VZCZCXYZ0007
PP RUEHWEB

DE RUEHSJ #0517/01 1731843
ZNR UUUUU ZZH
P 221843Z JUN 09
FM AMEMBASSY SAN JOSE
TO RUEHC/SECSTATE WASHDC PRIORITY 0952
INFO RUEHZA/WHA CENTRAL AMERICAN COLLECTIVE PRIORITY

UNCLAS SAN JOSE 000517 
 
SIPDIS 
SENSITIVE 
 
DEPT FOR S/CT Hillary Batjer Johnson and Paul Schultz; NCTC; DHS 
 
E.O. 12958: N/A 
TAGS: KVPR PTER PREL PGOV CVIS ASEC KHLS
SUBJECT: COSTA RICAN GOVERNMENT PRACTICES-INFORMATION 
         COLLECTION, SCREENING AND SHARING 
 
REF: STATE 322287 
 
¶1. (SBU) As requested reftel, the following are Post's responses to 
questions on Costa Rica's government practices on information 
collection, screening and sharing.  Responses, cleared by all 
relevant Embassy sections, are keyed to reftel's questions: 
 
5A. IMMIGRATION DATA BASES AND TRAVELER INFORMATION COLLECTION: 
 
-- What computerized immigration databases are used to track entries 
and exits?  Costa Rican Immigration's (CRI) database is called POWER 
BUILDER and is based on SYBASE.  Their servers are from SUN 
Microsystems and the operating system is SOLARIS (latest version). 
CRI tracks all entries and exits by name, document number, departure 
point and destination.  However, the most reliable port of entry 
where this occurs is Juan Santamaria international airport in San 
Jose. 
 
-- Is the computerized immigration database available at all ports 
of entry (POEs)? Yes, but see above. 
 
-- What problems, if any, limit the effectiveness of the systems? 
For example, limited training, power brownouts, budgetary 
restraints, corruption, etc.? Although entries/exits at the major 
international airports are fairly well tracked, land and sea borders 
are porous; many entries and exits there go undetected. 
 
-- How often are national immigration databases updated?  On an "as 
needed" basis. 
 
-- What are the country's policies (legislation, mandates, etc.) on 
collecting information from travelers arriving in the country? 
Costa Rica is a part of theComisisn Centroamericana de Directores de 
Migracisn Central American Commission of Migration (OCAM ), which 
since the 1990s has made obligatory the use of a standard format for 
collecting information from travelers.  This standard is the entry 
and exit card or Tarjeta de Ingreso y Egreso (TIE), which is 
applicable to all Central American countries.  Article 31 of 
Immigration Law 8487 (2005) establishes that each person intending 
to enter or exit the country must present the card at the migration 
entry point; Article 144 of this law stipulates that transportation 
carriers must supply the card.  Currently, Costa Rica uses APIS for 
data collection from passengers arriving at the two principal 
international airports of Juan Santamaria (in San Jose) and Daniel 
Oduber (in Liberia).  Costa Rican Immigration tracks travelers as 
well as CR nationals. 
 
-- Are there different policies for entry and exit at air, sea, and 
land POEs and for domestic flights?  No.  The policies are standard 
for all authorized migration entry ports, but as mentioned above, 
the APIS system is only used in the two major international 
airports.  Also, at those two entry ports an "invisible migration 
procedure" takes place for exiting passengers, because travelers do 
not pass through the migration entry/exit point.  Instead, the 
airlines collect the exit cards and turn them over to CRI. 
 
-- What agency oversees the collection of traveler information? 
Costa Rica Immigration, which is part of the Ministry of Public 
Security. 
 
-- What are the policies of the collecting agency to share that 
information with foreign governments? CRI's policy is to share 
information, but there should be a cooperative agreement and the 
sharing must not violate Costa Rican law; however, the GOCR does not 
share information on refugees.  Post has not encountered any 
restrictions to sharing info with the USG; the Embassy consular 
section routinely requests and receives Costa Rican Immigration 
reports on cases of interest. 
 
-- Does the host government collect Passenger Name Record (PNR) data 
on incoming commercial flights or vessels?  Yes, both upon entry and 
departure. Is this data used for intelligence or law enforcement 
purposes to screen travelers in a systematic way?  Yes, alerts for 
Immigration, Interpol, and Costa Rica's Judiciary are acted upon and 
the data based queried. Does host government have any existing 
treaties to share PNR data? Post is not aware of any official 
treaties, but we have access to PNR data whenever necessary. 
 
-- If applicable, have advance passenger information systems (APIS), 
interactive advanced passenger information systems (IAPIS), or 
electronic travel authority systems been effective at detecting 
other national security threats, such as wanted criminals?  CRI 
reports that APIS has been effective in locating fugitives of all 
types, including individuals in arrears on child support payments. 
Post notes that corruption is problematic in CRI, but is current 
director, Mario Zamora, has been effectively addressing this issue. 
Reports have been received that some officials can be bribed to 
overlook fugitive alerts particularly when offenders attempt to 
leave Costa Rica. 
 
 
5B. WATCHLISTING: 
 
-- Is there a name-based watchlist system used to screen travelers 
at POEs? Yes. 
 
-- What domestic sources of information populate the name-based 
watchlist, i.e. names of deported persons, terrorist lookouts, 
criminal wants/warrants?  The CR intelligence service (DIS) is the 
main source of these kinds of watchlists.  Post notes that CRI will 
soon (estimated sometime this summer) implement a new immigration 
tracking system, the Electronic Migratory Movement System (SIMMEL), 
which during the second stage will be integrated with the existing 
Integrated Immigration System and to INTERPOL.  Deported persons, 
terrorist lookouts and criminal warrants populate the watchlist. 
 
-- If host government maintains a watchlist, how many records does 
the watchlist contain, and how many are terrorist-related? 
Impossible to determine. 
 
-- Which ministry or office maintains the watchlist? CR 
Immigration. 
 
-- What international watchlists do the host government use for 
screening individuals, e.g. Interpol or TSA No Fly lists, UN, etc.? 
Interpol, once SIMMEL comes on line, see above. 
 
-- What bilateral/multilateral watchlist agreements exist between 
host government and its neighbors?  None. 
 
5C. BIOMETRICS: 
 
-- Are biometric systems in place at ports of entry (air, land, 
sea)?  If no, does host government have plans to install such a 
system?  If biometric systems are available at some POEs, but not 
all, how does the host government decide what POEs will receive the 
tool?  No, there are currently no biometric systems in place.  The 
Chief of Immigration, Mario Zamora, does have an aggressive plan to 
upgrade all the immigration systems to incorporate biometrics data. 
However, the resources to fund the system are not yet secured and 
not all POEs would have access to the system if it were successfully 
developed and deployed. 
 
-- What biometric technologies, if any, does the host government 
use, i.e. fingerprint identification, facial recognition, iris 
recognition, hand geometry, retinal identification, DNA-based 
identification, keystroke dynamics, gait analysis?  Are the systems 
ICAO compliant? None currently, although the GOCR plans to use a 
combination of facial recognition and fingerprints with their new 
system. 
 
-- Are biometric systems integrated for all active POEs? What are 
the systems and models used? Are all passengers screened for the 
biometric or does the host government target a specific population 
for collection (i.e. host country nationals)?  Do the biometric 
collection systems look for a one to one comparison (ensure the 
biometric presented matches the one stored on the e-Passport) or one 
to many comparisons (checking the biometric presented against a 
database of known biometrics)? No. 
 
-- If biometric systems are in place, does the host government know 
of any countermeasures that have been used or attempted to defeat 
biometric checkpoints?  None in place. 
 
-- What are the host government's policies on collecting the 
fingerprints of travelers coming into the country?  Currently the 
GOCR does not collect fingerprints of visitors.  The GOCR plans to 
incorporate taking fingerprints if/when the new biometric system is 
introduced. 
 
-- Which agency is responsible for the host government's fingerprint 
system?  Multiple agencies share these responsibilities. 
Fingerprints are maintainted by the Organismo de Investigaciones 
Judiciales (OIJ-Costa Rican version of the FBI), the Ministry of 
Public Security, and the Ministry of Justice (Prisons).  In 
mid-2009, as part of the Merida Initiative's Central American 
Fingerprint Exchange (CAFE), an FBI fingerprint assessment team is 
expected to review the three entities above and make formal 
recommendations to the GOCR on how to logically integrate all three 
systems. 
 
-- Are the fingerprint programs in place NIST, INT-I, EFTS, UK1 or 
RTID compliant? Not known. 
 
-- Are the fingerprints collected as flats or rolled? Which agency 
collects the fingerprints?  N/A.  See above on which agencies 
collect fingerprints. 
 
5D. BORDER CONTROL AND SCREENING: 
 
 
-- Does the host government employ software to screen travelers of 
security interest?  No. 
 
-- Are all travelers tracked electronically, or only non-host- 
country nationals?  All travelers are tracked electronically.  What 
is the frequency of travelers being "waived through" because they 
hold up what appears to be an appropriate document, but whose 
information is not actually recorded electronically? None.  What is 
the estimated percentage of non-recorded crossings, entries and 
exits?  Impossible to determine. 
 
-- Do host government border control officials have the authority to 
use other criminal data when making decisions on who can enter the 
country?  Yes. If so, please describe this authority (legislation, 
mandates, etc).  It is convoluted, but includes legislation and 
executive mandates. 
 
-- What are the host government's policies on questioning, detaining 
and denying entry to individuals presenting themselves at a point of 
entry into the country?  They are able to question and detain if 
necessary.  Which agency would question, detain, or deny entry? 
Costa Rican Intelligence Services (DIS) and CRI. 
 
-- How well does information sharing function within the host 
government, i.e., if there is a determination that someone with a 
valid host-government visa is later identified with terrorism, how 
is this communicated and resolved internally?  It is resolved via 
coordination between DIS and Immigration. 
 
5E. PASSPORTS: 
 
-- Does the host government issue a machine-readable passport 
containing biometric information? No. If so, what biometric 
information is included on the document, i.e. fingerprint, iris, 
facial recognition, etc.?  If not, does host government plan to 
issue a biometric document in the future?  Yes, fingerprints and 
photos will be added as soon as the new system (SIMMEL) is 
implemented. When? Unknown, but estimated for mid-2009. 
 
-- If the host government issues a machine-readable passport 
containing biometric information, does the host government share the 
public key required to read the biometric information with any other 
governments?  N/A If so, which governments?  Does the host 
government issue replacement passports for full or limited validity 
(i.e. the time remaining on the original passports, fixed validity 
for a replacement,etc.)? Full validity replacements are issued. 
 
-- Does the host government have special regulations/procedures for 
dealing with "habitual" losers of passports or bearers who have 
reported their passports stolen multiple times? CRI maintains a data 
base for lost documents; reports of individuals suspected of 
repeated abuse can be generated. 
 
-- Are replacement passports of the same or different appearance and 
page length as regular passports (do they have something along the 
lines of our emergency partial duration passports)? If issued 
in-country, they are the same as regular passports. 
 
-- Do emergency replacement passports contain the same or fewer 
biometric fields as regular-issue passports?  Emergency passports 
issued abroad contain fewer biometric fields than regular-issue 
passports. 
 
-- Where applicable, has Post noticed any increase in the number of 
replacement or "clean" (i.e. no evidence of prior travel) passports 
used to apply for U.S. visas? N/A. 
 
-- Are replacement passports assigned a characteristic number series 
or otherwise identified? Yes, they are assigned a specific book 
number. 
 
5F. FRAUD DETECTION: 
 
-- How robust is fraud detection and how actively are instances of 
fraud involving documents followed up? CRI resources are severely 
limited and thus so are fraud detection efforts.  We note an 
aggressive approach at the main international airport in San Jose, 
Juan Santamaria, with fraudulent document detection fairly frequent. 
 Outside the context of international air travel, fraud detection 
efforts are not aggressive and the fabrication of fraudulent 
documents is as common as is corruption in obtaining documents. 
CR's Justice Department recently arrested a fraudulent document 
manufacturer who was making and selling CR National ID cards; the 
fraudulent cards were perfect because the machinery to produce them 
as well as all of the supplies (paper, laminates, ink, etc.,) were 
authentic and had been purchased from corrupt officials in the GOCR 
offices that normally produce them. 
 
-- How are potentially fraudulently issued documents taken out of 
circulation, or made harder to use?  Although there is no systematic 
mechanism to take fraudulently issued documents out of circulation, 
claims by CRI and the Ministry of Justice that efforts are underway 
to tighten document security seem credible. 
 
5G. PRIVACY AND DATA SECURITY: 
 
-- What are the country's policies on records related to the 
questioning, detention or removal of individuals encountered at 
points of entry into the country?  Post has been contacted to 
participate in CRI investigations at the main international airport 
in San Jose.  Suspected offenders are detained and, if violations of 
CR laws are evident, offenders are returned to their country of 
origin.  Records are maintained but not centrally; each office seems 
to maintain its own set of records on detentions and interrogations. 
How are those records stored, and for how long? Impossible to 
determine. 
 
-- What are the country's restrictions on the collection or use of 
sensitive data? Laws are in place to protect privacy, however, 
corruption is also a major problem.  Post observes that possible 
offenders are asked for any and all types of information and that 
privacy waivers are not requested; there is a policy that a 
Miranda-like warning be served though we have never observed this 
service before any type of questioning. 
 
-- What are the requirements to provide notice to the public on the 
implementation of new databases of records? None that we are aware 
of. 
 
-- Are there any laws relating to security features for government 
computer systems that hold personally identifying information?  Yes. 
CRI has free access to such information, however. 
 
-- What are the rules on an individual's ability to access data that 
homeland security agencies hold about them? Individuals regularly 
try to obtain their records; this is an issue that is being debated 
legally in Costga Rica. 
 
-- Are there different rules for raw data (name, date of birth, 
etc.) versus case files (for example, records about enforcement 
actions)?  No. 
 
-- Does a non-citizen/resident have the right to sue the government 
to obtain these types of data? Yes. 
 
5H. (SBU) IDENTIFYING APPROPRIATE PARTNERS: 
 
Department would appreciate post's in-house assessment of whether 
host government would be an appropriate partner in data sharing. 
Considerations include whether host government watchlists may 
include political dissidents (as opposed or in addition to 
terrorists), and whether host governments would share or use U.S. 
watchlist data inappropriately, etc.  Post assesses that GOCR would 
be an appropriate partner in data sharing. 
 
-- Is the host country's legal system sufficiently developed to 
adequately provide safeguards for the protection and nondisclosure 
of information?  No. 
 
-- How much information sharing does the host country do internally? 
 Is there a single consolidated database, for example?  If not, do 
different ministries share Information amongst themselves?  There is 
no single consolidated database, although one would make sense for a 
small, but travel-dependent country like Costa Rica.  There is 
minimal internal GOCR sharing of information, and it is often 
complicated by hyper-legalistic requirements. 
 
-- How does the country define terrorism? Are there legal statutes 
that do so?  There is no simple definition of terrorism found in 
Costa Rican law.  However, an existing definition, found in CP 
("Codigo Penal") 246 of Law 4573 (1970), was recently modified by 
the passage of Law 8719 (2009) that strengthened counter terrorist 
legislation including the financing of terrorism. 
 
BRENNAN