Feeds

Campaigners fight biometric passports

The face doesn't fit

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Civil liberties and privacy groups have launched a campaign against airline industry plans to create a massive international database of passport holders tied together with "flawed" biometric technology.

A global biometric identity system being established on behalf of governments by the International Civil Aviation Organization (ICAO) poses a grave threat to civil liberties, privacy activists warn.

Critics have drafted an open letter expressing concerns over plans to mandate the use of biometrics and RFID (radio frequency) technology in all future passports. The controversial measures are due to be finalised at an ICAO meeting in Cairo this week.

The face doesn't fit

ICAO has decided that the initial international biometric standard for passports will be facial mapping. Fingerprinting may come later. The EU is already calling for fingerprints to be included, along with an associated European register of all biometrics. National authorities will store and share these vast data reserves.

The measures, supported by the US and the EU, will ultimately create an ID database comprising hundreds of millions of travellers. The details on more than a billion passengers would be computerised and shared globally by 2015 if the plan goes ahead, according to critics such as Privacy International.

It complains that "despite serious implications for privacy and personal security, the process is occurring without public engagement or debate".

The legislative pieces for the ICAO system are already in place. The USA-PATRIOT Act, passed by Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying foreigners seeking admission into the US, within two years. The schedule for its implementation was accelerated by another piece of legislation, the little known Enhanced Border Security and Visa Entry Reform Act 2002. This required Western countries to comply with the US-inspired biometric push by 24 October this year or else lose the right for their citizens to visit the US without obtaining a visa beforehand.

These laws gave momentum to the standards that were being considered at the ICAO by requiring visa waiver countries (which include many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) to implement biometrics into their passports.

Joined-up surveillance

An open letter, signed by Privacy International and the American Civil Liberties Union, the Electronic Frontier Foundation and others, warns: "We are increasingly concerned that the biometric travel document initiative is part and parcel of a larger surveillance infrastructure monitoring the movement of individuals globally that includes Passenger-Name Record transfers, API systems and the creation of an intergovernmental network of interoperable electronic data systems to facilitate access to each country's law enforcement and intelligence information."

Privacy International has warned of "unprecedented" security threats that could arise from the plan because of potential access by terrorists and organised crime to this database. Furthermore, the biometric standard being adopted is "fundamentally flawed" and will result in a substantial number of passengers being falsely identified as potential terrorists or wrongly accused of holding fraudulent passports.

Dr Gus Hosein, Senior Fellow with Privacy International, warned: "This is a potentially perilous plan. The ICAO must go back to the drawing board or hold itself responsible for creating the first truly global biometric database".

"Governments may claim that they are under an international obligation to create national databases of fingerprints and face scans but we will soon see nations with appalling human rights records generating massive databases, and then requiring our own fingerprints and face-scans as we travel." ®

Related stories

EU Commission plots global travel surveillance system
US cybercrime push 'imperils personal security' of Americans
EC wants biometrics on passports
US names the day for biometric passports
Smart cards, ID cards, nice, nasty, inevitable?
US using EU airline data to 'test' CAPPS II snoop system
EU rattles sabres over US use of airline passenger data

External Links

The open letter (PDF) and a background information package from Privacy International.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.