Identifier
Created
Classification
Origin
07MADRID2055
2007-10-31 17:18:00
CONFIDENTIAL
Embassy Madrid
Cable title:
SPAIN: RESPONSE TO S/CT REQUEST FOR INFORMATION ON
how-toVZCZCXRO4521 PP RUEHAG RUEHROV DE RUEHMD #2055/01 3041718 ZNY CCCCC ZZH P 311718Z OCT 07 FM AMEMBASSY MADRID TO RUEHC/SECSTATE WASHDC PRIORITY 3727 RUEAHLC/HOMELAND SECURITY CENTER WASHINGTON DC PRIORITY RUEILB/NCTC WASHINGTON DC PRIORITY INFO RUCNMEM/EU MEMBER STATES COLLECTIVE RUEHLA/AMCONSUL BARCELONA 3153 RUEAIIA/CIA WASHDC RUCNFB/FBI WASHDC
C O N F I D E N T I A L SECTION 01 OF 05 MADRID 002055
SIPDIS
SIPDIS
FOR S/CT (MCKUNE),NCTC AND DHS
E.O. 12958: DECL: 10/30/2017
TAGS: KVPR PTER PREL PGOV PINR CIVS ASEC KHLS SP
SUBJECT: SPAIN: RESPONSE TO S/CT REQUEST FOR INFORMATION ON
HOST GOVERNMENT PRACTICES - INFORMATION COLLECTION,
SCREENING, AND SHARING
REF: STATE 133921
MADRID 00002055 001.2 OF 005
Classified By: DCM Hugo Llorens for Reasons 1.4 (b) and (c)
C O N F I D E N T I A L SECTION 01 OF 05 MADRID 002055
SIPDIS
SIPDIS
FOR S/CT (MCKUNE),NCTC AND DHS
E.O. 12958: DECL: 10/30/2017
TAGS: KVPR PTER PREL PGOV PINR CIVS ASEC KHLS SP
SUBJECT: SPAIN: RESPONSE TO S/CT REQUEST FOR INFORMATION ON
HOST GOVERNMENT PRACTICES - INFORMATION COLLECTION,
SCREENING, AND SHARING
REF: STATE 133921
MADRID 00002055 001.2 OF 005
Classified By: DCM Hugo Llorens for Reasons 1.4 (b) and (c)
1. (SBU) Embassy Madrid offers the following responses to
REFTEL request for information on the government of Spain's
policies toward and capabilities for collection of biographic
and biometric data for terrorist screening purposes. For
ease of reading, we have opted to rewrite each question set
above the appropriate responses in the body of the report.
The below information represents the current understanding of
our Mission interagency team, both what we already knew
before the S/CT request came in, and what we were able to
collect and learn during the reporting period. We have noted
that some gaps still remain and will make it a priority to
fill in the blanks as we continue to engage with a Spanish
government that has become one of the USG's key partners in
the fight against terrorism.
2. (C) A. Watchlisting: If host government maintains a
"watchlist," how many records does the watchlist contain, and
how many are terrorist-related? Which ministry or office
maintains the watchlist?
-- The GOS does not currently maintain a separate terrorist
watchlist at the border, but Spain is part of the Schengen
Information System (SIS),and has access to EU holdings. The
GOS has plans to implement the SIS at ports of entry
beginning in 2009. On September 17, the U.S. and Spain
signed a cutting-edge bilateral information sharing agreement
covering known and suspected terrorists as envisioned under
HSPD-6. Under this agreement, the Spanish Ministry of
Interior will be responsible for supplying Spanish data into
the U.S. Terrorist Screening Center database/watchlist, and
will conversely be the recipient of TSC data.
3. (C) B. Traveler Information Collection: What are the
country's policies (legislation, mandates, etc.) on
collecting information from travelers arriving in the
country? Are there different policies for air, sea, and land
entry and for domestic flights? Who collects traveler
information? What are the policies of the collecting agency
to share that information with foreign governments? Does the
host government collect Passenger Name Record (PNR) data on
incoming commercial flights or vessels? Is this data used
for intelligence or law enforcement purposes to screen
travelers? Does host government have any existing treaties
to share PNR data? If applicable, have advance passenger
information systems (APIS),interactive advanced passenger
information systems (IAPIS),or electronic travel authority
systems been effective at detecting other national security
threats, such as wanted criminals?
-- Currently, Spain only collects the limited information
requested on arrival cards, but this information is not
entered into a computer database. What information is
gathered and kept is shared within the EU and the SIS.
Passports are scanned upon arrival (this is still a test
project) to verify if there has been any alteration or
forgery. As Spain is a part of the Schengen agreement, it
does not maintain any type of passport controls upon entry or
exit for all domestic travel to EU member countries (except
the United Kingdom). Spain does not maintain any type of
passport controls upon entry and exit, and does not maintain
any type of travel records. Persons traveling to and from
the UK are required to be screened at passport control in
Spain, but Spain does not maintain these travel records. In
regards to international travel, persons departing and
entering Spain are required to be screened at passport
control. It is our experience that Spain has not readily
automated this type of information, thus making any retrieval
of international travel data almost impossible. Spain on
occasion maintains data if the border official encountering
the traveler physically loads the traveler's information, but
this is rare. Spain does not collect traveler data for
persons entering Spain on land via France or Portugal, and
there are no longer checks at border crossings between the
countries. Persons entering Spain via Gibraltar are required
to be screened at passport control, but Spain does not
maintain this data. The collection of traveler information
is the responsibility of the Spanish National Police, and the
SNP is very willing to share this type of information.
However, for the reasons enumerated above, the SNP has very
MADRID 00002055 002.2 OF 005
limited data available, and what exists is usually of little
value. Spain does not have an Advanced Passenger Information
System (APIS). On November 6, the EU Commission plans to
approve a project whereby data relative to passengers
arriving by air will be stored and reviewed by each member
state. The proposed system will use the same fields as that
used by the U.S. system. The objective of this program is to
use it for both intelligence and law enforcement purposes.
Spanish law enforcement implements a mechanism by which they
are able to effectively detect the travel of passengers with
warrants for arrest. In relation to terrorists, the
mechanism is not yet in place, but is forthcoming.
4. (C) C. Border Control and Screening: Does the host
government employ software to screen travelers of security
interest? Are all travelers tracked electronically, or only
non-host-country nationals? What is the frequency of
travelers being "waived through" because they hold up what
appears to be an appropriate document, but whose information
is not actually recorded electronically? What is the
estimated percentage of non-recorded crossings, entries and
exits? Do host government border control officials have the
authority to use other criminal data when making decisions on
who can enter the country? If so, please describe this
authority (legislation, mandates, etc. What are the host
government's policies on questioning, detaining and denying
entry to individuals presenting themselves at a point of
entry into the country? Which agency would question, detain,
or deny entry? How well does information sharing function
within the host government, e.g., if there is a determination
that someone with a valid host-government visa is later
identified with terrorism, how is this communicated and
resolved internally?
-- Spanish authorities use what they call a "Verifier." The
SNP officer at the POE decides who will be "verified" to see
whether they are under an arrest warrant of a "No-entry" into
the Schengen area. This database is shared with the Civil
Guard. Spanish border control systems are being developed
further under Schengen and are scheduled for implementation
in 2009. Spain does not currently possess border control
software. Very few travelers are tracked electronically as
they enter Spain. Documents are visually checked, with more
intense screening possible and done randomly and on certain
flights. We estimate that fewer than 10 percent of entries
and exits into Spain are recorded. Spanish border control
are sworn officers of the Spanish National Police, and they
are not restricted in using criminal data when making
decisions on who can enter the country. However, it has been
the experience of our Legatt that the principal decisonmaking
factor for allowing or disallowing entry into Spain is
whether or not the traveler possesses proper travel
documentation. Spanish immigration, however, can and does
deny entry into the country. The sharing of information
between the Spanish National Police and the Spanish Civil
Guard, Spain's two national law enforcement services, is
problematic. The two services have strong CT missions, but
generally work independent of each other and rarely share
information. When the two services do share information, it
is normally conducted via informal channels. Spain created
the National Center for Counterterrorism Coordination in
2005, a CT collection, analysis, and dissemination hub, which
serves as a terrorism coordination center for Spanish law
enforcement and intelligence agencies. However, the center
is still in its infancy, and the sharing of information
through the center continues to be a work in progress.
5. (C) D. Biometric Collection: Are biometric systems
integrated for all active POEs? What are the systems and
models used? Are all passengers screened for the biometric
or does the host government target a specific population for
collection (i.e. host country nationals)? Do the biometric
collection systems look for a one to one comparison (ensure
the biometric presented matches the one stored on the
e-Passport) or one to many comparison (checking the biometric
presented against a database of known biometrics)? If
biometric systems are in place, does the host government know
of any countermeasures that have been used or attempted to
defeat biometric checkpoints? What are the host government's
policies on collecting the fingerprints of travelers coming
into the country? Which agency is responsible for the host
government's fingerprint system? Are the fingerprint
programs in place NIST, INT-I, EFTS, UK1 or RTID compliant?
MADRID 00002055 003.2 OF 005
Are the fingerprints collected as flats or rolled? Which
agency collects the fingerprints?
-- Biometric systems are not yet integrated into the Ports of
Entry (POEs),although "Poto" biometric is used. Spain
maintains biometrics (photo/fingerprint) for all Spanish
nationals and holders of Spanish identity documents. The GOS
plans to take fingerprints with the implementation of the SIS
border controls in 2009. The Spanish National Police is
responsible for managing Spain's national fingerprint system.
This system is known as "SAID," and "SAID II" will soon be
implemented. SAID II is meant to be more compatible with
other international law enforcement partners and should
greatly increase Spain's power to process raw fingerprint
data. According to Legatt records, the SAID is currently
NIST and INT-I compliant. The SAID II is supposed to be EFTS
and, more importantly, ANSI/NIST-ITL-1-2007 compliant.
Fingerprints collected are always rolled, but Spain will soon
be collecting digital flats. Print data is collected by all
of the various law enforcement agencies within Spain, but the
SNP is responsible for serving as the central repository for
fingerprint data.
6. (C) E. Passports: If the host government issues a
machine-readable passport containing biometric information,
does the host government share the public key required to
read the biometric information with any other governments?
If so, which governments? Does the host government issue
replacement passports for full or limited validity (e.g. the
time remaining on the original passports, fixed validity for
a replacement, etc.)? Does the host government have special
regulations/procedures for dealing with "habitual" losers of
passports or bearers who have reported their passports stolen
multiple times? Are replacement passports of the same or
different appearance and page length as regular passports (do
they have something along the lines of our emergency partial
duration passports)? Do emergency replacement passports
contain the same or fewer biometric fields as regular-issue
passports? Where applicable, has Post noticed any increase
in the number of replacement or "clean" (i.e. no evidence of
prior travel) passports used to apply for U.S. visas? Are
replacement passports assigned a characteristic number series
or otherwise identified?
-- Spain's public key system is shared within the SIS and
with others. All full-validity passports are issued in Spain
under a system very similar to ours, and Spanish Embassies
and Consulates can issue a limited-validity emergency
passport which, like ours, is not an e-passport. Replacement
passports are recognizable because they are not issued for
the full 10-year validity; they are issued for a limited
validity that coincides with the validity of the passports
being replaced. Spain does have procedures for dealing with
habitual losers of passports, and can include significant
fines. Emergency and replacement passports contain the same
information as regular passports.
7. (C) F. Fraud Detection: How robust is fraud detection
and how actively are instances of fraud involving documents
followed up? How are potentially fraudulently issued
documents taken out of circulation, or made harder to use?
-- Spain has robust fraud detection and follows up
expeditiously on all known or suspected cases. Spain has a
system very similar to ours to deal with fraudulently issued
documents and to get them out of circulation. Spanish
national identity documents contain fingerprints and are thus
hard to illegally manufacture.
8. (C) G. Privacy and Data Security: What are the country's
policies on records related to the questioning, detention or
removal of individuals encountered at points of entry into
the country? How are those records stored,
and for how long? What are the country's restrictions on the
collection or use of sensitive data? What are the
requirements to provide notice to the public on the
implementation of new databases of records? Are there any
laws relating to security features for government computer
systems that hold personally identifying information? What
are the rules on an individual's ability to access data that
homeland security agencies hold about them? Are there
different rules for raw data (name, date of birth, etc.)
versus case files (for example, records about enforcement
MADRID 00002055 004.2 OF 005
actions)? Does a non-citizen/resident have the right to sue
the government to obtain these types of data?
-- Spain's privacy rules track with those of the EU. Removal
and deportation records are maintained in the SIS for periods
of 3 to 10 years or longer. Spain has rules in place for the
collection and use of sensitive data that closely mirror our
own. Generally, all of this data can be collected with or
without a court order. Embassy Legatt is unaware of any type
of data that is completely off-limits to the government. As
in the U.S., data that is obtained via the legal process
(i.e. subscriber data from Internet service providers or
telecommunications companies, data intercepts, telephone
intercepts, etc. is "owned" by the investigative magistrate
that issued the order to obtain the data, not the law
enforcement agency that is conducting the investigation.
This investigative magistrate decides how the data can be
used as well as who it can be shared with. Data that is
collected exclusively by law enforcement can be released by
that service at their own discretion. However, when an
investigative magistrate directs Spanish law enforcement to
collect this type of data (i.e. voluntary interviews of
persons, etc.),this information is once again "owned" by the
investigative magistrate. The magistrate decides how the
data can be used and with whom it can be shared. We are
aware of one restriction pertaining to the use of sensitive
data, specifically as it relates to national identity cards.
Persons who obtain Spanish national ID cards, or what are
commonly referred to as "DNI" or "NIE" cards, are required to
provide personal identifying information, a photograph, and
one fingerprint (right index finger). This print is supposed
to be completely off-limits for general law enforcement use,
and its use is supposed to be only for elimination purposes
to ensure persons do not have more than one national ID card
issued to them. The SNP is responsible for issuing DNI/NIE
cards. In Spain, individuals can ask for police records, and
non Spanish citizens have the right to sue for police records.
9. (C) H. Immigration Data Bases: What computerized
immigration databases are used to track entries and exits?
Is the immigration database available at all ports of entry
(POEs)? If immigration databases are available at some POEs,
but not all, how does the host government decide which POEs
will receive the tool? What problems, if any, limit the
effectiveness of the systems? For example, limited training,
power brownouts, budgetary restraints, corruption, etc.?
How often are national immigration databases updated?
-- Spain currently lacks immigration databases that track
entry and exit records, but entry forms are collected at all
POEs. Such systems are envisioned for implementation in 2009
as part of the SIS. SNP officers at the POEs do not know if
a person has been into Spain previously unless there are
entry stamps in the passport presented. If the passport is
new, this information would not be known.
10. (C) I. Watchlist and Information Sharing: Is there a
name-based watchlist system used to screen travelers at POEs?
What domestic sources of information populate the name-based
watchlist, i.e. names of deported persons, terrorist
lookouts, criminal wants/warrants? What international
watchlists do the host government use for screening
individuals, e.g. Interpol or TSA No Fly lists, UN, etc.?
What bilateral/multilateral watchlist agreements exist
between host government and its neighbors?
-- Although Spain does not currently utilize any type of
watchlist, name-based information is available at its POEs.
However, this information is not readily-available to
inspectors at primary entry points. Spain has access to SIS
and Interpol information. As part of HSPD-6, the U.S. and
Spain signed a bilateral agreement in Madrid on September 17
to share screening data on known or suspected terrorists.
The U.S. Terrorist Screening Center and Spain's NCTC
equivalent are working through a 90-day implementation period.
11. (C) J. Biometrics: Are biometric systems in place at
ports of entry (air, land, sea)? If no, does host government
have plans to install such a system? If biometric systems
are available at some POEs, but not all, how does the host
government decide which POEs will receive the tool? What
biometric technologies, if any, does the host government use,
i.e. fingerprint identification, facial recognition, iris
MADRID 00002055 005.2 OF 005
recognition, hand geometry, retinal identification, DNA-based
identification, keystroke dynamics, gait analysis? Are the
systems ICAO compliant? Does the host government issue a
machine-readable passport containing biometric information?
If e-Passports are issued, what biometric information is
included on the document, i.e. fingerprint, iris, facial
recognition, etc. If not, does host government plan to issue
a biometric document in the future? When?
-- Biometrics are not yet in place at Spain's POEs, but are
slated to be implemented in 2009. Spanish law enforcement
regularly utilizes fingerprint identification and DNA-based
identification to conduct its mission. The Spanish
e-passport contains computer chip technology with a digital
photo and plans are to add fingerprints in 2009.
12. (C) K. Identifying Appropriate Partners:
-- Spain has been, is, and will continue to be a committed
ally in the fight against terrorism and we have established
relatively good channels of information sharing. Any
watchlists that Spain currently has or may maintain in the
future would not include political dissidents. Spain
understands our rules on information sharing and would not
share or use U.S. watchlist data inappropriately. As
mentioned previously, we have already entered into a
data-sharing agreement as envisioned under HSPD-6 and we will
look to strengthen our bilateral cooperation through other
appropriate agreements. Spain has a modern, competent, and
independent judiciary system that is developed to adequately
provide safeguards for the protection and nondisclosure of
U.S. information. Spain's internal services do have a
problem with sharing among themselves, but they are aware of
their problems with stovepiping and are taking steps to
streamline the flow of information across national services.
Spain has numerous legal statutes that define terrorism much
as we do, and even have laws on the books that are more
relaxed than ours in terms of charging individuals with
membership in a terrorist organization, support for a
terrorist organization, and even positive comments made about
a terrorist organization. The GOS has dealt with the Basque
terrorist group ETA for more than 40 years and in recent
years has focused on the threat from Islamic extremist
terrorism in the wake of the March 11, 2004 Madrid train
bombings. The fight against terrorism is the number one
priority of this Mission and we will continue to engage with
the GOS to improve on already excellent cooperation.
AGUIRRE
SIPDIS
SIPDIS
FOR S/CT (MCKUNE),NCTC AND DHS
E.O. 12958: DECL: 10/30/2017
TAGS: KVPR PTER PREL PGOV PINR CIVS ASEC KHLS SP
SUBJECT: SPAIN: RESPONSE TO S/CT REQUEST FOR INFORMATION ON
HOST GOVERNMENT PRACTICES - INFORMATION COLLECTION,
SCREENING, AND SHARING
REF: STATE 133921
MADRID 00002055 001.2 OF 005
Classified By: DCM Hugo Llorens for Reasons 1.4 (b) and (c)
1. (SBU) Embassy Madrid offers the following responses to
REFTEL request for information on the government of Spain's
policies toward and capabilities for collection of biographic
and biometric data for terrorist screening purposes. For
ease of reading, we have opted to rewrite each question set
above the appropriate responses in the body of the report.
The below information represents the current understanding of
our Mission interagency team, both what we already knew
before the S/CT request came in, and what we were able to
collect and learn during the reporting period. We have noted
that some gaps still remain and will make it a priority to
fill in the blanks as we continue to engage with a Spanish
government that has become one of the USG's key partners in
the fight against terrorism.
2. (C) A. Watchlisting: If host government maintains a
"watchlist," how many records does the watchlist contain, and
how many are terrorist-related? Which ministry or office
maintains the watchlist?
-- The GOS does not currently maintain a separate terrorist
watchlist at the border, but Spain is part of the Schengen
Information System (SIS),and has access to EU holdings. The
GOS has plans to implement the SIS at ports of entry
beginning in 2009. On September 17, the U.S. and Spain
signed a cutting-edge bilateral information sharing agreement
covering known and suspected terrorists as envisioned under
HSPD-6. Under this agreement, the Spanish Ministry of
Interior will be responsible for supplying Spanish data into
the U.S. Terrorist Screening Center database/watchlist, and
will conversely be the recipient of TSC data.
3. (C) B. Traveler Information Collection: What are the
country's policies (legislation, mandates, etc.) on
collecting information from travelers arriving in the
country? Are there different policies for air, sea, and land
entry and for domestic flights? Who collects traveler
information? What are the policies of the collecting agency
to share that information with foreign governments? Does the
host government collect Passenger Name Record (PNR) data on
incoming commercial flights or vessels? Is this data used
for intelligence or law enforcement purposes to screen
travelers? Does host government have any existing treaties
to share PNR data? If applicable, have advance passenger
information systems (APIS),interactive advanced passenger
information systems (IAPIS),or electronic travel authority
systems been effective at detecting other national security
threats, such as wanted criminals?
-- Currently, Spain only collects the limited information
requested on arrival cards, but this information is not
entered into a computer database. What information is
gathered and kept is shared within the EU and the SIS.
Passports are scanned upon arrival (this is still a test
project) to verify if there has been any alteration or
forgery. As Spain is a part of the Schengen agreement, it
does not maintain any type of passport controls upon entry or
exit for all domestic travel to EU member countries (except
the United Kingdom). Spain does not maintain any type of
passport controls upon entry and exit, and does not maintain
any type of travel records. Persons traveling to and from
the UK are required to be screened at passport control in
Spain, but Spain does not maintain these travel records. In
regards to international travel, persons departing and
entering Spain are required to be screened at passport
control. It is our experience that Spain has not readily
automated this type of information, thus making any retrieval
of international travel data almost impossible. Spain on
occasion maintains data if the border official encountering
the traveler physically loads the traveler's information, but
this is rare. Spain does not collect traveler data for
persons entering Spain on land via France or Portugal, and
there are no longer checks at border crossings between the
countries. Persons entering Spain via Gibraltar are required
to be screened at passport control, but Spain does not
maintain this data. The collection of traveler information
is the responsibility of the Spanish National Police, and the
SNP is very willing to share this type of information.
However, for the reasons enumerated above, the SNP has very
MADRID 00002055 002.2 OF 005
limited data available, and what exists is usually of little
value. Spain does not have an Advanced Passenger Information
System (APIS). On November 6, the EU Commission plans to
approve a project whereby data relative to passengers
arriving by air will be stored and reviewed by each member
state. The proposed system will use the same fields as that
used by the U.S. system. The objective of this program is to
use it for both intelligence and law enforcement purposes.
Spanish law enforcement implements a mechanism by which they
are able to effectively detect the travel of passengers with
warrants for arrest. In relation to terrorists, the
mechanism is not yet in place, but is forthcoming.
4. (C) C. Border Control and Screening: Does the host
government employ software to screen travelers of security
interest? Are all travelers tracked electronically, or only
non-host-country nationals? What is the frequency of
travelers being "waived through" because they hold up what
appears to be an appropriate document, but whose information
is not actually recorded electronically? What is the
estimated percentage of non-recorded crossings, entries and
exits? Do host government border control officials have the
authority to use other criminal data when making decisions on
who can enter the country? If so, please describe this
authority (legislation, mandates, etc. What are the host
government's policies on questioning, detaining and denying
entry to individuals presenting themselves at a point of
entry into the country? Which agency would question, detain,
or deny entry? How well does information sharing function
within the host government, e.g., if there is a determination
that someone with a valid host-government visa is later
identified with terrorism, how is this communicated and
resolved internally?
-- Spanish authorities use what they call a "Verifier." The
SNP officer at the POE decides who will be "verified" to see
whether they are under an arrest warrant of a "No-entry" into
the Schengen area. This database is shared with the Civil
Guard. Spanish border control systems are being developed
further under Schengen and are scheduled for implementation
in 2009. Spain does not currently possess border control
software. Very few travelers are tracked electronically as
they enter Spain. Documents are visually checked, with more
intense screening possible and done randomly and on certain
flights. We estimate that fewer than 10 percent of entries
and exits into Spain are recorded. Spanish border control
are sworn officers of the Spanish National Police, and they
are not restricted in using criminal data when making
decisions on who can enter the country. However, it has been
the experience of our Legatt that the principal decisonmaking
factor for allowing or disallowing entry into Spain is
whether or not the traveler possesses proper travel
documentation. Spanish immigration, however, can and does
deny entry into the country. The sharing of information
between the Spanish National Police and the Spanish Civil
Guard, Spain's two national law enforcement services, is
problematic. The two services have strong CT missions, but
generally work independent of each other and rarely share
information. When the two services do share information, it
is normally conducted via informal channels. Spain created
the National Center for Counterterrorism Coordination in
2005, a CT collection, analysis, and dissemination hub, which
serves as a terrorism coordination center for Spanish law
enforcement and intelligence agencies. However, the center
is still in its infancy, and the sharing of information
through the center continues to be a work in progress.
5. (C) D. Biometric Collection: Are biometric systems
integrated for all active POEs? What are the systems and
models used? Are all passengers screened for the biometric
or does the host government target a specific population for
collection (i.e. host country nationals)? Do the biometric
collection systems look for a one to one comparison (ensure
the biometric presented matches the one stored on the
e-Passport) or one to many comparison (checking the biometric
presented against a database of known biometrics)? If
biometric systems are in place, does the host government know
of any countermeasures that have been used or attempted to
defeat biometric checkpoints? What are the host government's
policies on collecting the fingerprints of travelers coming
into the country? Which agency is responsible for the host
government's fingerprint system? Are the fingerprint
programs in place NIST, INT-I, EFTS, UK1 or RTID compliant?
MADRID 00002055 003.2 OF 005
Are the fingerprints collected as flats or rolled? Which
agency collects the fingerprints?
-- Biometric systems are not yet integrated into the Ports of
Entry (POEs),although "Poto" biometric is used. Spain
maintains biometrics (photo/fingerprint) for all Spanish
nationals and holders of Spanish identity documents. The GOS
plans to take fingerprints with the implementation of the SIS
border controls in 2009. The Spanish National Police is
responsible for managing Spain's national fingerprint system.
This system is known as "SAID," and "SAID II" will soon be
implemented. SAID II is meant to be more compatible with
other international law enforcement partners and should
greatly increase Spain's power to process raw fingerprint
data. According to Legatt records, the SAID is currently
NIST and INT-I compliant. The SAID II is supposed to be EFTS
and, more importantly, ANSI/NIST-ITL-1-2007 compliant.
Fingerprints collected are always rolled, but Spain will soon
be collecting digital flats. Print data is collected by all
of the various law enforcement agencies within Spain, but the
SNP is responsible for serving as the central repository for
fingerprint data.
6. (C) E. Passports: If the host government issues a
machine-readable passport containing biometric information,
does the host government share the public key required to
read the biometric information with any other governments?
If so, which governments? Does the host government issue
replacement passports for full or limited validity (e.g. the
time remaining on the original passports, fixed validity for
a replacement, etc.)? Does the host government have special
regulations/procedures for dealing with "habitual" losers of
passports or bearers who have reported their passports stolen
multiple times? Are replacement passports of the same or
different appearance and page length as regular passports (do
they have something along the lines of our emergency partial
duration passports)? Do emergency replacement passports
contain the same or fewer biometric fields as regular-issue
passports? Where applicable, has Post noticed any increase
in the number of replacement or "clean" (i.e. no evidence of
prior travel) passports used to apply for U.S. visas? Are
replacement passports assigned a characteristic number series
or otherwise identified?
-- Spain's public key system is shared within the SIS and
with others. All full-validity passports are issued in Spain
under a system very similar to ours, and Spanish Embassies
and Consulates can issue a limited-validity emergency
passport which, like ours, is not an e-passport. Replacement
passports are recognizable because they are not issued for
the full 10-year validity; they are issued for a limited
validity that coincides with the validity of the passports
being replaced. Spain does have procedures for dealing with
habitual losers of passports, and can include significant
fines. Emergency and replacement passports contain the same
information as regular passports.
7. (C) F. Fraud Detection: How robust is fraud detection
and how actively are instances of fraud involving documents
followed up? How are potentially fraudulently issued
documents taken out of circulation, or made harder to use?
-- Spain has robust fraud detection and follows up
expeditiously on all known or suspected cases. Spain has a
system very similar to ours to deal with fraudulently issued
documents and to get them out of circulation. Spanish
national identity documents contain fingerprints and are thus
hard to illegally manufacture.
8. (C) G. Privacy and Data Security: What are the country's
policies on records related to the questioning, detention or
removal of individuals encountered at points of entry into
the country? How are those records stored,
and for how long? What are the country's restrictions on the
collection or use of sensitive data? What are the
requirements to provide notice to the public on the
implementation of new databases of records? Are there any
laws relating to security features for government computer
systems that hold personally identifying information? What
are the rules on an individual's ability to access data that
homeland security agencies hold about them? Are there
different rules for raw data (name, date of birth, etc.)
versus case files (for example, records about enforcement
MADRID 00002055 004.2 OF 005
actions)? Does a non-citizen/resident have the right to sue
the government to obtain these types of data?
-- Spain's privacy rules track with those of the EU. Removal
and deportation records are maintained in the SIS for periods
of 3 to 10 years or longer. Spain has rules in place for the
collection and use of sensitive data that closely mirror our
own. Generally, all of this data can be collected with or
without a court order. Embassy Legatt is unaware of any type
of data that is completely off-limits to the government. As
in the U.S., data that is obtained via the legal process
(i.e. subscriber data from Internet service providers or
telecommunications companies, data intercepts, telephone
intercepts, etc. is "owned" by the investigative magistrate
that issued the order to obtain the data, not the law
enforcement agency that is conducting the investigation.
This investigative magistrate decides how the data can be
used as well as who it can be shared with. Data that is
collected exclusively by law enforcement can be released by
that service at their own discretion. However, when an
investigative magistrate directs Spanish law enforcement to
collect this type of data (i.e. voluntary interviews of
persons, etc.),this information is once again "owned" by the
investigative magistrate. The magistrate decides how the
data can be used and with whom it can be shared. We are
aware of one restriction pertaining to the use of sensitive
data, specifically as it relates to national identity cards.
Persons who obtain Spanish national ID cards, or what are
commonly referred to as "DNI" or "NIE" cards, are required to
provide personal identifying information, a photograph, and
one fingerprint (right index finger). This print is supposed
to be completely off-limits for general law enforcement use,
and its use is supposed to be only for elimination purposes
to ensure persons do not have more than one national ID card
issued to them. The SNP is responsible for issuing DNI/NIE
cards. In Spain, individuals can ask for police records, and
non Spanish citizens have the right to sue for police records.
9. (C) H. Immigration Data Bases: What computerized
immigration databases are used to track entries and exits?
Is the immigration database available at all ports of entry
(POEs)? If immigration databases are available at some POEs,
but not all, how does the host government decide which POEs
will receive the tool? What problems, if any, limit the
effectiveness of the systems? For example, limited training,
power brownouts, budgetary restraints, corruption, etc.?
How often are national immigration databases updated?
-- Spain currently lacks immigration databases that track
entry and exit records, but entry forms are collected at all
POEs. Such systems are envisioned for implementation in 2009
as part of the SIS. SNP officers at the POEs do not know if
a person has been into Spain previously unless there are
entry stamps in the passport presented. If the passport is
new, this information would not be known.
10. (C) I. Watchlist and Information Sharing: Is there a
name-based watchlist system used to screen travelers at POEs?
What domestic sources of information populate the name-based
watchlist, i.e. names of deported persons, terrorist
lookouts, criminal wants/warrants? What international
watchlists do the host government use for screening
individuals, e.g. Interpol or TSA No Fly lists, UN, etc.?
What bilateral/multilateral watchlist agreements exist
between host government and its neighbors?
-- Although Spain does not currently utilize any type of
watchlist, name-based information is available at its POEs.
However, this information is not readily-available to
inspectors at primary entry points. Spain has access to SIS
and Interpol information. As part of HSPD-6, the U.S. and
Spain signed a bilateral agreement in Madrid on September 17
to share screening data on known or suspected terrorists.
The U.S. Terrorist Screening Center and Spain's NCTC
equivalent are working through a 90-day implementation period.
11. (C) J. Biometrics: Are biometric systems in place at
ports of entry (air, land, sea)? If no, does host government
have plans to install such a system? If biometric systems
are available at some POEs, but not all, how does the host
government decide which POEs will receive the tool? What
biometric technologies, if any, does the host government use,
i.e. fingerprint identification, facial recognition, iris
MADRID 00002055 005.2 OF 005
recognition, hand geometry, retinal identification, DNA-based
identification, keystroke dynamics, gait analysis? Are the
systems ICAO compliant? Does the host government issue a
machine-readable passport containing biometric information?
If e-Passports are issued, what biometric information is
included on the document, i.e. fingerprint, iris, facial
recognition, etc. If not, does host government plan to issue
a biometric document in the future? When?
-- Biometrics are not yet in place at Spain's POEs, but are
slated to be implemented in 2009. Spanish law enforcement
regularly utilizes fingerprint identification and DNA-based
identification to conduct its mission. The Spanish
e-passport contains computer chip technology with a digital
photo and plans are to add fingerprints in 2009.
12. (C) K. Identifying Appropriate Partners:
-- Spain has been, is, and will continue to be a committed
ally in the fight against terrorism and we have established
relatively good channels of information sharing. Any
watchlists that Spain currently has or may maintain in the
future would not include political dissidents. Spain
understands our rules on information sharing and would not
share or use U.S. watchlist data inappropriately. As
mentioned previously, we have already entered into a
data-sharing agreement as envisioned under HSPD-6 and we will
look to strengthen our bilateral cooperation through other
appropriate agreements. Spain has a modern, competent, and
independent judiciary system that is developed to adequately
provide safeguards for the protection and nondisclosure of
U.S. information. Spain's internal services do have a
problem with sharing among themselves, but they are aware of
their problems with stovepiping and are taking steps to
streamline the flow of information across national services.
Spain has numerous legal statutes that define terrorism much
as we do, and even have laws on the books that are more
relaxed than ours in terms of charging individuals with
membership in a terrorist organization, support for a
terrorist organization, and even positive comments made about
a terrorist organization. The GOS has dealt with the Basque
terrorist group ETA for more than 40 years and in recent
years has focused on the threat from Islamic extremist
terrorism in the wake of the March 11, 2004 Madrid train
bombings. The fight against terrorism is the number one
priority of this Mission and we will continue to engage with
the GOS to improve on already excellent cooperation.
AGUIRRE