Policy study on an EU
Electronic System for travel
Authorization (EU ESTA)
February 2011
Annexes
Case Study: The Australian Electronic Travel Authority, eVisitor and eVisa systems
296
A Case Study: The Australian Electronic Travel Authority,
eVisitor and eVisa systems
Case Study: The Australian Electronic Travel Authority, eVisitor and eVisa systems
297
Case Study: The Australian Electronic Travel Authority, eVisitor and eVisa systems
298
Policy study on an EU
Electronic System for Travel
Authorization (ESTA)
Australian mission
February 2011
Electronic System for Travel Authorization (ESTA)
ers
2
Contents
Contents
i
Purpose
5
Executive summary
6
1
9
General Information
1.1
Introduction of the ETA, eVisitor and
eVisa systems
9
1.2
Drivers behind introduction
9
1.3
Overview of how ETA, eVisitor and
eVisa work
10
Relationship between ETA, eVisitor,
eVisa and regular visas
13
1.4
2
Objectives
14
2.1
Objectives
14
2.2
Benefits
18
2.3
Disadvantages
21
2.4
Balancing security and traveller
facilitation
22
Role in Australian Border Security
23
2.5
3
Scope
25
3.1
Third country nationals eligibility
25
3.2
Visa-exempted third country nationals
28
3.3
Introduction of eVisa and eVisitor
alongside ETA
30
3.4
Country-centric approach
31
3.5
Land, Air and Sea travellers
32
3.6
Target groups and exemptions
32
3.7
Age limits
36
4
Data collection and processing
38
Contents (continued)
4.1
Personal data collection
38
4.2
Biometric data collection
40
4.3
Database checks
44
4.4
Advance Passenger Information (API)
49
4.5
Passenger Name Records (PNR)
50
5
Compliance with data protection principles
52
5.1
Ensuring full compliance
52
5.2
Minimising privacy impacts and risks
57
5.3
Disclosure of data usage
57
5.4
Right to access, correct and delete
personal data
58
5.5
Preventing unlawful data processing
59
5.6
Role of data protection supervisory
authority
59
Impact on fundamental rights to
private life
59
Privacy issues surrounding biometric
data
59
5.7
5.8
6
6.1
Implementation
62
Role of private sector in
implementation
62
6.2
Phasing of implementation
62
6.3
Effect of travel method on
implementation
64
6.4
Implementation time frames
64
6.5
Leveraging existing applications and
infrastructure
65
7
Practical and Procedural Issues
66
7.1
Application processing times
66
7.2
Application lodgement channels
68
7.3
Application submission process
69
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
ii
Contents (continued)
7.4
Digital signatures and passwords
70
7.5
Validity period
70
7.6
Pre-checks
71
7.7
Automation of pre-checking
71
7.8
On-site applications
71
7.9
Urgent applications
72
7.10
Evidence of authorisation
72
7.11
Responsibility of airlines and carriers
in performing checks
72
8
Financial aspects
8.1
74
Estimated and actual cost of
implementation
74
8.2
Key cost components
76
8.3
Fees
76
8.4
Application volumes
78
9
Legal aspects
81
9.1
Legal framework
81
9.2
Responsible authority
82
9.3
Family members of Australian citizens
82
9.4
Consequence of refusal for visaexempted travellers
82
10
Impact on stakeholders
84
10.1
Impact on border control procedures
84
10.2
Impact on consular offices
84
10.3
Impact on airline and cruise
companies
86
Appendix A
Summary of stakeholder interviews
91
Appendix B
References
92
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | iii
Purpose
A ―fact finding mission‖ was carried out by PwC Australia on the
three different but related Australian travel authorisation systems:
Electronic Travel Authority (ETA), eVisitor and eVisa. PwC Australia
was required to collect all necessary information regarding the
objectives of these systems and their experiences gained so far of
meeting these objectives, the legal framework, and the technical and
practical implementation, by conducting interviews with appropriate
stakeholders in Australia, mostly within the Australian Department of
Immigration and Citizenship (DIAC), which is responsible for the
different travel authorization systems, and conducting on site visits in
the port of Sydney and Sydney International Airport.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 5
Executive summary
Executive summary
The Department of Immigration and Citizenship (hereinafter: DIAC)
is the authority responsible for ―building Australia‘s future through the
well-managed entry and settlement of people‖. DIAC delivers the
Electronic Travel Authority (ETA), eVisitor and eVisa systems as part
of Australia‘s layered approach to border management illustrated
below and described in more detail in section 4.3.
The layered approach performs
checks throughout the travel
process including during the
application, at check-in, after
check-in and on arrival in
Australia. The ability to perform
these checks is supported by
Australia‘s location relative to the
departure point for travellers and
the consequent length of travel
time post check-in.
The layered approach and range of visa / travel authorisation
products enables DIAC to customise its approach according to the
traveller and their circumstances. The tailored approach requires a
configurable and flexible architecture to support DIAC.
As part of the layered approach, DIAC maintains a universal visa
requirement that enables it to track the entry and departure of all
individuals to and from Australia. While the departure of an individual
is recorded, DIAC does not have the statutory power to prevent an
individual from departing. The universal visa requirement is
supported by a number of delivery channels including the ETA,
eVisitor and eVisa.
The ETA, eVisitor and eVisa are electronically stored visa / travel
authorisations for travel to Australia. They replace the need for a
visa label or stamp in a passport and lessen DIAC‘s reliance on
paper application forms. The interfaces between electronic systems
also enable a faster turnaround on applications with an ―auto-grant‖
facility available to a large proportion of the ETA and eVisitor
applicants. The auto-grant facility enables DIAC to automatically
grant visas / travel authorisations to individuals that meet certain
criteria without the need for manual handling of the application.
When assessing a country for access to the auto-grant facility,
consideration is given to approval of grant rates, modified non-return
rates, protection visa rates and cancellation rates.
Drivers behind the introduction of the ETA, eVisitor and eVisa
include:
Facilitating tourism growth;
Process improvement; and
Visa reciprocity arrangements.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
6
Executive summary
Full details on the drivers and objectives of these products can be
found in section two of this report.
The implementation of ETA commenced in 1996 with nationals
gradually being added to the eligibility list. DIAC was supported by
CPS Systems through a subcontractor relationship during the
implementation and continues to maintain a contractual relationship
for the operation of the ETA system.
The eBusiness system and Integrated Client Services Environment
(ICSE), which facilitate the eVisa and eVisitor, were developed
internally by DIAC during 2000-01. The electronic delivery channels
have been gradually rolled-out across DIAC‘s visa range and cover
27 products as at March 2010, including the eVisitor product
introduced in October 2008. Further information on the role of these
systems and databases is provided in section 4.3.
While the range of electronic visa / travel
authorisation products currently meets
DIAC‘s business requirements and their
original objectives, DIAC‘s long-term
aspirational goal is to have one platform
for managing electronic visas and travel
authorisations. Section four of this report
outlines the systems involved in
managing Australia‘s border and the
interactions that take place between the
network of systems.
Travellers applying DIAC users
online for ETA
Traveller applying for
eVisa / eVisitor
ETA
Carrier user
application access maintenance
Air and Sea passenger and crew boarding requests and directives
eVisa
eVisitor
Internet
Air/sea staff users
Internet
DIAC users
Audit queries and reports
Crew system
Internet gateway
Intranet gateway
New Zealand APP
System
Regional Movement Alert
System
Data sharing requests
and responses
RMAS requests
and responses
Internet gateway
Airline check-in agents
Departure Control System
SITA network
Communications
Gateway
Airline crew management users
Electronic Travel
Authority (ETA) system
Integrated Client Services
Environment
(ICSE)
Australian Advance Passenger Processing
(APP) system
Document Alerts
New Zealand passports
Australian passports
Movement Record
Expected Movement Record
Australian visas
Document Alert List
(DAL)
New Zealand Passports
Database
Australian Passports
Database
Movement Records
Expected Movement
Records
Australian visas
(ETA, eVisitor, eVIsa,
regular visas)
New Zealand passports
Australian passports
Movement Record
Expected Movement Record
Australian visas
Travel agents
Central Movement Alert
List (CMAL)
Travel & Immigration Processing System
(TRIPS)
Immigration Records
Information System
Movement Record
Expected Movement Record
Person Alert List (PAL)
Offshore visa applications
Passenger Analysis
Clearance and Evaluation
(PACE) system
Overseas posts
Customs officers
Throughout the development and operation of the ETA, eVisitor and
eVisa DIAC has worked closely with the Office of the Privacy
Commissioner (OPC) to ensure compliance with the Privacy Act
1988 and related guidelines. The collaborative relationship was
further strengthened in 2006 when DIAC signed a 12-month
Memorandum of Understanding with the OPC with the objective of
fostering a high level of privacy awareness in DIAC.
DIAC‘s authority is provided through the Migration Act 1958 and the
legislation is structured appropriately to allow DIAC to provide
additional delivery channels such as the ETA, eVisa and eVisitor
without significant changes to the underlying legislation.
We wish to acknowledge the efforts of DIAC in facilitating this
research study. DIAC‘s positive engagement reflects their clear
interest in improving border management and traveller facilitation
processes globally. While DIAC was supportive throughout the
engagement, we recognise and respect that certain pieces of
information could not be provided for reasons of security and
confidentiality. Beyond that currently available in the public domain,
DIAC was unable to provide information on:
the exact reasons/criteria for determining eligibility for an ETA,
eVisitor and eVisa;
the details of the risk profiling process; and
the financial costs and impacts of the systems beyond that
publicly available.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 7
Executive summary
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
8
1
General Information
1.1
Introduction of the ETA, eVisitor and
eVisa systems
Development of the ETA system commenced in January 1996. It
was implemented in Singapore on a trial basis on 11 September
1996, for Singapore and US passport holders travelling on Qantas
and Singapore Airlines. In May 2001, the then Minister agreed to a
trial of a system to allow applicants to obtain an ETA over the
Internet. Implementation began in June 2001.
The eVisa program began in December 2000 after the feasibility of
enabling visa applications to be lodged via the Internet had been
tested. The proof-of-concept for electronic visa lodgement began in
1999 with the Student Internet Project that enabled Australian
universities to lodge student-permission-to-work applications via the
Internet. DIAC first introduced eVisa in August 2001. All applications
released since the initial eVisa application have been built using a
common architecture and framework.
The eVisitor product was framed on the ETA, but leveraged the
existing eVisa platform and replaced Internet ETAs for all European
ETA eligible travellers from 27 October 2008.
1.2
Drivers behind introduction
1.2.1 Drivers behind introduction of ETA
The growth in international travel and the projected number of
visitors expected for the Olympics in Sydney in 2000 presented
DIAC with the challenge of handling large numbers of bona fide
travellers while preventing entry of undesirable persons. The
internationalisation of the economy and the consequent need of
business to move readily in and out of Australia reinforced the need
to facilitate entry for short-term visitors whilst maintaining border
security needs.
1.2.2 Drivers behind introduction of eVisitor
Council Regulation (EC) no. 539/2001 establishes joint lists of third
countries whose citizens are required to have a visa (negative list)
and of third countries whose citizens are exempted from the visa
requirement (positive list) by the Member States. Member States
joining the EU in 2004 and 2007 had to implement this Regulation
and abolish the visa obligation for third countries of the positive list.
According to the reciprocity principle, when the European Union has
exempted a third country from the visa obligation, this third country
should also exempt European Union citizens from the visa
obligation. However, Australia had maintained the visa obligation for
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 9
General Information
citizens of one or more Member States. At the time, nationals of the
Member States wishing to visit Australia had differing visa / travel
authorisation requirements, these are outlined below:
Nationals from 14 EU member states required an ETA;
Nationals from 11 EU member states required an eVisa; of
which seven were granted the so-called ‗auto-grant‘ facility.
To deliver on the commitment between the Australian Government
and the European Commission to introduce reciprocal short stay
travel arrangements for their nationals, while still maintaining the
universal visa system which underpins Australia‘s layered approach
to border management, eVisitor was introduced in 2008.
The eVisitor also enabled DIAC to perform additional profiling of
travellers beyond that currently provided by the ETA system.
1.2.3 Drivers behind introduction of eVisa
Prior to the introduction of eVisa, the majority of visa applications
were handled in paper form. Relative to the near immediate
accessibility of electronic channels and media, the manual
lodgement and handling of applications was more labour intensive
which potentially restricted DIAC‘s ability to handle future increases
in demand for visas and travel authorities.
The eVisa program was introduced to provide significant process
improvement to DIAC whilst addressing two conflicting imperatives
for DIAC. The tourism and education industries wanted the entry
barriers to Australia reduced, to encourage tourists and fee-paying
students to visit, however Australia needed to retain the integrity of
its border.
The eVisa program simplified the entry process for low-risk highvolume visitors whilst increasing the integrity of Australia‘s borders
(by having an improved and consistent objective assessment
process) and enabled DIAC to deal with increasing volumes whilst
reducing the cost of service.
1.3
Overview of how ETA, eVisitor and
eVisa work
1.3.1 Overview of approach to border
management
Australia's border management system is based on a number of
layers, including:
a universal visa system which includes ETA, eVisitor, eVisa
and regular visas (with immigration alert and other forms of
integrity checking);
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
10
General Information
the Advance Passenger Processing (APP) system, which
operates at check-in overseas and applies to passengers and
crew on international passenger cruise ships and to
passengers and crew who join round-trip ship cruises before
they return to Australia;
the Airline Liaison Officer (ALO) network; and
processing at Australian airports and seaports on arrival.
Refer to section 4.3 for more information on the systems and
databases involved in border management,
1.3.2 How ETA works
An ETA is an electronically stored authority for travel to Australia.
While the terminology used is different to eVisa and eVisitor, an
electronic travel authority is fundamentally a ―visa‖ just like the
eVisa, eVisitor and regular visa. The ETA simply provides another
channel for addressing the Australian visa requirement.
ETA information is accessible by airlines, travel agents and
Australian border agencies. Individuals do not need to visit a
Departmental office to submit an application and they do not receive
a stamp or label in their passport. Applications can be made via the
internet or through a travel agent, airline, specialist service provider
or offshore visa office. While applicants do not receive a physical
label, they are provided with a confirmation for their records following
grant of an ETA.
Following lodgement of an ETA application, automatic checks are
performed against the Central Movement Alert List (CMAL) prior to
granting of an ETA.
The ETA is linked to the passport number the individual indicates in
their application and they must use the same passport to travel to
Australia. At check-in, airline staff use the passport number to verify
that a traveller has authority to travel to Australia through their
Departure Control System which is linked to the Advance Passenger
Processing (APP) system. The APP accesses DIAC‘s visa database
which allows the airline staff member to check that the traveller has
a current ETA.
Although a check is performed at check-in, Customs officers at the
primary line in Australia also perform an additional check on arrival
at the border crossing point. Australia‘s relative geographic
separation from a number of its main visitor sources enables DIAC
to perform multiple checks against the Central Movement Alert List
during a traveller‘s journey (including during the application process,
post check-in and on arrival).
If the individual obtains a new passport and is outside Australia, they
must obtain a new ETA, or another type of visa, before travelling to
Australia. Otherwise they will experience significant delays at the
airport/seaport and could be denied permission to board.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 11
General Information
If the individual leaves Australia on their ETA, they will not be able to
re-enter until they have obtained a new ETA, or another type of visa,
on their new passport.
1.3.3 How eVisitor works
An eVisitor is an electronically stored visa for travel to Australia.
Individuals can apply for an eVisitor over the internet and do not
need to visit a departmental office. Applicants do not receive a
stamp or label in their passport, however they are provided with a
confirmation email for their records. While similar to the ETA in a
number of ways, key differences exist between the eVisitor and the
ETA including the platform on which they operate and the scope of
information collected from applicants. The eVisitor runs on an
internally developed eBusiness system and Integrated Client
Services Environment (the same systems used for eVisas), whereas
ETA uses the existing network of Societe Internationale de
Telecommunication Aeronautiques (SITA) for communications and
an internet portal developed by a contractor for DIAC. The dataset
collected for ETA is also a smaller dataset than that potentially
collected through eVisitor. For further discussion regarding the
personal data collected, refer to section 4.1.
Similar to the ETA, following lodgement of an eVisitor application,
automatic checks are performed against the Central Movement Alert
List (CMAL) prior to granting of an eVisitor.
Once again similar to the ETA, the eVisitor is linked to the passport
number the individual indicates in their application and they must
use the same passport to travel to Australia. At check-in, airline staff
use the passport number to verify that a traveller has authority to
travel to Australia through their Departure Control System which is
linked to the Advance Passenger Processing (APP) system. The
APP accesses DIAC‘s visa database which allows the airline staff
member to check that the traveller has a current eVisitor.
Although a check is performed at check-in, Customs officers at the
primary line in Australia also perform an additional check on arrival
at the border crossing point. Australia‘s relative geographic
separation from a number of its main visitor sources enables DIAC
to perform multiple checks against the Central Movement Alert List
during a traveller‘s journey (including during the application process,
post check-in and on arrival).
If the individual obtains a new passport, they must advise DIAC of
the new passport details before travelling to Australia to enable the
eVisitor to be transferred. Otherwise, they will experience significant
delays at the airport/seaport and could be denied permission to
board.
1.3.4 How eVisa works
There are a range of eVisa products, all of which operate according
to the requirements of that particular visa subclass. However, the
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
12
General Information
common process underlying the eVisa is similar to that of the
eVisitor which is outlined in section 1.3.3.
Rather than being a replacement for the existing visa requirement,
the eVisa is simply an additional channel for lodging visa
applications and receiving visas (ie an electronic visa linked to the
traveller‘s passport rather than a physical visa label affixed to the
passport). The requirements and conditions underpinning a regular
visa are still applied to travellers that obtain an eVisa.
1.4
Relationship between ETA, eVisitor,
eVisa and regular visas
The ETA system and eVisa/eVisitor system are separate facilities for
providing visas/travel authorisations electronically. While the
terminology is different (ie visas and travel authorisations), the
Australian National Audit Office (ANAO) indicated in its Performance
Audit on the ETA system in 2008 that an ETA is in fact a visa. The
view taken is that a visa is not a physical object but simply
permission given to a non-citizen to travel to, enter and remain in
Australia. The ANAO also indicated that as more electronic systems
for providing visas are introduced, such as the eVisa and eVisitor,
the value of maintaining this terminological distinction will diminish.
In comparison to the ETA system, the eVisa/eVisitor system (both
facilitated by the eBusiness system and Integrated Client Services
Environment) collects more data and enables simpler integration
with other Departmental computer systems. The ETA system‘s
strength lies in its use of existing communications technologies
within the travel industry.
The ETA and eVisitor were developed to facilitate entry for tourists
and business visitors. Their similar purpose and scope was
highlighted by the fact that when eVisitor were introduced in 2008,
certain countries that were originally eligible to apply over the
internet for an ETA had their eligibility transferred across to the
eVisitor program and were no longer permitted to apply for an ETA
over the internet. However, nationals from those countries may still
apply for an ETA through a travel agent, airline, specialist service
provider or an Australian visa office outside Australia.
The eVisa system is complementary to the regular visa system,
providing electronic access to over 27 products, including visas such
as the tourist visa (subclass 676) and the working holiday maker visa
(subclass 417). The eVisa is simply another channel for DIAC to
interact with its clients.
While operating on the same platform as other eVisa products, the
eVisitor does not have a paper application counterpart (ie there is
not a subclass 651 visa that can be obtained using a paper
application form).
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 13
2
Objectives
2.1
Objectives
2.1.1 Objectives for the ETA system
The key objectives underpinning development of the ETA were to:
support the tourism industry by providing a facility that could
handle the anticipated growth in short-stay visitors to Australia;
improve client service by making visitor visa issuing and entry
processes faster, simpler and more efficient;
avoid significant increases in the cost of overseas visa
processing;
leverage and consequently extend the life of existing
airport/border infrastructure; and
ensure the integrity of Australia‘s borders are maintained
(through the operation of a non-discriminatory universal entry
system facilitated by a combination of products including the
ETA).
During 2008-09, approximately 2.3 million of the 3.3m visitor visas
granted were ETAs (~70%). While this figure was down from 200708 levels (~76%) the result may have been impacted by the
introduction of the eVisitor and still represents considerable growth
since the introduction of the ETA in 1996. This level of growth
provides evidence for DIAC‘s claim that the ETA has supported the
tourism industry by providing a facility capable of handling the
growth in short-stay visitors to Australia.
DIAC has reported performance against service standards in their
2007-08 Annual report for visitors and working holiday visas. The
information provides a view on the impact of the ETA on processing
times. For example, against the service standard of having 75% of
low risk non-sponsored visitor‘s (short stay) applications finalised in
one day, 99.07% of offshore applications (ie applications that are inscope for the ETA) meet the service standard whereas only 47.46%
of onshore applications meet the service standard (ie applications
that are outside the scope of ETA).
A representative of DIAC also noted in the House of Representatives
that a passenger survey had been conducted pre- and postintroduction of the ETA. The survey results indicated that 96% of
passengers were happy with Australia‘s visa arrangement, two per
cent higher than in 1995 before the ETAs were introduced.
In the Electronic Travel Authority Audit Report (1999) the Australian
National Audit Office (ANAO) had difficulty in establishing the
document which presented the business case for the ETAS. DIAC
advised that the Business Area Analysis (BAA) developed by CPS
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 14
Objectives
Systems (the contracted provider) in June 1995 was the business
case for the ETA system. Regardless, the ANAO suggested that a
more formal and visible approach to approval and accountability
would have provided greater assurance of effective results.
The projections in the BAA document, which DIAC advised
represented the Business Case for ETA, showed savings in the
order of $17 million per annum realised by financial year 1999–2000.
However, the July 1997 projections identified the savings to be in the
order of $3.8 million.
Projected ETA savings at time of implementation
The ANAO found no evidence to indicate that DIAC had monitored
the savings generated from the ETA system for 1997–98 to establish
whether the saving estimates were realised. Although there is no
data on savings actually achieved, DIAC has clearly been able to
reallocate its overseas staffing resources from low risk ETA
overseas posts to high risk non-ETA overseas posts. Although
overseas staffing was broadly constant between 1995–96 and
1998–99, the ANAO established that there was a marked
redistribution from ETA overseas posts to non-ETA overseas posts
of higher risk with the redistribution particularly evident for locally
engaged staff in visitor visa processing.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 15
Objectives
Overseas staffing levels following introduction of the ETA
Locally engaged staff in visitor visa processing
As indicated, DIAC was not able to provide the ANAO with
comparative information on the cost of processing visitor visas.
However, the ANAO‘s analysis suggests some reductions in the visa
issuing costs, and a financial gain in the long term from the ETA
system.
In regards to extending the life of existing airport/border
infrastructure, interviews with DIAC have indicated that the extent to
which the ETA has extended the infrastructure‘s life (including the
use of the SITA network) has been tempered by the increased traffic
facilitated by the ETA.
Prior to the introduction of the ETA, the Joint Standing Committee on
Migration (JSCM) had considered whether Australia had streamlined
visitor entry sufficiently or whether the visa requirement for visitors
should be abolished to remove impediments to tourism flows. Based
on the subsequent outcomes of the JSCM and the take-up of the
ETA, the ANAO indicated in its 2007-08 Follow-up audit that
adopting the ETA allowed Australia to maintain its universal visa
system.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
16
Objectives
2.1.2 Objectives for the eVisitor system
The objective for the eVisitor system was to simplify entry for the
more than a million Europeans visiting Australia each year in order
to enhance cultural links, encourage tourism growth and facilitate
streamlined business relationships. Similar to the ETA, the eVisitor
also aimed to improve client service by making visitor visa issuing
and entry processes faster, simpler and more efficient.
As an indication to the extent to which entry has been simplified, a
total of 86.01% of eVisitor applications were autogranted in 2008-09
with an overall grant rate of 99.18%.
However, the Commission continues to closely monitor the eVisitor
program as a significant number of applications are still handled
manually. The Commission has also indicated that the assessment
on whether the eVisitor system is tantamount to the Schengen visa
application process is ongoing.
2.1.3 Objectives of the eVisa system
The objectives for the eVisa system included:
Supporting global working via local processing. eVisa enables
DIAC to interact with travellers in eligible countries, whilst
processing applications within Australia;
Increased convenience and accessibility for clients by
enabling applications to be made via the internet; and
Improved process efficiency through a reduction in manual
handling of visa applications.
The percentage of applications lodged through the eVisa channel
provides an indication as to the extent to which the first two
objectives have been met. For example, 98% of Working Holiday
(subclass 417), 76% of Work and Holiday (subclass 462) and 51.9%
of student visa (range of subclasses) applications were lodged
through eVisa during 2008-09. DIAC monitors the take-up rates
through their annual report.
DIAC‘s progress against the third objective can be somewhat
measured by the percentage of eVisa applications that are
automatically granted, since this suggests that a reduction in manual
handling. In 2008-09, 98% of all Working Holiday (subclass 417)
visas were lodged electronically and 77% of these were granted
automatically. The autogrant rate for offshore e676 applications of
53.46% also indicates potential process efficiency gains for DIAC.
The 2008-09 Annual Report notes that the continuing high eVisa
take-up rate reflects the success of this facility which provides clients
with easy access and faster decisions.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 17
Objectives
2.2
Benefits
Common benefits that exist across the ETA, eVisitor and eVisa
programs include:
Travellers enjoying faster processing at airports;
Airlines utilising computer systems to verify that travellers
have authority to travel to Australia before issuing their
boarding pass. Relative to the manual process of inspecting a
traveller‘s physical visa, the integration of the verification
process with the airline‘s systems saves airline staff time at
the check-in counter and reduces the likelihood of the airline
transporting improperly documented passengers; and
Australian Government gaining access to data on all travellers
to Australia, supporting the maintenance of Australian border
integrity by law enforcement and health authorities.
2.2.1 Benefits of the ETA system
The benefits for DIAC, as indicated by the provider of the ETA
system, include:
Improved data quality through a reduction in multiple handling
and processing of application data. However, this benefit is
dependent upon the applicant providing accurate information
at the time of application;
Lower processing costs through the use of automatic grants
and a reduction in paper work and manual handling of
applications;
The ability to have self-funded or revenue-generated
operation. DIAC has a cost recovery arrangement with its
contractor designed so that part of the $20 service charge
collected by its contractor per ETA application (from the public
through the ETA system Internet gateway) is used to offset
expenses relating to the operation of the ETA system,
including APP. Essentially, individuals from most countries
seeking to enter Australia as a visitor can apply for an ETA via
the Internet. Each individual pays a $20 service charge to
submit an ETA application via the Internet. DIAC‘s contractor
receives the $20 service charge and uses part of this amount
to offset DIAC‘s expenses relating to the ETA and APP
systems.
Reduced barriers to tourism and trade relative to the process
for a regular visa application; and
Scaled architecture which enables DIAC to satisfy changes in
demand.
The benefits for applicants, as indicated by the provider of the ETA
system, include:
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
18
Objectives
Increased convenience for applicants with 24 x 7 availability of
the ETA system. Convenience is also improved through the
ability for travellers to obtain an ETA from vendors of
complementary goods (ie travel agents offering an ETA and
flights to a traveller); and
Expedited processing of documentation with auto-granting
available to the majority of applicants.
The ANAO also reported that DIAC had made provisions for
commercialisation of the ETA system product. Under the
arrangement, ownership of the intellectual property for the ETA
system was licensed to CPS Systems which allows CPS Systems to
commercialise the system and sell all or part of it to overseas
Governments. Under the contract, such commercialisation to other
Governments or organisations would allow for a return to DIAC of
4.5% of any infrastructure fee and transaction fees payable on the
sale of each new system, for up to five years of any new contract.
Although DIAC‘s contractor has commercialised the APP system
(which shares the same platform as the ETA system), DIAC has not
received a return on its investment in APP. This is because all
commercialisation has occurred outside the period during which
DIMIA was entitled to commercialisation returns under the ETA
System Agreement.
2.2.2 Benefits of the eVisitor system
The eVisitor service uses technological advances to enhance
security and immigration risk screening whilst improving client
service by eliminating the need for lengthy application forms.
Relative to the existing ETA system, the eVisitor enabled additional
profiling capabilities. The eVisitor system is currently configured as
to allow for the automatic granting of visas in more than 80 per cent
of applications.
Simplifying entry for more than a million Europeans visiting Australia
each year enhances cultural links, encourages tourism growth and
facilitates streamlined business relationships.
The eVisitor initiative is the result of a significant diplomatic effort
between Australia and the EU. It was a key target in the AustraliaEU Partnership Framework which was signed by the Minister for
Foreign Affairs the Hon. Stephen Smith MP in Paris in October 2008.
The introduction of eVisitor enabled Australia to meet its
requirements under visa reciprocity arrangements with the EU.
The benefits for the eVisitor applicants include:
Increased accessibility and efficiency for applicants who can
complete and lodge their applications over the internet.
Expedited processing of documentation with auto-granting
available to the majority of applicants.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 19
Objectives
2.2.3 Ability to monitor the status of an application
through the eBusiness portal on DIAC’s
website. Benefits of the eVisa system
The benefits of the eVisa for applicants include:
Increased accessibility and efficiency for applicants who can
complete and lodge their applications over the internet, rather
than having to obtain, complete and mail or deliver in person the
form to an Immigration office for processing;
Significantly reduced time to process applications through the
use of automated assessments, which can potentially reduce
processing times from 4 weeks to as little as 20 minutes.
Performance against service standards is outlined in section
2.1.3;
No need to send passports across borders with application to
affix a physical visa label since the visa is stored electronically;
and
Ability to monitor the status of an application through the
eBusiness portal on DIAC‘s website.
The benefits of the eVisa for visa agents (ie travel agents, airlines,
specialist service providers) include:
Streamlined access through a designated agent‘s portal;
Automatic population of agent details in the application form
when completing an eVisa application on behalf of a traveller;
and
Access to offline eVisa applications for students and tourist
visas.
The benefits of the eVisa for DIAC include:
Service cost reductions through a reduction in manual handling
of visa applications;
Increased data integrity through a reduction in data entry by
Departmental officers. However, the risk relating to errors in the
original information provided by the applicant remains;
Improved reporting capability based on the electronic capture
and storage of traveller information;
A foundation, in the form of the eBusiness system and Integrated
Client Services Environment, for future expansion of online
services within DIAC;
Potential to reduce the number of international posts and
rationalise onshore offices. The ANAO‘s analysis of the impact of
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
20
Objectives
the introduction of the ETA on overseas posts indicates that
DIAC was able to redistribute staff towards ―high risk‖ locations
(ie non-ETA posts) from ―low risk‖ locations (ie ETA posts). DIAC
has indicated that the roll-out of eVisa products had a similar
impact;
Improved relationship with related industries and government
departments (ie closer relationship with Department of Education
due to the introduction of student eVisas);
Cemented existing relationships with some overseas providers;
and
Reputation of Australian immigration being at the forefront
internationally.
2.3
Disadvantages
While there are potential data quality benefits from a reduction in
manual data entry by processing staff, the introduction of electronic
lodgement channels that require applicants to complete their own
application forms exposes DIAC to potential data quality risks due to
a lack of understanding regarding the purpose of a field. DIAC has
attempted to mitigate these risks by providing help text with
application forms, so that applicants understand what input is
required in each data field. However, the risk still exists that a
traveller may arrive at a check-in counter or border crossing point
with an ETA, eVisitor or eVisa that does not directly match their
travel documentation and DIAC would be required to make the
necessary changes.
The increased take-up of online channels has reduced DIAC‘s faceto-face contact with its clients and increased its dependency on
systems in supporting the visa/travel authorisation process. These
items are not necessarily disadvantages, but simply risks that need
to be identified and managed by DIAC.
The auto-grant nature of some ETA and eVisitor applications may
have an adverse impact on client behaviours. As clients become
accustomed to quick turnarounds on applications, they may become
complacent and not allow sufficient time for obtaining their
visas/travel authorisations in the scenario that an unexpected event
occurs (ie system unavailability). DIAC attempts to mitigate this risk
by informing clients of the relevant service standards (ie eVisitor
applications have a service standard of 2-10 working days for
finalisation). DIAC does not currently monitor the extent to which this
occurs.
The configuration of the ETA means that it is only valid for the life of
the passport to which it is linked. An eVisitor or eVisa can be
transferred to a new passport, but it is the traveller‘s responsibility to
ensure that the transfer occurs. As there is no physical evidence of
an ETA, eVisitor and eVisa maintained in a traveller‘s passport, a
traveller may not immediately realise that they have not transferred
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 21
Objectives
the required electronic visas/travel authorisations to their new
passport. DIAC does not currently monitor the extent to which this
occurs.
While potentially strengthening relations with ETA-eligible
nationalities, the introduction of the ETA may have alienated the
nationals of some countries to which the ETA was not extended.
This risk is not limited to the electronic lodgement channels, as this
risk is inherent in any Government program with a restricted scope.
In 2000, the visa policy that DIAC had in place with South America
was referred to as an ―impediment to a good and longstanding
relationship‖ and deemed a ―thorn in the side of Australia‘s
relationship with the region‖ in the Inquiry into Australia's Trade and
Investment Relationship with South America. DIAC‘s submission to
the inquiry indicated that, in addition to the standard criteria for ETA
expansion (ie overstay and non-return rates), ―due to the small size
of the visitor market out of South America, the Electronic Travel
Authority (ETA) has not been extended to any countries in South
America‖.
The disadvantages discussed above refer to the different
approaches to handling travellers, but it is important to also consider
the disadvantages of having a visa requirement at all, whether it be
an ETA, eVisitor, eVisa or regular visa. It is important to remember
that while the terminology differs, the products are all simply
channels for meeting Australia‘s visa requirements. The Office of
Regulation Review‘s 1995 submission titled Australia’s visa system
for visitors regarding the visa system within Australia, not simply the
technology used in facilitating the visa granting process, noted that
―The main indirect costs of the system are the income, and the noneconomic benefits such as temporary family reunion, that Australia
forgoes if the visa system deters potential visitors from coming to
Australia‖. The extent to which visitors are deterred will depend on
the monetary and non-monetary costs (ie time, inconvenience)
associated with obtaining a visa / travel authority. In this sense, the
introduction of the ETA, eVisitor and eVisa should have reduced
deterrence levels in comparison to manual visa handling processes,
but may be considered a greater deterrence than a visa-free
environment.
2.4
Balancing security and traveller
facilitation
The ETA, eVisitor and eVisa products are components of DIAC‘s
layered approach to border management. The products have a role
in ensuring that DIAC‘s resources are directed to high-value
activities by providing streamlined processes for handling travellers
deemed to be a low immigration risk.
In the 2007-08 Performance Audit Report on the ETA system, the
Australian National Audit Office (ANAO) noted that ―the ETA helped
Australia to maintain a universal visa system‖. A universal visa
system is a key component of Australia‘s border security program
and it suggests that the ETA‘s facilitation of travellers has also
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
22
Objectives
assisted DIAC with security. In the ETA example, security and
traveller facilitation were not necessarily mutually exclusive goals
that had to be balanced, but rather traveller facilitation was a means
to managing border security.
DIAC continues to balance border security and traveller facilitation
through risk-based decision making and its layered approach to
border management.
2.5
Role in Australian Border Security
ETA, eVisitor and eVisa are components of the universal visa
system that operates in Australia. The universal visa system enables
to monitor the arrival and departure of individuals in Australia.
Australia uses a layered approach to border management that
involves activities during:
The application process;
Check-in;
Post check-in; and
Arrival
Australia‘s relative separation from other regions and the
consequent longer travelling time enables additional border
management processes to occur post check-in.
The ETA, eVisitor and eVisa systems initially act as a data capture
and trigger point in the layered approach to border management. For
example, when an individual applies for an ETA, eVisitor or eVisa,
the Central Movement Alert List (CMAL) is checked to identify
individuals and travel documents of immigration concern to Australia.
The ETA, eVisitor and eVisa alongside regular visas provide
Australia with a mechanism for authorising individuals to enter
Australia and monitoring their departure.
DIAC has authority under the Migration Act 1958 to refuse entry to a
traveller holding an ETA, eVisa or eVisitor on arrival through the
cancellation of the relevant visa/travel authorisation. Subject to
section 117(2), a visa held by a non citizen may be cancelled under
section 116 of the Migration Act 1958:
(a) before the non citizen enters Australia; or
(b) when the non citizen is in immigration clearance (see section
172); or
(c) when the non citizen leaves Australia; or
(d) while the non citizen is in the migration zone.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 23
Objectives
The Minister may cancel a visa if he or she is satisfied that certain
grounds exist. These circumstances are set out in section 116 of the
Migration Act 1958.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
24
3
Scope
3.1
Third country nationals eligibility
3.1.1 ETA eligibility
Nationals from the countries listed below are eligible to apply for an
Internet ETA.
Internet ETA eligible passports
Brunei
Canada
Hong Kong (SAR)
Japan
Malaysia
Singapore
South Korea
United States of America
Nationals from the countries listed below are eligible to apply for an
ETA through a travel agent, airline, specialist service provider or an
Australian visa office outside Australia
ETA eligible passports
Andorra
Malaysia
Austria
Malta
Belgium
Monaco
Brunei
The Netherlands
Canada
Norway
Denmark
Portugal
Finland
San Marino
France
Singapore
Germany
South Korea
Greece
Spain
Hong Kong (SAR)*
Sweden
Iceland
Switzerland
Ireland
Taiwan**
Italy
United Kingdom - British Citizen
Japan
United Kingdom - Overseas
Liechtenstein
United States of America
Luxembourg
Vatican City
DIAC has traditionally focused its assessment of immigration risk for
visitors from each country on records of overstay (proportion of
visitors that remain illegally after their visa expires) and non-return
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 25
Scope
rates (proportion of visitors that remain, either legally or illegally,
after their original visa expires) of that country‘s nationals. In 2001, a
range of objective criteria was defined for use in all future
consideration of expansion of the ETA, which included:
an analysis of the level of protection visa activity by nationals
of the particular country over the past two years;
an analysis of NRR trends over the past two years for
nationals of the particular country who enter Australia on
visitor visas;
an objective analysis of the level of fraudulent documentation
in the offshore visitor visa application caseload and the
security of the national travel document;
the rate of cancellation of visitor visas at Australian points of
entry and after arrival in Australia; and
offshore visitor visa rejection rates.
3.1.2 eVisitor eligibility
Nationals from the countries listed in the table below are eligible to
apply for an eVisitor.
The eligibility criteria set out by DIAC means that nationals from
certain countries (ie Netherlands) are eligible to apply for an eVisitor
through the internet or an ETA through an agent, airline, specialist
service provider or Australian visa office outside of Australia.
However, in that scenario, the national is not eligible to apply for an
Internet ETA (ie an ETA application made through the internet). It is
understood that a driver behind this decision was to provide
travellers with internet (ie eVisitor) and non-internet-based channels
(ie travel agent who may use the SITA network) for lodging an
application.
eVisitor eligible passports
Andorra
Lithuania
Austria
Luxembourg
Belgium
Malta
Bulgaria
Monaco
Cyprus
The Netherlands
Czech Republic
Norway
Denmark
Poland
Estonia
Portugal
Finland
Romania
France
San Marino
Germany
Slovak Republic
Greece
Slovenia
Hungary
Spain
Iceland
Sweden
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
26
Scope
eVisitor eligible passports
Ireland
Switzerland
Italy
United Kingdom - British Citizen
Latvia
Vatican City
Liechtenstein
The eVisitor system was initially setup to deliver on the commitment
between the Australian Government and the European Commission
to introduce reciprocal short stay travel arrangements for their
nationals. The current scope for eVisitor reflects that commitment.
3.1.3 eVisa eligibility
There are currently 27 products available through the eVisa platform,
each with eligibility requirements tailored to that specific product.
The criteria for eligibility are generally focused on immigration risk
factors (ie non-return rates and overstay rates). However, for
reasons of security, DIAC was unable to provide further information
on the reasons/criteria for determining eVisa eligibility.
As an example of eVisa eligibility, the Tourist eVisa (e676) is
designed for people who are not on the ETA eligible country list and
people who wish to take a trip to Australia for longer than 3 months
(ie a period longer than available through an eVisitor).
Passport holders from the countries listed in the table below are
eligible to submit an application over the internet for a Tourist eVisa
(e676). Due to the similarity in purpose (ie tourism), the e676
eligibility list aligns with the eVisitor eligibility list presented in
paragraph 3.1.2.
As another example, the Working Holiday visa (subclass 417) is also
available as an eVisa. This eVisa allows people to supplement the
cost of their holiday through short-term employment. However,
participation in the workforce should not be the primary reason for
travelling to Australia. Passport holders from the countries listed
below are eligible for this particular visa subclass and the related
eVisa:
Country
Belgium
Italy
Canada
Japan
Republic of Cyprus
Republic of Korea
Denmark
Malta
Estonia
The Netherlands
Finland
Norway
France
Sweden
Germany
Taiwan
Hong Kong
United Kingdom
Republic of Ireland
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 27
Scope
At this point it is important to reflect on the point that eVisas are
simply just an additional channel for handling regular visa
subclasses beyond the traditional post and courier channels.
Consequently, eVisa eligibility for each product merely reflects the
eligibility criteria for the corresponding regular visa.
DIAC indicated that the list of eligible passports for each eVisa
product undergoes periodic review.
3.2
Visa-exempted third country nationals
3.2.1 Section 42 of the Migration Act 1958
ETA, eVisitor and eVisa are all treated as visas for the purposes of
the Migration Act 1958. Consequently, the following section
regarding exemptions applies equally to ETA, eVisitor and eVisa.
In accordance with Section 42 of the Migration Act 1958,
(1) Subject to subsections (2), (2A) and (3), a non‑citizen must not
travel to Australia without a visa that is in effect.
Note: A maritime crew visa is generally permission to travel to
Australia only by sea (see section 38B).
(2) Subsection (1) does not apply to an allowed inhabitant of the
Protected Zone (a person who is a citizen of Papua New Guinea and
who is a traditional inhabitant) travelling to a protected area in
connection with traditional activities.
(2A) Subsection (1) does not apply to a non‑citizen in relation to
travel to Australia:
(a) if the travel is by a New Zealand citizen who holds and
produces a New Zealand passport that is in force; or
(b) if the travel is by a non‑citizen who holds and produces a
passport that is in force and is endorsed with an authority to
reside indefinitely on Norfolk Island; or
(c) if:
(i) the non‑citizen is brought to the migration zone
under subsection 245F(9) of this Act or 185(3A) of
the Customs Act 1901 ; and
(ii) the non‑citizen is a person who would, if in the
migration zone, be an unlawful non‑citizen; or
(ca) the non‑citizen is brought to Australia under section
198B; or
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
28
Scope
(d) if:
(i) the non‑citizen has been removed under section
198 to another country but has been refused entry by
that country; and
(ii) the non‑citizen travels to Australia as a direct
result of that refusal; and
(iii) the non‑citizen is a person who would, if in the
migration zone, be an unlawful non‑citizen; or
(e) if:
(i) the non‑citizen has been removed under section
198; and
(ii) before the removal the High Court, the Federal
Court or the Federal Magistrates Court had made an
order in relation to the non‑citizen, or the Minister
had given an undertaking to the High Court, the
Federal Court or the Federal Magistrates Court in
relation to the non‑citizen; and
(iii) the non‑citizen's travel to Australia is required in
order to give effect to the order or undertaking; and
(iv) the Minister has made a declaration that this
paragraph is to apply in relation to the non‑citizen's
travel; and
(v) the non‑citizen is a person who would, if in the
migration zone, be an unlawful non‑citizen; or
(f) if:
(i) the travel is from Norfolk Island to Australia; and
(ii) the Minister has made a declaration that this
paragraph is to apply in relation to the non‑citizen's
travel; and
(iii) the non‑citizen is a person who would, if in the
migration zone, be an unlawful non‑citizen.
(3) The regulations may permit a specified non‑citizen or a non‑
citizen in a specified class to travel to Australia without a visa that is
in effect.
(4) Nothing in subsection (2A) or (3) is to be taken to affect the non‑
citizen's status in the migration zone as an unlawful non‑citizen.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 29
Scope
3.2.2 Reasons for exemptions
The reasons for exemptions listed in Section 42 of the Migration Act
1958 include enhancing economic relations, respect for cultural
traditions and facilitating practical immigration procedures.
The Trans-Tasman Travel Arrangement (TTTA) is part of the
broader Australia New Zealand Closer Economic Agreement
(ANZCERTA). The TTTA was introduced in 1973 and allows
Australian and New Zealand citizens to enter each others country
freely to visit, live, work and remain indefinitely. However, New
Zealanders are still generally issued a computerised special
category visa on arrival in Australia for the purpose of maintaining a
universal visa system.
3.3
Introduction of eVisa and eVisitor
alongside ETA
When discussing the possibility of one electronic visa/travel
authorisation replacing another electronic or regular visa/travel
authorisation, it is important to remember that the eVisa is simply a
delivery channel (ie a channel for electronic lodgement of
applications and management of the visa), rather than a standalone
visa requirement. The discussion therefore has two parts:
1) Is it possible that certain visa requirements (ie visa subclasses)
could gradually replace other visa requirements?
2) Is it possible that certain visa/travel authorisation delivery
channels (ie over the internet through the eBusiness platform, over
the internet through the ETA system, via the post) could gradually
replace other delivery channels?
The first question reflects Government policy decisions and their
strategic and tactical objectives. The value of a specific visa
subclass will also be impacted by the demand for that particular
product in each period. Consequently, guidance cannot be provided
on any future changes in visa requirements. However, DIAC has
historically reviewed visa subclasses and made changes where
necessary.
The second question is highly dependent on the needs of the market
for each visa subclass and the capability of each system in meeting
DIAC‘s business requirements. As previously mentioned, the ETA
system and eVisa/eVisitor system are separate facilities for providing
visas/travel authorisations electronically. In comparison to the ETA
system, the eVisa/eVisitor system (both operating on the Integrated
Client Services Environment platform) collects more data and
enables simpler integration with other Departmental computer
systems. The ETA system‘s strength lies in its use of existing
communications technologies within the travel industry.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
30
Scope
DIAC provided advice to the Australian National Audit Office (ANAO)
on 15 December 2006 that the ETA is no longer being made
available to additional countries and confirmed this continued to be
the case as at March 2010. The ANAO indicated that the reluctance
to expand the ETA eligibility may be driven by the current security
environment.
DIAC‘s long-term aspirational vision is to have one platform for
managing visas / travel authorisations. However, there are no
immediate plans to replace any of the lodgement channels and
requirements currently in place.
3.4
Country-centric approach
Australia‘s approach to visas and travel authorisations predominantly
utilises characteristics ofa country-centric approach.
The ETA, eVisitor and eVisa products may be considered countrycentric as eligibility to apply through certain channels is restricted to
certain nationalities. Eligibility is generally determined on the basis of
international agreements, immigration risk factors and Government‘s
objectives for immigration. Based on the eligibility each individual
applicant is subjected to profiling before granting a visa/travel
authorisation.
.
The submission by the Office of Regulatory Review (ORR) to the
Joint Standing Committee on Migration (JSCM) in February 1995
outlined the initial arguments for and against a country-centric and
person-centric approach. These arguments are set out in the
following paragraphs.
Under selective visa free arrangements, visas are required of visitors
from certain countries only (ie a country-centric approach). Such
arrangements are common worldwide. This type of visa system
could operate by selecting countries for exemption on the basis of
objective criteria such as:
low historical rates of overstay (where the benefits of visas are
lowest);
cost of overstays from certain countries (for instance the costs
of those who overstay on extended holidays is likely to be
lower than the costs of those who overstay for permanent
residence);
low rejection rates (where the effectiveness of visas is lowest);
extent to which visitors are deterred by visa arrangements;
and
average expenditure by visitors from each country per stay.
Additionally, a waive of the visa requirement for some countries may
allow Australia access to reciprocal visa free arrangements such as
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 31
Scope
those of the United States (see Section 3.2 for details on exemptions
currently allowed under the Migration Act 1958). This would make
travel for Australians to these destinations a little easier as they
would no longer need to apply for a visa.
A possible cost of moving from the current universal visa
requirement could be an increase in the number of ‗undesirable‘
visitors entering Australia, however, careful country selection could
largely avoid this. Experience overseas suggests that moving to a
selective visa free system appears to result in little change. For
example, following New Zealand‘s recent extension of visa free
status to over 30 countries, there has been only a small number who
have overstayed and no evidence to suggest that criminal activity
has increased, according to a submission by Tourism Victoria.
Furthermore, according to a submission by the Immigration Advice
and Rights Centre Inc, the selective waiver of visitor visa
requirements has resulted in an increased number of visitors.
An alternative to the country-centric approach would be to use a
more person-centric approach, such as purpose of the visit. This
option might work by removing the visa requirement for business
visitors, or for tourists with a prepaid package holiday and a return
airfare. Against the benefits of such an approach would need to be
balanced the potentially high administrative costs of processing
visas under such as system, and the possibility that people seeking
illegal entry may try to masquerade as a bona fide ‗type‘ of visitor.
3.5
Land, Air and Sea travellers
ETA, eVisitor and eVisa apply to both air and sea travellers. The
land traveller category is not applicable to Australia‘s circumstances.
A common approach was utilised as air and sea carriers both had
the required infrastructure to handle ETA, eVisitor and eVisa
applications.
3.6
Target groups and exemptions
The ETA, eVisitor and eVisa all target certain categories of
travellers. The list of passports eligible for an ETA, eVisitor and
eVisa and the relevant travel conditions attached to each product
defines the target groups.
Section 3.1 of this report outlines nationals which are eligible to
apply for an ETA, eVisitor or eVisa.
The table below provides an overview of the conditions attached to
each product, which indicates the relevant target groups.
Visa subclass
Skilled – Independent (Migrant) visa
(subclass 175)
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
Who is it for?
This visa allows applicants to migrate
to Australia if they have good English
language skills and have skills and
32
Scope
Visa subclass
Skilled – Sponsored (Migrant) visa
(subclass 176)
Who is it for?
qualifications in an occupation in need
in Australia. Applicants do not require
sponsorship to apply for this visa.
This visa allows applicants to migrate
to Australia if they have good English
language skills and have skills and
qualifications in an occupation in need
in Australia.
The applicant must be sponsored by
an eligible relative living in Australia or
obtain nomination from a participating
State or Territory government agency.
Working Holiday visa (subclass 417)
This visa allows people to supplement
the cost of their holiday through shortterm employment. However,
participation in the workforce should
not be the primary reason for travelling
to Australia.
Business (Short Stay) visa
(Subclass 456)
This visa allows business people to
make a short business visit to
Australia for up to three (3) months
during the visa‘s validity period.
Temporary Business (Long Stay) –
Standard Business Sponsorship
(Subclass 457)
This visa is the most commonly used
program for employers to sponsor
overseas workers to work in Australia
on a temporary basis.
This visa allows a business person
who has an approved sponsor in
Australia, to make a short business
visit to Australia for up to three (3)
months.
This visa is for business people not
eligible to apply for an eVisitor or
Electronic Travel Authority (ETA).
Sponsored Business Visitor (Short
Stay)
(Subclass 459)
Work and Holiday visa
(Subclass 462)
This visa is for young people aged 18
to 30 who want to travel and work for
up to 12 months in Australia. This visa
allows the applicant to supplement the
cost of their holiday through periods of
temporary or casual employment.
The Work and Holiday visa program is
designed to encourage cultural
exchange and closer ties between
arrangement countries.
Skilled – Regional Sponsored visa
(subclass 475)
This visa is a three (3) year provisional
visa for skilled workers who are
unable to meet the criteria for a Skilled
- Independent visa.
This visa allows recent graduates of
selected overseas universities to gain
up to 18 months of skilled work
experience in occupations in demand
in Australia.
This visa allows overseas students
who do not meet the criteria for a
permanent General Skilled Migration
visa to remain in Australia for 18
months to gain skilled work
experience or improve their English
Skilled – Recognised Graduate visa
(subclass 476)
Skilled – Graduate visa (subclass 485)
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 33
Scope
Visa subclass
Who is it for?
language skills.
Skilled – Regional Sponsored
(Provisional) visa (subclass 487)
This visa is a three (3) year provisional
visa for overseas students and certain
visa holders who are unable to meet
the criteria for a permanent skilled
visa.
Superyacht Crew (Subclass 488)
This temporary visa allows crew
members to work onboard a
Superyacht and remain in Australia for
up to 12 months.
Independent ELICOS
Temporary Visa (Subclass 570)
This visa is for international students
who want to study English Language
Intensive Courses for Overseas
Students (ELICOS) in Australia.
Schools
Temporary Visa (Subclass 571)
This visa is designed for international
students applying to study in Australia
and whose main course of study is:
- a primary school course;
- a secondary school course, including
junior and senior secondary; or
- an approved secondary school
exchange program.
Vocational Education and Training
Temporary Visa (Subclass 572)
This visa is designed for international
students applying to study in Australia
and whose main course of study is:
- a certificate I, II, III and IV (except
ELICOS);
- a diploma;
- an advanced diploma;
- a vocational graduate certificate; or
- a vocational graduate diploma.
Higher Education
Temporary Visa (Subclass 573)
This visa is designed for international
students applying to study in Australia
and whose main course of study is
one of the following:
- Bachelor degree;
- Associate degree;
- Graduate certificate;
- Graduate diploma; or
- Masters by coursework.
Postgraduate Research
Temporary Visa (Subclass 574)
This visa is designed for international
students who want to study a Masters
degree by research or a Doctoral
degree in Australia.
Non Award
Temporary Visa (Subclass 575)
This visa is designed for international
students who want to study the
following courses in Australia:
- a non-award foundation studies
course
- other full-time course (or
components of a course) that does not
lead to an Australian award.
AusAID or Defence Sponsored
Temporary Visa (Subclass 576)
This visa is designed for international
students who are sponsored by
AusAID or Defence to study a full-time
course of any type in Australia.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
34
Scope
Visa subclass
Who is it for?
eVisitor
Business (Subclass 651)
This eVisitor is designed for people
who are outside Australia and want to
visit Australia for business purposes.
eVisitor holders can stay in Australia
for up to three months on each visit
within a 12 month period from the date
of grant.
eVisitor
Tourist (Subclass 651)
This eVisitor is designed for people
who are outside Australia and want to
visit Australia for tourism purposes.
eVisitor holders can stay in Australia
for up to three months on each visit
within a 12 month period from the date
of grant.
Medical Treatment Short Stay Visa
(Subclass 675)
This visa allows people to travel to
Australia for medical treatment or
medical consultations for a period of
up to three months.
Tourist Visa (Subclass 676)
This visa allows people to visit
Australia for a holiday or recreation, or
to visit family and/or friends. This visa
may also be used for other short-term
non-work purposes including study for
less than three months.
Sponsored Family Visitor visa
(Subclass 679)
This visa allows people to travel to
Australia to take a holiday or visit their
family.
The applicant must have an eligible
relative in Australia or an Australian
Government official willing to sponsor
them.
Medical Treatment Long Stay Visa
(Subclass 685)
This visa allows people to travel to
Australia for medical treatment or
medical consultations for a period of
three to twelve months.
This visa allows people to transit
through Australia.
This visa allows overseas students
who have completed their course
studies in the last 6 (six) months in
Australia and holders of certain
temporary visas to apply for
permanent residency.
This visa allows overseas students
who have completed their course
studies in Australia and holders of
certain temporary visas to apply for
permanent residency.
Applicants must be sponsored by an
eligible relative living in Australia or
obtain nomination from a participating
State or Territory government agency.
Transit Visa (Subclass 771)
Skilled – Independent (Residence)
visa (subclass 885)
Skilled – Sponsored (Residence) visa
(subclass 886)
Skilled – Regional visa (subclass 887)
This visa allows holders of certain
provisional visas to apply for
permanent residency.
Electronic Travel Authority
Business Entrant - Long Validity
(Subclass 956)
This ETA is designed for business
people who are outside Australia and
want to visit Australia for short-term
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 35
Scope
Visa subclass
Who is it for?
business purposes. This may include
informal studies/training or attending
educational/business-related
meetings, seminars, conventions,
conferences, or networking.
Electronic Travel Authority
Visitor (Subclass 976)
This ETA is designed for people who
are outside Australia and want to visit
Australia for holidays, tourism,
recreation or informal study.
Electronic Travel Authority
Business Entrant - Short Validity
(Subclass 977)
This ETA is designed for business
people who are outside Australia and
want to visit Australia for short-term
business purposes. This may include
informal studies/training or attending
educational/business-related
meetings, seminars, conventions,
conferences, or networking.
Maritime Crew Visa
This visa is for foreign crew (including
supernumerary crew) of non-military
ships.
The eVisa/eVisitor system has an interactive application process that
enables more questions to be asked on the basis of the responses
provided by the applicant.
Travellers are required to apply for the visa / travel authority most
appropriate for their reason for travel. Therefore, rather than being
―exempted‖ from the ETA / eVisitor / eVisa requirement, some
categories of travellers simply require visas outside of the scope of
the ETA, eVisitor and eVisa. For example, a diplomat visiting
Australia may require, due to their reason for travel, a Diplomatic
(Subclass 995) visa rather than an ETA, eVisitor or eVisa.
The list of travellers outside the scope of the ETA, eVisitor and eVisa
is extensive. Accordingly, this report seeks to define what is in-scope
for these products and assumes that all other purposes and
nationals are out-of-scope. In addition, Section 3.2 of this report
outlines non-citizens that may travel to Australia without a visa that is
in effect.
3.7
Age limits
Eligible passport holders of all ages may apply for an ETA, eVisitor
and eVisa.
In the instance that a child is travelling on their parent‘s passport,
they still require an individual ETA, eVisitor or eVisa. When applying
for the child‘s ETA, eVisitor or eVisa, the parent‘s passport details
are entered exactly as they appear on the passport, replacing the
name, date of birth, sex and country of birth with the child's details
as they appear in the parent‘s passport.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
36
Scope
When completing an eVisa/eVisitor application for children under 18
years of age, consent must be provided by the non-accompanying
parent(s) or legal guardian(s) if the child is travelling:
alone; or
with only one parent or legal guardian.
Consent can be provided on DIAC‘s Form 1229 or on a Statutory
Declaration or equivalent under the relevant law of the child's home
country. Evidence must be provided to confirm family relationship or
guardianship, for example, full birth certificate stating names of both
parents.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 37
4
Data collection and processing
4.1
Personal data collection
4.1.1 ETA
The data set outlined below is deemed sufficient by DIAC for:
assessing an applicant‘s eligibility to be granted the visa for
which they have applied; and
other purposes relating to the administration of the Migration
Act, for example, to assist migrants with settling in Australia, to
monitor the conduct of migration agents, or for ensuring
compliance with the Migration Act.
Applicant details
Applicants are required to enter the following information as it
appears in their passport:
Passport Number
Nationality
Date of Birth
Sex
Country of Birth
Passport Expiry Date
Issuing State
Date of Issue
Issuing Authority
Family Name
Given Names
4.1.2 eVisitor and eVisa
The extent of data collected in an eVisitor and eVisa application form
varies according to the applicant‘s responses and visa subclass
being applied for. Where it is deemed appropriate, the eVisitor/eVisa
application will require additional information from particular
applicants. The interactive approach enables DIAC to balance
traveller facilitation and border security needs.
While the information requirements vary, DIAC tends to have some
base information requirements across the eVisa and eVisitor
products which include:
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 38
Data collection and processing
Family Name
Given Names
Other Names
Name in applicants own language or script (if applicable)
Sex
Date of Birth
Relationship status
Place of Birth
Country of Residence
Passport Details
–
Passport number
–
Country of passport
–
Date of issue
–
Date of expiry
–
Issuing authority
Length of stay in Australia
–
Date from/to
–
Up to 3/6/12 months
Intent to enter Australia on more than one occasion
Identity Number and Country of issue (if applicable)
Travelling companions
Citizenship (list of countries)
Country of usual residence
Current residential address
Address for correspondence
Telephone numbers
Agreement for electronic communications
–
Fax number
–
Email address
Children included
Children included on passport
–
Family Name
–
Given Names
–
Sex
–
Date of Birth
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 39
Data collection and processing
–
Country of Birth
Family not travelling with the applicant
Details of family members not travelling with applicant
–
Full Name
–
Relationship to applicant
–
Date of Birth
–
Their address while applicant is in Australia
Details of applicant‘s visit to Australia
Relatives, Friends or Contacts in Australia
–
Full Name
–
Relationship to applicant
–
Date of Birth
–
Address
–
Citizen or Permanent Resident of Australia
Location from where application is being submitted
The questions that may be asked in addition to the core information
requests are triggered by the visa subclass being applied for (ie
student visas may require additional information on the applicant‘s
enrolments) and real-time risk profiling of the applicant‘s responses
in the online application form. This flexible approach to collecting
information enables DIAC to provide a simplified and expeditious
process to applicants that are considered low-risk. For security
reasons, DIAC is unable to provide specific details of the risk
profiling methodology, triggers and additional information requests.
4.2
Biometric data collection
4.2.1 Types of biometric data collected
The Migration Act authorises the collection of one or more personal
identifiers from non-citizens in a range of circumstances.
Personal identifiers are defined as:
a photograph or other image of a person‘s face and shoulders;
a person‘s signature;
a measurement of a person‘s height and weight;
fingerprints or handprints of a person;
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
40
Data collection and processing
an audio or a video recording of a person;
an iris scan;
any other personal identifier prescribed in the regulations
(provided it is not an identifier that would involve the carrying out
of an intimate forensic procedure and provided it meets the
description of an image, measurement or recording of an
external part of the body).
This definition does not include DNA samples.
4.2.2 How biometric data is collected
Photos and signatures are currently the most common personal
identifiers collected from visa applicants, who were generally able to
provide these personal identifiers to DIAC by attaching a photograph
to the visa application form and signing it. For some visa applications
no personal identifiers are required, while some non-citizens may
require additional personal identifiers.
DIAC is starting to take facial photographs and to scan the
fingerprints of some visa applicants, such as Protection visa
applicants (NB: this is outside of the ETA, eVisitor and eVisa scope).
If an applicant agrees to provide their biometrics, DIAC will ask them
to participate in an identification test. The test involves an authorised
officer explaining the process to the applicant, recording the
applicant‘s consent and taking a photograph with a digital camera of
the applicant‘s face similar to a passport photograph. The officer will
also get a copy of all of the applicant‘s fingerprints by asking the
applicant to place their hands on a fingerprint scanner. Applicants
are encouraged to provide their biometrics, but the application would
still continue even if the applicant declines to provide their biometrics
and a decision will be made on the merits of the applicant‘s case.
The Counter-Terrorism White Paper Securing Australia / Protecting
Our Community includes an investment of $69 million over four
years to introduce a new biometric-based visa system for certain
non-citizens to reduce the risk of terrorists, criminals and other
persons of concern entering Australia undetected. Collection of
biometrics (fingerprints and facial images) from visa applicants will
begin in 2010, initially in ten overseas locations.
The information collected will be checked against immigration and
law enforcement biometric databases in Australia and a number of
partner countries overseas.
While not directly related to ETA, eVisitor and eVisa, all persons who
present to enter or depart Australia must be confirmed visually as
the same person whose photograph appears in the presented travel
document. The SmartGate system, operated by the Australian
Customs and Border Protection Service, has the capacity to facilitate
this process through the use of a digitised image of the passport
photograph. This information is stored in a chip in ePassports. Note:
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 41
Data collection and processing
use of the SmartGate system is voluntary and is only available to
Australian and New Zealand passport holders.
4.2.3 Reasons for collecting biometric data
DIAC has authority under the Migration Act and the Migration
Regulations 1994 to collect personal identifiers for the following
reasons:
identification and authentication of identity;
improving the integrity of Australia‘s entry programs, including
passenger processing at Australia‘s border;
facilitating a visa-holder‘s access to their rights under the
Migration Act or the regulations;
improving DIAC‘s procedures for determining visa applications
and protection claims;
enhancing DIAC‘s ability to identify non-Australian citizens
who have a criminal history or who are of national security or
character concern;
combating identity and document fraud in immigration matters;
detecting forum shopping by applicants for visas;
ascertaining whether protection visa applicants or offshore
entry persons making claims for protection have had sufficient
opportunity to avail themselves of protection before arriving in
Australia;
complementing anti-people smuggling measures;
satisfying home governments of the identity of removees and
deportees.
4.2.4 Sharing biometric data
DIAC has authority under the Migration Act to disclose personal
identifiers and related information to other agencies (Australian and
overseas) in certain circumstances for the following purposes:
data-matching in order to achieve certain outcomes (for
example, to combat identity fraud);
data-matching to identify or authenticate the identity of a
person. For instance, where you apply for a travel document
from DIAC of Foreign Affairs and Trade (DFAT), DIAC will
forward to DFAT:
–
the applicant‘s facial image (if available);
–
personal and visa related information; and
–
details of the applicant‘s travel document (if available);
administering or managing the storage of identifying
information;
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
42
Data collection and processing
making the information available to specified foreign
governments, bodies of a foreign country, international
organisations and bodies of the Commonwealth, a state or a
territory for one or more of the purposes set out in section
336F of the Migration Act;
making the information available to the person to whom it
relates;
to an agency of the Commonwealth or of a state or territory in
order to verify that person‘s visa status;
reasonably necessary for the enforcement of criminal law;
exchanging identifying information under an arrangement with
an agency of the Commonwealth, a state or territory or an
agency of the state or territory under an arrangement for the
exchange of identifying information;
making the information available to a proceeding before a
court or tribunal relating to the person to whom the identifying
information relates;
relating to an investigation by the Privacy Commissioner or
Ombudsman relating to an action taken by DIAC;
relating to an inquiry by a prescribed body (for example, the
Human Rights and Equal Opportunity Commission or the
Australian National Audit Office);
to identify the person whose identifying information it is;
to locate the person whose identity information it is;
for the purposes of migration legislation;
for a purpose where DIAC has the applicant‘s written consent;
required by Australian law.
4.2.5 Objections to biometric data collection
The Office of the Privacy Commissioner suggested that any
additional retention of personal identifiers and particularly biometric
identifiers be undertaken with caution and consideration of the
principle of proportionality.
The submission by the Victorian Bar to the Australian Senate Legal
and Constitutional Legislation Committee raised the issue of whether
―the biometric databases in relation to non citizens in a non criminal
context are proportionate to the size of currently undetected identity
fraud by non-citizens and how the information which is to be
supplied under the new arrangements will achieve these purposes‖.
The Federal Privacy Commissioner indicated in Biometrics and
Privacy: The End of the World as We Know It or The White Knight of
Privacy? (2002) that because human characteristics are unique,
there is considerable potential for the data collected from biometrics
to be used as a unique identifier. The existence of unique identifiers
increases the potential for ―function creep‖ and has been flagged as
an issue in the collection of biometric data.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 43
Data collection and processing
4.3
Database checks
Australia utilises a layered approach to border management that
performs checks against a number of databases. The extent to
which each system/process is used depends on the traveller‘s
circumstances and method of travel.
The table below provides a description of these systems, including
an overview of their purpose, processes and owners where
applicable.
System/Database
Description
Travel & Immigration
Processing System
(TRIPS)
TRIPS is a broad collection of mainframe computer
systems and is the backbone of DIAC‘s computerised
border clearance processing. The collection includes
the:
Visa database (updated nightly with visa details
from DIAC‘s overseas posts and from Regional
Offices around Australia.);
Australian and New Zealand passport files
(receives daily information from DFAT);
Movement Alert List; and the
Movements database.
Central Movement
Alert List (CMAL)
The Central Movement Alert List (CMAL) is a computer
database that stores details of identities and travel
documents of immigration concern to Australia. The
MAL consists of the Person Alert List (PAL) and
Document Alert List (DAL).
Reasons for inclusion on the CMAL may include:
individuals with serious criminal records;
individuals whose presence in Australia may
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
44
Data collection and processing
System/Database
Description
constitute a risk to the Australian community; or
individuals who may not enter Australia as they
are subject to exclusion periods prescribed by
migration legislation. This can occur for a
number of reasons, including health concerns,
debts owed to the Commonwealth or other
adverse immigration records.
Details of identities of concern are recorded on CMAL
as a result of DIAC's liaison with law enforcement
agencies and departmental offices in Australia and
overseas, including the:
Australian Security Intelligence Organisation
(ASIO) who provides national security alerts;
Department of Foreign Affairs and Trade
(DFAT) who provides United Nations Security
Council Resolutions, travel sanction information
and public interest criteria determinations made
by the Minister;
Australian Federal Police (AFP) who provides
access to Interpol data through the Interpol
website.
CMAL is automatically checked as an ETA, eVisitor or
eVisa application is processed, whether processing
occurs online, by a travel agent or by a departmental
officer. If there is a CMAL match, a decision is made
by DIAC in consultation with any other relevant
agency.
While there are a number of key stakeholders, DIAC
manages the CMAL and all non-Border Operations
Branch DIAC officers can only propose a creation,
deletion or change to a CMAL alert (ie they do not
have the authority to manage alerts directly).
Document Alert List
(DAL)
The DAL is a component of the CMAL which holds
details of counterfeit, stolen or fraudulently altered
travel documents. As at 25 February 2010, the DAL
contained approximately 1.8m records.
Person Alert List
(PAL)
As at March 2010, the PAL contained approximately
670,000 records. PAL records are grouped into 16
different alert codes (ie persons of national security
interest). The 16 codes are further grouped into three
categories of risk:
low risk (ie overstayers and people with a debt
to the Commonwealth);
medium risk (ie health issues and people
convicted of crimes); and
high risk (ie national security and organised
immigration fraud).
Advance Passenger
Processing (APP)
System
The APP system is used to pre-check passengers
before they travel to Australia and provides boarding
directives to airlines and cruise ships such as ―OK TO
BOARD‖ or ―DO NOT BOARD‖. It helps prevent
inadequately documented passengers bound for
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 45
Data collection and processing
System/Database
Description
Australia from entering, effectively creating an
―offshore‖ border for Australia at the embarkation point
overseas. As illustrated below, the APP uses data from
a number of sources including the ETA, eVisitor and
eVisa databases.
The APP system generally uses Societe Internationale
de Telecommunication Aeronautiques‘ (SITA) existing
global communication network to link airline‘s
Departure Control Systems with DIAC‘s databases, but
can also operate as a stand-alone or web-based
application.
At check-in, an expected movement record is
generated and sent to TRIPS.
Refer to Section 4.4 for more information on the APP
system.
eBusiness
eVisa and eVisitor applications are accepted through
an interactive, J2EE-compliant, distributed eBusiness
system.
The primary user experience is between the
eVisa/eVistior applicant and the Web server. Once the
user clicks the ―Lodge‖ button on their application, the
collected information is transferred to the application
server where an Enterprise Java Bean layer applies
business rules to the incoming data and alerts the user
via the Web server if any data is missing or conflicting.
The eBusiness system acts as a sophisticated online
data collection point, but it is not responsible for
processing and finalising eVisa/eVisitor applications.
Integrated Client
Services Environment
(ICSE)
The information collected in the eBusiness system for
eVisa and eVisitor is passed to DIAC‘s core client
processing system, called ICSE — Integrated Client
Services Environment — which resides on an IBM
mainframe.
ICSE provides on-line processing and decision making
support; tracks the process of permission requests and
integrates the decision process with entry, alert lists,
and management reporting systems.
Through its links with DIAC‘s numerous databases, the
ICSE provides data that drives the APP system (ie visa
grants).
Australian Passports
Database
The Australian Passports Database holds information
on Australian citizens who have applied for and been
issued with Australian passports.
New Zealand
Passports Database
The New Zealand Passports Database holds
information on New Zealand citizens who have New
Zealand Passports. Australia has access to this
database for the purpose of facilitating travel and
Special Category visas under the Trans-Tasman
Travel Arrangement.
Regional Movement
Alert System
The Regional Movement Alert System (RMAS) is an
APEC initiative that is designed to help governments
detect and prevent the use of lost, stolen and
otherwise invalid travel documents through real time
access to the databases of cooperating countries.
When a passenger checks in for travel to Australia, the
Airline Departure Control System collects passenger
data from the passport. The data is then transmitted to
the Australian APP system, which sends a request to
the RMAS Broker to check the status of the passport.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
46
Data collection and processing
System/Database
Description
The RMAS Broker sends a request to the relevant
Document Issuing Authority who checks the passport
against the database of lost and stolen passports and
returns a response to the RMAS Broker. If there is a
match, the APP system provides a ―Not OK to Board‖
alert to the airline handling that individual‘s check-in.
Passenger Name
Records (PNR)
Passenger Name Record (PNR) data is obtained by
the Australian Customs and Border Protection Service
directly from airlines‘ reservation systems. Only
Customs officers have direct access to the data.
However, DIAC have staff operating in the Passenger
Analysis Unit to make use of the data for assessment
purposes.
Refer to Section 4.5 for more information on PNR.
Passenger Analysis
and Clearance
Evaluation (PACE)
system
The PACE system is managed by the Australian
Customs and Border Protection Service.
The APP system transmits data (an Expected
Movement Record) to TRIPS which passes the data to
the PACE system, which enables the Australian
Customs and Border Protection Service to anticipate
an individual‘s arrival and take appropriate action
where necessary.
Australian Customs and Border Protection Service
officers enter passenger passport details into the
PACE system and make a determination as to whether
the passport presented identifies the person who is
travelling.
PACE transmits data to TRIPS which creates a
movement record.
iAuthenticate
The iAuthenticate system is managed by the Australian
Customs Service and facilitates initial document
authentication.
If a passport fails the primary check at the
iAuthenticate reader, the document is passed to a
secondary support point where, if necessary, it can be
examined by one of DIAC‘s document examiners.
SmartGate
The SmartGate system, managed by the Australian
Customs Service, verifies a person's identity, using
face-recognition technology. SmartGate undertakes a
face to passport check and performs
customs/immigration processing before permitting a
traveller to enter Australia. The system compares a live
image of a person taken at the SmartGate transaction
point against one or more stored images of that same
person.
The diagram on the following page provides an overview of the
relationship between Australia‘s border management systems and
databases with a focus on ETA, eVisitor and eVisa. NB: The system
diagram is not intended to provide a complete view of all systems
involved in border management.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 47
Data collection and processing
Australian border management system overview
Travellers applying
online for ETA
DIAC users
Traveller applying for
eVisa / eVisitor
ETA
Carrier user
application access maintenance
Air and Sea passenger and crew boarding requests and directives
eVisa
eVisitor
Internet
Air/sea staff users
Internet
DIAC users
Audit queries and reports
Crew system
Internet gateway
Intranet gateway
New Zealand APP
System
Regional Movement Alert
System
Data sharing requests
and responses
RMAS requests
and responses
Internet gateway
Airline check-in agents
Departure Control System
SITA network
Communications
Gateway
Airline crew management users
Electronic Travel
Authority (ETA) system
Integrated Client Services
Environment
(ICSE)
Australian Advance Passenger Processing
(APP) system
Document Alerts
New Zealand passports
Australian passports
Movement Record
Expected Movement Record
Australian visas
Document Alert List
(DAL)
New Zealand Passports
Database
Australian Passports
Database
Movement Records
Expected Movement
Records
Australian visas
(ETA, eVisitor, eVIsa,
regular visas)
New Zealand passports
Australian passports
Movement Record
Expected Movement Record
Australian visas
Travel agents
Central Movement Alert
List (CMAL)
Travel & Immigration Processing System
(TRIPS)
Immigration Records
Information System
Movement Record
Expected Movement Record
Offshore visa applications
Passenger Analysis
Clearance and Evaluation
(PACE) system
Person Alert List (PAL)
Overseas posts
Customs officers
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
48
Data collection and processing
4.4
Advance Passenger Information (API)
Australia's border management system is based on a number of
layers, including:
a universal visa system which includes ETA, eVisitor, eVisa
and regular visas (with immigration alert and other forms of
integrity checking);
the Advance Passenger Processing (APP) system, which
operates at check-in overseas and applies to passengers and
crew on international passenger cruise ships and to
passengers and crew who join round-trip ship cruises before
they return to Australia;
the Airline Liaison Officer (ALO) network; and
processing at Australian airports and seaports on arrival.
The APP system is used to pre-check passengers before they travel
to Australia. It helps prevent inadequately documented passengers
bound for Australia from entering and increases the efficiency of
incoming passenger processing in Australia for both airlines and the
cruise shipping industry.
As at 30 June 2009, there were 45 airlines flying into Australia
required to satisfy mandatory APP requirements for both the
passengers and crew. APP checking occurred in about 99.86 per
cent of all passenger and air crew arrivals in 2008–09, an increase
from 99.8 per cent in 2007–08 and 99.5 per cent in 2006–07.
Since 2004, international cruise ships have used the APP system to
check more than 240 000 passengers and 133 000 crew. This
represents more than 99.5 per cent of cruise ship arrivals with only
minor administrative errors affecting 100 per cent compliance.
During 2008–09, more than 64 700 passengers and 34 000 crew
were APP reported by cruise ships.
The APP system is supported by a network of ALOs, approximately
19 officers across 12 locations outside of Australia, who work closely
with commercial airline employees to screen passengers during
check-in and boarding. The ALOs have no statutory powers in this
space and therefore no authority to cancel a visa.
ALOs are able to profile expected traveller movements according to:
Sex
Age range
Citizenship
Country of Birth
Visa subclass
Visa grant from date
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 49
Data collection and processing
Check-in port
ETA travel agent code
Expected movements can be filtered by:
Expected movement date
Port
Flight/Vessel number
PAX/Crew
Movement/Transit
Once profiling is completed, the ALO may mark passengers for
referral. Marked passengers will be referred to DIAC by Customs
officers operating the primary line for further questioning.
ALOs are supported by a Targeting Support Unit who performs
profiling based on Passenger Name Records (PNR) data and APP
data.
The APP system is viewed as complementary to ETA, eVisitor and
eVisa in the layered approach to border management. The ETA,
eVisitor and eVisa simply provide authorisation for travel, whereas
the APP system enables carriers to check a traveller‘s authorisation
against DIAC‘s visa database (containing details of granted ETA,
eVisitor and eVisas) and signal to DIAC the impending arrival of a
passenger (a piece of information not contained in the ETA, eVisitor
or eVisa itself).
4.5
Passenger Name Records (PNR)
The Australian Customs Service operates a scheme to access
passenger information on the basis of a series of Memorandum of
Understanding (MOU) with various airlines. The introduction of
section 64AF of the Border Security Legislation Amendment Act
2002 (BSLA), made it mandatory for an operator of an international
passenger air service to Australia to provide on-going access to its
passenger information on request from the CEO of the Australian
Customs Service.
During the Sheller Inquiry in 2006, it was reported that the CEO of
the Australian Customs Service had written to forty-seven airlines
operating international flights into Australia regarding PNR. At that
point in time, the Passenger Analysis Unit (PAU) was connected to
twenty-eight airlines with full analytical capability for nineteen and
limited analytical capability for nine airlines. That gave Customs data
on 92.5% of total passenger movements into and out of Australia.
During the Committee‘s hearings, this number had increased to
thirty-two airlines covering approximately 95% of movements.
The Australian Customs Service advised that the following
information is obtained through the reservation system:
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
50
Data collection and processing
name, title;
date and place of ticket purchase;
ticket details such as number, fare class, travel itinerary,
payment mode;
flight book date;
whether the passenger is a member of a tour group;
check in details such as number of hold baggage items and
weight, whether bags are pooled, bag tag numbers, allocated
seating, check in time; and
reservation/check in agency remarks such as contact details,
seating preferences, whether passenger is a frequent ‗no
show‘ for booked flights, travel agency details and any other
information relevant to a passengers travel.
While the Customs Act permits an authorised user to access
passenger information for purposes under the Migration Act 1958,
PNR data is not directly used in the lodgement, processing or
finalisation of an ETA, eVisitor and eVisa.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 51
5
Compliance with data
protection principles
5.1
Ensuring full compliance
DIAC ensures that the Privacy Principles and all relevant sections of
the Privacy Act 1988 are applied to both regular and electronic visas
/ travel authorities. DIAC‘s internal Privacy Section performs reviews
of forms and statements within forms to ensure continued
adherence.
Compliance is monitored by DIAC‘s internal Privacy Section and the
Office of the Privacy Commissioner with DIAC undergoing audits to
determine their level of compliance with the Privacy Act 1988 and
related guidelines. The Australian National Audit Office (ANAO) has
also conducted reviews of the security and controls in place in
relation to the ETA system.
As a result of the 2008 follow-up audit of the ETA system, DIAC has
committed to undertaking a Privacy Impact Assessment on the
Central Movement Alert List (CMAL).
The following text outlines the eleven Information Privacy Principles
extracted from Section 14 of the Privacy Act 1988 to which DIAC
adheres.
Principle 1 - Manner and purpose of collection of personal
information
1. Personal information shall not be collected by a collector for
inclusion in a record or in a generally available publication unless:
(a) the information is collected for a purpose that is a lawful purpose
directly related to a function or activity of the collector; and
(b) the collection of the information is necessary for or directly
related to that purpose.
2. Personal information shall not be collected by a collector by
unlawful or unfair means.
Principle 2 - Solicitation of personal information from
individual concerned
Where:
(a) a collector collects personal information for inclusion in a record
or in a generally available publication; and
(b) the information is solicited by the collector from the individual
concerned;
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 52
Compliance with data protection principles
the collector shall take such steps (if any) as are, in the
circumstances, reasonable to ensure that, before the information is
collected or, if that is not practicable, as soon as practicable after the
information is collected, the individual concerned is generally aware
of:
(c) the purpose for which the information is being collected;
(d) if the collection of the information is authorised or required by or
under law - the fact that the collection of the information is so
authorised or required; and
(e) any person to whom, or any body or agency to which, it is the
collector's usual practice to
disclose personal information of the kind so collected, and (if known
by the collector) any person to whom, or any body or agency to
which, it is the usual practice of that first mentioned person, body or
agency to pass on that information.
Principle 3 - Solicitation of personal information generally
Where:
(a) a collector collects personal information for inclusion in a record
or in a generally available publication; and
(b) the information is solicited by the collector:
the collector shall take such steps (if any) as are, in the
circumstances, reasonable to ensure that, having regard to the
purpose for which the information is collected:
(c) the information collected is relevant to that purpose and is up to
date and complete; and
(d) the collection of the information does not intrude to an
unreasonable extent upon the personal affairs of the individual
concerned.
Principle 4 - Storage and security of personal information
A record-keeper who has possession or control of a record that
contains personal information shall ensure:
(a) that the record is protected, by such security safeguards as it is
reasonable in the circumstances to take, against loss, against
unauthorised access, use, modification or disclosure, and against
other misuse; and
(b) that if it is necessary for the record to be given to a person in
connection with the provision of a service to the record-keeper,
everything reasonably within the power of the record-keeper is done
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 53
Compliance with data protection principles
to prevent unauthorised use or disclosure of information contained in
the record.
Principle 5 - Information relating to records kept by recordkeeper
1. A record-keeper who has possession or control of records that
contain personal information shall, subject to clause 2 of this
Principle, take such steps as are, in the circumstances, reasonable
to enable any person to ascertain:
(a) whether the record-keeper has possession or control of any
records that contain personal information; and
(b) if the record-keeper has possession or control of a record that
contains such information:
(i) the nature of that information;
(ii) the main purposes for which that information is used; and
(iii) the steps that the person should take if the person wishes to
obtain access to the record.
2. A record-keeper is not required under clause 1 of this Principle to
give a person information if the record-keeper is required or
authorised to refuse to give that information to the person under the
applicable provisions of any law of the Commonwealth that provides
for access by persons to documents.
3. A record-keeper shall maintain a record setting out:
(a) the nature of the records of personal information kept by or on
behalf of the record-keeper;
(b) the purpose for which each type of record is kept;
(c) the classes of individuals about whom records are kept;
(d) the period for which each type of record is kept;
(e) the persons who are entitled to have access to personal
information contained in the records and the conditions under which
they are entitled to have that access; and
(f) the steps that should be taken by persons wishing to obtain
access to that information.
4. A record-keeper shall:
(a) make the record maintained under clause 3 of this Principle
available for inspection by members of the public; and
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
54
Compliance with data protection principles
(b) give the Commissioner, in the month of June in each year, a
copy of the record so maintained.
Principle 6 - Access to records containing personal
information
Where a record-keeper has possession or control of a record that
contains personal information, the individual concerned shall be
entitled to have access to that record, except to the extent that the
record-keeper is required or authorised to refuse to provide the
individual with access to that record under the applicable provisions
of any law of the Commonwealth that provides for access by
persons to documents.
Principle 7 - Alteration of records containing personal
information
1. A record-keeper who has possession or control of a record that
contains personal information shall take such steps (if any), by way
of making appropriate corrections, deletions and additions as are, in
the circumstances, reasonable to ensure that the record:
(a) is accurate; and
(b) is, having regard to the purpose for which the information was
collected or is to be used and to any purpose that is directly related
to that purpose, relevant, up to date, complete and not misleading.
2. The obligation imposed on a record-keeper by clause 1 is subject
to any applicable limitation in a law of the Commonwealth that
provides a right to require the correction or amendment of
documents.
3. Where:
(a) the record-keeper of a record containing personal information is
not willing to amend that record, by making a correction, deletion or
addition, in accordance with a request by the individual concerned;
and
(b) no decision or recommendation to the effect that the record
should be amended wholly or partly in accordance with that request
has been made under the applicable provisions of a law of the
Commonwealth;
the record-keeper shall, if so requested by the individual concerned,
take such steps (if any) as are reasonable in the circumstances to
attach to the record any statement provided by that individual of the
correction, deletion or addition sought.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 55
Compliance with data protection principles
Principle 8 - Record-keeper to check accuracy etc of
personal information before use
A record-keeper who has possession or control of a record that
contains personal information shall not use that information without
taking such steps (if any) as are, in the circumstances, reasonable to
ensure that, having regard to the purpose for which the information
is proposed to be used, the information is accurate, up to date and
complete.
Principle 9 - Personal information to be used only for
relevant purposes
A record-keeper who has possession or control of a record that
contains personal information shall not use the information except
for a purpose to which the information is relevant.
Principle 10 - Limits on use of personal information
1. A record-keeper who has possession or control of a record that
contains personal information that was obtained for a particular
purpose shall not use the information for any other purpose unless:
(a) the individual concerned has consented to use of the information
for that other purpose;
(b) the record-keeper believes on reasonable grounds that use of
the information for that other purpose is necessary to prevent or
lessen a serious and imminent threat to the life or health of the
individual concerned or another person;
(c) use of the information for that other purpose is required or
authorised by or under law;
(d) use of the information for that other purpose is reasonably
necessary for enforcement of the criminal law or of a law imposing a
pecuniary penalty, or for the protection of the public revenue;
or
(e) the purpose for which the information is used is directly related to
the purpose for which the information was obtained.
2. Where personal information is used for enforcement of the
criminal law or of a law imposing a pecuniary penalty, or for the
protection of the public revenue, the record-keeper shall include in
the record containing that information a note of that use.
Principle 11 - Limits on disclosure of personal information
1. A record-keeper who has possession or control of a record that
contains personal information shall not disclose the information to a
person, body or agency (other than the individual concerned) unless:
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
56
Compliance with data protection principles
(a) the individual concerned is reasonably likely to have been aware,
or made aware under Principle 2, that information of that kind is
usually passed to that person, body or agency;
(b) the individual concerned has consented to the disclosure;
(c) the record-keeper believes on reasonable grounds that the
disclosure is necessary to prevent or lessen a serious and imminent
threat to the life or health of the individual concerned or of another
person;
(d) the disclosure is required or authorised by or under law; or
(e) the disclosure is reasonably necessary for the enforcement of the
criminal law or of a law imposing a pecuniary penalty, or for the
protection of the public revenue.
2. Where personal information is disclosed for the purposes of
enforcement of the criminal law or of a law imposing a pecuniary
penalty, or for the purpose of the protection of the public revenue,
the record-keeper shall include in the record containing that
information a note of the disclosure.
3. A person, body or agency to whom personal information is
disclosed under clause 1 of this Principle shall not use or disclose
the information for a purpose other than the purpose for which the
information was given to the person, body or agency.
5.2
Minimising privacy impacts and risks
In order to minimise the privacy impacts and risks, DIAC has
attempted to mirror the requirements of the paper application forms
in the ETA, eVisitor and eVisa applications and procedures.
Assuming the appropriate security and controls are in place to
safeguard the data, the application of similar procedures and
requirements across regular and electronic visas should mitigate any
perceived or actual privacy risks beyond those existing in the regular
visa process.
Adherence with the Information Privacy Principles outlined in Section
5.1 assists DIAC in minimising the privacy impact.
5.3
Disclosure of data usage
In accordance with the Privacy Principles under the Privacy Act 1988
(Cth), DIAC takes such steps (if any) as are, in the circumstances,
reasonable to ensure that, before the information is collected or, if
that is not practicable, as soon as practicable after the information is
collected, the individual concerned is generally aware of:
the purpose for which the information is being collected;
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 57
Compliance with data protection principles
if the collection of the information is authorised or required by
or under law - the fact that the collection of the information is
so authorised or required; and
any person to whom, or any body or agency to which, it is the
collector's usual practice to disclose personal information of
the kind so collected, and (if known by the collector) any
person to whom, or any body or agency to which, it is the
usual practice of that first mentioned person, body or agency
to pass on that information.
When applying for an Internet ETA, potential applicants are able to
access information regarding privacy matters before starting an
application. The Your Privacy section details the Australian privacy
laws covering information received by Department, the data
encryption protocol used by the website (HTTPS) and the
information collected by DIAC.
When applying over the internet for an eVisitor or eVisa, potential
applicants are required to accept the Online Application Terms and
Conditions before commencing their application. The document
indicates that the information collected will be used for:
assessing the applicant‘s eligibility to be granted the visa for
which the applicant has applied; and
other purposes relating to the administration of the Migration Act,
for example, to assist migrants with settling in Australia, to
monitor the conduct of migration agents, or for ensuring
compliance with the Migration Act.
5.4
Right to access, correct and delete
personal data
Applicants are able to apply for access to documents containing their
personal information under The Freedom of Information Act 1982.
The applicant or someone authorised to access information on the
applicant‘s behalf can apply to do this at any DIAC office in Australia
and pay the relevant fee. Regardless of whether the applicant is
overseas or in Australia, they must also provide the Australian
Government office overseas with an address in Australia to which
copies of personal records can be sent.
Additional information on how to make a request under the Freedom
of Information Act is provided on Form 424A Request for access to
documents or information.
Applicants seeking an amendment or annotation of their personal
information held by DIAC, can obtain form 424C Request for
amendment or annotation to personal records under the Freedom of
Information Act 1982 from an office of DIAC or from DIAC‘s website.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
58
Compliance with data protection principles
5.5
Preventing unlawful data processing
The Privacy Act does not specify penalties for breaches of the
Information Privacy Principles or the National Privacy Principles,
though deliberate contravention of some of the credit reporting
provisions in Part IIIA of the Privacy Act does carry penalties. The
Privacy Commissioner may make determinations requiring the
payment of compensation for damages or other remedies, such as
the provision of access or the issuance of an apology. These
determinations can be enforced by the Federal Court or Federal
Magistrates Court.
The Office also has the power to initiate an investigation on its own
motion in appropriate circumstances without first receiving a
complaint.
5.6
Role of data protection supervisory
authority
As discussed in Section 5.1, compliance is monitored by DIAC‘s
internal Privacy Section and the Office of the Privacy Commissioner
with DIAC undergoing audits to determine their level of compliance
with the Privacy Act 1988 and related guidelines.
In 2006, DIAC and the Office of the Privacy Commissioner signed a
12 month Memorandum of Understanding with the objective of
collaborating in order to foster a high level of privacy awareness in
DIAC. The Office of the Privacy Commissioner noted that it was
looking forward to building new induction and training resources with
DIAC, working with DIAC to create privacy-smart computer systems
and travelling with DIAC as it assesses its programs for their privacy
impacts.
During the implementation of the ETA, eVisitor and eVisa, the Office
of the Privacy Commissioner was available to provide advice on the
application of the Privacy Act 1988 and in interpreting the Privacy
Principles where required.
5.7
Impact on fundamental rights to private
life
It is DIAC‘s view that the introduction of ETA, eVisitor and eVisa had
no incremental impact on the fundamental rights to private life and to
the protection of personal data.
5.8
Privacy issues surrounding biometric
data
As discussed in section 4.2.5, the Office of the Privacy
Commissioner suggested that any additional retention of personal
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 59
Compliance with data protection principles
identifiers and particularly biometric identifiers be undertaken with
caution and consideration of the principle of proportionality.
During a speech to the Biometrics Institute on Biometrics and
Privacy, Timothy Pilgrim (Deputy Privacy Commissioner) noted that
―biometric information is sensitive information. It is unique, high
quality data about a person‘s physical characteristics and for this
reason it needs to be treated with care. When we collect biometric
information from a person, we are not just collecting information
about that person, but information of that person. Biometric
information cuts across both information privacy and physical
privacy. It can reveal sensitive information about us; our health,
genetic background, age and it is unique to each of us. It is this
uniqueness which is one of the major advantages of biometric
information in terms of its powers of identification. However, this
same attribute can also create major privacy risks. The availability of
unique identifiers can enable greater surveillance and heighten the
risk of identity theft.‖
The Australian Law Reform Commission has proposed that
biometric information be classed as sensitive information under the
Privacy Act. As it stands, the Privacy Act regulates the handling of
personal information and sensitive information, with extra protections
specifically dealing with what is termed ―sensitive information‖.
The Office of the Privacy Commissioner highlighted the principles
that are especially important to Government agencies using
biometric systems, indicating that they should:
Collect information fairly and, as much as possible, directly
from the individual and with their knowledge. A concern
associated with biometric technologies is that biometric
information can be collected at a distance from the individual
and therefore without their knowledge.
Use biometric information only for what you say you will. A
temptation with rich high-quality data such as biometric
information is to find additional uses for it to ‗make the most of
it‘ so to speak. This is a major privacy faux pas known as
function creep. Individuals have given you their biometric
information in good faith, so you need to use it only for the
purposes you said you would. Otherwise you risk undermining
the individual‘s trust and potentially interfering with their
privacy. No one likes to feel as though they are losing control
of how their personal information is being used.
Secure biometric information appropriately. As this is a
sensitive form of information, you may need to take extra care
to ensure that it is encrypted, securely stored, only accessible
to authorised users and destroyed when no longer needed for
the purposes under which it was collected.
Allow for anonymity. A concern with biometric technology is
that because it can collect or authenticate a person‘s identity
without their knowledge, it could impinge upon a person‘s
ability to be anonymous. So think carefully about when it may
be appropriate not to identify someone. If your call centre has
voice recognition technology, allow individuals to opt-in to
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
60
Compliance with data protection principles
identification before you go ahead and identify them. Many
individuals will be pleased with the convenience of this form of
biometric technology, but you can be sure that they will
appreciate being asked beforehand.
The Biometrics Institute privacy code (approved by the Privacy
Commissioner in 2006) provides further guidance for organisations
that use biometric technologies, in including:
Ensuring that biometric information is encrypted immediately
after collection;
Destroying the original biometric information after encryption;
Holding biometric information separately from other personal
information;
De-identifying biometric information where practicable;
Allowing participation of individuals in biometric systems to be
voluntary;
Obtaining free and informed consent of the individual
concerned for any new uses of the biometric information
(beyond those originally intended);
Having a third party carry out audits of biometric systems; and
Doing Privacy Impact Assessments.
As a sign of the importance of privacy issues when dealing with
biometric data, the Biometrics for Border Control program involved
DIAC of Immigration and Citizenship, Australian Customs Service,
DIAC of Foreign Affairs and Trade and the Office of the Privacy
Commissioner.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 61
6
Implementation
6.1
Role of private sector in
implementation
A public private partnership (PPP) was not used during the
implementation of the ETA system. The ETA system was developed
by DIAC and CPS Systems working in partnership with SITA. SITA
provides the network services using its Request Capture and
Request Processing Systems. The ETA system interfaces DIAC‘s
immigration systems with airline and travel agent‘s systems.
According the Performance Audit conducted by the Australian
National Audit Office (ANAO), DIAC considered there were
possibilities for commercialising the ETAS. Ownership of intellectual
property for the ETAS is licensed to CPS Systems. This allows CPS
Systems to commercialise the system and sell all or part of it to
overseas Governments. Under the contract, such commercialisation
to other Governments or organisations will allow for a return to DIAC
of 4.5 per cent of any infrastructure fee and transaction fees payable
on the sale of each new system, for up to five years of any new
contract. The ETAS product is marketed as iBorders by CPS
Systems (a wholly owned subsidiary of SITA since 2008).
The contract with the third parties includes clauses regarding the
application of personal data principles and requires the contractors
to maintain appropriate government security clearances. DIAC‘s
ability to apply its privacy principles to the contractor‘s operations
provides an avenue for mitigating the risks associated with personal
data protection.
The eVisitor and eVisa products operate on the eBusiness platform
in the Integrated Client Services Environment (ICSE). The system
was implemented as a purely governmental system.
6.2
Phasing of implementation
6.2.1 Implementation of ETA
The ETA system was ready to be implemented on day one, but was
rolled-out gradually with additional countries being added to the
eligible list each year. The roll-out of the ETA system occurred as
MOUs were agreed and as training was available. For example, the
ETA system was extended to Portugal in 2001 on the basis of a new
agreement in which Portugal would provide visa-free access to
Australian visitors.
The following table is reproduced from the 1999-2000 Performance
Audit of the Electronic Travel Authority by the ANAO with additional
information being added from after the report was published.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 62
Implementation
Nationality
Date commenced use
Date of roll-out
Andorra
18/06/1997
01/07/1998
Austria
24/03/1997
24/04/1997
Belgium
24/03/1997
17-06-1997
Brunei
24/03/1997
01/10/1997
Canada
25/09/1996
25/09/1996
Denmark
24/03/1997
10/12/1996
Finland
24/03/1997
14/10/1997
France
01/07/1998
01/07/1998
Germany
24/03/1997
24/04/1997
Greece
24/03/1997
01/07/1997
Hong Kong (SAR)*
01/07/1999
01/07/1999
Iceland
18/06/1997
05/09/1997
Ireland
24/03/1997
17/06/1997
Italy
24/03/1997
27/01/1998
Japan
27/11/1997
27/11/1996
Liechtenstein
18/06/1997
18/06/1997
Luxembourg
24/03/1997
17/06/1997
Malaysia
24/03/1997
14/04/1997
Malta
24/03/1997
-
Monaco
18/06/1997
01/07/1998
The Netherlands
24/03/1997
24/04/1997
Norway
24/03/1997
11/02/1998
Portugal
01/08/2001
01/08/2001
San Marino
01/07/2002
01/07/2002
Singapore
11/09/1996
11/09/1996
South Korea
24/03/1997
24/04/1997
Spain
01/01/1998
01/07/1998
Sweden
24/03/1997
14/01/1998
Switzerland
24/03/1997
24/04/1997
Taiwan**
01/07/1999
01/07/1999
United Kingdom - British
Citizen
05/02/1997
24/03/1997
United Kingdom – British
National (Overseas)
05/02/1997
24/03/1997
United States of
America
11/09/1996
25/09/1996
Vatican City
01/07/1998
01/07/1998
6.2.2 Implementation of eVisitor
The implementation of eVisitor was the rolling out of a new electronic
visa product, rather than the implementation of a new visa system.
eVisitor leveraged the existing eBusiness system and Integrated
Client Services Environment (ICSE) to deliver the service.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 63
Implementation
This enabled eVisitor to be rolled-out across all 35 EU member
states at midnight 27 October 2008. The big bang approach was
driven by Australia‘s commitment to the European Union on shortterm entry reciprocity issues.
6.2.3 Implementation of eVisa
The eVisa program began in December 2000 after the feasibility of
enabling visa applications to be lodged online, via the Internet, had
been tested. The proof-of-concept for electronic visa lodgement
began in 1999 with the Student Internet Project that enabled
Australian universities to lodge student-permission-to-work
applications via the Internet.
eVisa products are delivered through the eBusiness system and
ICSE with additional products being steadily rolled-out, as illustrated
below with a few examples.
In October 2001, DIAC launched eVisa and enabled eligible
travellers to apply for a resident return visa, for further stay as a
visitor and student visas from offshore. Some of the products still
required a visa label to be placed in the passport at one of DIAC‘s
office, but the student visa and tourist extension visa had no
requirement for a physical visa label.
In July 2002, an electronic lodgement facility was made available to
working holiday makers. The take-up rate for eVisa amongst the
working holiday makers is relatively high with approximately 98%
using the electronic lodgement channels during 2008-09.
In 2004, student eVisa was introduced as a trial for selected
Assessment Level 2–4 countries. Applicants from these countries
can lodge applications via the internet through selected education
agents who have signed a Facilities Access Agreement with DIAC.
In July 2005, an eVisa lodgement option was introduced, allowing
overseas students in Australia and Skilled Independent visa
applicants to lodge their visa application over the internet.
6.3
Effect of travel method on
implementation
The implementation was not impacted by the way in which a traveller
intends to travel to Australia.
6.4
Implementation time frames
Development of the ETA system commenced in January 1996. It
was implemented in Singapore on a trial basis on 11 September
1996, for Singapore and US passport holders travelling on Qantas
and Singapore Airlines.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
64
Implementation
Following the proof-of-concept in 1999, the eVisa program
commenced in 2000 with the system and first eVisa products being
rolled-out in 2001.
The eBusiness platform and ICSE that served as the basis for eVisa
enabled DIAC to conduct a trial in May 2001 to allow applicants to
obtain an ETA over the Internet. Implementation began in June
2001.
Design and implementation of the eVisitor product began in late2007 and was rolled-out on 27 October 2008. The relatively short
timeframe is due to the circumstances outlined in Section 6.2.2, that
is, that the implementation of eVisitor was the rolling out of a new
electronic visa product, rather than the implementation of a new visa
system.
6.5
Leveraging existing applications and
infrastructure
The ETA implementation did not leverage existing applications within
DIAC‘s IT environment, but did leverage the existing SITA network
outside DIAC‘s environment. Leveraging the substantial network
enabled DIAC to implement the system more rapidly and without the
potential cost of a global implementation of applications and network
infrastructure.
eVisa did not substantially leverage any of DIAC‘s existing
applications and infrastructure during the implementation phase. The
eVisa program and introduction of the eBusiness system and ICSE
were seen as the infrastructure that would serve as the basis for
future developments for the foreseeable future. For example, the
eVisitor product was released on this platform in 2008. The key
advantage of leveraging the existing infrastructure was the speed of
implementation.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 65
7
Practical and Procedural
Issues
7.1
Application processing times
An ETA can often be obtained in a matter of seconds through the
auto-grant facility; which performs checks against the Central
Movement Alert List (CMAL). If an ETA is not auto-granted, DIAC
has 12 hours to make a grant decision.
An eVisitor can also often be obtained in a matter of seconds
through the auto-grant facility. Once an application for an eVisitor is
lodged through the internet, more than 80 per cent of cases receive
notification of an auto-grant within minutes. The remaining
applications are referred for manual assessment. These applications
have a service standard of 2-10 working days for finalisation.
While the systems have a demonstrated capability for delivering a
quick turnaround, DIAC advises applicants to apply for an ETA or
eVisitor at least two weeks before the proposed date of travel. The
application processing times for an eVisa vary across the 27 eVisa
products.
DIAC publishes Client Service Standards to set expectations
regarding processing times and the requirements placed on the
applicants. The standard processing times are applicable provided
all documents are submitted with the application form. The process
may be delayed if additional information is required, including health
examination and character checks.
If an application is submitted through DIAC‘s website, the processing
times may be different from those shown below.
Standard processing times for visas for visiting Australia for
tourism or medical treatment:
Applicant in Australia at
time application is lodged
Applicant outside
Australia at time
application is lodged
Low Risk*
High Risk
Low Risk*
High Risk
Sponsored Visitors
n/a
n/a
n/a
1.5 months
Non-Sponsored
Visitors (short stay)
1 working
day
1 week
1 working
day
1 month
Non-Sponsored
Visitors (long stay)
1 working
day
1 month
1 working
day
1.5 months
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 66
Practical and Procedural Issues
Standard processing times for visas for working in Australia
– short business visits:
Applicant in Australia at
time application is lodged
Applicant outside
Australia at time
application is lodged
Low Risk*
High Risk
Low Risk*
High Risk
Sponsored Business
Visitors
n/a
n/a
n/a
1 months
Non-Sponsored
Business Visitors
n/a
n/a
1 working
day
1 month
Standard processing times for visas for working in Australia
as a sponsored employee or living in Australia as a
temporary resident:
Applicant in Australia at
time application is lodged
Applicant outside
Australia at time
application is lodged
Low Risk*
High Risk
Low Risk*
High Risk
Business (Long Stay)
Subclass 457
2 months
3 months
2 months
3 months
Other sponsored
temporary residents
2 months
3 months
2 months
3 months
* Low risk applies to nationals from countries which issue Electronic
Travel Authority (ETA) or eVisitor eligible passports. A list of these
can be found on DIAC's website. High risk countries are those which
are not ETA or eVisitor eligible.
Standard processing times for Working Holiday visas:
First Working Holiday
visa
Working Holiday visa
holders
Second Working Holiday
visa
6 days
21 days
Standard processing times for visas for studying in
Australia:
Applicant in Australia
at time application is
lodged
Applicant outside Australia at time
application is lodged
Assessment
Level*
Level
1/2*
Level
3/4*
Level 1
Level 2
Level ¾
Students
14 days
30 days
14 days
21 days
90 days
Students:
permission to
work
7 days
7 days
n/a
n/a
n/a
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 67
Practical and Procedural Issues
* Student visa applications are assessed, among other things,
according to an assessment level, which is determined by the
passport held and the visa subclass.
7.2
Application lodgement channels
The lodgement channels available differ across ETA, eVisitor and
ETA and are outlined in the following sections.
However, regardless of the lodgement channel utilised, applicants
may arrange for another person to help them complete the
application form. In accordance with Section 98 of the Migration Act
1958, ―a non‑citizen who does not fill in his or her application form or
passenger card is taken to do so if he or she causes it to be filled in
or if it is otherwise filled in on his or her behalf‖.
7.2.1 ETA application lodgement channels
ETA applications are generally required to be made from offshore,
with limited exceptions available for the purpose of immigration
clearance. Applicants are able to apply for an ETA through:
the internet (if their passport is eligible);
a travel agent, airline or specialist service provider arranging an
ETA on the applicant‘s behalf; or
an Australian visa office outside Australia
These lodgement channels reflect demand from users of the ETA
and leveraging of existing infrastructure.
Regardless of the lodgement channel used, the applicant should
receive a confirmation notice when an ETA is granted for their
personal records (ie the confirmation is not used as evidence of the
ETA).
7.2.2 eVisitor application lodgement channels
An eVisitor can only be applied for over the internet and only if the
applicant is outside Australia. The lodgement channel reflects the
need for the process to meet visa reciprocity arrangements agreed
by the EU and Australia.
7.2.3 eVisa application lodgement channels
The extent to which eVisa applications may be made onshore/
offshore depends on each particular eVisa product‘s conditions and
requirements.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
68
Practical and Procedural Issues
Eligible travellers can apply for their eVisa over the internet, using
the eBusiness platform.
Alternatively, travellers can arrange for an approved travel agent to
make an eVisa application on their behalf, without having to post
their passports and documents or arrange a visit to an Australian
immigration office.
If travellers elect not to obtain an eVisa, they can still follow the
regular visa process through lodgement of the corresponding paper
visa application form via the standard lodgement channels.
7.3
Application submission process
7.3.1 ETA application submission process
An individual may lodge an ETA application through any of the
channels outlined in section 7.2.1. If lodgement is made through the
internet ETA system at www.eta.immi.gov.au, the applicant must pay
the relevant service charge on submission. Once submitted, the
applicant receives a Reference Number to enable them to check the
progress of their application through the same website. If the
applicant uses a third party (ie a travel agent) to submit the
application through the SITA network, the applicant is unable to use
the internet ETA system to check the status of their ETA. Instead,
they should contact the travel agent or provider directly to check the
status.
If the applicant needs to change details on the ETA, they are
required to make a new application. As travellers can only hold one
ETA at any point in time, the new ETA will replace the ETA
previously linked to the traveller‘s passport.
7.3.2 eVisitor application submission process
eVisitor applications can only be submitted via DIAC‘s website
(https://www.ecom.immi.gov.au/visas/app/uu?form=TV). When an
individual starts an internet application, they are asked a series of
questions to determine whether they are eligible to continue with
their eVisitor application. If eligible, applicants are required to
complete the necessary data fields and attach the necessary
documentation when prompted.
Once submitted, the applicant receives a Transaction Reference
Number (TRN) to enable them to check the progress of their
application.
If the applicant obtains a new passport or needs to update their
details after the eVisitor is granted, they must advise DIAC of the
latest details before travelling to Australia. Channels for
communicating with DIAC include phone, email, post and in person.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 69
Practical and Procedural Issues
7.3.3 eVisa application submission process
eVisa applications can be submitted through the lodgement
channels outlined in section 7.2.3, which includes DIAC‘s website
(http://www.immi.gov.au/e_visa/). Applicants are required to
complete the necessary data fields and attach the necessary
documentation when prompted. If lodging through a Departmental
office, applicants may be required to make an appointment.
Once submitted, the applicant receives a Transaction Reference
Number (TRN) to enable them to check the progress of their
application.
If the applicant obtains a new passport or needs to update their
details after the eVisa is granted, they must advise DIAC of the latest
details before travelling to Australia.
7.3.4 Linguistic aspects
ETA, eVisitor and eVisa applications must be completed in English.
However, a Japanese version of the internet ETA page is available.
Applicants may arrange for another person to help them complete
the application form. However, in accordance with Section 98 of the
Migration Act 1958, a non‑citizen who does not fill in his or her
application form or passenger card is taken to do so if he or she
causes it to be filled in or if it is otherwise filled in on his or her
behalf.
While DIAC does not currently provide a translation service to ETA,
eVisitor and eVisa applicants, it has occasionally provided ad hoc
support to applicants.
7.4
Digital signatures and passwords
eVisa services require an applicant‘s browser to support 128 bit
encryption.
In addition, when applying through the eBusiness platform for an
eVisa or eVisitor, applicants are able to save their draft application.
The ability to save applications provides a benefit to both applicants
with unreliable internet connections and those that may have
insufficient documentation when first attempting to complete the
application. If an applicant chooses to save their application, they
are provided with a saved application ID and a password. The
password is required to access their draft application in future.
7.5
Validity period
An ETA enables an individual to stay in Australia for up to three
months per visit within the validity of the visa. ETAs are valid for 12
months from the date of grant, or for the life of the passport if the
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
70
Practical and Procedural Issues
passport expires less than 12 months from the date the ETA was
granted. An ETA is not designed to allow repeated extended stays in
Australia. If a traveller is interested in spending long periods in
Australia for tourism purposes, they should consider applying for a
six or 12 month Tourist visa (subclass 676) or an alternative visa that
is more closely aligned with their requirements
An eVisitor enables an individual to stay in Australia for up to three
months per visit within a 12 month period from the date of grant. The
reasons behind the 12 month validity period are similar to that of the
ETA.
The eVisa products have a variety of validity periods with the period
of stay and number of entries available reflecting the underlying the
objective of the particular visa subclass (ie to study). For example,
an e676 tourist visa will allow an individual either a single or multiple
entry to Australia for a stay period of up to three, six or 12 months.
Student visas, on the other hand, allows a student to stay in
Australia for the duration of their course.
7.6
Pre-checks
DIAC performs pre-checks of applicants and relevant travel
documents against the internally maintained Central Movement Alert
List (CMAL).
During the issuing process, checks are also performed to determine
what other visas are held by the applicant.
Full details of the databases checked throughout the border
management process are available in section 4.3.
7.7
Automation of pre-checking
The initial pre-checking process is automated, but the process still
requires manual intervention in some instances. For example, the
systems all perform automatic checks of the applicant‘s details
against the CMAL, but if a match occurs, an officer is required to
make a determination.
7.8
On-site applications
While travellers‘ visas/travel authorisations are required to be
verified at check-in, if a traveller manages to reach immigration
clearance in Australia without an appropriate visa or travel
authorisation, they are still, in limited circumstances, able to apply for
an ETA, if they are from an ETA-eligible country. These applications
can be granted by Immigration Officers who have a version of the
ETA system available to them. If a traveller is only eligible for an
eVisa or eVisitor, they will not be able to apply for an eVisitor and
eVisa on-site.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 71
Practical and Procedural Issues
Note: on-site ETA applications are not encouraged and are only
provided in limited circumstances.
7.9
Urgent applications
The auto-grant nature of the majority of ETA and eVisitor
applications means that last minute and emergency applications can
be handled using the standard workflow. In 2008-09, 86.01% of
eVisitor applications were auto-granted.
Additionally, airlines have the facility to accept last minute
applications for ETAs at the airport. However, airlines do not
encourage this behaviour as they believe it creates congestion at
airports and increases pressure at check-in.
eVisa applications are triaged according to their risk profile. Low risk
applicants are subject to a streamlined process and auto-granting.
Medium to high risk applicants may need to provide additional
evidence to meet requirements. An urgency level is not captured by
the system and the ability to obtain a last minute eVisitor or eVisa is
directly dependent on the applicants assessed risk level.
Consequently, it is recommended that traveller‘s bypass the elodgement channels and contact an immigration office directly (ie
visit an overseas post if outside Australia).
7.10 Evidence of authorisation
As ETA, eVisitor and eVisa are all electronic records, they can only
be verified through the use of electronic systems (ie the ETA
system). Consequently, for operational reasons, travellers are not
provided with physical evidence of their ETA, eVisitor and eVisa.
However, applicants are sent notification of an eVisitor/eVisa grant
via email. The notification describes the conditions that apply to the
eVisitor/eVisa, but is not used as physical evidence at the border
crossing. Travellers must provide their passport to an Australian
Customs and Border Protection Service officer at the border
crossing point for the purpose of validating their ETA, eVisitor or
eVisa.
7.11 Responsibility of airlines and carriers
in performing checks
In 1998, DIAC setup a voluntary program with airlines to enable
Advance Passenger Processing (APP) which checks passenger‘s
details and their authority to travel against DIAC‘s systems. The
program was governed through Memorandums of Understanding
between DIAC and the individual airlines.
In 2003, DIAC made it mandatory for carriers to perform APP at
check-in and introduced legislation (Division 12B of the Migration Act
1958) to govern the process. Understanding the impact that the
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
72
Practical and Procedural Issues
changes would have on carriers‘ systems and interfaces, DIAC
followed a phased implementation. The phased implementation of
airlines and cruise ships was completed in 2008.
An APP infringement regime commenced for air operations on 1 July
2009. Airlines must lodge expected movement records in the APP
and meet a minimum threshold of 99.8% compliance. Airlines that
achieve a compliance rate of 99.8% will not be subject to fines in the
following month. Airlines with a compliance rate below 99.8% will be
fined.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 73
8
Financial aspects
8.1
Estimated and actual cost of
implementation
8.1.1 ETA costs
DIAC‘s executive approved an investment of AUD$5.9 million for the
ETA in June 1995. DIAC estimated the actual development cost at
$6m in the Australian National Audit Office (ANAO) performance
audit in 1999.
DIAC reported to the ANAO that the cost of operating the ETA
system in 1997–98 was $4.4 million. However, this cost does not
include significant costs attributable to the ETA system, such as:
DIAC‘s administrative costs in managing the ETA system;
DIAC and CPS Systems travel associated with establishing
the ETA system in each country;
work the Entry Operations Centre undertakes in responding to
ETA-related requests for assistance from airlines and
Departmental staff at the border;
consequential redundancies in Australian overseas posts; and
TIETACs (Travel Industry Electronic Travel Authority Checkin) from non-ETA visas.
While DIAC was unable to provide information on the current cost
structure for the ETA system, the ANAO reported in the 1999-2000
Performance Audit Report that DIAC‘s major ETA related costs were
transaction-based, generated from application and check-in
transactions (estimated at $5.5 million for the 1998–99 period). As
the value of the contract between the Commonwealth and CPS
Systems Pty Ltd is commercial-in-confidence, financial information
can only be provided on the basis of publicly available data.
However, other than the information provided there was no relevant
financial information available in the public domain. DIAC, in
accordance with Commonwealth Procurement Guidelines, has
reported a number of contracts awarded to CPS Systems with the
largest contract being for ETAS/APP and related border control
systems.
ETAS/APP and related border control systems
Contract Period
04/02/2007 – 03/02/2013
Current Value
$66,908,597 (contract period extended from 2011 to 2013)
Original Value
$44,200,000
As DIAC was the flagship for the roll-out of the ETA system and the
figures presented are up to 15 years old, the costs presented do not
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 74
Financial aspects
necessarily reflect what an organisation would incur if implementing
a similar system in 2010. For further details on the product range
and their related costs, it is recommended that CPS Systems be
contacted directly.
8.1.2 eVisitor costs
Financial information, beyond that in the public domain, is
confidential and consequently cannot be shared. There was no
relevant financial information available in the public domain.
However, eVisitor was developed internally based on the existing
eVisa infrastructure. Therefore, it is more appropriate to consider the
eVisitor implementation as the roll-out of a new product, rather than
a new system implementation.
8.1.3 eVisa costs
The Australian Government Information Management Office‘s
(AGIMO) case study on eVisa indicated that the total expenditure
between 1999 to post-2004 for eVisa was in excess of $10 million. In
the course of development, it was recognised that a learning
premium was incurred to bring skills into the organisation and this
would be of benefit to future programs.
Cost estimating for this program was a learning experience and
DIAC was aware of this from the beginning. Departmental staff
sought to educate themselves about cost estimation requirements in
this new environment, learn from the experience, understand the
risks and plan accordingly for future programs. The accuracy of cost
estimates was affected by:
under-estimating the resources needed to deliver the product on
time;
inaccurately estimating the cost of implementing lessons learned
while developing the program;
under-estimating the extent of staff on-call costs for 24-hour-7day support; and
not providing for the full cost of upgrading the Internet gateway
(SSL encryption needed a special licence from the United States
and seeking knowledge and guidance was difficult and
expensive).
Financial information on operating costs, beyond that in the public
domain, is confidential and consequently cannot be shared. There
was no relevant financial information available in the public domain.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 75
Financial aspects
8.2
Key cost components
8.2.1 ETA cost components
Under the current contractual arrangements, payments to CPS
Systems include:
an annual infrastructure fee, which varies from year to year;
a fee per TIETAR, payable for each completed ‗request for
visa‘; and
a fee per TIETAC, payable on each completed check-in
transaction.
DIAC also pays CPS Systems for:
contract management services, on a time and materials basis,
charged at the contractor‘s published rates;
travel and accommodation costs incurred in providing the
services;
facility management fees for housing the Request Processing
System; and
telecommunication charges for various connections to the
Request Processing System.
A $10,844,790 contract was published in the Australian Government
Tender System for Processing Charges for the period from
16/08/2004 to 30/06/2005.
8.2.2 eVisitor cost components
Financial information, beyond that in the public domain, is
confidential and consequently cannot be shared. There was no
relevant financial information available in the public domain.
8.2.3 eVisa cost components
Financial information, beyond that in the public domain, is
confidential and consequently cannot be shared. There was no
relevant financial information available in the public domain.
8.3
Fees
The following table details DIAC‘s visa application charges (in AUD).
The visa application charge limit is determined under the Migration
(Visa Application) Charge Act 1997.
Visa subclass
Visa Application Charge
Skilled – Independent (Migrant) visa (subclass 175)
$2525 (1st instalment)
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
76
Financial aspects
Visa subclass
Visa Application Charge
$3510 (2nd instalment)
Skilled – Sponsored (Migrant) visa (subclass 176)
$2525 (1st instalment)
nd
$3510 (2 instalment)
Working Holiday visa (subclass 417)
$230
Business (Short Stay) visa
(Subclass 456)
$105
Temporary Business (Long Stay) – Standard
Business Sponsorship
(Subclass 457)
$260
Sponsored Business Visitor (Short Stay)
(Subclass 459)
$105
Work and Holiday visa
(Subclass 462)
$230
Skilled – Regional Sponsored visa (subclass 475)
Skilled – Recognised Graduate visa (subclass 476)
$2525 (1st instalment)
$3510 (2nd instalment)
$230
Skilled – Graduate visa (subclass 485)
$230
Skilled – Regional Sponsored (Provisional) visa
(subclass 487)
$2525 (1st instalment)
$230 (12mth renewal)
$3510 (2nd instalment)(if
applicable)
Superyacht Crew (Subclass 488)
Nil
Independent ELICOS
Temporary Visa (Subclass 570)
Nil* (Approved schemes)
$540 (All other cases)
Schools
Temporary Visa (Subclass 571)
Nil* (Approved schemes)
$540 (All other cases)
Vocational Education and Training
Temporary Visa (Subclass 572)
Nil* (Approved schemes)
$540 (All other cases)
Higher Education
Temporary Visa (Subclass 573)
Nil* (Approved schemes)
$540 (All other cases)
Postgraduate Research
Temporary Visa (Subclass 574)
Nil* (Approved schemes)
$540 (All other cases)
Non Award
Temporary Visa (Subclass 575)
Nil* (Approved schemes)
$540 (All other cases)
AusAID or Defence Sponsored Temporary Visa
(Subclass 576)
Nil
eVisitor
Business (Subclass 651)
Nil
eVisitor
Tourist (Subclass 651)
Nil
Medical Treatment Short Stay Visa (Subclass 675)
Nil (outside Australia)
$225 (in Australia)
Tourist Visa (Subclass 676)
Nil (e676 - Nationals of
EU Member States for
stays up to three months)
$105 (outside Australia)
$250 (in Australia)
Sponsored Family Visitor visa (Subclass 679)
$105
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 77
Financial aspects
Visa subclass
Visa Application Charge
Medical Treatment Long Stay Visa (Subclass 685)
$55 (outside Australia)
$225 (in Australia)
Nil
Transit Visa (Subclass 771)
Skilled – Independent (Residence) visa (subclass
885)
Skilled – Sponsored (Residence) visa (subclass
886)
$2525 (1st instalment)
$3510 (2nd instalment)
$2525 (1st instalment)
$3510 (2nd instalment)
Skilled – Regional visa (subclass 887)
$230 (1st instalment)
$3510 (2nd instalment)
Electronic Travel Authority
Business Entrant - Long Validity (Subclass 956)
$90
Electronic Travel Authority
Visitor (Subclass 976)
Nil
Electronic Travel Authority
Business Entrant - Short Validity (Subclass 977)
Nil
Maritime Crew Visa
Nil
* Nil fee applies to students sponsored under Commonwealth
approved programs, secondary exchange students and students
affected by the closure of their education provider. Note: The eVisa
service does not accept VAC free applications.
The Student visa application charge includes an International
Education Contribution of $115. This contributes to Australian
Government initiatives to support international education through
DIAC of Education, Employment and Workplace Relations.
While DIAC does not charge an application fee, an $A20 service
charge applies for internet ETA applications. The fee is charged by
the contractor that administers the ETA system (CPS Systems Pty
Ltd) to recover the costs of operating the service and is nonrefundable, regardless of the outcome of the application. The
majority of travel agents and airlines also impose their own service
charge for lodgement of ETA applications on a client‘s behalf, which
may be lodged through the SITA network or the internet.
Applications for an Electronic Travel Authority Business Entrant Long Validity (Subclass 956) cannot be made via the internet.
Consequently, a visa application charge applies to cover the
additional cost associated with the manual handling of applications.
8.4
Application volumes
The following table details the number of visitor visa grants from 1
July 2008 - 30 June 2009 and the proportion that are electronically
administered where information is available.
Visa subclass
Skilled – Independent (Migrant) visa (subclass 175)
Skilled – Sponsored (Migrant) visa (subclass 176)
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
Grants
N/A
N/A
78
Financial aspects
Visa subclass
Grants
Working Holiday visa (subclass 417)
187,696
(98% eVisa)
(77% autogranted)
Business (Short Stay) visa
(Subclass 456)
170,787 (subclasses
456, 459 combined)
Temporary Business (Long Stay) – Standard Business
Sponsorship
(Subclass 457)
101,280
(81.8% eVisa)
Sponsored Business Visitor (Short Stay)
(Subclass 459)
170,787 (subclasses
456, 459 combined)
Work and Holiday visa
(Subclass 462)
6,407
(75.78% eVisa)
Skilled – Regional Sponsored visa (subclass 475)
Skilled – Recognised Graduate visa (subclass 476)
N/A
N/A
Skilled – Graduate visa (subclass 485)
N/A
Skilled – Regional Sponsored (Provisional) visa
(subclass 487)
N/A
Superyacht Crew (Subclass 488)
113
Independent ELICOS
Temporary Visa (Subclass 570)
36,721
(51.9% eVisa take-up
across student
subclasses)
Schools
Temporary Visa (Subclass 571)
14,186
(51.9% eVisa take-up
across student
subclasses)
Vocational Education and Training
Temporary Visa (Subclass 572)
104,064
(51.9% eVisa take-up
across student
subclasses)
Higher Education
Temporary Visa (Subclass 573)
133,990
(51.9% eVisa take-up
across student
subclasses)
Postgraduate Research
Temporary Visa (Subclass 574)
8,354
(51.9% eVisa take-up
across student
subclasses)
Non Award
Temporary Visa (Subclass 575)
18,972
(51.9% eVisa take-up
across student
subclasses)
AusAID or Defence Sponsored Temporary Visa
(Subclass 576)
4,081
(51.9% eVisa take-up
across student
subclasses)
eVisitor
Business (Subclass 651)
19,110
(86.01% of eVisitors
autogranted)
eVisitor
Tourist (Subclass 651)
204,214
(86.01% of eVisitors
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 79
Financial aspects
Visa subclass
Grants
autogranted)
Medical Treatment Short Stay Visa (Subclass 675)
2,328 offshore
73 onshore
Tourist Visa (Subclass 676)
582,665 offshore
26,224 onshore
(eVisa proportion
uncertain)
(53.46% of e676
applications
autogranted)
Sponsored Family Visitor visa (Subclass 679)
22,899
Medical Treatment Long Stay Visa (Subclass 685)
Transit Visa (Subclass 771)
160 onshore
633 offshore
N/A
Skilled – Independent (Residence) visa (subclass 885)
N/A
Skilled – Sponsored (Residence) visa (subclass 886)
N/A
Skilled – Regional visa (subclass 887)
N/A
Electronic Travel Authority
Business Entrant - Long Validity (Subclass 956)
8,447
Electronic Travel Authority
Visitor (Subclass 976)
2,158,021
Electronic Travel Authority
Business Entrant - Short Validity (Subclass 977)
159,368
Maritime Crew Visa
N/A
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
80
9
Legal aspects
9.1
Legal framework
The following Acts of legislation relate to DIAC‘s activities:
Aliens Act Repeal Act 1984
Australian Citizenship Act 2007
Australian Citizenship Act (Transitionals and Consequentials)
Act 2007
Immigration (Education) Act 1971
Immigration (Education) Charge Act 1992
Immigration (Guardianship of Children) Act 1946
Migration Act 1958
Migration Agents Registration Application Charge Act 1997
Migration (Health Services) Charge Act 1991
Migration (Sponsorship Fees) Act 2007
Migration (Visa Application) Charge Act 1997
The key legal framework relating to ETA, eVisitor and eVisa is the
Migration Act 1958 which addresses:
General provisions about visas;
Applications for visas;
Code of procedure for dealing fairly, efficiently and quickly with
visa applications;
Grant of visas;
Evidence of visas;
Bridging visas;
Other provisions about visas;
Limit on visas;
Safe third countries;
Temporary safe haven visas;
Non-citizens with access to protection from third countries;
Other provisions about protection visas;
The ―points‖ system;
Visas based on incorrect information may be cancelled;
Visas may be cancelled on certain grounds;
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 81
Legal aspects
Procedure for cancelling visas under Subdivision D in or outside
Australia;
Other procedure for cancelling visas under Subdivision D outside
Australia;
Cancellation of business visas;
Automatic cancellation of student visas;
Cancellation of regional sponsored employment visas;
General provisions on cancellation; and
Personal identifiers.
9.2
Responsible authority
DIAC of Immigration and Citizenship‘s purpose statement is ―building
Australia‘s future through the well-managed entry and settlement of
people‖. DIAC's key objectives, as set out in The DIAC Plan are to:
manage the lawful and orderly entry and stay of people in
Australia, including through effective border security; and
promote a society which values Australian citizenship,
appreciates cultural diversity and enables migrants to
participate equitably.
To deliver on these objectives, DIAC has responsibility for granting
visas for migrants, temporary entrants, business visitors, students
and tourists, including identifying prior to arrival those entitled to
lawfully enter Australia.
9.3
Family members of Australian citizens
All non-citizens not exempted under Section 42 of the Migration Act
1958 are required to apply for an ETA, eVisitor, eVisa or regular
visa.
Family members of Australian citizens are not an exemption under
Section 42 of the Migration Act 1958 and are therefore required to
apply for an ETA, eVisitor or eVisa where appropriate.
9.4
Consequence of refusal for visaexempted travellers
If a traveller is unable to be autogranted an ETA, eVisitor or eVisa,
they will be referred to a post or onshore processing centre for
manual processing and assessment. The referral may sometimes
not be visible to the applicant and will occur in the background
during the processing period.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
82
Legal aspects
If the applicant is refused a certain visa subclass, they will be
provided with reasons behind the refusal decision. Based on this
information, the individual may choose to lodge an application for
another visa subclass that is suitable. While the initial refusal will be
noted in DIAC‘s systems, it will not prevent the individual from
lodging an application for another visa subclass.
In accordance with section 501 of the Migration Act, the Minister
may refuse to grant a visa to a person if the person does not satisfy
the Minister that the person passes the character test defined in
subsection (6). If an applicant is not satisfied with the outcome of
their visa application, applications may be made to the
Administrative Appeals Tribunal for review of decisions of a delegate
of the Minister under section 501 of the Act.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 83
10
Impact on stakeholders
10.1 Impact on border control procedures
Since 1975, Australia has required all non-citizens travelling to
Australia to have a visa before arriving in Australia. Visas were
generally physical labels affixed to a traveller‘s passport and
Customs officers examined visas on-arrival at an Australia port.
Consequently, while DIAC had biographic data and other information
about travellers before they arrived, the physical inspection at the
border was the first time Department and Customs officers had the
opportunity to examine passengers‘ travel documentation after
granting the visa. A combination of increasing passenger numbers,
dissatisfaction with the time taken during the visa application
process and arrival processes, and the evolution of technology led to
options for automating some processes.
Alongside other technical advances made by DIAC, the introduction
of the ETA, eVisitor and eVisa were key events in facilitating
Advance Passenger Processing (APP). The data captured in the
ETA, eVisitor and eVisa provides Customs officers on the primary
line at Australian ports with additional information for the purpose of
profiling incoming passengers and protecting the Australian
community. DIAC‘s business system design for the APP system
described the most important measure of success as ―the saving in
the time to process a cohort of international passengers through the
primary line at Australian borders‖. However, the subsequent shift to
a mandatory APP system changed the focus of the system from
processing to control.
The overall effect of APP has been the extension of the border to the
last point of embarkation (ie the airline check-in point), rather than
waiting until the travellers arrive at the primary line at an Australian
port.
The Australian National Audit Office (ANAO) has also credited the
ETA with enabling Australia to maintain a universal visa system in
the face of lobbying by industry for visa waivers in order to facilitate
travellers.
10.2 Impact on consular offices
According to the Performance Audit performed by the ANAO, ―the
introduction of an ETA enabled a reallocation of overseas staff
resources from low risk ETA overseas posts to high risk non-ETA
overseas posts. Although overseas staffing was broadly constant
between 1995–96 and 1998–99, the ANAO established that there
was a marked redistribution from ETA overseas posts to non-ETA
overseas posts of higher risk. The redistribution was particularly
evident for locally engaged staff in visitor visa processing.‖
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 84
Impact on stakeholders
The following two diagrams are reproduced from the ANAO
Performance Audit Report.
Overseas staffing levels following introduction of the ETA:
Locally engaged staff in visitor visa processing
While evidence was not provided, DIAC indicated that the
introduction of eVisa and eVisitor had a similar impact to ETA on the
number of referrals going through to consular offices. DIAC referred
to the approach as supporting global working via local processing.
Examples of the approach include handling:
eVisitor, e676 Tourist visa, Working Holiday visa (subclass
417) and Work and Holiday visa (subclass 462) applications at
the Hobart Global Processing Centre;
Online applications for Assessment Level 1 student visas at
the Perth Offshore Students Processing Centre; and
Certain student visa applications at the Adelaide Offshore
Student Processing Centre.
As a consequence of the reduction in referrals, staff in consular
offices are able to focus on more high-risk and value-adding work.
The introduction of electronic visa and travel authorisation systems,
such as the ETA, eVisa and eVisitor, also provided consular offices
with an opportunity to improve their internal record keeping relative
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 85
Impact on stakeholders
to the existing processes involving substantial amounts of
paperwork.
Information regarding the financial impact of these items was not
provided by DIAC.
10.3 Impact on airline and cruise
companies
During the ANAO‘s audit of the ETA system in 1999 airlines support
for the ETA system was noted. However, several areas of concern
were also identified. For example, the volume of infringement notices
issued did not align with the expectations of airlines, with a steady
increase in infringements occurring following implementation of the
ETA system (illustrated below in a diagram from the ANAO
Performance Audit Report).
Number of airline infringements per annum
The setup of the ETA system and APP system, integrated with
airlines‘ Departure Control Systems, required airlines, cruise
companies and DIAC to create a more collaborative relationship.
Travel agents and airlines were responsible for modifying their
systems (ie reservations and departure control systems) to enable
them to access the various ETA screens. The relationship was
originally formalised through the introduction of MOUs between
DIAC and individual airlines that travel to Australia. However, the
Government made APP compulsory in 2003 which meant that MOUs
were no longer required. As a consequence of the more formal
relationship, the number of infringement notices issued declined
substantially in the following years. DIAC indicated that 2008-09
compliance levels were approximately 99.86%.
In terms of economic impact, the key outcome of the ETA, eVisitor
and eVisa for airlines and cruise companies, beyond the impact on
check-in processes, is the facilitation of travel and the consequent
increased demand for flights and cruises.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
PricewaterhouseCoopers
86
Impact on stakeholders
While no data has been provided on the precise impact, DIAC has
indicated that it has received considerable positive feedback from
industry in regards to the ETA system.
The statement is in line with the findings of the European study,
although it must be noted that the impact of the Australian systems
for passenger pre-screening is limited due to the limited number of
(direct) flights to Australia and due to the fact that it is a mainly a
final destination instead of a transit destination. Nonetheless,
representatives from airline companies consulted underlined that the
impact of the Australian systems have been minimal. The reason for
this is that the system did not pose additional requirements for the
carriers, but was aligned with the systems that were already in
place.Impact on check-in at airports and harbours
The introduction of ETA, eVisitor and eVisa along with
complementary technologies (ie APP) has enabled airlines and sea
carriers to verify electronically a passenger‘s authority to travel to
Australia using their standard Departure Control System (or similar
interface) during check-in. This saves airline staff time at the checkin counter (as they can view all the required details through one
portal) and reduces their likelihood of transporting improperly
documented passengers.
However, airlines did not initially anticipate the increase in the
number of applications for ETAs at check-in counters at airports.
Airlines indicated that this caused some problems for them including
possible congestion at airport check-in.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 87
Appendices
Appendix A
Summary of stakeholder interviews
91
Appendix B
References
92
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 89
Appendix A
Summary of
stakeholder
interviews
Attendees
Date
Teleconference
Suzanne Ford, Stephen Allen
16/02/10
Meeting
Suzanne Ford, Jennifer Bell, Tim Drury, Phil Thurbon
25/02/10
Airport tour
Alison Garrod
09/03/10
Meeting
Suzanne Ford, Kevin Cunnington, Mark McGuire, Alison
Steadman
11/03/10
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 91
Appendix B
References
Department of Immigration and Citizenship, ―eVisitor.‖ DIAC website,
http://www.immi.gov.au/visitors/tourist/evisitor, accessed February
2010.
Department of Immigration and Citizenship, ―ETA.‖ DIAC website,
http://www.immi.gov.au/e_visa/eta.htm, accessed February 2010.
Department of Immigration and Citizenship, ―Agents Gateway.‖ DIAC
website, http://www.immi.gov.au/gateways/agents/evisa, accessed
February 2010.
Department of Immigration and Citizenship, ―Border Security –
Managing Australia‘s Borders.‖ DIAC website,
http://www.immi.gov.au/managing-australias-borders/bordersecurity, accessed February 2010.
Department of Immigration and Citizenship, ―Australian Immigration
– Managing the Border: Immigration Compliance.‖ DIAC website,
http://www.immi.gov.au/media/publications/compliance/managingthe-border, accessed February 2010.
Department of Immigration and Citizenship, ―Australian Visa wizard
– Visas & Immigration.‖ DIAC website,
http://www.immi.gov.au/visawizard, accessed February 2010.
Department of Immigration and Citizenship, ―Visa Wizard‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/gateways/agents/pdf/visa-wizard-factsheet.pdf, accessed 24 February, 2010.
Department of Immigration and Citizenship, ―Australian Immigration
Face Sheet 70. Managing the Border‖ DIAC website,
http://www.immi.gov.au/media/fact-sheets/70border.htm
Department of Immigration and Citizenship, ―Australian Immigration
Fact Sheet 71. SmartGate Automated Border Processing‖ DIAC
website, http://www.immi.gov.au/media/fact-sheets/71smartgate.htm
Australian National Audit Office, ―Audit Report No.3 1999-2000
Performance Audit Electronic Travel Authority‖ (PDF file)
downloaded from ANAO website,
http://www.anao.gov.au/uploads/documents/199900_Audit_Report_3.pdf, accessed 24 February, 2010.
Australian National Audit Office, ―Audit Report No.2 2007-08
Performance Audit Electronic Travel Authority Follow-up Audit‖ (PDF
file) downloaded from ANAO website,
http://www.anao.gov.au/uploads/documents/200708_Audit_report_2.pdf, accessed 24 February, 2010.
Department of Immigration and Citizenship, ―Offshore and Onshore
Visitor Visa Grant: 2008-09‖ (PDF file) downloaded from DIAC
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 92
References
website, http://www.immi.gov.au/media/statistics/pdf/visitor/2008-09visitor-visa-grants-summary.pdf, accessed 23 February, 2010.
Department of Immigration and Citizenship, ―DIAC Annual Report
2008-09‖ (PDF file) downloaded from DIAC website,
http://www.immi.gov.au/about/reports/annual/2007-08/pdf/annualreport-2007-08-complete.pdf, accessed 23 February, 2010.
Department of Immigration and Citizenship, ―Australia's APP Advance passenger processing system‖ (PDF file) downloaded from
DIAC website, http://www.immi.gov.au/media/publications/visaentry/_pdf/APP_Guide_full_manual.pdf, accessed 23 February,
2010.
Productivity Commission, ―Australia's Visa System for Visitors Office of Regulation Review Submission‖ (PDF file) downloaded
from
http://www.pc.gov.au/__data/assets/pdf_file/0009/65664/austvisa.pd
f, accessed 23 February, 2010.
Department of Immigration and Citizenship, ―DIAC Bulletin 21‖ (PDF
file) downloaded from DIAC website,
http://www.immi.gov.au/managing-australias-borders/bordersecurity/air/eta/_pdf/bulletin-21-eVisitor.pdf, accessed 23 February,
2010.
Department of Immigration and Citizenship, ―Australia's ETAS Electronic travel authority system‖ (PDF file) downloaded from DIAC
website, http://www.immi.gov.au/managing-australiasborders/border-security/air/eta/manual/_pdfs/etas_full_manual.pdf,
accessed 23 February, 2010.
Department of Immigration and Citizenship, ―Update on the Australia
ETA and Conditions of Use‖ (PDF file) downloaded from DIAC
website, http://www.immi.gov.au/managing-australiasborders/border-security/air/eta/_pdf/eta-update-conditions.pdf,
accessed 23 February, 2010.
Department of Immigration and Citizenship, ―Australian Immigration
Fact Sheet 53. Australia‘s entry system for visitors‖ DIAC website,
http://www.immi.gov.au/media/fact-sheets/53entry_system.htm,
accessed 23 February, 2010.
Department of Immigration and Citizenship, ―Australian Immigration
Fact Sheet 55. The Electronic Travel Authority‖ DIAC website,
http://www.immi.gov.au/media/fact-sheets/55eta.htm, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―Form 48‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/48.pdf, accessed 23 February,
2010.
Department of Immigration and Citizenship, ―Form 48R‖ (PDF file)
downloaded from DIAC website,
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 93
References
http://www.immi.gov.au/allforms/pdf/48r.pdf, accessed 23 February,
2010.
Department of Immigration and Citizenship, ―Form 601‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/601.pdf, accessed 23 February,
2010.
Department of Immigration and Citizenship, ―Form 990i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/990i.pdf, accessed 23 February,
2010.
Department of Immigration and Citizenship, ―Form 993i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/993i.pdf, accessed 23 February,
2010.
Department of Immigration and Citizenship, ―Form 1025i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/1025i.pdf, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―Form 1026i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/1026i.pdf, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―Form 1147‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/1147.pdf, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―Form 1243i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/1243i.pdf, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―Form 1259i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/1259i.pdf, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―Form 1264i‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/allforms/pdf/1264i.pdf, accessed 23
February, 2010.
Department of Immigration and Citizenship, ―DIAC Strategic Plan
2009-12‖ (PDF file) downloaded from DIAC website,
http://www.immi.gov.au/about/department/diac-plan/diac-strategicplan-2009-12.pdf, accessed 23 February, 2010.
Department of Immigration and Citizenship, ―DIAC Strategic Plan
2009-12‖ (PDF file) downloaded from DIAC website,
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 94
References
http://www.immi.gov.au/legislation/index.htm, accessed February
2010.
Department of Immigration and Citizenship, ―Systems for People:
The halfway mark‖ (PDF file) downloaded from DIAC website,
http://www.immi.gov.au/media/publications/pdf/sfp-halfway-mark.pdf,
accessed 18 March, 2010.
Department of Immigration and Citizenship, ―Managing the Border‖
(PDF file) downloaded from DIAC website,
http://www.immi.gov.au/media/publications/compliance/managingthe-border/pdf/mtb-chapter1.pdf, accessed 18 March, 2010.
Department of Immigration and Citizenship, ―Biometrics information
for Protection visa applicants – General information‖ (PDF file)
downloaded from DIAC website,
http://www.immi.gov.au/refugee/_pdf/biometrics_info_protection_vis
a_applicants.pdf, accessed 18 March, 2010.
Department of Immigration and Citizenship, ―The Global Systems
Environment Program‖ (PDF file) downloaded from DIAC website,
http://www.immi.gov.au/about/speeches-pres/industrybriefings/_pdf/GSE.pdf, accessed 21 March, 2010.
House of Representatives Questions on Notice, ―Visa: Electronic
Travel Authority Question 2482‖ (PDF file) downloaded from
Parliament of Australia website,
http://parlinfo.aph.gov.au/parlInfo/genpdf/chamber/hansardr/200105-22/0169/hansard_frag.pdf;fileType%3Dapplication%2Fpdf,
accessed 23 February, 2010.
House of Representatives Questions without Notice, ―Visas:
Electronic Travel Authority Question‖ (PDF file) downloaded from
Parliament of Australia website,
http://parlinfo.aph.gov.au/parlInfo/genpdf/chamber/hansardr/199910-18/0058/hansard_frag.pdf;fileType=application%2Fpdf, accessed
23 February, 2010.
House of Representatives Questions on Notice, ―Visa: Electronic
Travel Authority Question 2482‖ (PDF file) downloaded from
Parliament of Australia website,
http://parlinfo.aph.gov.au/parlInfo/genpdf/chamber/hansardr/200212-05/0009/hansard_frag.pdf;fileType=application%2Fpdf, accessed
23 February, 2010.
House of Representatives Speech, ―Migration (Visa Application)
Charge Amendment Bill 2002 Second Reading― (PDF file)
downloaded from Parliament of Australia website,
http://parlinfo.aph.gov.au/parlInfo/genpdf/chamber/hansards/199911-23/0060/hansard_frag.pdf;fileType=application%2Fpdf, accessed
23 February, 2010.
Joint Committee of Public Accounts and Audit Questions on Notice,
―Audit Report No. 35 of 2008-09 – Management of the Movement
Alert List‖ (PDF file) downloaded from Parliament of Australia
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 95
References
website,
http://www.aph.gov.au/house/committee/jpaa/auditgen3_09/subs/su
b10.pdf, accessed 18 March, 2010.
Office of the Privacy Commissioner, ―Public Sector Information
Sheet - Information Privacy Principles‖ (PDF file) downloaded from
OPC website,
http://www.privacy.gov.au/materials/types/download/8704/6541,
accessed 23 February, 2010.
Department of Prime Minister and Cabinet, ―Counter-Terrorism
White Paper 2010‖ (PDF file) downloaded from PM&C website,
http://www.dpmc.gov.au/publications/counter_terrorism/docs/counter
-terrorism_white_paper.pdf, accessed 18 March, 2010.
Emergency Management in Australia, ―Media Release –
Strengthening Aviation Security.‖ EMA website,
http://www.ema.gov.au/www/ministers/oconnor.nsf/Page/MediaRele
ases_2010_FirstQuarter_9February2010StrengtheningAviationSecurity, accessed 25 February, 2010.
Timothy Pilgrim, ―Biometrics Institute - Biometrics and Privacy,‖
speech given on November 21, 2007, at the Hyatt Hotel Canberra,
http://www.privacy.gov.au/materials/types/download/8357/6324,
accessed 18 March, 2010.
SITA, ―The evolution of smarter borders.‖ SITA website,
http://www.sita.aero/node/1078, accessed 25 February, 2010.
Australian Customs and Border Protection Service, ―Introducing
SmartGate‖ (PDF file) downloaded from Customs website,
http://www.customs.gov.au/webdata/resources/files/br_introsmrtgt04
09.pdf, accessed 18 March, 2010.
Surveillance and Society, ―Surveillance, Risk and Preemption on the
Australian Border‖ (PDF file) downloaded from Surveillance and
Society website, http://www.surveillance-andsociety.org/articles5(2)/australia.pdf, accessed 26 February, 2010.
The Centre of Independent Studies, ―The open front door‖ (PDF file)
downloaded from the CIS website,
http://www.cis.org.au/issue_analysis/IA42/IA42.pdf, accessed 24
February, 2010.
CIO, ―You Can Lead a Government to XML…‖ (PDF file)
downloaded from CIO website,
http://www.cio.com.au/article/4001/can_lead_government_xml,
accessed 2 March, 2010.
Joint Standing Committee on Foreign Affairs, Defence and Trade,
―Australia's Trade and Investment Relationship with South America‖
(PDF file) downloaded from APH website,
http://www.aph.gov.au/house/committee/jfadt/samer/SAMch_4.htm,
accessed 2 March, 2010.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 96
References
Parliamentary Joint Committee on Intelligence and Security, ―Review
of Security and Counter Terrorism Legislation – Chapter 7‖,
http://www.aph.gov.au/House/committee/pjcis/securityleg/report/cha
pter7.htm, accessed 2 March, 2010.
Australian Parliament House, ―Department of Immigration and
Multicultural Affairs submission to the Joint Standing Committee on
Foreign Affairs, Defence and Trade (Trade sub-committee) inquiry
into enterprising Australia – Planning, Preparing and Profiting from
Trade and Investment‖ (PDF file) downloaded from APH website,
http://aph.gov.au/HOUSE/committee/jfadt/Enterprise/subs/EASub14.
pdf, accessed 2 March, 2010.
Joint Committee of Public Accounts and Audit - Official Committee
Hansard, ―Reference: Further inquiry into aviation security in
Australia‖ (PDF file) downloaded from Parliament of Australia
website, http://www.aph.gov.au/hansard/joint/commttee/j9064.pdf,
accessed 18 March, 2010.
Department of Foreign Affairs and Trade, ―APEC: Best Practice in
Secure Trade‖ (PDF file) downloaded from DFAT website,
http://www.dfat.gov.au/publications/apec_best_practice_in_secure_t
rade/APEC_Best_Practice_in_Secure_Trade.pdf, accessed 18
March, 2010.
United Nations High Commissioner for Refugees, ―Legal and
Constitutional Legislation Committee - Provisions of the Migration
Legislation Amendment (Identification and Authentication) Bill 2003‖
(PDF file) downloaded from UNHCR website,
http://www.unhcr.org.au/pdfs/FRIdentAuthBill.pdf, accessed 4
March, 2010.
Asia-Pacific Economic Cooperation - Business Mobility Group, ―A
guide to the Regional Movement Alert System‖ (PDF file)
downloaded from the Business Mobility Group website,
http://www.businessmobility.org/RMAL/RMAS%20Guide%202007.p
df, accessed 4 March, 2010.
Australian Government, AusTender: Contract Notice View –
CN21488, AusTender website,
https://www.tenders.gov.au/?event=public.CN.view&CNUUID=BCD9
4F0B-B68C-6484-C6A5262D2A6909B3, accessed 4 March 2010.
United Nations Public Administration Network, ―Austrilian E-visa‖
(PDF file) downloaded from UNPAN website,
http://unpan1.un.org/intradoc/groups/public/documents/Other/UNPA
N022289.pdf, accessed 23 February, 2010.
Pandher, Ross. ―RE: GaPS contract notices – CPS Systems Pty
Ltd.‖ E-mail message to Damien Petkovic, 4 March, 2010.
Department of Immigration and Citizenship, ―Feb10 – DIACs Online
Services – presentation for PWC.ppt‖ (Microsoft Powerpoint
presentation).
Policy study on an EU Electronic System for Travel Authorization (ESTA)
Australian mission
PricewaterhouseCoopers | 97
pwc.com.au
© 2010 PricewaterhouseCoopers. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers, a partnership formed in Australia or, as the context
requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.
This proposal is protected under the copyright laws of Australia and other countries as an unpublished work. This proposal contains information that is proprietary and
confidential to PricewaterhouseCoopers and subject to applicable Federal or State Freedom of Information legislation, and shall not be disclosed outside the recipient's
company or duplicated, used or disclosed in whole or in part by the recipient for any purpose other than to evaluate this proposal. Any other use or disclosure in whole
or in part of this information without the express written permission of PricewaterhouseCoopers is prohibited.
B Case Study: The U.S. Electronic System for Travel
Authorization
Case Study: The U.S. Electronic System for Travel Authorization
299
Case Study: The U.S. Electronic System for Travel Authorization
300
Policy study on an EU
Electronic System for Travel
Authorization (ESTA)
U.S. Mission
February 2011
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Contents
Executive Summary
1
1
3
General Information
1.1
Introduction of the Visa Waiver
Program and ESTA System
3
1.2
Drivers behind Introduction of ESTA
3
1.3
Relationship between ESTA, Visas,
PNR, and APIS
4
Overview of How ESTA and VWP
Work
4
1.4
2
Objectives
6
2.1
Objectives for the ESTA System
6
2.2
Benefits of the ESTA System
6
2.3
Disadvantages of the ESTA System
6
2.4
Balancing Security and Traveler
Facilitation
7
Role in U.S. Border Security
7
2.5
3
Scope
8
3.1
Third Country Nationals Eligibility
3.2
Visa-exempted Third Country
Nationals
12
3.3
ESTA & Visa
14
3.4
Country vs. Person Approach
14
3.5
Land, Air, and Sea travelers
15
3.6
Target Groups and Exemptions
15
4
Data Collection and Processing
8
16
4.1
Personal Data Collection
16
4.2
Biometric Data Collection
17
4.3
Database Checks
18
PricewaterhouseCoopers | i
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
4.4
5
Passenger Pre-Screening Tools
Compliance with Data Protection Principles
18
20
5.1
Ensuring Full Compliance
20
5.2
Minimizing Privacy Impacts and Risks
21
5.3
Disclosure of Data Usage
24
5.4
Right to Access, Correct, and Delete
24
5.5
Preventing Unlawful Data Processing
25
5.6
Role of Data Protection Supervisory
Authority
25
Impact on Fundamental Rights to
Private Life
26
Privacy Issues Surrounding Biometric
Data
26
5.7
5.8
6
Implementation
27
6.1
Role of States
27
6.2
Role of Private Sector in
Implementation
27
6.3
Travel Promotion Corporation Role
27
6.4
Implementation of ESTA
28
6.5
Leveraging Existing Applications and
Infrastructure
29
7
Practical and Procedural Issues
30
7.1
Application Processing Times
30
7.2
Application Lodgement Channels
30
7.3
Application Submission Process
30
7.4
Digital Signatures and Passwords
31
7.5
Validity Period
31
7.6
Pre-checks
31
7.7
Automation of Pre-checking
31
7.8
On-site Applications
32
PricewaterhouseCoopers | ii
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
7.9
Urgent Applications
32
7.10
Evidence of Authorization
32
7.11
Responsibility of Airlines and Vessels
in Performing Checks
32
8
Financial Aspects
8.1
34
Estimated and Actual Cost of ESTA
Implementation
34
8.2
Key Cost Components
34
8.3
Fees
34
8.4
Application Volumes
34
8.5
Linguistic Aspects
35
9
Legal Aspects
36
9.1
Legal Framework
36
9.2
Responsible Authority
36
9.3
Family Members of U.S. Citizens
36
9.4
Consequence of ESTA Denial
36
10
Impact on Stakeholders
37
10.1
Impact on Border Control Procedures
37
10.2
Impact on Consular Offices
37
10.3
Impact on Airline and Cruise
Companies
37
Impact on Check-in at Airports and
Harbours
38
10.4
Appendix A
Summary of Stakeholder Interviews
42
Appendix B
References
43
Appendix C
Noncompliant Tear Sheet
44
Appendix D
Acronyms
45
PricewaterhouseCoopers | iii
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Executive Summary
The Electronic System for Travel Authorization (ESTA) is a
requirement under the Implementing Recommendations of the 9/11
Commission Act of 2007, which amended Section 217 of the
Immigration and Nationality Act and required the United States
Department of Homeland Security (DHS) to implement an electronic
travel authorization system to enhance the Visa Waiver Program
(VWP). The VWP enables nationals of 36 participating countries to
travel to the United States (U.S.) for tourism or business for stays of
90 days or less without obtaining a visa. The purpose of VWP is to
eliminate unnecessary barriers to travel, stimulate the tourism
industry, and permit the Department of State to focus consular
resources in other areas.
ESTA is an automated, web-based system used to determine the
eligibility of visitors to travel to the U.S. under the VWP. ESTA adds
an additional layer of security that enables DHS to determine, in
advance of travel, whether an individual is eligible to travel to the
U.S. under the VWP and whether such travel poses a law
enforcement or security risk.
ESTA also provides benefits in traveler facilitation. The advance
notification to a VWP traveler of his or her eligibility to travel to the
U.S. allows for alternate options should the traveler be denied an
ESTA application prior to boarding a carrier or vessel.
VWP nationals' personal data submitted through the ESTA
application is subject to the same strict privacy provisions and
controls that have been established for similar traveler screening
programs. The DHS Privacy Office worked closely with Customs
and Border Protection (CBP) throughout implementation to ensure
compliance with required privacy protections.
ESTA became available for voluntary applications after August 1,
2008. Concurrently, DHS and CBP implemented outreach activities
to educate travelers regarding ESTA requirements, with a resulting
high percentage of travelers using ESTA. As of March 16, 2010,
DHS has processed 17,447,000 applications for ESTA. Of the total
applications to date, DHS has returned a "Not Authorized to Travel"
response to less than one half of one percent of ESTA applicants.
Effective March 21, 2010, ESTA will be a "mandatory requirement",
meaning VWP travelers must have a valid travel authorization
through ESTA prior to boarding a U.S.-bound carrier or vessel.
Carriers and vessels may be subject to fines for failure to enforce
ESTA requirements.
The information contained in this report incorporated information
obtained through interviews with the Department of Homeland
Security and Department of State personnel. See Appendix A for
additional information on stakeholder interviews. Additionally, this
report reflects publicly available information as referenced in
Appendix B.
PricewaterhouseCoopers | 1
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
PricewaterhouseCoopers | 2
1
General Information
1.1
Introduction of the Visa Waiver
Program and ESTA System
The Visa Waiver Program (VWP) allows foreign nationals from 36
participating countries to travel to the United States (U.S) for
business or pleasure for stays of 90 days or less without obtaining a
visa. The Electronic System for Travel Authorization (ESTA) is an
automated, web-based system that assists the United States
Department of Homeland Security (DHS) in determining the eligibility
of visitors to travel to the U.S. under the VWP and whether such
travel poses any law enforcement or security risk.
1.2
Drivers behind Introduction of ESTA
In response to the events of September 11, 2001, the United States
identified potential weaknesses in border security including
vulnerabilities that existed within the VWP. The Implementing
Recommendations of the 9/11 Commission Act of 2007 (9/11 Act)
amended Section 217 of the Immigration and Nationality Act (INA),
requiring DHS to implement an electronic travel authorization system
and other measures to enhance the security of the VWP with the
salutary benefit of minimizing expense and inconvenience for
travelers ineligible under the VWP. Pre-ESTA, all passport holders
from a VWP country were assumed to be eligible for travel under the
program, and DHS would have no advanced notice of individuals in
route to the United States. Only upon arrival in the United States,
would there be a determination of the traveler's eligibility to enter the
United States under the program. Ineligible travelers would be
refused entry at the border and were sent back on a return flight or
ship.
ESTA, which implements the 9/11 Act requirement, adds
individualized consideration of travelers, enhancing security. DHS
can determine, in advance of travel, whether an individual is eligible
to travel to the U.S. under the VWP and whether such travel poses a
law enforcement or security risk. This advanced security enables
DHS frontline personnel to focus resources on the small population
of potentially dangerous travelers instead of the entire VWP
population.
DHS believes that ESTA strengthens security in visa-free travel, and
supports other objectives of the VWP including eliminating
unnecessary barriers to travel and stimulating the tourism industry.
Additionally, travelers are now able to identify issues with eligibility to
travel to the U.S. under the VWP prior to boarding the carrier and
vessel. Those individuals ineligible to travel under the VWP but still
eligible for travel to the United States (e.g. after having been denied
an ESTA), may apply for a visa and can do so without first being
refused admission into the U.S.
PricewaterhouseCoopers | 3
1.3
Relationship between ESTA, Visas,
PNR, and APIS
ESTA assists in determining the eligibility of visitors to travel to the
U.S. under the VWP prior to boarding a U.S.-bound carrier or vessel.
Certain conditions discussed below must be met to gain admission
to the U.S. under the VWP. Travelers otherwise eligible for entry
into the United States who do not meet these conditions must apply
for a visa. Individuals traveling on valid visas are not required to use
ESTA.
Both the ESTA and visa applications provide information about an
individual's intent to travel to the United States; however, specific
travel information including destination and travel dates may not be
known and obtained in the application. Passenger Name Record
(PNR) and Advance Passenger Information System (APIS) provide
more detailed travel information including pre-arrival and departure
manifest data for the former and passenger reservation information
for the latter.
Carriers, when querying the applicant through the APIS to determine
whether a boarding pass should be issued, will be notified one of the
following for the passenger: 1) individual authorized to travel; 2)
individual not authorized to travel; 3) application is pending
determination; or 4) individual has not applied for ESTA application.
Effective March 21, 2010, VWP travelers must have an authorized
ESTA or a visa before an airline may issue a boarding pass.
1.4
Overview of How ESTA and VWP
Work
The VWP enables nationals from designated countries to apply for
admission to the U.S. for 90 days or less as non-immigrant visitors
for business or pleasure without first obtaining a non-immigrant visa.
Currently, 36 countries participate in the VWP. Country participation
in the VWP is based on meeting certain security and other
requirements, to include security-related data sharing and timely
reporting of lost and stolen passports.
The ESTA application requires individuals who plan to travel to the
U.S. for temporary business or pleasure under the VWP to provide
data elements described in Section 4. Customs and Border
Protection (CBP) screens this information against various databases
to determine the traveler's eligibility under the VWP, and whether
such travel poses any law enforcement or security risk. Upon
completion of an ESTA application, CBP notifies a VWP traveler of
his or her eligibility to travel to the U.S. prior to boarding a U.S.bound carrier or vessel.
As of March 21, 2010, an ESTA authorization is required for VWP
travelers prior to boarding a U.S. bound carrier or vessel.
Additionally, upon arrival at the port of entry, VWP travelers undergo
PricewaterhouseCoopers | 4
screening and are enrolled in the DHS United States Visitor and
Immigrant Status Indicator Technology (US-VISIT)1 program.
Specifically, upon arrival in the United States, a CBP Officer will
scan the traveler's fingerprints and take the traveler's photograph as
part of the US-VISIT program. Denial of an ESTA authorization
does not preclude travel to the United States. An individual, whose
ESTA application is denied, may apply for a visa at a U.S. Embassy
or Consulate. Reversely, an approved ESTA does not guarantee
entry into the United States. The CBP Officer will determine
admissibility at the port of entry.
1
The Department of Homeland Security's US-VISIT program provides biometric
identification and analysis services enabling the United States to establish and then
verify an individual's identity. Individuals are required to provide biometrics including
fingerprints and photographs to CBP Officers upon arrival in the United States. The USVISIT Program helps prevent identity fraud and deprives criminals and immigration
violators of the ability to cross U.S. borders by checking an individual's biometrics
against 1) a watch list of known or suspected terrorists, criminals, and immigration
violators; 2) the entire fingerprint database maintained by DHS since US-VISIT was
implemented; and 3) identification document presented by the individual as proof of
identity.
PricewaterhouseCoopers | 5
2
Objectives
2.1
Objectives for the ESTA System
The key objectives of ESTA are:
Development and implementation of an automated system
that assists in determining a traveler's eligibility under the
VWP and whether the traveler poses any law enforcement or
security risks2.
Mitigation of VWP security risks by enabling DHS to evaluate
whether a traveler is eligible under the VWP prior to boarding
a U.S. bound carrier.
2.2
Benefits of the ESTA System
ESTA counterbalances vulnerabilities inherent in visa-free travel by
establishing an additional security layer of advanced scrutiny of
VWP travelers, The fact that travelers that have an ESTA have
already had a ―security check‖ prior to arriving on U.S. soil enables
DHS frontline personnel to focus even more on the relatively small
population of potentially dangerous travelers.
The advantage of entering the U.S. under the VWP is that nationals
of VWP countries can travel to the U.S. without obtaining a visa from
the Department of State provided certain requirements are met.
ESTA also provides advanced communication to a traveler of his or
her eligibility to enter the U.S. prior to embarking on their journey.
Prior to ESTA implementation, VWP travelers that were ineligible for
entry to the U.S. would be informed of admissibility at the port of
entry and turned back to his or her country of origin after arriving in
the U.S.3
2.3
Disadvantages of the ESTA System
ESTA imposes an additional requirement for VWP travelers than
previously necessary under VWP. Consequently, the U.S.
Departments of State and Homeland Security have engaged in
significant outreach efforts to communicate the new requirement to
all potential VWP travelers.
2
3
A specific definition of "law enforcement or security risks" is not provided. This is the
term used in DHS documents as well as by DHS personnel.
No statistics available.
PricewaterhouseCoopers | 6
2.4
Balancing Security and Traveler
Facilitation
The primary focus of ESTA is to support the mitigation of VWP
security risks by enabling DHS to evaluate whether an individual is
eligible to travel to the U.S. under the VWP. This evaluation occurs
prior to his or her boarding of a U.S.-bound carrier and whether such
travel poses any law enforcement or security risks.
Traveler facilitation is also achieved by communicating a traveler's
eligibility to enter the U.S. prior to their departure. Upon denial of an
ESTA application, the traveler may then apply for a visa granting
entry to the U.S., ultimately allowing them to complete their trip if a
visa application is approved.
2.5
Role in U.S. Border Security
Pre-ESTA, all passport holders from a VWP country were assumed
to be eligible for travel under the program. Only upon arrival in the
U.S., would there be a determination of the traveler's eligibility to
enter the U.S. Ineligible travelers would be refused entry at the
border and sent back to their originating departure city on a return
flight or ship. ESTA adds an advance layer of border security by
determining, in advance of travel, whether an individual is eligible to
travel to the U.S. under the VWP and whether such travel poses a
law enforcement or security risk. Specifically, the information
provided by the traveler in the ESTA application will be screened
against databases described in Section 4.3 to determine security
risks.
PricewaterhouseCoopers | 7
3
Scope
3.1
Third Country Nationals Eligibility
ESTA applies only to passport holders from the 36 VWP countries.
Travelers from non-VWP countries must apply for and receive a visa
before traveling to the U.S. Under certain circumstances, nationals
of Canada and Bermuda, who are non-VWP countries, can be
considered "visa-exempt". Nationals of Mexico generally must have
a non-immigrant visa or Border Crossing Card.
3.1.1 VWP Objectives
The VWP program, established in 1986, has the following
objectives:
Eliminating unnecessary barriers to travel,
Stimulating the tourism industry, and
Permitting the Department of State to focus consular
resources in other areas.
Nationals of VWP countries must meet eligibility certain
requirements to travel without a visa, and therefore, some travelers
are not eligible to use the program. These citizens must apply for a
visa. Additionally, VWP eligible travelers may apply for a visa, if
they prefer to do so.
3.1.2 Country Qualification
To be admitted to the VWP, a country must meet various security
and other requirements, such as enhanced law enforcement and
security-related data sharing with the U.S. and timely reporting of
both blank and issued lost or stolen passports. VWP members are
also required to maintain high counterterrorism, law enforcement,
border control, and document security standards.
If the following requirements are met, the Secretary of Homeland
Security, in consultation with the Secretary of State, may designate
a country as a participant in the program:
The country offers reciprocal travel privileges to United
States citizens;
The country has certified that it has a program for issuing
electronic passports (e-Passports) containing digital chips
that store biographic and other data;
The country began issuing e-Passports to its citizens no later
than October 26, 2006;
The Secretary of Homeland Security, in consultation with the
Secretary of State, prepares a report evaluating the effect
the country's designation would have on the United States'
law enforcement and security interests; and
PricewaterhouseCoopers | 8
The Secretary of Homeland Security, in consultation with the
Secretary of State, determines that the country's designation
for the program would not compromise United States law
enforcement or national security interests, including interests
in enforcing immigration laws.
Designation as a VWP country is at the discretion of the U.S.
Government. Meeting the objective requirements of the VWP does
not guarantee a successful candidacy for the VWP membership.
3.1.3 VWP Eligibility
An individual is eligible to apply for admission under VWP if he or
she:
Intends to enter the United States for 90 days or less for
temporary business or pleasure;
Has a valid passport lawfully issued by a VWP country that is
valid for six months beyond the individual's intended visit;
Has authorization to travel via ESTA prior to travel to the
U.S.;
Arrives via a VWP signatory carrier4;
Has a return or onward ticket;
Travel may not terminate in contiguous territory or adjacent
islands unless the traveler is a resident of one of those
areas; and
Is a citizen or national of one of the VWP countries listed
below:
VWP Eligible Country
VWP Eligible Country
Andorra
Liechtenstein
Australia
Lithuania
Austria
Luxembourg
Belgium
Malta
Brunei
Monaco
Czech Republic
The Netherlands
Denmark
New Zealand
Estonia
Norway
Finland
Portugal
France
San Marino
Germany
Singapore
Greece
Slovakia
4
If arriving in the U.S. by air or sea, to meet the requirements of the Visa
Waiver Program (VWP), travelers must arrive aboard a carrier, known as a
signatory carrier, which has signed an agreement guaranteeing to transport
travelers out of the United States if he or she is found to be inadmissible or
deportable. The list of VWP Signatory Carriers can be found at the U.S.
Department of State website at
http://www.state.gov/documents/organization/87163.pdf.
PricewaterhouseCoopers | 9
VWP Eligible Country
VWP Eligible Country
Hungary
Slovenia
Iceland
South Korea
Ireland
Spain
Italy
Sweden
Japan
Switzerland
Latvia
United Kingdom
Citizens or nationals from VWP countries must also meet the
following requirements to be eligible to apply for admission under
VWP:
Present to the Customs and Border Protection Officer a
completed and signed I-94W, Non-immigrant Visa Waiver
Arrival/Departure Form.5
Establish to the satisfaction of the inspecting Customs and
Border Protection Officer that he or she is entitled to be
admitted under the Visa Waiver Program and that he or she
is not inadmissible under the Immigration and Nationality
Act.
Waive any right to review, appeal, or challenge the
admissibility determination of the Customs and Border
Protection Officer, other than on the basis of an application
for asylum or an application for withholding of removal under
the Convention against Torture and Other Cruel, Inhuman or
Degrading Treatment of Punishment.
Reaffirm, through the submission of biometric identifiers
(including fingerprints and photographs) during processing
upon arrival in the United States, his or her waiver of any
rights to review or appeal of the admissibility determination
of the Customs and Border Protection Officer, or contest,
other than on the basis of an application for asylum, any
removal action arising from an application for admission
under the Visa Waiver Program.
Obtain an Authorization Approved determination following a
travel authorization application.
Not pose a threat to the welfare, health, safety, or security of
the United States.
Have complied with all conditions of any previous admission
under the Visa Waiver Program.
5
In 2009, CBP launched a pilot program to automate the I-94W, Non-immigrant Visa
Waiver Arrival/Departure Form for VWP travelers with an approved travel authorization
via ESTA on specifically designated flights. While DHS continues to work with carriers
to fully automate the I-94W process, all VWP travelers applying for admission at a U.S.
port of entry, including VWP travelers who have obtained travel authorization via ESTA,
must complete Form I-94W. ESTA will eventually eliminate the requirement that VWP
travelers complete an I-94W prior to admission to the U.S.. On 20 May 2010, Secretary
Napolitano (DHS) announced the elimination of the paper arrival/departure form (Form
I-94W) for travelers under the VWP. By the end of this summer the use of the paper I94W form will be eliminated at all airports.
PricewaterhouseCoopers | 10
3.1.4 ESTA versus Visa
Nationals of VWP countries must meet the conditions noted in the
section above in order to gain admission to the U.S. under the VWP,
including obtaining an authorization to travel through ESTA prior to
boarding a U.S.-bound airplane or vessel. Travelers who do not
meet these conditions must apply for a visa.
Approval under ESTA is not the same as, or equivalent to, a visa. It
does not meet the legal or regulatory requirements to serve in lieu of
a U.S. visa when a visa is required under the U.S. law. It is a means
of establishing that an individual is otherwise eligible to enter the
U.S. under the VWP.
Individuals must obtain a non-immigrant visa instead of using the
VWP under the following circumstances:
If the individual intends to arrive in the United States aboard
a non-signatory air or sea carrier;
If the individual was denied authorization to travel under the
VWP via ESTA;
If the individual intends to visit the United States for more
than 90 days, for reasons other than temporary business or
pleasure, or the individual envisions changing his or her
status (from tourist to student, etc.) once in the U.S.; or
If the individual believes any grounds of inadmissibility of the
Immigration and Nationality Act § 212(a) apply to him or her,
the individual should apply for a nonimmigrant visa before
traveling to the United States. Although the individual may
be inadmissible to the United States, he or she may qualify
for a non-immigrant visa and waiver, which will allow him or
her to travel to the United States.
Individuals traveling on valid visas are not required to apply for an
ESTA. However, individuals who have a visa, but are traveling
under the VWP instead of the visa, will need to apply for ESTA. For
example, if an individual has an F-1 visa but is coming to the U.S. for
pleasure for less than 90 days (and is a citizen of a VWP country),
then the individual would be traveling under the VWP and is required
to receive authorization through ESTA.
Based on a preliminary assessment of ESTA by the European
Commission (which was authorized by the Council to open
negotiations on behalf of the European Community for the
conclusion of an agreement with the U.S. regarding certain
conditions for access to the VWP) it was concluded that at that
stage; the ESTA could not be considered as tantamount to the
Schengen visa. This indeed underlines that an ESTA is not
equivalent to a visa. However, the Commission also concluded that
ESTA raises several data protection concerns and some pending
measures need to be adopted to end discrimination against HIVpositive travellers to the U.S. under the VWP. The Commission
underlined that ―A final assessment will be issued once the Final
PricewaterhouseCoopers | 11
Rule on ESTA is published and all details of the ESTA are known
and stable.‖6
3.2 Visa-exempted Third Country
Nationals
All passengers traveling under the VWP are required to have an
approved travel authorization prior to traveling to the U.S. by air or
sea. This includes non-ticketed infants, who are also required to
have an approved travel authorization if they do not have a visa for
travel to the United States. Additionally, all VWP applicants must
complete and sign Form I-94W, Non-immigrant Visa Waiver
Arrival/Departure Form, no matter what mode of travel, and whether
or not the traveler has received prior authorization to travel via the
ESTA7.
If an individual is a national of a VWP country and is traveling by
land, they do not have to apply for ESTA authorization. At the land
borders, Forms I-94W are usually issued in the secondary inspection
station and a fee of $6.00 is required as prescribed in 8 Code of
Federal Regulations (CFR) §103.7(b)(1). Additionally the national
must also be admissible to the U.S.
ESTA focuses on screening VWP nationals traveling via air or sea
carriers - and a majority of VWP travelers are airline passengers.
Very few VWP travelers arrive to a U.S. port by land (see also para.
3.5).
Canada and Bermuda are not participants in the VWP; however, the
Immigration and Nationality Act includes provisions for visa-free
travel for nationals of Canada and Bermuda under certain
circumstances. Because ESTA only applies to VWP designated
countries, nationals from Canada and Bermuda are not required to
receive an authorization to travel via ESTA but are considered visaexempt in some circumstances. The important distinction is VWP
travelers require a visa if the individual does not meet certain criteria
to travel under the VWP - VWP only "waives" the visa requirement if
certain criteria are met. Canada and Bermuda are considered "visaexempt". Citizens and permanent residents of Mexico generally
must have a non-immigrant visa or Border Crossing Card (also
known as a "Laser Visa").
Visa Requirements - Citizens of Canada, and Permanent
Residents
Citizens of Canada traveling to the U.S. do not require a
nonimmigrant visa, except for the travel purposes described below.
Canadian citizens with ineligibilities also have the option of
6
7
Commission Staff Working Document, The U.S. Electronic System for Travel
Authorization (ESTA) (SEC(2008)2991 final).
The I-94W form is completed in relation to specific travel. The ESTA application can be
completed without actual plans for travel. See footnote 5
PricewaterhouseCoopers | 12
applying for a visa and a waiver at the nearest U.S. consulate if it is
more convenient for them. Canadians require nonimmigrant visas
for temporary travel to the U.S. for these purposes:
Foreign government officials (A), officials and employees of
international organizations (G) and NATO officials,
representatives and employees assigned to the U.S. as needed
to facilitate their travel
Treaty traders (E-1)
Treaty investors (E-2)
Fiance/es (K-1)
Children of fiancées (K-2)
U.S. citizen's foreign citizen spouse, who is traveling to the U.S.
to complete the process of immigration (K-3).
Children of a foreign citizen spouse (K-4) described above
Spouses of lawful permanent residents (V-1) traveling to the
U.S. to reside here while they wait for the final completion of
their immigration process
Children of spouses of lawful permanent residents (V-2)
described above
Permanent residents (aka landed immigrants) of Canada must
have a nonimmigrant visa unless the permanent resident is a
national of a country that participates in the Visa Waiver Program
(VWP), meets the VWP requirements, and is seeking to enter the
U.S. for 90 days or less under that program.
Visa Requirements - Citizens of Mexico, and Permanent
Residents
Citizens and permanent residents of Mexico generally must have a
nonimmigrant visa or Border Crossing Card (also known as a
"Laser Visa").For ease of travel, the B1/B2 and the Border
Crossing Card have been combined into one biometric and
machine readable document (form DSP-150).
Visa Requirements - Citizens of the British Overseas
Territories of Bermuda
Citizens of the British Overseas Territories of Bermuda traveling to
the U.S. do not require a nonimmigrant visa for travel up to 180
days, except for the travel purposes as described below.
Additionally, these citizens do not require a visa unless they have
an ineligibility for a visa under U,S. immigration law, or have
previously violated the terms of their immigration status in the U.S.
Citizens of the Overseas Territories of Bermuda require
nonimmigrant visas when traveling to the U.S. for these purposes:
Foreign government officials (A), and officials and employees of
international organizations (G)
Fiance/es (K-1)
Children of fiancées (K-2)
U.S. citizen's foreign citizen spouse, who is traveling to the U.S.
to complete the process of immigration (K-3)
Children of a foreign citizen spouse (K-4) described above
PricewaterhouseCoopers | 13
Spouses of lawful permanent residents (V-1) traveling to the
U.S. to reside here while they wait for the final completion of
their immigration process
Children of spouses of lawful permanent residents (V-2)
described above
Other travel purposes where the intended stay is longer than
180 days
The complete description of the visa requirements for the border
countries of Canada, Mexico, and Bermuda can be found at
www.travel.state.gov.
3.3
ESTA & Visa
The VWP enables nationals of certain countries to travel to the U.S.
for tourism or business for 90 days or less without obtaining a visa.
This program was established to eliminate unnecessary barriers to
travel, promote the U.S. tourism industry, and permit the Department
of State to focus consular resources in other areas. Implementation
of ESTA establishes an additional layer of advanced scrutiny of
visitors prior to their boarding a U.S.-bound carrier or vessel.
Eligibility to apply for admission under the VWP as well as receive
approval to travel via ESTA is discussed throughout this report.
ESTA is a prerequisite for nationals seeking admission to the U.S.
under the VWP. Not all countries participate in the VWP and not all
travelers from VWP countries are eligible to use the program. These
individuals will apply for either a non-immigrant visa for temporary
stay, or an immigrant visa for permanent residence. In short, ESTA
and visa have separate requirements.
While ESTA does not meet the legal and regulatory requirements to
serve in lieu of U.S visa, an approved ESTA travel authorization or a
visa do determine a traveler's eligibility to travel to the U.S.
However, an approved ESTA or visa does not guarantee entry into
the United States. The CBP Officer will determine admissibility at
the port of entry.
An online version of the visa application is currently available at
www.travel.state.gov. This form however, does not provide an
electronic visa. Applicants are still required to obtain a visa from a
consular office.
3.4
Country vs. Person Approach
The VWP itself has a country-centric approach, and focuses on
admitting countries that meet various security requirements including
enhanced law enforcement and security-related data sharing with
the U.S. and timely reporting of lost and stolen passports. As part of
the country-centric approach ESTA provides an assessment of
whether the individual is eligible to travel to the U.S. under the VWP
prior to their boarding of a U.S.-bound carrier, and whether the
individual poses a law enforcement or security risk.
PricewaterhouseCoopers | 14
3.5
Land, Air, and Sea travelers
The ESTA requirement applies to both air and sea travelers,
providing an additional advanced layer of security to those travelers.
Land travelers do not have to apply for ESTA. The majority of VWP
travelers arrive at U.S. ports via airplane or vessel - not land. Given
the negligible number of VWP land travelers, as well as concerns
over logistics of ESTA implementation at land ports of entry, CBP
determined that Forms I-94W are issued in the secondary inspection
station are sufficient.
3.6
Target Groups and Exemptions
ESTA is required for all nationals or citizens of VWP countries who
plan to travel by air or sea to the U.S. for temporary business or
pleasure under the VWP. ESTA does not provide exemptions for
special classes or categories of travelers. Accompanied and
unaccompanied children, regardless of age, are also required to
obtain an independent ESTA approval.
Travelers otherwise eligible for entry into the United States, who do
not meet VWP conditions, must apply for a visa. Individuals
traveling on valid visas are not required to apply for an ESTA.
However, individuals who have a visa, but are traveling under the
VWP instead of the visa, will need to apply for ESTA. For example,
if an individual has an F-1 visa but is coming to the U.S. for pleasure
for less than 90 days (and is a citizen of a VWP country), then the
individuals would be traveling under the VWP and will be required to
receive authorization through ESTA. Persons of VWP countries
traveling on diplomatic passports are not required to obtain ESTA
authorization8.
8
For official diplomatic business, individuals will enter the country using their visa.
However, if that individual is travellng to the US for reasons other than diplomatic
business, that traveler would be required to complete an ESTA application (assuming
the individual is a citizen of a VWP country).
PricewaterhouseCoopers | 15
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
4
Data Collection and
Processing
4.1
Personal Data Collection
CBP collects personal data under ESTA pursuant to the fair
information practices.9 The data is limited to that which is absolutely
necessary for legitimate law enforcement and security purposes; it is
relevant to the purposes for which it is used; it is used only for the
purposes stated; there are reasonable security safeguards in place
to protect the data; there is openness in the program and the use of
personal data in the program; and there is a means for individuals to
correct information about themselves. Lastly, there is accountability
over CBP's actions with respect to the collection and use of personal
data.
The specific data can be found on the ESTA Application at
https://esta.cbp.dhs.gov. That data includes:
Last Name, First Name, Middle Name;
Unique ESTA Identifier (Provided by Customs and Border
Protection not the VWP traveler);
Email Address*;
Phone Number*;
Date of Birth;
Country of Citizenship;
Sex;
Passport Expiration Date, Number, and Issuance City,
Country and Date;
Destination Address, City, and State*;
Flight Information*;
City of Embarkation*;
Whether the individual has a communicable disease,
physical or mental disorder, or is a drug abuser or addict;
Whether the individual has been arrested or convicted for a
moral turpitude crime, drugs, or has been sentenced for a
period longer than five years;
Whether the individual has engaged in espionage, sabotage,
terrorism, or Nazi activity between 1933 and 1945;
Whether the individual is seeking work in the U.S.;
Whether the individual has ever been denied a U.S. visa or
entry into the U.S. or had a visa cancelled (if yes, when and
where);
9
The Fair Information Practice Principles (FIPPs) are the foundational principles for privacy policy
and implementation at the U.S. Department of Homeland Security. These principles are:
Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data
Quality and Integrity, Security, and Accountability and Auditing.
*
Data fields indicated with an * are not mandatory for the processing of the application.
PricewaterhouseCoopers | 16
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Whether the individual has been excluded or deported, or
attempted to obtain a visa or enter the U.S. by fraud or
misrepresentation;
Whether the individual has ever detained retained, or
withheld custody of a child from a U.S. citizen granted
custody of the child; and
Whether the individual has ever asserted immunity from
prosecution.
DHS selected the data set chosen to populate the ESTA application
based on the I-94W form completed by VWP travelers for entry to
the U.S. prior to the implementation of ESTA. The I-94W has been
a longstanding requirement, and travelers had a familiarity with
completing the date fields required in the I-94W form. Additionally,
carriers, vessels, and consular offices have experience addressing
questions related to completion of the I-94W form. However, after
DHS implemented the I-94W form, DHS identified additional
personal data fields necessary to evaluate admission to the U.S.
The ESTA Application reflects those additional data fields, and
includes passport issuance and expiration dates, passport issuing
country, contact e-mail, and telephone number. This information
populated in the ESTA application is provided by an individual who
envisions travel to the U.S. or by third party acting on behalf of the
future traveler. The European Commission has recognized that the
I-94W form and the ESTA application are similar in nature; citing that
the additional features of ESTA are mainly procedural in nature.
4.2
Biometric Data Collection
ESTA does not collect, nor depend upon, biometric data. In
contrast, visa applications do require the submission of biometric
data prior to the issuance10.
All non-U.S. and non-diplomatic travelers to the U.S. are required to
provide biometric data upon entry to the U.S. as a requirement of
US-VISIT. Since 2004, the Department of Homeland Security's USVISIT program has collected biometrics—digital fingerprints and
photographs—to protect against identity theft and fraud. Unlike
names and dates of birth, which can be changed, biometric data are
unique and virtually impossible to forge. US-VISIT is a separate
program from ESTA.
10
For visas, an individual must go to the closest U.S. visa-issuing post for an interview as
part of the visa application process. During the interview, the DoS consular officer will
collect biometrics. For ESTA, an individual who plans to travel to the U.S. must
complete the on-line ESTA application before commencing travel to the U.S. ESTA
provides flexibility by not requiring an individual to complete the application at a visaissuing post. Therefore, CBP will collect biometrics from these individuals upon arrival
in the U.S.
PricewaterhouseCoopers | 17
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
4.3
Database Checks
As set forth in the Privacy Impact Assessment of ESTA by the DHS
Privacy Office, the layered approach to border management utilized
by DHS accesses the following systems:
Automated Targeting System (ATS)
Treasury Enforcement Communications System (TECS)
Terrorist Screening Database (TSDB)
Interpol lost or stolen passport records
Department of State lost or stolen passport records
4.4
Passenger Pre-Screening Tools
The U.S. approach to passenger pre-screening includes the use of
four major tools. Those tools, as discussed throughout this
document, are ESTA, PNR, APIS, and US-VISIT. ESTA is used in
the preparation phase of travel. PNR and APIS are used in the predeparture and in flight phases of travel where passenger data is
collected and transmitted, and pre-arrival analysis and targeting
occurs. Lastly, US-VISIT collects biometric data upon arrival at a
U.S. port of entry.
Figure 1: Passenger Pre-screening Approach
4.4.1 Advance Passenger Information System
(APIS)
The U.S. uses the Advance Passenger Information System (APIS)
to enhance border security by providing officers with pre-arrival and
departure manifest data on all passengers and crew members.
Carriers also receive confirmation of a passenger's ESTA status via
the APIS Quick Query (AQQ) system indicating whether a
passenger requires an ESTA and if an ESTA has been approved for
that passenger.
AQQ promotes carrier enforcement of ESTA requirements.
Additionally, APIS is a complementary tool to ESTA that collects
additional data not collected by ESTA.11 Specifically, APIS provides
11
APIS is a primary repository of data held by DHS to screen passengers and crew
arriving in, transitioning through, and departing from (and in the case of crew, overflying)
the U.S. to identify persons who may pose a risk to border, aviation, or public security.
APIS collects information such as passenger and crew biographic information and travel
PricewaterhouseCoopers | 18
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
specific travel details for VWP nationals not mandatory in the ESTA
application.
4.4.2 Passenger Name Record (PNR)
Passenger Name Record (PNR) is another tool complementary to
ESTA that requires airlines operating flights to or from the U.S. to
provide CBP with certain passenger reservation information. PNR
provides an itinerary of a passenger or group of passengers
traveling together. ESTA applicants are not required, only
encouraged, to provide destination addresses and itineraries.
However, often times these specific travel details may not be known
and therefore not included in the ESTA application.
Duplicate information exists between ESTA, PNR and APIS, but
these systems are components of a layered process that allows for
multiple checks prior to and during a VWP traveler's journey to the
U.S.
4.4.3 US-VISIT
The DHS US-VISIT program provides biometric identification and
analysis services enabling the United States to establish and then
verify an individual's identity. Individuals are required to provide
biometrics, including fingerprints and photographs, to CBP Officers
upon arrival in the United States. The US-VISIT Program helps
prevent identity fraud and deprives criminals and immigration
violators of the ability to cross U.S. borders by checking an
individual's biometrics against 1) a watch list of known or suspected
terrorists, criminals, and immigration violators; 2) the entire
fingerprint database maintained by DHS since US-VISIT was
implemented; and 3) identification document presented by the
individual as proof of identity. US-VISIT biometric collection, in
collaboration with ESTA, PNR, and APIS, helps immigration officers
accurately identify individuals they encounter and determine whether
a person poses a risk to the United States.
itineraries; carrier or private aircraft information; and CBP data including primary
inspection lane, ID inspector, and results of comparisons of individuals to information
maintained by CBP.
PricewaterhouseCoopers | 19
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
5
Compliance with Data
Protection Principles
5.1
Ensuring Full Compliance
Responsibility for ensuring compliance with data protection
principles in the first interest rests with the DHS Privacy Office,
working with privacy officials at CBP. The DHS Privacy Office works
with every Component and program in the Department to ensure
that privacy considerations are addressed when planning or
updating a program, system, or initiative. Its mission and authority
are founded upon the responsibilities set forth in section 222 of the
Homeland Security Act of 2002, as amended. In addition to serving
as steward of section 222 of the Homeland Security Act, the DHS
Privacy Office also ensures that the Department follows policies and
statutes protecting the collection, use, and disclosure of personal
and Departmental information as required by the Privacy Act of
1974, the E-Government Act of 2002, the Federal Information
Security Management Act of 2002, and numerous other laws.
The Office's privacy policies and compliance procedures are based
on a set of eight Fair Information Practice Principles (FIPPs), similar
to the fair information practices in the Privacy Act of 1974, the fair
information principles contained in the Organization for Economic
Co-Operation and Development (OECD) Guidelines on the
Protections of Privacy and Transborder Flows of Personal Data, and
the fair information principles of the European Union (EU) Data
Protection Directive 95/46/EC. The DHS FIPPs govern the use of
personally identifiable information (PII) at the Department. The
FIPPs provide the foundation of all privacy policy development and
implementation at the Department and must be considered
whenever a DHS program or activity raises privacy concerns or
involves the collection of PII, regardless of their status. The FIPPs
are (1) transparency, (2) individual participation, (3) purpose
specification, (4) data minimization, (5) use limitation, (6) data quality
and integrity, (7) security, (8) accountability and auditing.
The FIPPs framework guides the DHS privacy compliance process
and is reflected in the Office's three primary compliance tools:
The Privacy Threshold Analysis (PTA) - Used to identify
whether a system is a Privacy Sensitive System (i.e., a
system used to collect and maintain PII) and to determine
whether additional privacy compliance documentation is
required (i.e., a Privacy Impact Assessment). The PTA is
required for every system at the Department.
The Privacy Impact Assessment (PIA) - Method and tool by
which the Office reviews system management activities in
key areas such as security and the manner in which
information is collected, used, and shared. The DHS Chief
Privacy Officer reviews and approves the PIA, and the
program is held accountable to it. In some cases, the U.S.
PricewaterhouseCoopers | 20
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Congress has tied program funding to the completion of a
PIA.
The System of Records Notice (SORN) - A notice to the
public required by the Privacy Act of 1974. The SORN
provides transparency to the public regarding the uses of the
information collected, how long the information is retained,
and how to seek correction of inaccurate, incomplete or
untimely information.
The DHS Privacy Office was responsible for overseeing the privacy
compliance process for ESTA. Throughout the process, the Office
worked closely with CBP ESTA program officials and privacy
officials to implement the required privacy protections. ESTA
required a PTA, PIA, and SORN. All three documents were
reviewed and approved by the DHS Chief Privacy Officer.
Additionally, the ESTA program is accountable for adhering to the
statements made in the PIA and the SORN. Both documents were
required for ESTA to receive funding to implement the system.
In accordance with DHS policy, the PIA will be reviewed at least
every three years and the SORN will be reviewed every two years.
The PIA and SORN are publicly available online at
www.dhs.gov/privacy.
5.2
Minimizing Privacy Impacts and Risks
Information collected is for the limited purpose of determining
whether allowing the applicant to travel to the U.S. poses a law
enforcement or security risk to the United States. In the first
instance, CBP has minimized privacy risks by limiting the amount of
information it collects for ESTA to the same information collected
through the I-94W form. Over time, the ESTA will replace the need
for the paper I-94W to be submitted. Additionally, having the
applicant fill out the ESTA application online may improve the
accuracy of data obtained by providing the applicant with an
opportunity to verify the information before submitting it to CBP.
Applicants can have third parties supply information on their behalf,
but must consent to third party access to their information. If
applicants cannot provide the requisite information through ESTA,
the applicant must obtain a visa.
Applicants can only input personal data through the website and
cannot extract personal data. Applications are also blank, even for
updates to accounts, so that third party cannot log in and gain
access to an applicant's data through a pre-populated screen.
Applicant information retained in the applicant's ESTA account will
be protected from external users gaining unauthorized access by
requiring a unique tracking number in combination with the
applicant's date of birth and passport number. The applicant's webbased submission will also be protected by encrypted transport
layered security and travelers will be instructed to keep personal
information and the application tracking number separate.
Additionally, the ESTA application requires an affirmative
PricewaterhouseCoopers | 21
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
acknowledgment by the third party, who is entering the data, that the
third party has received consent from the applicant to complete the
ESTA.
Applicants will be provided notice of scope of information collected
and disclaimer information, including the consequences of not
provided the information requested, at the time of the electronic
collection on the website. Additionally, an indication of consent will
be obtained before information is collected. DHS also published a
interim Final Rule, a Privacy Act SORN in the Federal Register, and
a PIA describing the new system. Appropriate notice regarding the
data to be collected and the requirement to attest to the accuracy of
the data will be included in the information provided via the ESTA
web-site. Explanation of the use of data will also be provided to the
applicant on the website.
Individuals are not given access to their information via the ESTA
web interface after submission to guard against third parties
accessing the applicant's personal data. Applicants will see
information they supply on the application as they complete the
application and again before submission. An applicant or
designated third party may update an ESTA application online
through the ESTA web interface after entering the applicant’s
application number, birth date, and passport number. Only the
following fields may be viewed and updated: the new U.S.
destination address, carrier, flight number, city of embarkation, email
address or telephone number. Corrections to other data elements
require a new ESTA application.
Once an applicant has submitted information and has been issued a
denial, the applicant cannot seek appeal of the determination
through ESTA. Applicants that are denied authorization for travel
will be directed to a U.S. embassy or consulate for a visa
application. Where inaccurate information results in an applicant
being denied an ESTA, the Department of State will consider that
fact in determining eligibility for a visa. See Section 5.4 for
additional discussion on access, correction and deletion for ESTA.
Information is primarily shared with DHS personnel who have a need
to know the information as part of the performance of their official
employment duties. ESTA transactions are tracked and monitored
to ensure data is handled in a manner consistent with federal laws
and regulations regarding privacy and data integrity. To mitigate the
risk of misuse of ESTA information by DHS employees and
contractors, access to data in ESTA is controlled through passwords
and restrictive rules pertaining to user rights. Internal users are
limited to roles that define authorized use of the system. In order to
become an authorized internal user, personnel must successfully
complete training and hold a full field background investigation.
Procedural and physical safeguards are also utilized such as
accountability audits and receipt records. Further, management
oversight is in place to ensure appropriate assignment of roles and
access to information. Consistent with DHS's information sharing
mission, information stored in ESTA may be shared with other DHS
components, as well as federal, state, local, tribal, foreign or
PricewaterhouseCoopers | 22
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
international government agencies pursuant to the routine uses
documented in the ESTA SORN. As required by the Privacy Act,
DHS maintains an accounting of the disclosures made pursuant to
all routine uses.
ESTA authorizations are valid for no more than two years12.
Information in ESTA will be retained for one year after the ESTA
expires. Information is retained for an additional year to permit CBP
to extend the expiration date of ESTA to a maximum of three years,
should it choose to do so. After this period, the inactive account
information will be purged from online access and archived for 12
years. However, data linked to active law enforcement lookout
records, CBP matches to enforcement activities, and/or
investigations or cases, including applications for ESTA that are
denied will remain accessible for the life of the law enforcement
activities to which they may become related.
As noted above, ESTA will, over time, replace the paper I-94W form.
Where ESTA is then used in lieu of I-94W, ESTA will be maintained
in accordance with the retention schedule for I-94W, which is 75
years. This period of time provides that information related to a
particular admission to the U.S. is available for providing any
applicable benefits related to immigration or other enforcement
purposes.
Information submitted during an ESTA application may be shared
under a MOU with consular officers of the Department of State, to
assist in determining whether a visa should be issued to the
applicant after an ESTA application has been denied. As mentioned
earlier in this section, information may be sharedwith appropriate
Federal, state, local, tribal, and foreign governmental agencies or
multinational governmental organizations responsible for
investigating or prosecuting the violation of, or for enforcing or
implementing, a statute, rule, regulation, order or license, or where
DHS believes the information would assist enforcement of civil or
criminal laws. Additionally, information may be shared when DHS
reasonably believes such use is to assist in anti-terrorism efforts or
intelligence gathering related to national or international security or
transnational crime. Carriers will also receive the information
regarding whether the applicant has been authorized to travel,
pending, not authorized to travel, or that no application has been
submitted for the applicant via the APIS/AQQ system. See the
ESTA SORN for full description of routine uses of records
maintained in the system.
When information is shared with third parties discussed above, the
same requirements related to security and privacy that are in place
for CBP and DHS apply to these third parties. Access to CBP data
by third parties is limited to the routine uses outlined in the SORN.
The reason for the interface request and the implications on privacy
related concerns are two factors that are included in the initial and
ongoing authorization, Memorandum of Understanding, and
12
Researchers were unable to determine rationale for 2 year period.
PricewaterhouseCoopers | 23
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Interconnection Security Agreement that is negotiated between CBP
and the external agency that seeks access to CBP data. These
agreements are periodically audited and reviewed by CBP and the
outside entity's conformance to the use, security, and privacy
considerations is verified before Certificates to Operate are issued or
renewed.
See additional discussion below on minimizing specific privacy
impacts and risks.
5.3
Disclosure of Data Usage
DHS and CBP provide notice to travelers of usage of their personal
data. ESTA applicants receive notice at the point of collection. The
ESTA Privacy Act Statement, located on each page of the CBP
ESTA website, provides notice of data usage.
The Privacy Act of 1974, 5 U.S.C. §552a (e) (3), states that
agencies are required to provide, what is commonly referred to as a
Privacy Act Statement, to all persons asked to provide personal
information about themselves, which will go into a system of records
(i.e., the information will be stored and retrieved using the
individual’s name or other personal identifier such as a Social
Security Number). Department of Homeland Security (DHS) policy
is to provide a Privacy Act Statement regardless of whether the
collection is part of a system of records or not. All Privacy Act
statements must be reviewed by the Privacy Office or component
Privacy Officer.
The ESTA Privacy Act Statement describes the authority by which
such data collection is permitted, the purpose for collecting the data,
routine uses of the data, the consequence of not submitting the data,
a description of how the information is collected and stored, cookie
information, site security details, and an explanation of rights under
the Privacy Act. Upon initiating an application, the individual must
view the ESTA disclaimer and confirm his or her understanding of it
before entering any data. Additionally, DHS provides substantial
information about ESTA data usage in two key publicly available
compliance documents, the PIA and SORN.
5.4
Right to Access, Correct, and Delete
Travelers have the right to access, correct, and delete personal data
contained in ESTA, as provided in the SORN and PIA, under Privacy
Policy Guidance Memorandum 2007-1, "DHS Privacy Policy
Regarding Collection, Use, Retention, and Dissemination of
Information on Non-U.S. Persons" and through DHS Traveler
Redress Inquiry Program (TRIP). DHS allows persons including
foreign nationals to seek access under the Privacy Act to certain
information maintained in ESTA. Requests for PII contained in
ESTA may be submitted to the CBP Customer Service Center.
However, information maintained in ESTA pertaining to the
PricewaterhouseCoopers | 24
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
accounting of a sharing with a law enforcement or intelligence entity
in conformance with a routine use may not be accessed.
Individuals and foreign nationals may also seek redress through the
DHS TRIP. Information erroneously submitted by applicants to
ESTA can be corrected by the applicant via the ESTA web-site by
making limited updates to their information or by creating a new
ESTA. A CBP Officer may also administratively update the same
fields as the applicant when the person applies for admission to
enter the U.S. at a port of entry. Individuals whose personal
information is collected and used by the ESTA program may, to the
extent permitted by law, examine his or her information and request
correction of inaccuracies. Individuals who believe ESTA holds
inaccurate information about them, or who have questions or
concerns relating to personal information and ESTA, may contact
the ESTA Program Coordinator.
5.5
Preventing Unlawful Data Processing
As discussed in the PIA, only DHS officials have access to the ESTA
database and information in the database may be used only as
provided for in the SORN. ESTA maintains audit trails or logs for the
purpose of reviewing internal and external activity. ESTA actively
prevents access to information for which a user lacks authorization,
and multiple attempts to access information without authorization will
cause ESTA to suspend access automatically.
Users of ESTA systems and records will be assigned different
privileges based on their positions and roles to carry out their official
duties. Audits will be conducted to log all privileged user
transactions and monitor for abuse. Civil and criminal penalties may
be imposed for misusing ESTA information under the Privacy Act
and Computer Fraud and Abuse Act.
5.6
Role of Data Protection Supervisory
Authority
The approach to privacy protection varies with the European
approach and there is no national data protection authority in the
U.S. Courts of the United States vindicate individual rights, with
administrative agencies and officers having some responsibility for
privacy protection. At DHS, the Privacy Office, Office of Civil Rights
and Civil Liberties, and the Office of the Inspector General have
overlapping responsibility to assure that Components of the
Department act responsibly in the collection, retention,
dissemination, and destruction of data.
PricewaterhouseCoopers | 25
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
5.7
Impact on Fundamental Rights to
Private Life
In developing ESTA, CBP worked closely with the DHS Privacy
Office to minimize the program’s impact to privacy and to implement
the safeguards necessary to protect personal data. The information
collected is processed solely for the purpose specified, to assure
that the traveler is eligible for travel under VWP and not otherwise a
law enforcement or security threat to the U.S. It is DHS’s position
that the data collected for ESTA purposes is adequate, relevant and
not excessive in relation to the purpose for which it is collected.
Indeed, it is similar to the information collected for the visa process
and the same information required for the hard copy I-94W, used
pre-ESTA for arriving and departing travelers under the VWP.
Travelers have transparency as to the purpose for the processing
and the identity of the data controller, through DHS privacy
documents and CBP's website. Reasonable technical and
organizational security measures are in place to protect the personal
data. Travelers have the right to access and rectify any data that is
inaccurate. There are no onward transfers of the data, nor is any
"sensitive" data13 collected about travelers. The decision-making
process is clear and transparent. Finally, there exist independent
oversight bodies, the DHS Privacy Office and Office for Civil Rights
and Civil Liberties, and a means of redress, DHS TRIP.
Importantly, a denial under ESTA does not prejudice a traveler in
any way, beyond the ability to travel under the VWP. A traveler may
apply for a visa and, if issued, visit the U.S. for personal or business
purposes14.
5.8
Privacy Issues Surrounding Biometric
Data
ESTA does not request, collect, or store biometric data (see
paragraph 4.2 and 4.4.3).
13
DHS defines Sensitive PII as personally identifiable information, which if lost,
compromised, or disclosed without authorization, could result in substantial harm,
embarrassment, inconvenience, or unfairness to an individual.
14
DHS did not provide information as to why U.S. authorities would grant a visa to
someone who has been denied an ESTA nor did they provide statistics on the number
of people who have applied for a visa after having been denied an ESTA and/or the
number of cases where a visa has been granted to a person who had been denied an
ESTA.
PricewaterhouseCoopers | 26
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
6
Implementation
6.1
Role of States
The VWP is part of the immigration laws of the U.S. Immigration
and, more generally, entry into the territory of a country is a national
and Constitutional responsibility, not shared with, or delegated to,
states. VWP is administered by the DHS, and Section 217 of the
INA, as amended by Section of the 711 of the 9/11 Act, required
DHS to develop and implement ESTA to enhance the security of the
VWP. States have no role in the administration of the VWP, nor in
development and implementation of ESTA.
6.2
Role of Private Sector in
Implementation
The implementation of ESTA was done with the help of private
contractors, primarily with regard to IT design and system
implementation; however, ESTA was implemented as a purely and
inherently governmental system. The ongoing operations and
screening processes are strictly run by DHS and CBP employees.
The database containing personal data of ESTA applicants resides
on CBP servers.
The private sector does serve a vital role in communicating ESTA
requirements to air and sea travelers. Additionally, carriers and
vessels serve as enforcers of the ESTA requirement by denying
boarding to travelers who do not have an approved ESTA
application.
The private sector has also established a role in ESTA as a third
party service provider. Third parties, such as travel agents, are
permitted to submit an ESTA application on behalf of a VWP
traveler.
6.3
Travel Promotion Corporation Role
In the future, the public sector will have an increased role in
communicating entry policies and promoting U.S. travel. On March
4, 2010, President Obama signed legislation into law to create the
United States' first national travel promotion program - The Travel
Promotion Act (TPA). TPA will create a non-profit Corporation for
Travel Promotion (Corporation) that will serve the purpose of
promoting the U.S. to international travelers including providing
information about security and travel procedures to visitors. The
Corporation Board of Directors will have knowledge of international
travel promotion and marketing, and represent various sectors and
region of the tourism industry. The Corporation will serve a vital role
in promoting the requirements of ESTA to citizens of VWP countries.
PricewaterhouseCoopers | 27
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
The organization will be funded by $100 million worth of private
sector donations along with fees charged to visitors from countries
within the Visa Waiver Program. Visitors from applicable countries
will pay a for every travel authorization through he Department of
Homeland Security's Electronic System for Travel Authorization. The
fee that will be required from the applicants is set at $14,00 per
application.
6.4
Implementation of ESTA
ESTA implementation took approximately 18 months, and initially
focused on introducing the requirement, gradually transitioning to
enforced compliance after extensive outreach activities that
educated travelers on new requirements.
6.4.1 Effect of Travel Method on Implementation
ESTA applies to both air and sea travelers. Land travelers do not
have to apply for ESTA. ESTA was implemented for both air and
sea travelers on Aug 1, 2008, when the web-based system became
available for voluntary applications.
However, a majority of individuals traveling to the U.S. under the
VWP will travel via air carriers. Given the volume of air travelers, a
majority of implementation efforts focused on working with airline
carriers as well as travel industry to promote ESTA requirements to
airline customers.
6.4.2 Implementation Time Frames
On August 3, 2007, the Implementing Recommendations of the 9/11
Commission Act of 2007 was signed by the President. This law
amended Section 217 of the Immigration and Nationality Act,
requiring DHS to implement an electronic travel authorization
system.
On June 3, 2008, DHS announced the ESTA Interim Final Rule,
which established a new online system that is part of the VWP and
is required by the 9/11 Act. The ESTA web-based system became
available for voluntary applications after Aug. 1, 2008. Several
outreach activities were implemented by DHS and Department of
State in concurrence with the ESTA implementation to educate
travelers regarding ESTA requirements.
Given the success of outreach efforts and voluntary compliance,
DHS moved to "informed compliance" on January 12, 2009.
Specifically, mandatory ESTA requirements were implemented,
requiring a valid ESTA approval for all individuals traveling to the
U.S. under the VWP. Effective, March 21, 2010, DHS is
transitioning to "enforced compliance" of the ESTA requirement for
VWP travelers. Carriers and vessels may be fined for not enforcing
ESTA requirements. VWP travelers who have not obtained approval
PricewaterhouseCoopers | 28
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
through ESTA should now expect to be denied boarding on any
carrier bound for the U.S. As of March 16, 2010, the CBP received
17,447,000 applications for ESTA. The denial rate is less than one
half of one percent.
6.5
Leveraging Existing Applications and
Infrastructure
The CBP developed a stand-alone system that includes an internetbased application and attendant vetting mechanism that
accommodates the entry of information (i.e. the ESTA application),
by the ESTA applicant, the vetting of the application by DHS, and
the return notification indicating "authorized to travel" or "not
authorized to travel" to the applicant via update to the application on
the internet site. The web interface was built from the ground up to
support usability and functionality for travelers completing the ESTA
application. ESTA back-up services were constructed using various
commercial off-the-shelf products.
PricewaterhouseCoopers | 29
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
7
Practical and Procedural
Issues
7.1
Application Processing Times
ESTA provides an almost immediate determination of eligibility for
travel. For a vast majority of travelers the determination is made
within seconds of submitting the application. DHS recommends that
ESTA applications be submitted as soon as a VWP traveler begins
to plan a trip to visit the United States. This allows the traveler
ample time and opportunity to seek a visa should the ESTA
application be denied. VWP travelers are not required to have
specific plans to travel to the United States before they apply for an
ESTA.
7.2
Application Lodgement Channels
The ESTA application can be completed at https://esta.cbp.dhs.gov.
The ESTA application may also be completed by a third party such
as a relative or travel agent. There are a number of unauthorized
third-parties that have established websites that charge a fee for
submitting applications on a traveler's behalf. If an individual has
used one of these unauthorized sites, it is recommended that the
applicant reapply at the official ESTA application site. This is
recommended because there is no way of knowing if the information
passed through the unauthorized website is accurate.
7.3
Application Submission Process
The ESTA application may be submitted personally or through a
third party at https://esta.cbp.dhs.gov.
Applicants will receive an almost immediate response of eligibility for
travel. There are three types of responses to an ESTA application:
Authorization Approved - applicant is authorized to travel to
the U.S. under VWP.
Authorization Pending - applicant needs to check back to the
ESTA application website for updates within 72 hours to
receive a final response. The individual’s ESTA application
number, birthdate, and passport number are required to log
into their application.
Travel Not Authorized - applicant is referred to
www.travel.state.gov for information on how to apply for a
visa to travel to the U.S.
Corrections of email address, telephone number, carrier, flight
number, city of embarkation, and address while in the U.S. may be
corrected or updated using the ESTA update function.
PricewaterhouseCoopers | 30
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Corrections or updates of passport information, identifying
biographic information, or eligibility questions will require a new
ESTA application.
7.4
Digital Signatures and Passwords
The ESTA application does not require provision of an electronic
signature.
7.5
Validity Period
Each approved ESTA application generally is valid for a period of
two years and allows for multiple visits to the U.S. within that period
without having to apply for another ESTA. Travelers whose
passports will expire in less than two years will receive an ESTA
valid until the passport's expiration date.
However, there are instances when a new travel authorization via
ESTA would be required during the validity period:
Traveler is issued a new passport;
Traveler changes his or her name;
Traveler changes his or her gender;
Traveler's country of citizenship changes; or
Circumstances underlying the traveler's previous responses
to any of the ESTA application questions requiring a "yes" or
"no" response have changed.
An individual may also become ineligible for the VWP program if
they failed to comply with the conditions of any previous admission
under the VWP (e.g. entering the U.S. for over 90 days).
7.6
Pre-checks
ESTA itself is a pre-check. No other pre-checks are covered under
ESTA.
7.7
Automation of Pre-checking
The ESTA application process is primarily automated. In most
cases, the system can provide the traveler with an immediate
approval or disapproval. In some cases, an application may require
human interaction to make a determination. The specific criteria that
trigger human interaction are sensitive, but may include applications
with insufficient or incomplete information, or information that is
similar to information about individuals who are ineligible to travel
under the VWP.
PricewaterhouseCoopers | 31
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
7.8
On-site Applications
Travelers are not able to submit ESTA application at a U.S. port of
entry or at a U.S. embassy or consulate. VWP travelers arriving in
the U.S. without an approved ESTA will be granted entry to the
country at the discretion of a CBP Officer. CBP Officers will
consider whether this was the first time for non-compliance or
whether the individual is a repeat offender in the CBP's decision to
grant admission. Additionally, effective March 21, 2010, carriers and
vessels may receive fines for boarding a passenger without an
approved ESTA.
First time non-compliant VWP travelers will be given a "tear sheet"
advising them of their non-compliance and informing them that noncompliance on a return visit to the U.S. may result in:
Denial of boarding by the air or sea carrier.
Delay upon arrival to the U.S. and referral to Customs and
Border Protection secondary inspection.
Requirement to submit an application and pay the fee
associated to waive the requirement to enter the U.S.
Refusal of admission into the U.S. and return to point of
embarkation on the next available flight or vessel.
*See NONCOMPLIANT Tear Sheet in Appendix C
7.9
Urgent Applications
While CBP recommends that a VWP traveler apply for an ESTA at
least 72 hours prior to travel, it is possible to apply any time prior to
boarding. Most travelers receive an answer within seconds.
7.10 Evidence of Authorization
DHS will communicate a traveler's ESTA status to the carriers, so it
is not required that individuals travel with a copy or their ESTA
approval. Additionally, no evidence is required to be provided by
VWP travelers at the border crossing point as DHS will communicate
that information to CBP. However, DHS recommends that travelers
print out the ESTA application response in order to maintain a record
of his or her ESTA application number and to have confirmation of
his or her ESTA status.
7.11 Responsibility of Airlines and Vessels
in Performing Checks
Airlines and vessels will not receive the ESTA application
information that travelers provide to DHS, but they do receive
confirmation of a passenger's ESTA status via the Advance
Passenger Information System (APIS)/APIS Quick Query (AQQ)
indicating whether the traveler requires an ESTA for travel and
PricewaterhouseCoopers | 32
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
whether authorization has been granted. Effective March 21, 2010,
VWP travelers that do not have an approved ESTA may be denied
boarding of the vessel or aircraft. Carriers may also be subject to
penalties for allowing individuals of VWP countries to travel without
an approved ESTA or visa.
PricewaterhouseCoopers | 33
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
8
Financial Aspects
8.1
Estimated and Actual Cost of ESTA
Implementation
DHS was budgeted $36 million for the implementation and two-year
operation of ESTA. As ESTA progresses, it will be funded in whole
or part by fees. DHS is engaged in rulemaking regarding funding
and no information is available publicly at this time.
8.2
Key Cost Components
The cost components of implementing and operating ESTA are IT
implementation, outreach for communication of ESTA policy, and the
ongoing Program Management Office.
8.3
Fees
The U.S. ESTA has been a free service to VWP travellers up to
August 2010. On 6 August 2010, the U.S. Homeland Security
Customs and Border Protection announced the publication of the
interim rule on a Travel Promotion Fee and a Fee for Use of the
System of the Electronic System for Travel Authorisation (ESTA),
which has become effective on 8 September 2010. ESTA applicants
are required to pay a fee of $ 14.00, which is the sum of the $ 10.00
travel promotion fee defined in the legislation and a fee of $ 4.00
(defined by the Secretary of Homeland Security) to ensure the
recovery of the full costs of providing and administering the ESTA.
8.4
Application Volumes
During FY2009, the total number of admissions to the United States
under the VWP was 16,012,000 travelers.
During FY2010, the number of admissions to the United State under
the VWP through February 28, 2010 is 6,170,000 travelers (air
versus sea travelers could not be specified).
As of March 11, 2010, ESTA compliance among VWP travelers is at
96%.
Through March 16, 2010, DHS has processed 17,447,000 ESTA
applications. The denial rate of those applications is less than one
half of one percent.
PricewaterhouseCoopers | 34
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
8.5
Linguistic Aspects
The ESTA application is currently available in 22 languages. If a
VWP traveler is unable to complete the application in one of the 22
languages available, applicants are permitted to have the ESTA
application submitted by a third party.
PricewaterhouseCoopers | 35
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
9
Legal Aspects
9.1
Legal Framework
In 1986, the Immigration Reform and Control Act incorporated the
Visa Waiver Pilot Program into the INA. The program retained its
pilot status until October 30, 2000, when the Visa Waiver Permanent
Program Act made the pilot program permanent. Section 217 of the
INA provides the legal authority for the VWP. Section 711 of the
9/11 Act authorizes the expansion of, and added provisions for,
strengthening security of the VWP.
ESTA is required pursuant to Section 217 of the INA, as amended
by Section 711 of the 9/11 Act. This legislation required DHS to
develop and implement an automated system to determine, in
advance of travel, the eligibility of visitors to travel to the U.S. under
the VWP and whether such travel poses a law enforcement or
security risk.
9.2
Responsible Authority
DHS is responsible for approving or denying an ESTA application
under the 9/11 Act. DHS handles this responsibility through the
CBP.
9.3
Family Members of U.S. Citizens
All nationals of VWP countries who plan to travel to the U.S. for
temporary business or pleasure are required to receive an
authorization through ESTA prior to boarding a U.S.-bound airplane
or vessel. This requirement includes nationals of VWP countries
who are family members of U.S. Citizens.
9.4
Consequence of ESTA Denial
An ESTA denial means only that the traveler may not travel to the
U.S. under the VWP. Upon denial, the traveler may apply to the
Department of State for a travel visa. The State Department will use
information that the traveler has provided in the ESTA application
during the visa application process. No negative inference is
attached to an ESTA denial when a traveler applies for a visa.
Furthermore, a traveler denied entry under ESTA and VWP may
seek redress through DHS TRIP, or through filing a complaint
directly with the DHS Privacy Office or the DHS Civil Rights and Civil
Liberties Office.
PricewaterhouseCoopers | 36
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
10
Impact on Stakeholders
10.1 Impact on Border Control Procedures
To date, ESTA's impact on border control procedures has been
minimal. Since its implementation, 96% of VWP travelers have
entered a U.S. port of entry compliant with ESTA requirements. The
4% of VWP travelers that are non-compliant are given a
NONCOMPLIANT tear sheet that informs them of their noncompliance and the possible consequences of non-compliance on
subsequent visits to the U.S.
10.2 Impact on Consular Offices
The initial reaction to the impact on consular offices is that the
volume of visa applications would greatly increase. The denial rate
of ESTA applications is less than one half of one percent, therefore
the impact on consular offices has been minimal.
Additionally, consular offices are often the first line of point of contact
for questions regarding ESTA applications. There has been minimal
impact on these inquires because consular offices have experience
responding to these types of questions - ESTA applications collect
the same information as the I-94 W.
Consular offices have and continue to provide significant support to
ESTA implementation by leading outreach efforts with foreign
ministries and various media outlets. The ESTA requirement has
also assisted Consular Offices with visa applications - denied ESTA
applications are provided to consular offices with reasons for denial.
Consular offices will investigate the issues to determine visa
eligibility.
10.3 Impact on Airline and Cruise
Companies
Through successful outreach efforts, DHS believes the impact on
airline and cruise companies has been minimal. However, effective
March 21, 2010, carriers and vessels may be fined for allowing an
individual to board a U.S.-bound carrier or vessel without an
approved travel authorization. Employees of carriers and vessels
will have to scrutinize travel documentation to ensure an approved
ESTA has been obtained as well as educate those travelers who do
not understand the requirement.
However, based on the stakeholder interviews held with relevant EU
and international air carriers it can questioned whether the impact
introduction of the ESTA has been minimal for the carriers. Airlines
(and the airline trade organisations) were critical at the introduction
of the ESTA. For example, in November 2008 IATA stated that
―ESTA is an uncoordinated mess that does not align with the myriad
PricewaterhouseCoopers | 37
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
of other US Government passenger data programmes‖15. In January
2010 IATA reiterated its concerns and formally asked DHS
Secretary Napolitano ―to create a top down review of passenger
data programs‖16.
Airline representatives repeatedly pointed to the considerable
financial consequences of the implementation of ESTA. However,
no exact figures of the financial consequences of the ESTA and / or
the Australian systems have been provided. A rough estimate of
several tens of millions Euro’s was given for the European airlines,
with costs mainly attributed to the introduction of the technical
requirements and the costs for repatriation of non-compliant
travellers.
For the European airlines the introduction of the ESTA was
accompanied by a number of start-up problems and the systems still
face some problems. The system has a number of practical or
procedural shortcomings which hinder successful implementation:•
a number of passengers can only be checked at boarding.
The physical appearance at check-in is not required. As a
result the airlines can only check passengers with electronic
check-in and transfer passengers whether they meet the
ESTA requirement when they are boarding. This is at a late
stage in the process. A problem arises when a transfer
passenger does not have a valid ESTA; and
there are reports that the ESTA system suffers from ―downtime‖ during which passengers cannot be checked-in.
10.4 Impact on Check-in at Airports and
Harbours
As was the case with airline and cruise companies, the impact on
check-in at airports and harbours has been minimal17. During the
informed compliance period of the ESTA implementation process,
DHS has experienced a compliance rate of 96%.
The representatives of airlines (and their trade organisations)
indicated that handling of passengers that turn up at check-in
without having applied for an ESTA is a serious concern. Although
this problem seems to be diminishing.
15
www.iata.org/whatwedo/safety_security/newsletter/october-2008/Pages/security.aspx
16
www.iata.org/WORLDWIDE/NORTH_AMERICA/Pages/secureflight.aspx
No actual visit to Dulles International Airport was made: an interview was conducted
with a TSA representative responsible for Security Operations at Dulles International
Airport. The interviewee indicated that the impact of ESTA at US (air)ports of entry is
minimal. As a result no on-site visit has been conducted in Baltimore harbour as the
impact of the US ESTA is even more limited.
17
PricewaterhouseCoopers | 38
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
However, based on the European stakeholder consultations a
number of issues have been encountered. There have been reports
that passengers arrive at check-in counter with a paper printout of
their [positive] ESTA status, and yet the carrier receives automated
response NO APPLICATION FOR ESTA ON FILE. ―Errors‖ in the
ESTA registration process seem to be driving the majority of
situations in which individuals believe that they are registered in the
system, only to find out otherwise upon arrival at the airport. These
included:
individuals mistakenly substituting the number ―0‖ instead of
the letter ―o‖ in their registration entry. Because this may
involve either the passport being registered or the traveller’s
nationality (country of document issue), the input error will
result in no match when the traveller’s actual document
information is submitted to ESTA by the carrier as part of the
AQQ submission;
applicants of one nationality who reside in another country
and who have their passport issued in the country of
residence erroneously enter the country of residence as the
―Country of Passport Issue‖. The data submitted by the
carrier in its AQQ transmission will reflect the true Country of
Passport Issue‖ resulting in a non-match against the ESTA
database;
individuals who hold more than one passport may file for an
ESTA using only a single passport. If they then travel under
a passport for which an ESTA has not been requested, a
―No ESTA on File‖ response will result. The ESTA system
takes the data provided as part of the carriers AQQ
submission, and seeks to match the passport number and
country of issue against a record in the database. No match
against any other data element in the AQQ (i.e. name, d.o.b,
etc) is attempted. Accordingly, if the passenger presents a
passport for which no ESTA registration has been made,
then the system will return a ―No ESTA on File‖ response. A
separate ESTA registration is required for each passport that
an individual might use for VWP travel to the U.S.;
ESTA matching is based on a comparison of the passport
number and nationality only. A separate ESTA registration is
required for each passport (where more than one passport
has been issued to an individual), and the passport number
and nationality (country of passport issue) must be an exact
match in order for the system to respond appropriately;
France and Germany have passports that can contain a
check digit on the first page, which causes passengers to
enter their passport number incorrectly on their ESTA
application. Additionally, in the case of French passports –
different numbers appear on the first and third pages; and
ESTA may have been subsequently revoked or denied after
initial approval based on emerging information. (ESTA
PricewaterhouseCoopers | 39
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
program automatically re-evaluates all ESTA applications
every 24 hours.)
PricewaterhouseCoopers | 40
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Appendices
Appendix A
Summary of Stakeholder Interviews
42
Appendix B
References
43
Appendix C
Noncompliant Tear Sheet
44
Appendix D
Acronyms
45
PricewaterhouseCoopers | 41
This document is for internal purposes only.
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Appendix A Summary of
Stakeholder Interviews
U.S. Department of Homeland Security
Date
Office of International Affairs*
3/12/2010
Screening Coordination Office
3/12/2010
Visa Waiver Program Office
3/12/2010
Customs and Border Protection
3/14/2010
Transportation Security Administration
3/14/2010
Privacy Office
3/17/2010
U.S. Department of State
Date
Bureau of Consular Affairs
3/19/2010
Bureau of European and Eurasian Affairs
3/19/2010
* Because of security requirements names and titles of the individuals
interviewed cannot be disclosed. The European Commission may request
disclosure of the names through its own contacts with the U.S. administration.
PricewaterhouseCoopers | 42
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Appendix B References
Commission Staff Working Document, The U.S. Electronic System
for Travel Authorization (ESTA) (SEC(2008)2991 final)
ESTA Website: www.cbp.gov/esta
GAO Report: www.gao.gov/new.items/d081142t.pdf
Privacy Impact Assessment:
http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_esta.pdf
System of Records Notice:
www.dhs.gov/xlibrary/assets/privacy/privacy_sorn_cbp_esta.pdf
PricewaterhouseCoopers | 43
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Appendix C Noncompliant Tear
Sheet
PricewaterhouseCoopers | 44
Policy study on an EU Electronic System for Travel Authorization (ESTA)
U.S. Mission
Appendix D Acronyms
APIS - Advance Passenger Information System
AQQ - APIS Quick Query
ATS - Automated Targeting System
CFR - Code of Federal Regulations
CBP - Customs and Border Protection
DHS - Department of Homeland Security
ESTA - Electronic System for Travel Authorization
EU- European Union
FIPPs - Fair Information Privacy Principles
INA - Immigration and Nationality Act
OECD- Organization for Economic Co-Operation and Development
PIA - Privacy Impact Assessment
PII - Personally Identifiable Information
PNR - Passenger Name Record
PTA - Privacy Threshold Analysis
SORN - System of Records Notice
TECS - Treasury Enforcement Communications System
TSA - Transportation Security Administration
TSDB - Terrorist Screening Database
US-VISIT - United States Visitor and Immigrant Status Indicator
Technology
VWP - Visa Waiver Program
PricewaterhouseCoopers | 45
C Other examples of existing and planned systems
C.1
The Netherlands Programme Innovation Border Management
1084 The Dutch Programme Innovation Border Management (Programma Vernieuwing
Grensmanagement, hereinafter: VGM) falls under the responsibility of the Minister of Justice. The
VGM Programme aims to create a distinction between the passenger flows at Schiphol Airport (and
possibly in a later stage at other hubs) on the basis of risk-driven action and automated control.
Drawing up integrated profiles of passengers and their luggage allows for such risk-driven action.
Border control can than focus on passengers with a higher risk in terms of security, illegal migration
and organized crime. At the same time, it further facilitates low-risk passengers to cross the border
more easily. This strikes the balance between maximum security and optimum mobility. In that
balance, the economic interest should never be at the expense of (inter-)national security.
1085 The VGM Programme has two pillars: informatisation and automation. The programme
consists of four projects. The projects No-Q and RT focus on automated border crossing, with use
of biometrics and registered and trusted travellers programmes, to allow travellers to cross the
border with as little hassle as possible. The other two, PARDEX and API, primarily focus on the
development of the information position of all organizations involved in border control with a view to
increase (national) security. In this case study the PARDEX project is highlighted, although this is
an integral part of the VGM Programme.
1086 The business case that is made for the VGM Programme underlines the economic effect of
doing nothing on the way currently security and services are provided at a growth of passenger
numbers between 0% and 4%: the airport will become clogged, making Schiphol a less attractive
hub. Waiting times and queues are getting longer, the climate for foreign business establishing in
the Netherlands is less attractive. Financially, ultimately the Dutch government (due to loss of
passenger tax) and the private parties Schiphol and KLM Air France (main user of Schiphol) will
lose substantial income, so is estimated. With a system in place that can absorb the expected
growth of Schiphol within the existing infrastructure and that at the same time will increase the
speed and the reliability of the border control process, large investments (new passenger terminal)
and increase of staff at the border control process can be postponed or entirely avoided, so is
estimated. For increasing the speed and the reliability of the border control process, especially the
PARDEX project is set up.
C.2
Passenger Related Data Exchange (PARDEX)
1087 The project PARDEX is broadly composed of representatives from the Royal Military
Constabulary (KMar), Customs, the Ministry of the Interior and Kingdom Relations (BZK), the
Immigration and Naturalisation Service (IND), the National Coordinator for Counterterrorism
(NCTb), the Seaport Police (ZHP), Amsterdam Airport Schiphol (AAS) and KLM.
Other examples of existing and planned systems
301
1088 As stated, the objective of the PARDEX Project is to develop proposals as a result of which
the organisations involved in the project can – in joint consultation – collect, analyse and
disseminate passenger-related data more quickly, more intelligently and more effectively, in order
to increase security and mobility in and around passenger traffic. The data collected is provided by
different organisations, and is meant to provide a clear picture of the persons that enter the
Netherlands on the basis of which a profiling of persons may be obtained.
C.3
Data collection and data processing
1089 In 2009 four scenarios were developed identifying alternatives for the moment, the method,
the source and the purpose of data collection. Each scenario is summarised below.
Scenario 1
Airline provides API
Scenario 2
Government
retrieves API&PNR
Scenario 3
Airline provides data
Scenario 4
Passenger provides
data
When
At departure
Continuous
Phased: when
booking, at check-in
and at departure
When booking
Who
Airline supplies
Government
authorities retrieve
Airline supplies
Passenger supplies
Interactive
What
Data model based on
API Directive
If available at airline:
booking data, flight
data, passport data
Of all flights: booking
data, flight data,
passport data
All : booking data,
flight data, passport
data
Why
Partially identifying
known subjects
Partially identifying
known and unknown
subjects
Before arrival
identifying known and
unknown subjects
Early, before
departure of the flight,
identifying known and
unknown subjects
Limited investigation
based on historical
data
Investigation based
on historical data
through data retention
Investigation based
on historical data
through data retention
Maximum service
Figure 32
1090 In July 2009 a combination of scenario 4 (the traveller (passenger) supplies the relevant
information) and scenario 1 (verification takes place at the check-in process by the carrier) was
selected as the most appropriate method for effective border control. This method is based on the
basic principle that the traveller, or on his behalf the travel agent, is obliged to individually and
interactively provide the required information to the border authorities when booking a trip to the
Other examples of existing and planned systems
302
Netherlands. As a result, the traveller is responsible for and in control of supplying the necessary
information (personal information, reservation details, flight details and passport information (travel
document)). The traveller is informed about which information should be provided to the
government and how it is used. The delivery of information by the passenger prevents that
reservation information from the airline (PNR) should be demanded. The passenger, or on his
behalf the travel agent, will receive a notification while booking a trip to interactively submit the
personal data, passport details and flight information (total route) of the touring party to the border
authorities using a standard format. The point of booking a trip is regarded as the most suitable
moment to request the traveller to supply the information needed, especially since much of this
information is also needed for the reservation. The information should as much as possible be
provided once. This can be achieved by copying the reservation information to the standard form.
The time between booking a trip and departing from the third country is used to perform a risk
assessment of the travellers (data) using watch lists and risk profiles.
1091 The results of the risk assessment may lead to a match with a watch list (hit). The hits will be
analysed in a joint information analysis centre border management (Nationaal Informatie
Analysecentrum Grenstoezicht (NIAG)) where several border authorities cooperate. In this analysis
centre, information is processed, matched with integrated watch lists and risk profiles, follow up
and interventions are coordinated and decisions facilitated.
1092 The selected scenario has been evaluated with regard to the effects in terms of processes,
information, technical and legal aspects. This impact assessment is recently finalised by the VGM
Programme Management. It is proposed that through the development of successive plateaus the
desired result is achieved. This planning consists of four two-year stages between 2010 and 2018.
C.4
Legal aspects and data protection
1093 Under the current Dutch legislation there are already several possibilities to process
passenger related information:
airlines, under their contract of carriage, can request information from their passengers at
the time of booking;
Dutch Customs, based on the Community customs legislation, can demand passenger
related data (including API and PNR) from carriers;
the Royal Military Constabulary, based on national legislation for migration purposes, can
demand API data and copies from airlines. These powers are based on the API directive;
the Public Prosecutor may in specific cases, in the interests of a criminal investigation or in
the interest of an investigation into a terrorist act, demand passenger lists from an airline;
Dutch government can under the current legislation exchange passenger related data.
1094 However, in order to be able to fully implement the PARDEX model, a number of legislative
steps will have to be followed. As far as can be foreseen, these will now consist of conducting a
Privacy Impact Assessment, amendment of the Aliens Act, the Police (registers) Act, the Criminal
Procedures Act and other laws. The PARDEX project management also concluded that EU
legislation should be established which provides that (visa exempted) passengers who intend to
Other examples of existing and planned systems
303
travel from a third country to a Schengen country are required to provide personal data to the
relevant Schengen country, in order to determine whether the passengers are eligible for an
electronic travel authorisation and allowed to travel.
C.5
References

http://english.justitie.nl/currenttopics/pressreleases/archives-2010/100525electronic-bordercrossing-starts-today.aspx?cp=35&cs=1578.

Meeting on 26 May 2010 with Pardex projectteam (Mr. B. Wezenberg, Mr. B. Bhola, Mr. J. van
Ekeren, Mr. A. Hondelink, Ms. A. Rooijers).

Nieuwsbrief Programma Vernieuwing Grensmanagement, nummer 1 (September 2009).

Ministerie van Justitie, Rapport Impactanalyse PARDEX v 1.0, 10 June 2010.

Ministry of Justice, Outline Programme Innovation Border Management. Smarter, Faster,
Better, 25 april 2010.

Tweede Kamer der Staten-Generaal, 30 315, nr.8, 13 juli 2009, Kaderdocument Grenstoezicht
(Border Control Framework Document).
Other examples of existing and planned systems
304
D Overview of respondents
France
Mr. Hénot
Mr. Duvivier
Mr. Faye
Ms. Sparacino-Thiellay
Ms. Menat
Mr. Dejaegher
Ms. Drevet
Mr. - *
Mr. Gabrie
Aéroports de Paris
Aéroports de Paris
Foreign Affairs Ministry
General Secretariat for European Affairs
Immigration Ministry, Cross-border Control and Circulation Bureau
Immigration Ministry, Visa Sub-Directorate
Interior Ministry, Central Directorate for Border Police (DCPAF)
Interior Ministry, Central Directorate of Internal Intelligence (DCRI)
National Commission for Informatics and Liberties (CNIL)
Greece
Ms. Kardasiadou
Ms. Hatziliasi
Mr. Chatzis
Mr. Christoloukas
Ms. Giannoula
Mr. Tsitsimpikos
Mr. Karfiotis
Ms. - *
Ms. - *
Ms. - *
Mr. - *
Ms. Papadopoulou
Mr. Gouras
Hellenic Data Protection Authority
Hellenic Data Protection Authority
Ministry of Citizen Protection, Hellenic Police, Aliens Division
Ministry of Citizen Protection, Hellenic Police, IT directorate
Ministry of Citizen Protection, Hellenic Police, IT directorate,
Department of Analysis and Programming
Ministry of Citizen Protection, Hellenic Police, IT directorate,
Informatics division
Ministry of Citizen Protection, Hellenic Police, Port of Piraeus
Ministry of Citizen Protection, National Intelligence Service
Ministry of Citizen Protection, National Intelligence Service
Ministry of Citizen Protection, National Intelligence Service
Ministry of Citizen Protection, National Intelligence Service
Ministry of Foreign Affairs
Ministry of Foreign Affairs
The Netherlands
Mr. Dijkstra
Mr. van der Poel
Mr. Breitbarth
Mr. Commandeur
Mr. Wezenberg
Mr. Bruin
Mr. de Winter
Mr. P. Vos
Overview of respondents
Amsterdam Airport Schiphol, security department
Dutch Association for Travel Management (NATM)
Dutch Data Protection Authority (CBP)
Dutch Data Protection Authority (CBP)
Immigration and Naturalisation Service, Programme Innovation Border
Management
KLM Royal Dutch Airlines
Ministry of Defence, Royal Marechaussee, Programme Innovation
Border Management
Ministry of Defence, Royal Marechaussee
305
Mr. H. Vos
Mr. van Oostveen
Mr. van Gemert
Mr. - *
Mr. - *
Mr. Schreinemachers
Mr. - *
Ms. - *
Mr. - *
Mr. Hondelink
Mr. Voogt
Mr. Berk
Ministry of Foreign Affairs
Ministry of Foreign Affairs
Ministry of the Interior and Kingdom Relations, General Intelligence and
Security Service (AIVD)
Ministry of the Interior and Kingdom Relations, General Intelligence and
Security Service (AIVD)
Ministry of the Interior and Kingdom Relations, General Intelligence and
Security Service (AIVD)
Ministry of Justice, Directorate Migration Policy
National Coordinator for Counterterrorism (NCTb)
National Coordinator for Counterterrorism (NCTb)
National Coordinator for Counterterrorism (NCTb)
Programme Innovation Border Management
Programme Innovation Border Management
Zeehavenpolitie, Border patrol and Immigration
Poland
Ms. Kulikowska
Mr. Adamczyk
Ms. Lange Oleszczuk
Mr. Nowaczyk
Mr. Szyszka
Mr. Behrendt
Ms. Szabłowska
Mr. Taperek
Ms. Kowalik
Mr. Dobrucki
Mr. Drobek
Ms. Walencik
Mr. Czaplicki
Mr. Dietkow
Mr. Polak
Mr. Piasecki
Mr. Florczak
Overview of respondents
Border Guard (Straż Graniczna), Aliens Department
Border Guard (Straż Graniczna), Border Management Department
Border Guard (Straż Graniczna), Border Management Department
Border Guard (Straż Graniczna), Border Management Department
Border Guard (Straż Graniczna), Border Management Department
Border Guard (Straż Graniczna), Communication and IT Bureau
Border Guard (Straż Graniczna), International Cooperation Bureau
Border Guard (Straż Graniczna), Warsaw-Okęcie Border Guard
Outpost
Inspector General for Personal Data Protection (GIODO), Jurisdiction,
Legislation and Complaints Department
Inspector General for Personal Data Protection (GIODO), Social
Education and International Cooperation Department
Inspector General for Personal Data Protection (GIODO), Social
Education and International Cooperation Department
Inspector General for Personal Data Protection (GIODO), Social
Education and International Cooperation Department
Ministry of Foreign Affairs, Consular Department
Ministry of Foreign Affairs, Consular Department
Ministry of Interior and Administration, Department of European Union
and International Cooperation
Ministry of Interior and Administration, Department of European Union
and International Cooperation
Office For Foreigners, Department for Legalization of Stay and
Foreigners' Register
306
Mr. Ziółkowski
Mr. Bunalski
Mr. Pięta
Mr. Ławniczak
Mr. Miszczak
Ms. Długokęcka
Mr. Mościcki
Mr. Krochmal
Office For Foreigners, Department for Legalization of Stay and
Foreigners' Register
Office For Foreigners, IT Department
Police, Bureau for Communication and IT
Police, Bureau for Communication and IT
Police, Bureau for Communication and IT
Police, Bureau for Police International Cooperation
Warsaw Airport, Security and Safety Management Service
Warsaw Airport, Security and Safety Management Service
Other
Mr. Husain Khan
Ms. Azema
Mr. de Ceuster
Mr. Hendrix
Mr. Blomqvist
Ms. Caldas
Mr. Toth
Mr. Isaris
Mr. Scandiuzzi
Mr. Heberlein
Ms. Amici
Ms. Vassiliadou
Mr. Beslay
Ms. CuadratGrzybowska
Ms. Havelange
Ms. Lacoste
Mr. Franklin
Mr. Lipsett
Mr. Beugels
Ms. Gariup
Overview of respondents
Association of European Airlines (AEA)
European Commission, Directorate-General Justice, Freedom and
Security, Unit B3 - International aspects of migration and visa policy
European Commission, Directorate-General Justice, Freedom and
Security, Unit B3 - International aspects of migration and visa policy
European Commission, Directorate-General Justice, Freedom and
Security, Unit B3 - International aspects of migration and visa policy
European Commission, Directorate-General Justice, Freedom and
Security, Unit C1 - Border management and return policy
European Commission, Directorate-General Justice, Freedom and
Security, Unit C1 - Border management and return policy
European Commission, Directorate-General Justice, Freedom and
Security, Unit C2 - IT projects: Infrastructure and legal issues
European Commission, Directorate-General Justice, Freedom and
Security, Unit C3 - Large scale IT systems and biometrics
European Commission, Directorate-General Justice, Freedom and
Security, Unit C3 - Large scale IT systems and biometrics
European Commission, Directorate-General Justice, Freedom and
Security, Unit D5 - Data Protection
European Commission, Directorate-General Justice, Freedom and
Security, Unit F3 - Police co-operation and access to information
European Commission, Directorate-General Justice, Freedom and
Security, Unit F3 - Police co-operation and access to information
European Data Protection Supervisor (EDPS)
European Data Protection Supervisor (EDPS)
European Data Protection Supervisor (EDPS)
European Data Protection Supervisor (EDPS)
European Travel Commission (ETC)
Frontex, Air Borders Sector, Operations Unit
Frontex, Research & Development Unit
Frontex, Research & Development Unit
307
Mr. Zozaya
Mr. Davidson
Frontex, Research & Development Unit
International Air Transport Association (IATA), Security and Facilitation
Services
Please note: due to concerns of confidentiality a number of respondents‟ names have been
replaced with an *.
Overview of respondents
308
E Project team PricewaterhouseCoopers EU
The project team responsible for the study and the report at hand:
Otto Vermeulen
Wim Wensink
Michael van de Velde
Francois-Xavier Chevallerau
Frank van Hagen
Adri de Bruijn
Project partner, PwC The Netherlands
Project leader, PwC The Netherlands
Senior advisor , PwC The Netherlands
Senior advisor, PwC Luxembourg
Advisor, PwC The Netherlands
Quality assurance partner, PwC The Netherlands
Project team PricewaterhouseCoopers EU
309
Project team PricewaterhouseCoopers EU
310
F List of References
Legislative documents
o Agreement between the European Union and the United States of America on the processing
and transfer of Passenger Name Record (PNR) data by air carriers to the United States
Department of Homeland Security (DHS) (2007 PNR Agreement) (OJ L204, 4.8.2007, p.18).
o Commission Decision 2008/602/EC of 17 June 2008 laying down the physical architecture and
requirements of the national interfaces and of the communication infrastructure between the central
VIS and the national interfaces for the development phase (OJ L194, 23.7.2008, p.3).
o Commission Decision of 19.3.2010 establishing the Handbook for the processing of visa
applications and the modification of issued visas (C(2010) 1620 final).
o Convention implementing the Schengen Agreement of 14 June 1985 between the
Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and
the French Republic on the gradual abolition of checks at their common borders.
o Council Decision of 23 June 2008 on the stepping up of cross-border cooperation, particularly
in combating terrorism and cross-border crime, (2008/615/JHA) (OJ L 210, 6.8.2008 p. 12).
o Council Decision of 1 June 2006 amending Annex 12 to the Common Consular Instructions
and Annex 14a to the Common Manual on the fees to be charged corresponding to the
administrative costs of processing visa applications, (2006/440/EC) (OJ L 175, 29.6.2006, p. 77).
o Council Decision of 6 April 2009 establishing the European Police Office (Europol)
(2009/371/JHA) (OJ L121, 15.5.2009, p. 37).
o Council Directive 2001/51/EC of 28 June 2001 supplementing the provisions of Article 26 of
the Convention implementing the Schengen Agreement of 14 June 1985 (carriers liability) (OJ L
187, 10.07.2001 P. 45).
o Council Directive 2004/82/EC on the obligation of carriers to communicate passenger data (OJ
L 261, 6.8.2004, p. 24).
o Council Framework Decision 2008/977/JHA on the protection of personal data processed in
the framework of police and judicial cooperation in criminal matters (OJ L350, 30.12.2008, 60).
o Council Regulation (EC) No 1683/95 of 29 May 1995 laying down a uniform format for visas
(OJ L 164, 14.7.1995, p. 1-4).
o Council Regulation (EC) No 2007/2004 of October, 26th 2004, establishing a European
Agency for the Management of operational cooperation at the External Borders of the Member
States of the European Union (OJ L 349, 25.11.2004, p. 1).
o Council Regulation (EC) No 2317/95 of 25 September 1995 determining the third countries
whose nationals must be in possession of visas when crossing the external borders of the Member
States (OJ 1995 L 234, p. 1).
List of References
311
o Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of
'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention
(OJ L 316, 15.12.2000, p. 1).
o Council Regulation (EC) No 539/2001 of 15 March 2001 listing the third countries whose
nationals must be in possession of visas when crossing the external borders and those whose
nationals are exempt from that requirement (OJ L 81, 21.3.2001, p. 1).
o Council Regulation (EC) No 851/2005 of 2 June 2005 amending Regulation (EC) No 539/2001
listing the third countries whose nationals must be in possession of visas when crossing the
external borders and those whose nationals are exempt from that requirement as regards the
reciprocity mechanism (OJ L 141, 4.6.2005, p3).
o Decision No 574/2007/EC of the European Parliament and of the Council of 23 May 2007
establishing the External Borders Fund for the period 2007 to 2013 as part of the General
programme “Solidarity and Management of Migration Flows”. (OJ L 144, 6.6.2007, p. 22).
o Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the
right of citizens of the Union and their family members to move and reside freely within the territory
of the Member States (OJ L 158, 30.04.2004, p. 77).
o Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data (OJ L 281, 23.11.1995, p. 31).
o European Parliament resolution of 10 march 2009 on the next steps in border management in
the European Union and similar experiences in third countries (P6_TA(2009)0085).
o European Parliament resolution of 22 October 2009 on the institutional aspects of setting up
the European External Action Service (2009/2133(INI)).
o Proposal for a Council Decision conferring upon the Agency established by Regulation XX
tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU
Treaty (COM(2009) 294 final).
o Proposal for a Council Framework Decision presented by the Commission on the exchange of
information under the principle of availability (COM(2005) 490 final).
o Proposal for the Council Framework Decision on the use of PNR for law purposes, presented
by the Commission on November, 6th 2007 (MEMO/07/449).
o Regulation (EC) No 1931/2006 of the European Parliament and of the Council of 20 December
2006 laying down rules on local border traffic at the external land borders of the Member States
and amending the provisions of the Schengen Convention (OJ L 405, 30.12.2006, p. 1).
o Regulation (EC) No 1987/2006 of the European Parliament and of the Council: on the
establishment, operation and use of the second generation Schengen Information System (SIS II)
(L381, 28.12.2006, p.4).
o Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December
2000 on the protection of individuals with regard to the processing of personal data by the
List of References
312
Community institutions and bodies and on the free movement of such data (OJL 8, 12.1.2001, p 1).
o Regulation (EC) No 562/2006 of the European Parliament and of the Council of 15 March
2006 establishing a Community Code on the rules governing the movement of persons across
borders (Schengen Borders Code) (OJ L 105: 13.4.2006, p. 1).
o Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008
concerning the Visa Information System (VIS) and the exchange of data between Member States
on short-stay visas (VIS Regulation) (OJ L218, 13.8.2008, p. 60).
o Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009
establishing a Community Code on Visas (Visa Code) (OJ L243, 15.9.2009, p.1).
o
U.S. Interim Final Rule for a U.S. ESTA (U.S. Federal Register / Vol. 70, No.111).
Other documents
o Association of European Airlines, Comments on the European Commission Proposal to the
Council of the European Union for a Council Framework Decision on the use of Passenger Name
Record (PNR) for law enforcement purposes, 5 December 2007.
o Association of European Airlines, Policy Paper on transfer of airline passenger data to
governments, April 2008.
o Boeles, P., den Heijer, M., Lodder, G. & K. Wouters (2009) European Migration Law,
Antwerpen: Intersentia.
o Brouwer, E. (2009), The EU Passenger Name Record (PNR) System and Human Rights:
Transferring Passenger Data or Passenger Freedom? CEPS Working Document No. 320, CEPS,
Brussel, September.
o Commission Staff Working Document, Impact Assessment (SEC(2008) 153); Accompanying
document to the Communication from the Commission to the European Parliament, the Council,
the European Economic and Social Committee and the Committee of the Regions, Preparing the
next steps in border management in the European Union.
o Commission Staff Working Document, Summary of the Impact Assessment (SEC(2008) 154);
Accompanying document to the Communication from the Commission to the European Parliament,
the Council, the European Economic and Social Committee and the Committee of the Regions,
Preparing the next steps in border management in the European Union.
o Commission Staff Working Document, The U.S. Electronic System for Travel Authorization
(ESTA) (SEC(2008)2991 final).
o
Common Consular Instructions on Visas for the Diplomatic Missions and Consular Posts.
o Communication from the Commission to the Council and the Parliament, Transfer of Air
Passenger Name Record (PNR) Data: A Global EU Approach, (COM(2003) 826 final).
o Communication from the Commission to the European Parliament and the Council, An area of
freedom, security and justice serving the citizen, (COM(2009) 262 final).
o
Communication from the Commission to the European Parliament and to the Council on an
List of References
313
entry/exit system at the external border crossings for bona fide travellers, and an electronic travel
authorisation system, (COM(2008) final).
o Communication from the Commission to the European Parliament, the Council, the European
Economic and Social Committee and the Committee of the Regions, Preparing the next steps in
border management in the European Union, (COM(2008) 69 final).
o Council of the European Union, Exchange of statistical information on uniform visas issued by
Member States' diplomatic missions and consular posts, Council doc 12493/09, 31 July 2009.
o European Data Protection Supervisor, EDPS Opinion on the Communication of the
Commission on an Area of freedom, security and justice serving the citizen, Brussels: 10 July
2009.
o Final results of data collection exercise on border crossings by the Czech and Swedish
Presidencies together with Commission at all external border crossing points from 31 August to 6
September 2009.
o Fourth Report from the Commission to the Council and the European Parliament on certain
third countries' maintenance of visa requirements in breach of the principle of reciprocity
(COM(2008) 486 final/2).
o House of Lords, European Union Committee, The EU/US Passenger Name record (PNR)
Agreement, London, 5 June 2007.
o
Implementation Recommendations of the U.S. 9/11 Commision Act of 2007 (H.R. 1).
o International Air Transport Association (2009) Travel Information Manual. Badhoevedorp:
International Air Transport Association Data Publications.
o Letter from the Chairman of the Article 29 Data Protection Working Party to Mr Jacques Barrot,
regarding the policy study on the introduction of an EU ESTA system, Paris, 19 December 2008.
o Presentation of the Ministry of Interior and Administration, the Role of the Ministry of Interior
and Administration in Polish border management, 24 March 2010.
o Presentation of the Polish Data Protection Authority (GIODO), legislation and tasks, 24 March
2010.
o Report from the Commission to the Council on visa waiver reciprocity with certain third
countries (COM(2006) 3 final).
o Report from the Commission to the Council and the European Parliament on the development
of the second generation Schengen Information System (SIS II) (COM(2009) 555 final).
o The Stockholm Programme, An open and secure Europe serving and protecting citizens
(Council of the EU 5731/10).
o
The U.S. list of APIS data (U.S. Federal Register / Vol. 70, No. 66).
o
Tweede Kamer, vergaderjaar 2008–2009, 30 315, nr. 7.
o U.S. Department of Homeland Security: ESTA compliance report by carrier and POE for KLM
Royal Dutch Airlines, 5 March 2010.
List of References
314
G List of abbreviations
AEA
AFIS
AGIMO
AIVD
ALO
ANAO
API
APIS
APP
AQQ
ATS
C.SIS
CBP
CBP
CMAL
CNIL
DCPAF
DCRI
DG JLS
DHS
DIAC
EBF
EDPS
EEAS
ESTA
ETA
ETC
EU ESTA
EU
FIPP
GIODO
HR
iAPI
IATA
IATA
IBM
ICAO
ICSE
ICT
KLM
Association of European Airlines
Automated Fingerprint Identification System
Australian Government Information Management Office‟s
General Intelligence and Security Service (the Netherlands)
Airline Liaison Officer
Australian National Audit Office
Advanced Passenger Information
Advance Passenger Information System
Advance Passenger Processing
APIS Quick Query
Automated Targeting System
Central Schengen Information System
Customs and Border Protection (United States)
Data Protection Authority (the Netherlands)
Central Movement Alert List
National Commission for Informatics and Liberties (France)
Central Directorate for Border Police (France)
Interior Ministry, Central Directorate of Internal Intelligence (France)
Directorate-General for Justice, Freedom and Security
Department of Homeland Security (United States)
Department of Immigration and Citizenship (Australia)
External Borders Fund
European Data Protection Supervisor
European External Action Service
Electronic System for Travel Authorisation
Electronic Travel Authority
European Travel Commission
European Union Electronic System for Travel Authorisation
European Union
Fair Information Practice Principle
Inspector General for Personal Data Protection (Poland)
Human Resources
Interactive Advance Passenger Information
International Air Transport Association
International Air Transport Association
Integrated Border Management
International Civil Aviation Organization
Integrated Client Services Environment
Information and Communication Technology
Royal Dutch Airlines
List of abbreviations
315
MoU
N.SIS
NATM
NBTC
NCTb
OECD
PARDEX
PIA
PIU
PNR
PPP
PTA
PwC
RFID
RTP
SIRENE
SIS II
SIS
SITA
SORN
SSL
S-TESTA
TCN
TECS
TEU
TFEU
TLS
TPA
TRN
TSDB
U.S,
U.S. ESTA
UK
VIS
VWP
Memory of Understanding
National Schengen Information System
Dutch Association for Travel Management
National Border Targeting Centre (United Kingdom)
National Coordinator for Counterterrorism (the Netherlands)
Organization for Economic Co-Operation and Development
Passenger Related Data Exchange
Privacy Impact Assessment
Passenger Information Unit
Passenger Name Records
Public-Private Partnership
Privacy Threshold Analysis
PricewaterhouseCoopers
Radio-frequency identification
Registred Traveller Programme
Supplementary Information Request at the National Entry
Schengen Information System II
Schengen Information System
Societe Internationale de Telecommunication Aeronautiques
System of Records Notice
Secure Socket Layer
Secure Trans European Services for Telematics between Administrations
Third Country National
Treasury Enforcement Communications System
Treaty on European Union
Treaty on the Functioning of the EU
Transport Layer Security
Travel Promotion Act
Transaction Reference Number
Terrorist Screening Database
United States
United States Electronic System for Travel Authorisation
United Kingdom
Visa Information System
Visa Waiver Program
List of abbreviations
316
H Comparative overview of required pre-travel information
Comparative overview of required pre-travel information
317
Schengen
Short-stay Visa
1 Surname (Family name)
Australia
ETA
Australia
eVisitor / eVisa
EU ESTA
United States
Non-immigrant Visa
United States
ESTA
Full names
1. Passport Number
Passport Number
Australia
Tourist Visa
1. When do you wish to visit Australia
2 Surname at birth (Former family
name(s))
2. Place of Issuance
Place of Issuance
2. How long do you wish to stay in Australia
Length of stay in Australia
3 First name(s) (Given name(s))
3. Issuing Country
Issuing Country
3. Do you intend to enter Australia on more
than one occasion
Intent to enter Australia on more than
one occasion
4. Issuance Date
Issuance Date
4. Name(s) as shown in your passport:
Family names
given names
other names
name in your own language or script
Family names
Given names
Name(s) as shown in your passport:
Family names
given names
other names
name in your own language or script
5 Place of birth
5. Expiration Date
Expiration Date
5. Sex
Sex
Sex
6 Country of birth
6. Surnames
Last Name
6. Date of birth
Date of Birth
Date of Birth
4 Date of birth (day-month-year)
Date of Birth
7 Current nationality
Nationality
7. First and Middle Names
First Name and Middle Name
7. Relationship status
Relationship status
8 Sex
Sex
8. Other Surnames Used
Phone Number
8. Place of Birth
Place of Birth
9 Marital status
9. Other First and Middle Names Used
E-Mail Address
9. Details from your passport
number
country
date of issue
date of expiry
issuing authority
10 In the case of minors: Surname, first
name, address (if different from
applicant's) and nationality of parental
authority/legal guardian
11 National identity number, where
applicable
12 Type of travel document
10. Date of Birth
Date of birth
10. Details of identity card
Identity Number and Country of issue (if
applicable)
11. Country of citizenship
Citizenship (list of countries)
11. Place of Birth
Passport Details
number
country
date of issue
date of expiry
issuing authority
Passport Details
number
country
date of issue
date of expiry
issuing authority
12. Nationality
Country of Citizenship
12. Country of usual residence
Country of Residence
13 Number of travel document
Passport Number
13. Sex
Sex
13. Current residential address
Current residential address
14 Date of issue
Issuing date
14. National Identification Number
Destination Address, City, and State
14. Address for correspondence
Address for correspondence
15 Valid until
Expiry Date
15. Home Address
Flight Information
15. Telephone numbers
Telephone numbers
16 Issued by
Issuing State
16. Home Telephone Number
City of Embarkation
16. Agreement to communication through
electronic means (including details)
Agreement for electronic
communications
17. Marital Status
Whether the individual has a communicable
disease, physical or mental disorder, or is a drug
abuser or addict
Whether the individual has been arrested or
convicted for a moral turpitude crime, drugs, or
has been sentenced for a period longer than five
years
Whether the individual has engaged in espionage,
sabotage, terrorism, or Nazi activity between 1933
and 1945
17. Are there any children included in your
passport who will be travelling with you
Children included on passport
18. Do you have a spouse, partner, children,
or fiancé who will NOT be travelling with you
Details of family members not travelling
with applicant
19. Is it likely you will be travelling from
Australia to a neighbouring country
Relatives, Friends or Contacts in
Australia
17 Applicant's home address:
18 Residence in a country other than
the country of current nationality
Intended travel mode
18. Spouse's Full Name
19 Current occupation
Border crossing point of entry
19. Spouse's DOB
20 Employer, address and telephone
number. For students (…)
Intended date of entry
20. Name and Address of Present
Employer or School
Whether the individual is seeking work in the U.S.
20. Do you have any relatives in Australia
Location from where application is
being submitted
21 Main purpose(s) of the journey:
Flight number (air travel only)
21. Present Occupation
21. Do you have any friends or contacts in
Australia
Country of usual residence
22 Member State(s) of destination
E-mail address
22. When Do You Intend To Arrive In
The U.S.?
Whether the individual has ever been denied a
U.S. visa or entry into the U.S. or had a visa
cancelled (if yes, when and where)
Whether the individual has been excluded or
deported, or attempted to obtain a visa or enter
the U.S. by fraud or misrepresentation
22. Why do you want to visit Australia
Travelling companions
23 Member State of first entry
Telephone number
23. E-Mail Address
Whether the individual has ever detained retained,
or withheld custody of a child from a U.S. citizen
granted custody of the child;
23. Do you intend to do a course of study of
more than 4 weeks while in Australia
Comparative overview of required pre-travel information
318
24. In the last 5 years, have you (…) visited, or
lived, outside your country of passport for
more than 3 consecutive months
25. Do you (…) intend to enter a hospital or
health care facility
24 Number of entries requested
24. At What Address Will You Stay in
The U.S.?
Whether the individual has ever asserted
immunity from prosecution.
25 Duration of the intended stay or
transit
25. Name and Telephone Numbers of
Person in U.S. Who You Will Be
Staying With or Visiting for Tourism or
Business
Unique ESTA identifier
26 Schengen visas issued during the
past three years
26. How Long Do You Intend To Stay
in The U.S.?
26. Do you (…) intend to work as, or study to
be a doctor, dentist, nurse or paramedic
27 Fingerprints collected previously for
the purpose of applying for a Schengen
visa
28 Entry permit for the final country of
destination, where applicable
27. What is The Purpose of Your Trip?
27. Have you (…) ever had or have
tuberculosis (…)
28. Who Will Pay For Your Trip?
28. During your proposed visit to Australia do
you (…) expect to incur medical costs or
require treatment for (…)
29 Intended date of arrival in the
Schengen area
29. Have You Ever Been in The U.S.?
29. Do you (…) require assistance with
mobility or care due to a medical condition
30 Intended date of departure from the
Schengen area
30. Have You Ever Been Issued a U.S.
Visa?
30. Information regarding criminal offences,
legal action, removal/deportation from any
country, war crimes or crimes against
humanity or human rights, activities of risk to
Australian national security, outstanding debts
to Australian authorities, illegal movement of
people and service in a military force or militia
31 Surname and first name of the
inviting person(s) in the Member
State(s).
32 Surname, first name, address,
telephone, telefax, and e-mail address
of contact person in
company/organisation
33 Cost of travelling and living during
the applicant's stay is covered
31. Have You Ever Been Refused a
U.S. Visa?
31.What is you employment status
32. Do You Intend To Work in The
U.S.?
32. How will you be maintaining yourself
financially while you are in Australia
33. Do You Intend To Study in The
U.S.?
33. Is someone else providing support for your
visit to Australia
34 Personal data of the family member
who is an EU, EEA or CH citizen
34. Names and Relationships of
Persons Travelling With You
34. What support are they providing
35 Family relationship with an EU, EEA
or CH citizen
35. Has Your U.S. Visa Ever Been
Cancelled or Revoked?
35. Have you (…) been in Australia and not
complied with visa conditions (…)
Have you had an application for entry to or
further stay in Australia refused, or had a visa
for Australia cancelled
36 Place and date
36. Has Anyone Ever Filed an
Immigrant Visa Petition on Your
Behalf?
36. Complete the following details if you have
applied for permanent entry to Australia in the
last 5 years
37 Signature (for minors, signature of
parental authority/legal guardian)
37. Are Any of The Following Persons
in The U.S., or Do They Have U.S.
Legal Permanent Residence or U.S.
Citizenship?
38. Important: all applicants must read
and check the appropriate box
37. Complete the following details if you have
applied for temporary entry to Australia in the
last 5 years
39. Was this Application Prepared by
Another Person on Your Behalf?
39. Is the person an agent registered with the
Office of the Migration Agents Registration
Authority
40. Is the person/agent in Australia
38. Did you receive assistance in completing
this form
40. Application Prepared By:
41. I certify that I have read and
understood all the questions set forth in
this application
41. Did you pay the person/agent and/or give
a gift for this assistance
42. All written communications about this
application should be sent to (…)
43. How will you pay your application charge
(including details)
44. Having read the 'Conditions for a tourist
visa to Australia' (including signature)
Comparative overview of required pre-travel information
319
Comparative overview of required pre-travel information
320