Feeds

Campaigners fight biometric passports

The face doesn't fit

  • alert
  • submit to reddit

SANS - Survey on application security programs

Civil liberties and privacy groups have launched a campaign against airline industry plans to create a massive international database of passport holders tied together with "flawed" biometric technology.

A global biometric identity system being established on behalf of governments by the International Civil Aviation Organization (ICAO) poses a grave threat to civil liberties, privacy activists warn.

Critics have drafted an open letter expressing concerns over plans to mandate the use of biometrics and RFID (radio frequency) technology in all future passports. The controversial measures are due to be finalised at an ICAO meeting in Cairo this week.

The face doesn't fit

ICAO has decided that the initial international biometric standard for passports will be facial mapping. Fingerprinting may come later. The EU is already calling for fingerprints to be included, along with an associated European register of all biometrics. National authorities will store and share these vast data reserves.

The measures, supported by the US and the EU, will ultimately create an ID database comprising hundreds of millions of travellers. The details on more than a billion passengers would be computerised and shared globally by 2015 if the plan goes ahead, according to critics such as Privacy International.

It complains that "despite serious implications for privacy and personal security, the process is occurring without public engagement or debate".

The legislative pieces for the ICAO system are already in place. The USA-PATRIOT Act, passed by Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying foreigners seeking admission into the US, within two years. The schedule for its implementation was accelerated by another piece of legislation, the little known Enhanced Border Security and Visa Entry Reform Act 2002. This required Western countries to comply with the US-inspired biometric push by 24 October this year or else lose the right for their citizens to visit the US without obtaining a visa beforehand.

These laws gave momentum to the standards that were being considered at the ICAO by requiring visa waiver countries (which include many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) to implement biometrics into their passports.

Joined-up surveillance

An open letter, signed by Privacy International and the American Civil Liberties Union, the Electronic Frontier Foundation and others, warns: "We are increasingly concerned that the biometric travel document initiative is part and parcel of a larger surveillance infrastructure monitoring the movement of individuals globally that includes Passenger-Name Record transfers, API systems and the creation of an intergovernmental network of interoperable electronic data systems to facilitate access to each country's law enforcement and intelligence information."

Privacy International has warned of "unprecedented" security threats that could arise from the plan because of potential access by terrorists and organised crime to this database. Furthermore, the biometric standard being adopted is "fundamentally flawed" and will result in a substantial number of passengers being falsely identified as potential terrorists or wrongly accused of holding fraudulent passports.

Dr Gus Hosein, Senior Fellow with Privacy International, warned: "This is a potentially perilous plan. The ICAO must go back to the drawing board or hold itself responsible for creating the first truly global biometric database".

"Governments may claim that they are under an international obligation to create national databases of fingerprints and face scans but we will soon see nations with appalling human rights records generating massive databases, and then requiring our own fingerprints and face-scans as we travel." ®

Related stories

EU Commission plots global travel surveillance system
US cybercrime push 'imperils personal security' of Americans
EC wants biometrics on passports
US names the day for biometric passports
Smart cards, ID cards, nice, nasty, inevitable?
US using EU airline data to 'test' CAPPS II snoop system
EU rattles sabres over US use of airline passenger data

External Links

The open letter (PDF) and a background information package from Privacy International.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.