Harry Potter and the Biometric Fingerprints

In part two of the ID Cards debate bullshit guide I’ve decided to look at the ‘but we need to do it anyway’ arguments being put forward in relation to the inclusion of biometric information in passports.

We’ll start with a couple of extracts from the debate itself…

Charles Clarke (Secretary of State, Home Office)

In the case of Europe, facial image and fingerprint biometrics, in line with those standards, will be required in passports issued by EU states under Council Regulation 2252/2004. Facial biometrics must be introduced by August 2006, and fingerprint biometrics three years after the technical specification has been agreed. All EU member states will have to introduce the same biometrics into the EU common format residence permits and visas for nationals of non-EU states.

The United States has issued a further deadline for visa waiver programme countries to introduce facial image biometric passports from 26 October 2006. Biometric passports, or e-passports, incorporate an integrated circuit chip capable of storing the biographic information from the data page, and a digitised photograph or other biometrics. Once all those United States requirements are implemented, nationals of those countries not issuing biometric passports will require a visa to visit the United States.

Now, at this point in time, Charles Clarke’s statement is wholly misleading, and its only after this intervention from Lynne Jones MP

I thank my right hon. Friend for his kind remarks and for giving way. What is the status of the proposed EU-wide passport with fingerprint biometrics that he mentioned earlier? Is it just a proposal or a definite agreement?

…that Clarke admits to the full position regarding the EU and its own biometric passport requirements.

On her first point, as far as the United States is concerned, it will do what it does irrespective of anything else. On the European Union, the regulation to which I referred is binding on the Schengen countries, although not necessarily on us. However, it is expected that all EU member states will have to introduce the same biometrics into the EU common format residence permits, and into visas for nationals of non-EU states.

Now, had Lynne Jones not asked her question, would Charles Clarke have gone on to state that the EU directive he referenced does not apply to the UK?

We’ll never know for sure, unless he choose to publish the notes for his speech.

However, there is the matter of the highlighted section above where he uses the phrase ‘not necessarily on us’.

Not necessarily?

What the actual EU directive says is rather more uneqivocal in tone and content…

This Regulation constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (3). The United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

Not necessarily is, in actual fact, not bound by this directive at all, as The Register reported back in December 2004 – so much for it being part of parcel of our membership of the European Union.

Before we leave the question of EU requirements, there is one move very revealing phrase in his statement.

In the first extract from Clarke’s speech I highlighted the following statement:

Facial biometrics must be introduced by August 2006, and fingerprint biometrics three years after the technical specification has been agreed.

You’ll note that fingerprint biometrics will only be required by the ‘Schengen’ countries – which doesn’t include the UK, Ireland and Denmark – three years after the technical specification has been agreed.

In other word, the Schengen countries, who are working together and without UK involvement to develop the technical standards for the EU’s biometric passport system have not yet agreed exactly how and in what format fingerprint data will be recorded and, therefore, if the UK presses ahead with its own system there is no absolute guarantee that biomtric fingerprint data stored on our own passports and ID cards will be compatible with or meet the EU standards, which have yet to be determined.

This is not dissimilar to a situation which arose in he NHS as few years back where, in deciding which e-mail system to use as standard within the NHS, it chose to go with a standard called ‘X400’ rather than use the SMTP and POP3 standards which, even then, were ubiquitous across the whole of the internet.

This worked fine until the publication of the Government’s e-Government standards which choose to standardise on… SMTP and POP3.

What it might have cost to retool the NHS’s e-mail systems to a different standard has, as far as I know, never been revealed – Written question, anyone? It may not have been that much, as the NHS almost exclusively uses Microsoft Exchange which supports both standards, it may have cost a fortune. I don’t know. but what this does show is the perils of jumping the gun on technical standards and trying to preempt where everyone else is going.

Unless the UK is prepared to wait for the EU to define its standards for biomertic fingerprinting, then there is a possibility of us ending up in a VHS/Betamax situation which would substantially increase costs either by having to recall and reconfigure all UK passports issued with the ‘wrong’ standard or implement conversion software, at increased cost, to fix the compatibility problems.

What then of Clarke’s other comments, about the need to include biometrics to meet US standards for its visa waiver scheme.

Well apart from noting that its introduction has already been delayed several times due to not enough countries being ready – it was first set to be introduced in 2002 – the US system requires only biometric facial data, a digital photograph, and not biometric fingerprints, as this extract from the website of the Department of Homeland Security shows…

HOW IT WORKS: ENTRY

* Many of the entry procedures in place today remain unchanged and are familiar to international travelers.
* U.S. Customs and Border Protection Officers will review travel documents, such as a visa and passport, and ask questions about the visitor’s stay in the U.S.
* The new, inkless digital “fingerscanner” is easy to use. The visitor will be asked to put one and then the other index finger on a glass plate that will electronically capture two fingerprint scans.
* Visitors also will be asked to look into a camera and their picture will be taken.
* The enhancements to the entry procedures add minimal time to the process – only seconds in most cases.

And…

ENHANCING SECURITY

* Digital “fingerscans” will be checked against a database of known and suspected terrorists.

In other words, the US does not require passports to hold biometric fingerprint data under this scheme as it will take your fingerprints, itself, on entry, and check them against its own database of known and suspected terrorists.

No need, therefore, for the inclusion of fingerprints on UK passports to meet US standards.

Two posts in and the needle on the bullshit detector is already rising steadily – and there’s still plenty more to come.