Feeds

Campaigners fight biometric passports

The face doesn't fit

  • alert
  • submit to reddit

The essential guide to IT transformation

Civil liberties and privacy groups have launched a campaign against airline industry plans to create a massive international database of passport holders tied together with "flawed" biometric technology.

A global biometric identity system being established on behalf of governments by the International Civil Aviation Organization (ICAO) poses a grave threat to civil liberties, privacy activists warn.

Critics have drafted an open letter expressing concerns over plans to mandate the use of biometrics and RFID (radio frequency) technology in all future passports. The controversial measures are due to be finalised at an ICAO meeting in Cairo this week.

The face doesn't fit

ICAO has decided that the initial international biometric standard for passports will be facial mapping. Fingerprinting may come later. The EU is already calling for fingerprints to be included, along with an associated European register of all biometrics. National authorities will store and share these vast data reserves.

The measures, supported by the US and the EU, will ultimately create an ID database comprising hundreds of millions of travellers. The details on more than a billion passengers would be computerised and shared globally by 2015 if the plan goes ahead, according to critics such as Privacy International.

It complains that "despite serious implications for privacy and personal security, the process is occurring without public engagement or debate".

The legislative pieces for the ICAO system are already in place. The USA-PATRIOT Act, passed by Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying foreigners seeking admission into the US, within two years. The schedule for its implementation was accelerated by another piece of legislation, the little known Enhanced Border Security and Visa Entry Reform Act 2002. This required Western countries to comply with the US-inspired biometric push by 24 October this year or else lose the right for their citizens to visit the US without obtaining a visa beforehand.

These laws gave momentum to the standards that were being considered at the ICAO by requiring visa waiver countries (which include many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) to implement biometrics into their passports.

Joined-up surveillance

An open letter, signed by Privacy International and the American Civil Liberties Union, the Electronic Frontier Foundation and others, warns: "We are increasingly concerned that the biometric travel document initiative is part and parcel of a larger surveillance infrastructure monitoring the movement of individuals globally that includes Passenger-Name Record transfers, API systems and the creation of an intergovernmental network of interoperable electronic data systems to facilitate access to each country's law enforcement and intelligence information."

Privacy International has warned of "unprecedented" security threats that could arise from the plan because of potential access by terrorists and organised crime to this database. Furthermore, the biometric standard being adopted is "fundamentally flawed" and will result in a substantial number of passengers being falsely identified as potential terrorists or wrongly accused of holding fraudulent passports.

Dr Gus Hosein, Senior Fellow with Privacy International, warned: "This is a potentially perilous plan. The ICAO must go back to the drawing board or hold itself responsible for creating the first truly global biometric database".

"Governments may claim that they are under an international obligation to create national databases of fingerprints and face scans but we will soon see nations with appalling human rights records generating massive databases, and then requiring our own fingerprints and face-scans as we travel." ®

Related stories

EU Commission plots global travel surveillance system
US cybercrime push 'imperils personal security' of Americans
EC wants biometrics on passports
US names the day for biometric passports
Smart cards, ID cards, nice, nasty, inevitable?
US using EU airline data to 'test' CAPPS II snoop system
EU rattles sabres over US use of airline passenger data

External Links

The open letter (PDF) and a background information package from Privacy International.

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.