible for an ETA. On the modelling the Home Office has done, the figure could be anywhere between 11,000 people a year, if it was similar to the rate in Australia, and up to 110,000 if the ineligible people were similar proportionally to the numbers in the US. I just wondered what issues you see facing those people and how that can be mitigated and therefore how quickly they would be able to apply for visas, which I guess is the means by which they have to get into the country.

Tony Smith: That is a good question. I am afraid I would not be able to say hand on heart what the answer to that would be. I think there is an expectation that some people will be found to be ineligible for the ETA. I do not work for the UK Government, so I am not fully sighted on the risk assessment framework. But as a matter of principle they will want to make sure that you have submitted the correct data that is required. That is sometimes more difficult if you are doing it manually on a PC and keying it in. People get their date of birth the wrong way round or mis-key something, so a much better way of submitting the data is through the passport chip. You have an interface between your passport and mobile phone. If you have a mobile device, it is quite easy, but if you do not have one, you have to go online and it is perhaps more difficult. So there will be problems with people who are not used to using those kinds of systems to cross borders.

I do not know what the framework will be for refusing somebody an ETA. I imagine that will be done based on what we know about you, and on whether we know enough about you to say, “There’s something about you. It doesn’t mean you can never come to the UK, but we’d rather see you. We’d rather you popped into the embassy and spoke to someone and answered some questions first rather than come in through this system”.

Lord McInnes of Kilwinning: A Home Office report last year said that the two criteria for refusal were security—obviously—and efficiency. I guess that efficiency would really be about people putting in the wrong information rather than a target. I read that as if it might be some target for getting things through very quickly, and some people would be unlucky in not being part of that target. But from what you have said it is more likely that that is actually about the efficiency of the form-filling and what is required to apply.

Tony Smith: I think so, but there are nuances. There are dual nationals and people with permanent residence. There are issues with people with EU settlement. We have EU settlement in this country and have now registered over 6 million people, who have a digital permission to stay here, but how do you demonstrate that when you go to book a flight, get on a plane and say, “Well, actually, I don’t need one”? Does the airline clerk know that you do not need one, and is there any evidence to show it, so you have something you can show them that they would recognise and allow you to board? In my experience, airlines are quite risk averse in this area, because they can get fined if they bring somebody to the border without the right papers. So it is not without its difficulties, and there may be people who will fall foul of this. I think that is why they are taking more of an incremental approach rather than a big-bang approach here.

Q19 The Chair: On the issue of when an electronic application is made by somebody, that is then checked, but presumably it is not checked entirely by an individual human. Algorithms are now used for systems of checking. In those circumstances, one concern this committee had two years ago when it was first looked at this issue was the way the algorithms themselves could be biased because of the data that has been fed into them to start with. Is this an issue we should still be concerned about?

Tony Smith: I would not say biased. What happens now—forget about the ETA—is that if you are coming into this country, your data has already been sent electronically by the airlines to us, and risk assessed by a number of different agencies before you land. We set that up for the Olympics—in fact, before the Olympics. Most countries have a national border targeting centre, which helps us to know who is coming and whether there are any threats coming our way in advance. That is the Advance Passenger Information System. So you are really still just using that for this.

So the data will come in and electronically hit against a number of databases to see whether you are known to us or whether anything about you raises a concern. There is then an opportunity to raise a flag. A flag may be raised by the algorithm, and an officer will look at that to see what exactly the match is and whether that is sufficient to overturn an ETA. The idea is that this will, as you say, be an electronic match against data systems. All other things being equal, if we are satisfied that you are not a threat, you will be issued with the ETA. But remember, the ETA is not permission to enter the country; it is permission to travel. So the Border Force still has the opportunity to intervene and refuse you entry at the border. If something crops up along the way that we find out about, the officer can still refuse you entry even though you have an ETA, because something has come to light in the meantime.

The Chair: Just so I am absolutely clear, in every case where a flight is raised using algorithm electronic checking of an application, that is automatically looked at by an individual before there is a refusal. There is no point at which a refusal can take place without any human intervention.

Tony Smith: That is my understanding. I cannot be definitive about that, because I do not have access to that information, but that would be my understanding.

The Chair: Thank you. We mentioned earlier that the UK has now introduced its own ETA. It has begun with a few countries and is gradually being rolled out. We now move on to our own UK system.

Q20 Baroness Meacher: Tony, can you go through the obstacles and issues that you are coming up against as you try to achieve a successful rollout of the ETA? What are the difficulties you are facing?

Tony Smith: The difficulties are in the technology and the interface between the aviation systems and the government systems. There has to be a good interface through the advance passenger messaging system that works. I do not know whether this is a problem now, as I say, because I do not work for the Government anymore, but one of the problems in the past has been that some low-cost airlines are reluctant to invest in technology. They might not want to issue electronic tickets and electronic systems; they might just want to issue an email or something to you. In which case, it will not work, will it? We are insisting that airlines provide 100% advance passenger information on all non-UK flights. So there has to be a good relationship between the airlines and the Government. I think that is there, because other countries are already doing it. The airlines are already sending data to Australia, Canada and America, so why not send it to the UK?

What worries me more is the non-air routes into the UK, particularly the juxtaposed controls on the channel, as well as on the ferries to Europe. As you know, the Europeans are also introducing their own entry-exit system—ETIAS [1]—for British passport holders. So there is a much more rigorous checking process going on on our EU maritime and rail borders than we had before.

Baroness Meacher: Do you think that will slow up the roll-out of the ETA?

Tony Smith: I do not know about the UK side. I think the key to this is the biometric policy. The UK is not insisting on a fingerprint. You do not need a fingerprint to get an ETA. So everything that is in the passport—the face, the biodata—is all transferable electronically. By and large, passports do not contain fingerprints. Some do, but not very many.

The EU is insisting on all third-country nationals giving fingerprints at enrolment, so British tourists who regularly travel through the Eurotunnel or on the ferries will find themselves having to get out of their vehicles, go to a kiosk and give their fingerprints, because we have yet to discover—I know we have put calls out to the Home Office and to industry—a way that binds your fingerprint to your passport and to you. In other words, I could use your fingerprint on my application, and how would someone know that that was your fingerprint? You can with the face, because that matches the passport, so there are technologies to do that. So it will be clunky, but it will be clunkier for British travellers going into the EU than it will be for European travellers coming into the UK, because of the fact that we are not demanding fingerprints.

Q21 Baroness Meacher: I should think it is a hell of a relief for you, but certainly for the travellers, that they will not have to use fingerprints, so that makes things a lot simpler. Do you think, bearing that in mind, that everything is on track to achieve full rollout by the end of 2024?

Tony Smith: I was fortunate enough to be invited to Lancaster House a couple of weeks ago for the launch to the Gulf States, and a number of Gulf ambassadors were there. This was being heralded as a major step forward for them, from e-visa to ETA, and I think that has gone very well. I think the Home Office is taking a step-by-step approach: “Let’s see. Let’s bring this cohort in”. I do not know how incrementally they are going to bring it in. My very strong advice to it is to do this bit by bit and not to have rigorous enforcement around it.

My worry is if it tries to do it immediately. Frankly, that is what worries me about the EU. It is talking about a big-bang approach in October after the Olympics, which will cause huge queues on our motorways, with British tourists who are unfamiliar with this process thinking that all you need to do is drive to the ferry port or the tunnel, and hand your passport through the window to an officer, who might take a bit longer because he is doing more things now since Brexit, checking watch lists and stamping them or whatever.

Now, for your first travel, you will have to drive to an area, park your vehicle and get out of the car with your family. I heard last week that the transaction time could be seven or eight minutes per vehicle. We are running a fixed link there, Eurotunnel, which is just in time, and you have the through trains and the shuttle trains. So there are much more worries in the operating field. You might want to get some airlines and rail operators to talk to you about this. They would say that they are worried about disruption to their flow, particularly on those just-in-time routes where, with ferries coming in and out of Dover and trains coming in and out, you really cannot afford to add seven minutes on.

There are other ways in which this can be done using technology, but my understanding from the EU Commission is that it is looking at a big-bang approach in October. My advice to the Home Office is: do not do that. Take a slow approach and be particularly careful at the rail and the ferry terminals.

Q22 Baroness Meacher: Do you think the ETA will finally be rolled out?

Tony Smith: I think it is perfectly achievable for air within the calendar year.

Baroness Meacher: Only for air.

Tony Smith: I am not sure yet. I would need to hear more about what they are planning to do with the ferries and the trains, and getting that data.

Baroness Meacher: More like 2025, perhaps, for ferries and trains.

Tony Smith: Potentially, yes.

The Chair: Just to be clear, we had some evidence on these issues last week, and it looks like the issue of people getting out of the car may have been resolved. They are developing an iPad-type system that can be put into the car and people can do it there if somebody is watching. You smile. Why are you smiling?

Tony Smith: Because I do not think it has been resolved. I know the technology is there, but I do not think the ambition of the EU is to implement that on day one. I know Eurotunnel has already invested many millions of pounds on infrastructure on both sides of the border. I have been down there and seen it. I said, “Why are you doing all that? Why are you spending all that money when other things like iPads and phones could be used?” They said that the EU Commission’s position at the moment is that this is the way it has to be done, because it has to be done under the supervision of an officer. So a French police officer will watch you to make sure you are doing this properly, and another French police officer will check that you have done it when you drive up to the kiosk. That is the way it is been set up, and that is because that requirement has been imposed by the EU Commission.

So although there are technologies in place, I am not convinced that they are going to use them on day one. They may bring them in incrementally over time, but I do not think they will. I am worried, frankly, about what is going to happen in October. They are picking October/November. Hopefully that is a quiet time for tourism, but most of the holiday traffic, 80% of the outbound through Eurotunnel, is British passport holders. That will cause long queues if everybody has to get out of their car and do all these things in a kiosk.

Q23 Baroness Buscombe: Just to be clear, it will be only the first time when people go to the EU, from October or thereabouts. Would not you agree that there has been growing concern about the issue of safety for our borders, so anything that improves the safety of our borders, even if it means we are waiting an hour or two, is positive? Obviously people in the EU will feel safe. Also, it is not just us; the US and other every other country in the world wanting to go into the EU will have to go through this process. So although it is a worry in terms of time, the actual process is a good thing.

Tony Smith: We could have a debate on its own about fingerprinting people. That was a big issue for me with the London 2012 Olympics, because to get the Games we had to agree not to do that for Games family members. That caused huge consternation for the Government of the day on security grounds. We were operating at a high-threat security level. In the end, we said, “We’re going to send people out all around the world to the training camps and fingerprint you anyway voluntarily. You do not have to, and even if you do not, we’re still going to fingerprint you when you land at Heathrow”. So we did it then, because fingerprints give you an additional dimension of security that is not available from the facial images, because, frankly, there is a whole raft of international databases of fingerprints that we can check.

So I am a fan of fingerprinting people. I think they would say, “Yes, but this is low-risk traffic, and if we want to fingerprint you when you arrive, we reserve the right to do that. But, as a matter of routine, we’re not going to do that for low-risk travellers”. They define as low risk travellers who do not currently need a visa, who are currently just coming through the e-gates anyway without being asked any questions or providing any biometrics. At least the ETA provides an additional security level to the current as-is model for non-visa traffic.

Q24 Lord Dubs: For a person going from this country to the continent, once they have been fingerprinted the first time, how much quicker will it be the second time they go?

Tony Smith: I think that is still being worked through. My understanding is that you will not need to give your fingerprints every time you go through. Once you have given them, your fingerprints are enrolled on the system and they will use a facial match. But my understanding is that they are still using the kiosk system. There is no mobile app yet like the one we are developing for ETA to get into the EU under the EES and ETIAS. We discussed this last week in Prague at our conference. We had the EU Commission there and a number of EU member states. There is certainly technology there, but I have yet to see that proposal being implemented.

Lord Dubs: So it will not necessarily get any quicker.

Tony Smith: If you are a regular traveller and you get the hang of this and have done your first-time registration—what I call your primo—that will be painful, but once you have done that, it will become a much better system. But we are urging them to look at modern technology and mobile for regular travellers anyway, where you can do all the things that you can do at an e-gate on your mobile device.

There are also companies developing drive-through border models now where you can take facial images through the windscreens of cars. We were out in San Diego testing these in January, and more trials are going on in America. No one has it yet, but as IBMATA we are pushing out feelers to see how good the drive-through border technology is these days. Is it possible to capture all the biometric images and scan vehicles when they drive through rather than everybody having to stop and get out of the car? But that is all work in progress.

The Chair: I will ask one techy question, simply because I do not know the answer. Do all countries’ passports now contain, with the exception of fingerprints, sufficient biometric data to operate with an ETA into the UK?

Tony Smith: All the countries within the ETA ambit do, yes, because they are low-risk non-visa countries that can currently use e-gates anyway. So they have a chipped passport. If you do not have a chipped passport, it will not work. You will then have to find another way of getting the biometrics, which we do through visas.

The Chair: But, through an ETA, all the relevant countries will have the biometric data on the passport, so the check between the passport and the ETA is seamless and nothing else is required, which is why the mobile app solution seems pretty obvious.

Tony Smith: Yes, correct.

The Chair: But it is not being done.

Tony Smith: Because the photograph is the biometric. The three biometrics approved by the ICAO are the face, finger and iris. As far as I know, nobody is putting irises in passport chips. I have not seen that. Some countries are using irises as a recognition tool for trusted travellers but, on the passport chip, the obvious one is the digital photograph, which is pretty much there for anyone who has a chipped passport. Everybody who is within the ETA cohort comes from a country that, as a matter of policy, has put the photograph in the chip. That can be opened and cross-matched against the system.

Q25 Lord Henley: Can I continue with this question about the technology? I am still a bit confused. We are all used to facial recognition; we have that on our iPads and our mobiles to get into our bank accounts and things like that. I use a thumbprint to get into my iPad. Which is best? Is one more secure than the other, or would moving towards the third one that you mentioned, the iris, be even better? Or is the face perfectly good enough and secure enough, providing the appropriate security for the border people?

Tony Smith: From a security perspective, I am advised—you probably need to call more technical experts than me—that the iris is the most difficult of all to spoof, but countries tend not to use iris recognition. We had it at Heathrow 20 years ago—you had to look very closely into a camera and it registered your iris each time—but it is not being used much.

Lord Henley: But as technology moves on, and as the baddies move on, they are likely to get better at spoofing—I think that was the word you used—some of them. Irises will be the hardest, fingerprints will be the second hardest, and then faces. Faces are the easiest at the moment, because we have them on our passports and all that.

Tony Smith: Fingerprints are imperfect too, because that depends on the capture mechanism. There are lots of people developing different ways of capturing fingerprints, and a lot depends on the quality of the fingerprint capture itself, whereas the quality of the face on digital passports is now very high. It is spoofable—I would not want to mislead the committee—but there are people in government who are aware of the spoofing capabilities of international organised criminals and are trying to mitigate them. There will always be a game of cat and mouse at borders on this.

Q26 Lord Henley: Anyway, having said all that about difficulties with the technology and the fact that ETA will not give anyone an automatic right of entry, how will the introduction of ETA fit into the 2025 UK border strategy?

Tony Smith: In the strategy, they are calling it a UPT, a universal permission to travel. Everybody needs a permission to come into this country in the strategy. The big exception is British and Irish passport holders, in that they do not need an electronic permission—their passport acts as the permission—but everybody else needs some kind of electronic permission.

Of course, the gap at the moment is the ETA cohort, because they do not currently need a permission to come and they can just walk through the e-gates. There is no interrogation at the border anymore for EU countries or for a range of other non-visa countries. If you are coming here to work or to study, or for more than six months, you should get a visa—that is the rule—but you could come through an e-gate at the airport and not talk to anybody and no one would know what your means were.

With the ETA you will be setting out criteria at least. You will be asking questions such as, “How long are you coming for?”, and, “What are you coming to do?” You have to make a positive statement to the authorities: “Yes, it’s clear, I understand that this is a permission for visitors only and I want to travel”. That is what everybody else does.

What we lose, though, is this. Call me old-fashioned, but I used to read passports when I was handed them. There was an art to reading a passport; it was not simply checking that it was you but looking through it to see where the person had been to and what other countries they had been in. Countries routinely used to stamp passports. If you read the 9/11 report, you will see that one or two of them stuck postage stamps over places they had been to try to conceal their travel history. That is quite important to a trained immigration officer, because if I have read your passport and seen that you have been in certain countries, I might want to ask you more questions than if you have not.

With all that is lost with these electronic systems, there is no way to do this. Unless you are on the Interpol database as a serious criminal, I cannot read your passport anymore. I do not really know where you have been, and I do not really have an opportunity to ask you, because I am not talking to you. The only way I am going to talk to you is if we choose to set up a system where we have something a bit like a green channel, as we have in customs—you have all been through the green channel—and we intervene on a random or intelligence-led basis.

So I am worried not just for this country but about the way this whole thing is going. Call me old-fashioned, but I liked to read passports. I used to like seeing stamps in them and understanding them.

A Noble Lord: We liked you reading them.

Tony Smith: We used to send signals to one another. You used to know that someone had been refused a US visa, because there was a little mark on the back page that we were trained on. If we refused entry, we put a stamp in there with a cross on it, so in other countries someone could say, “Oh, he was refused entry to the UK. There must be something about this chap”. That is all lost, as far as I know. What I am not privy to are the risk assessment frameworks that are going in on how you assess somebody without talking to them.

Lord Henley: People will become too reliant on what they are receiving from the electronic stuff. I see your point.

Q27 The Chair: That is phenomenally helpful, but you raised one other issue in what you said about people who are coming in being meant to get a visa because they are going to stay for more than six months, or whatever. The European scheme has the ETIAS, which is its equivalent of the ETA, but alongside that there will also be the EES, the entry-exit system. In terms of the ETA, one of the concerns that many people have had about our border systems is that we count people in, but we do not every count them out. We never seem to know whether people who should have been here for a short time have stayed longer. Is that not a failing of the system?

Tony Smith: We do not have an entry-exit system as such, so we do not routinely match a person coming in to their exit, but we do capture exit data. That data is captured by carriers under the 2015 legislation. So when you hand your passport over when you get on a train, a ferry or an airline, you will not see a border officer, but all that data goes to the Home Office. So we are capturing exit data. You could have a subsequent inquiry into somebody for criminal purposes. You could do a physical check to ask, “Can we find this person?”, and look up when he entered and exited the UK. But the EES is designed for everybody to have a record so that they know everybody who has entered the Schengen zone, how long they stayed on that occasion and when they left. In other words, it is a matching system.

It is being set up by an organisation called eu-LISA, which is providing the technology to all the member states to do this, but I would not want to leave the committee with the view that all is perfect between the member states’ view of this and the European Commission’s view of it. Many of the member states were at my event last week. Places like Croatia, Hungary and the Czech Republic may not have the technology and systems to deliver all the things that the EU would like them to deliver. It is their responsibility, not the Commission’s, to set up their own system at their border in order to implement the EES and ETIAS. The Commission will provide the framework and give them access to it. That is where I think they will run into problems.

Q28 The Chair: Can we come back to the UK and our own entry-exit system? We all know of people who, for example, will travel to continental Europe and travel out on one passport—perhaps they have acquired an Irish passport—but come back in on a UK passport. So there is no record of those people leaving, but there is a record of them coming in. There are all sorts of things that people do, and I am not at all convinced that we know how long people are here. If you have a visa for six months and have overstayed your welcome, is that always picked up? Do people come on holiday and continue to stay for the rest of their lives, working in the black economy or whatever? Are these people picked up?

Tony Smith: There is no routine system to throw up somebody who has overstayed, if that is your question. People are recorded as having entered on a given day on that passport, but the e-gates do not stamp passports or ask any questions; they are simply an identity check. From day one, I have had a problem in pushing controllable migrants through an e-gate. I was brought up to ask them questions like, “What are you coming here for?” and “How long are you staying?” Some of my catches at the border in the early days were people who said they were coming for visits, but they were not really. When you looked in their baggage, there were employment references and all kinds of other things. They were just abusing the visitor route.

So there is a drawback to moving towards technology. The face-to-face examination has gone in a lot of these electronic systems. There are probably some good risk assessment frameworks being built, but can they replace the human element? They cannot. The Home Office has told me—in fact, most countries tell me—that, “We’re not removing the officers. The border officer will still be there”. The big question is what that officer will be doing and who he will be talking to.

Q29 The Chair: I will ask you to leave that particular point, because we want to come to it in a bit more detail later. I want to pursue this issue of the system we currently have not picking up overstayers. Is the Europeans’ introduction of the EES something we should have been looking at, or should we now be looking at similar, in parallel with a visa or the ETA? Should there also be an electronic in-out system?

Tony Smith: There is certainly a case for doing more with the data that we capture on exit—doing more matching on that data and identifying people who have come in on a limited ETA, which is valid only for a certain number of months, and whether they have overstayed. The question then becomes what we are going to do about it. The new plan for immigration, a legal migration strategy, is about the best way to detect people in communities and in the country who should not be in the country. What are we going to do about them? In an ideal world, I would absolutely have a digital biometric entry-exit system for everybody who comes in and crosses my border. There are all kinds of issues with our common travel area, such as dual nationals, as you say. There are all kinds of nuances to it, but that should be an ambition.

Q30 Lord Filkin: This has been fascinating so far. This is a narrower question. What is the likely impact of the ETA on the common travel area, and has the Government’s border strategy taken sufficient account of it?

Tony Smith: That is a really good question and one that I have asked myself, to be honest. I can remember implementing the common travel area orders back in the 1970s. There is no immigration check in the island of Ireland or on internal ferries from Ireland to the UK. Now we have had Brexit and Ireland is not part of the Schengen zone, but it is still part of the European Union. We have looked at a number of case studies—people keep raising them—and I do not know the answer. If you are flying into Ireland, the question is whether you need ETIAS and EES to go to Ireland, because it is not part of the Schengen zone. Arguably, although you would have to ask an EU expert, an American going to Ireland could still enter as a non-visa national.

The question for an American who then wants to come to the UK, and goes north into Northern Ireland, is whether we have a mechanism in place to issue them with an ETA in Ireland. I am not sure that we do, to be honest.

Lord Filkin: If you are an American with a right of residence in the Republic of Ireland, you do not need an ETA, but if you are an American who travels into the UK from the Republic of Ireland, you do need one.

Tony Smith: Yes, that is my understanding.

Lord Filkin: Do we have any mechanism at all to distinguish between those two different types of Americans?

Tony Smith: I am not sure. I do not know enough about how this is going to work in the CTA to answer your question, because I am not sure what we are going to do. You have intra-CTA traffic and extra-CTA traffic, so you would have to look at people who are flying into Ireland from outside. We could say to people from the outset, “What’s your travel plan? Are you planning to go to Ireland and then tour round the UK?” and issue them with an ETA in America. If they do not tell us that and say, “No, I’m only going to Ireland” and then, having arrived, say, “Oh, it’s quite nice here. I’d like to go around the UK”, I would be less clear about what mechanism is in place to give them permission to come here from Ireland, because we do not require permissions from people within the CTA. So it is a difficult, technical question, which I am afraid I cannot answer.

Lord Filkin: It is one for us to ask Ministers, in essence. It is a big conundrum.

Tony Smith: Yes, I think you should.

Q31 Lord Dubs: What if you have a person who flies from the States to have a holiday in Ireland and decides that they will go up to Belfast? Is there anything to stop them, except that it would be an illegal thing for them to do?

Tony Smith: Do not forget that an ETA is only a permission to travel; it is not a permission to enter. Your entry into Northern Ireland from the Republic is governed by the entry through Ireland orders, so you would still get permission. You would be deemed permission to enter the UK, but you would not have the electronic traveller permission to fly into the UK.

Lord Dubs: I am not sure I followed that. Somebody flies to Dublin from New York. In the process of doing whatever is necessary, are they automatically deemed able to go into Northern Ireland?

Tony Smith: Yes, they are, under the Immigration (Control of Entry through Republic of Ireland) Order 1972.

Lord Dubs: Are they not then able to flow from Belfast to Glasgow?

Tony Smith: They can do whatever they like. We have a kind of mini-Schengen in the common travel area. You can move around it at will. No one is going to stop you, because there are no immigration controls on the internal CTA borders.

Lord Dubs: Can somebody going from Paris to Dublin also travel north to Belfast?

Tony Smith: It depends what passport they have to start with.

Lord Dubs: They have a French passport.

Tony Smith: If they have a French passport and are travelling within the EU, they have free movement from Paris to the Republic of Ireland, so they will be admitted into Ireland. They should have got an electronic travel authorisation to enter the UK, but we would not be able to issue them with one if we did not know they were coming to the UK. In answer to the question, I do not know whether we have a mechanism in Ireland where people who have changed their minds can go, “Wait a minute. I’m in Ireland now. I want permission to fly to the UK”. I do not think we have that, but this is probably beyond my remit.

Lord Dubs: The travellers may not even know that.

Tony Smith: No, and it is really complicated, because a lot of it depends on what passport you have in the first place. Secondly, it depends on your status in the country to which you are travelling. Thirdly, how do you know someone’s full travel itinerary before they travel? If they are going on a cruise from Miami to various countries, they may find that there are different regulations. A cruise company would say, “You need permission to enter this country, this country and that country”, so these multiple journeys are difficult. A single journey is much easier. A single journey by air is easier still, but when you get into the CTA, maritime and rail, it gets more complicated.

The Chair: You are saying that the role of the Border Force officer has changed dramatically. We would like to hear more about that.

Q32 Baroness Buscombe: That is going to be my question. I started thinking that I was going to ask you whether there is a role for Border Force but, my goodness, I think the role of Border Force has become ever more important, from everything that you are saying and explaining to us, which has been incredibly helpful.

Border Force is an organisation of around 9,000 staff. How has their role changed through the digitisation of the whole system and our borders? In some ways, will their role be more important, if that is possible? How do you feel about what they do now? You have already expressed concerns about not being able to read a passport. When I travel between here and the continent, as we call it—I do so regularly—I am happy that my passport is checked. That may sound old fashioned, but I understand more and more why it happens; it is to check where I have been and where I am going. I am asked, “What are you going to be doing?” In France, I am asked as a matter of course, “What are you going to be doing in France? When you go to the UK, will you stay there?” Can you expand on your thoughts on all this?

Tony Smith: Are you happier seeing an officer or going through a gate?

Baroness Buscombe: Coming home, I am happier going through a gate—only because it is convenient—but, actually, I am happy to see that other people are still being questioned by border staff. I look at the border staff who are standing beyond the gates. What is their role? Could they stop me and say, “You’ve come through this gate, but we’re not comfortable about it. Can we please take you aside and talk to you a little more about who you are and where you’ve come from?”?

Tony Smith: Again, call me old-fashioned, but I am still a Border Force officer at heart. I agree with you. I have yet to see any technologies that can assess intent. You might look and sound good, and you might not be on any system that I check, but you might still be a bad guy. How do I know whether you are a bad guy or not? We have to accept that 99.9% of the people crossing borders are not bad guys—that is a fact—but how do you make sure of that 1%? I am sure you can all look at cases and say, “How on earth did that person get into the country? Why did you not stop them at the border, because they were clearly a terrorist or a murderer? Look at what they’ve done”, but, of course, it does not follow that we would know that at the border. So I do think we still need to interview some people. These days, it is impracticable for any border to interview everybody. There are just too many people travelling; you would not be able to do it.

There are a couple of things here. The first is intelligence-led border control, which you might want to think about. We have been talking about it for a long time. What is an intelligence-led border? As I said at the top, you gather all this information before someone comes and it is all sent to us, so we know that you are coming. We have your data. You have just come back from France. We know that you are coming and we have checked you electronically against our systems.

The next question is: are you somebody who is worth stopping? If you are, the gate will reject you. I will put on a message on the gate saying, “No, sorry, go and see an officer”. You will then go and see an officer. He will have the data that we are concerned about and will talk to you. You need to be assured that there is a system in place for trying to risk-assess people to make sure that they are referred to see somebody if we have something on them that we think is worth it.

What I am more concerned about is: what if there is nothing on you? Have we got that right? How good is our intelligence? Our intelligence is only as good as the data we get, so I am a big fan of data. There are probably lots of people here who would say, “You can’t have all that. Including privacy laws, you’ve got to be careful”, but for me, as an enforcement officer, the more I know about you, the better, because the more chance I have. I am a big fan of things like registered traveller and trusted traveller programmes. Lots of countries have these. We do not have them, but they are where you can opt, or choose, to give us more information about yourself. For example, with US Global Entry, if you are a regular visitor to the US like I am—

Baroness Buscombe: Yes, I am too.

Tony Smith: You know about it then.

Q33 Baroness Buscombe: I think it is great that we have an ESTA. I think that, today, most people are not just getting in their car and travelling; they are checking what they need to do. That is a good thing.

Can I just ask something that I hope is not a red herring? I am thinking, as the public are listening to this and watching our taking of evidence, about the fact that we want to make travel as easy and convenient as possible. But the worst aspect of it, ever since that guy tried to travel with something liquid in his shoe, has been all the security checks that we must go through before we even get to the passport border. Sometimes, that process can be quite upsetting. The people checking us can be quite aggressive if we have not got the right thing out or done this or that. I have heard them say, “If you don’t do this, you won’t be able to travel. We’ll stop you travelling”. Can they do that? Are they linked to you? Are they part of Border Force? Is that system also being done away with, if I can use that expression? I gather that it is. I know that City Airport has already stopped it. Is that linked to Border Force?

Tony Smith: No. It is aviation security—AVSEC. It is managed and overseen by the Department for Transport. The Home Office has an interest, but doing the checks is contracted out to the airport authorities. They are regularly scrutinised to make sure that they meet a certain threshold. That is why they tell you to do all that stuff. If someone finds out that they have stopped doing those checks, they and the airport will get into trouble.

So the answer is yes. They can contact the airline and say, “I’ve got somebody here who’s refusing to open her handbag. I don’t think you should carry her”, but that is not government; it is an airline security issue that the airline and the airport control. AVSEC is not directly linked to Border Force. We do not do outbound checks routinely as part of Border Force anymore. We do not check your passport when you leave the country. We rely on the airlines and ferry companies to give us the data so that we know you have left. That goes back to your inquiry about entry-exit systems and how good they are—or not.

Baroness Buscombe: That is really helpful. I am sure the people who are listening and watching will be thinking, “What about that rather major aspect of the whole process?”. That gives clarity on how it all works.

Q34 The Chair: Can you say a little more for the record about the US Global Entry system and the trusted traveller programme that you would like to see, including where it operates?

Tony Smith: If you will indulge me for a moment, I was the director of ports of entry in Canada after 9/11 happened—oddly, with me being British. We were immediately sucked into debates with the Americans. The biggest problem after 9/11 was the closure of the border. The border was shut. The US just shut the borders—both the land border and the air border—so nobody could get across. People were stuck; those who lived on one side and worked on the other could not get across.

The first priority was to ask, “How do we open up the border? How do we know who to trust? We don’t trust anybody. We’ve just been attacked”. That is where it began. We said, “We need to start risk assessing people and asking whether they are a regular crosser of the border”. If they said, “Yes, I am. I’m really worried about this, because I can’t do my business”, we would say, “Come and see us. We’ll do a specific risk assessment on you”—not on everybody, just them. We created a family of programmes called the registered traveller, or trusted traveller, programme where that person became a trusted person.

We set up a system in Canada where you would come and see us to give your fingerprints and your biometrics. It was all voluntary—you did not have to do it—but, if you did not do it, you were going to have a long wait to get across the border. The Americans did the same thing, so we had a dual risk assessment framework, done by both sides. You then got a NEXUS ID card that proved who you were and that you had been risk assessed on both sides of the border. Now we have NEXUS lanes running across the land border and bridges where you can use your card; you can also use it for flying on trans-border flights. Both countries know who you are, but it does not apply to everybody. That is what Global Entry is.

We chose to register with Global Entry because we did not want to queue up for ages with everybody else. The deal is that if you are prepared to give me additional information about yourself, that enables my risk assessment to be much more thorough. That is how you create the concept of a trusted traveller. We have not really done that here. We dabbled in it a few years ago with a few people, but it did not really work. It could be a solution to the border problems that I described for rail and ferry companies. If the EU wants to risk assess somebody and we risk assess them, you can put them through a separate lane where they are simply recognised as regular travellers and are not the same as everybody else.

This also overcomes some of the concerns that people have about privacy and data. You are saying, “You don’t have to do this, but there is a payback here between the Government and the traveller. If you’re prepared to give me your information, that’s the price of crossing my border really quickly. If you’re not, that’s okay, but we’re going to have to do much more in the way of manual checks against you”.

Q35 Baroness Prashar: I have a question about the role of border officers. We talk about technology, but are we looking at the skills, experience and training required? Is enough attention being paid to developing people who can manage the new systems effectively?

Tony Smith: The difficulty for Border Force now is that there is routine work that can be done electronically which officers do not want to do. In other words, if flights are arriving from trusted destinations full of holidaymakers who we have already checked, we do not want to sit there wasting a lot of time on what we call the haystack. Border Force officers want to find the needle, so we want to give them the tools to find it. That means that the officers have to intervene at various points in the travel journey, which is the exam question: what can they do with what technology? It is almost like having a toolbox and a good tradesman in your house. How good are his tools? If he does not have a toolbox, he probably will not be able to fix your pipes, but he will if he has a good set of tools and the latest technology and can measure things.

We advocate that this breed of border officer—not my breed, but the latest breed—needs to be very tech-savvy and aware. There are things they can learn about behavioural detection and risk assessment. There is a game of cat and mouse going on between the law enforcement agencies and the criminals. They are investing in technology and have money. We need to do the same, and invest in technology, and the training and development of our officers. There is quite a high turnover in Border Force now. Recruitment and retention are much harder than they were. I was really proud when I became a Border Officer immigration officer. My mum and dad said, “Well done, Tony. This is fantastic”. Now, it would be, “Bad luck. You’re an immigration officer at the border. When are you going to get a proper job?”

Baroness Prashar: This is an important part of preparation that gets neglected.

Tony Smith: Yes, I agree.

Q36 The Chair: On difficulties with recruitment and retention, the introduction of all these electronic systems, whether ETIAS and the EES for the EU, or the ETA for us, has an impact on border officers. It changes what they do and the skills they need, but does it alter the numbers that are needed? Should it reduce the number of Border Force officers because we have all this technology, or does it do the opposite?

Tony Smith: In the processing, it does. That is why we walked towards e-gates. An e-gate can process people much more quickly than an officer, so the business case was written and we said that we would push more and more people through e-gates. So you not need as many officers at Heathrow, because all those people are going through e-gates. That is true for that process, but are we cognisant of what is happening and the weaknesses? We have been talking about intelligence, but are we able to deploy more officers where they are needed?

The business case depends on deploying technology for low-risk traffic and our risk appetite. Our risk appetite in the UK has been quite low for non-visa nationals. For two or three years, they have been walking through e-gates with no questions asked. If they are not on a watch-list, they are coming in with no real control over them. The ETA adds a new layer, which gives us more opportunity because it produces more data. Where do you stand on that scale? That demands a port-by-port analysis, including what kind of traffic is coming in and what the risks and threats are.

The intelligence-led border is a thing of the future, but I would never advocate cutting out border officers. How many you need depends on the threats and risks that we face at any given time, which never stay the same at the border. Something new always comes up to try to defeat us.

The Chair: You said that the UK’s ETA gives us more information, but what more does it give? It is all just taken off somebody’s passport.

Tony Smith: No, because we ask questions.

The Chair: What questions are asked in the application for the ETA?

Tony Smith: I do not have them. I thought you might ask me that, but you would have to ask the Home Office, because I do not know exactly what they are. However, as a matter of principle, the sorts of questions that would be asked when you make an application are, “How long are you coming to the country for? What is the purpose of your visit? Are you a criminal? Do you have a criminal record?” A lot of people would say that asking that is a complete waste of time, but I now have a statement with certain declarations on it, which I can use if that person misbehaves later. I can say, “That’s not what you said when you entered the country”. I cannot do that with an e-gate.

Q37 Lord Dubs: You have already touched on my question, so I will try to update it in relation to what you have been saying. What does the future look like with all this? Are we moving forward to a different system and to the day when passports will no longer be necessary? We had an example of somebody who went to Australia and did not show anything; they sailed right through because of pre-checks. Is there any way to move forward and make all this easier, while maintaining the security aspects?

Tony Smith: When I retired, I said that I did not think we would see the abolition of the passport within my lifetime. I have been saying that for about five or six years, but I am not so sure now. We might because of digital travel credentials—DTCs—that could technically replace a passport. It is a chip really, with all the passport data save the travel history. That there is no travel history worries me, but these chips have all the passport data and they are now adaptable. Countries can put extra data on the chip as well as on their system.

So you could envisage having a walk-through or drive-through border. If I know who you are, if I have done all my risk assessments in advance, if I am satisfied that you qualify to enter my country and that you are not a security threat, all I need to know when you land at my port of entry is that it is still you. Unless something has happened en route and you have suddenly become a bad guy, I need to know just that it is still you.

So, arguably, if you are talking about a charter flight of 350 low-risk travellers who went out two weeks ago, are the same people coming back again on the same plane, and have done all the checks, they do not necessarily have to queue up at an e-gate. They could walk through a tunnel—I have seen this in Dubai and in other countries—where, essentially, photographs are taken of them. Things are projected on to a screen; there are cameras taking pictures. When they get to the end of the tunnel, the officer knows that that guy is already green to go.

I went to a conference in Dubai in October last year. I go to Dubai quite often. It just said: “Welcome, Mr Anthony John”. It did not mention Smith. It knew that it was me, and I did not even have to put my passport on the scanner, although I could if it did not recognise me. They have a library of photographs of regular travellers. Facial recognition is so good now that they can match me to their library and say, “I know this chap. Anthony John has been here a few times and seems okay”. It regularly refreshes my record.

I think that is the way it is going to go for people generally. In the years to come there will be a lot more walk-through/drive-through borders, because a lot of this can be done through technology.

The Chair: That is very interesting. This committee, prior to me becoming chair, did quite serious work on facial recognition technology. You might be interested in reading the committee’s report.

Q38 Baroness Buscombe: Here is a rather depressing thought re the low-risk traveller. We know that in every village, town and city in this country we have undetected organised crime, or, if it is being detected, there is very little enforcement. Those people will probably be categorised as low-risk travellers. Do we not have a problem? Should we be looking more closely at what we call a low-risk traveller?

Tony Smith: When I talked about best practice, I mentioned three factors. That goes to the integrated border management bit of this, because a raft of different agencies are involved now rather than just Border Force. Border Force can bring things to the party, but when we are talking about communities and who is in them and who is misbehaving, depending on the level of it it falls to the relationship between the National Crime Agency, county lines and the local police. UKBA, when I was there, set up some really good regional structures and had a lot more regional input into anti-crime measures from a Border Force and immigration enforcement perspective. That is what they need to do.

You are right to highlight that “border” comes in three bits. There is the pre-entry bit and how confident you are in your visa system, because if you are going to do the things that I suggested to Mr Dubs we might do and have people walking through your border, you want to make damn sure that you have done a pretty good check in the visa system or the ETA system in advance, if you can.

There is also the after-entry in-country element. A week rarely goes by when I am not contacted by media to explain how this person got into the country and has now murdered somebody or done something dreadful and why we did not know about them. Interpol is imperfect. Not everybody is on Interpol. There is no universal criminal record. Interpol has red notices and green notices of really bad guys, but it is an imperfect system.

So how do we work together at both national and international level to combat international organised crime? That is the exam question. Last week we saw Europol and Interpol. They have some fantastic technologies. Facial recognition was mentioned. There are facial databases now of really bad guys who could probably buy 20 different passports in different countries with different nationalities. They now have images of those guys, and they are making them available to Border Force officers around the world. So whenever they get the image, whether at the ETA stage, at the border or wherever they are doing it, they can send it to Border Force officers and give them a pretty close instant response on whether that might actually be someone else they want to stop.

Those are the kind of things that, from a border security perspective, I am really interested in, but it comes down to collaboration. You cannot do this in Border Force on your own or even in the Home Office on its own. You need a much better mechanism of integrated border management for that.

Baroness Buscombe: That is very helpful. Thank you.

Q39 The Chair: Very helpful indeed. You have described a number of things that are not happening. We have just had a conversation about something that the ETA is not going to solve. To round it off, what do you understand the ETA to be intended to achieve, and do you think it will do so?

Tony Smith: It is intended to enhance security. I think it will help with security, because we will be getting more data on which we can do more checks. It will help in keeping people out of this country—that is, off planes—so that they cannot get to this country unless they have already been checked by an officer.

In that regard, I would need to know more about the risk assessment framework. I am really interested, as I say, in what we are doing with that data. If we are deploying integrated border management techniques and running them against various agencies, both national and international, that could provide us with much more opportunity to push the border out, which you want to do, and the ETA helps here. Part of that is security and preventing people from getting here.

The side benefit will be that if all those checks have been done and you are satisfied that they are robust enough, you have all kinds of options for facilitation at your airports and people will be able to come through much more quickly. As I say, all we need to know is that that is still you, and there is biometric technology available to do that.

The Chair: So the critical thing is understanding the risk profile that is intended to be used. The danger, of course, is that at certain times it will be dropped just because we know there will be a lot of people coming because it is the start of the summer holidays or whatever.

Tony Smith: I do not know about the latter point. Certainly on the former point, I do not work in the Home Office anymore, but I suspect that that is exactly what it is working on: how robust it is. I did this for the London 2012 Olympics. We did a lot of checks with a lot of agencies. Once you have that data and got agreement, you do not have to share that data with everybody. They do not tell me what they have, but they could just put a flag up, the security service could put a flag up, or policing could, the NCA could put a flag up the next morning, and we say, “Okay, we’re not going to grant that one, not today anyway”. Some of those meetings go right the way up to Ministers: “Do you want to let this person in or not? There’s a potential risk, but what’s your risk appetite?” That is what that judgment is.

There are mechanisms in place to risk assess people coming into the country that we have had for some time now. That is what I am really interested in. You can lower your risk assessment to a point only if you are satisfied that thorough checks are being made at the start of the process. If you are pushing all the processing to the start, how good are your checks at the visa and ETA stage? That is my inquiry.

The Chair: Tony, on behalf of the entire committee, thank you very much. It has been a very helpful session. We are very grateful.

[1] The witness has confirmed that this is a reference to the Entry/Exit System (EES).