Feeds

Everything you never wanted to know about the UK ID card

Name, rank, serial number...

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Passport Control

We've already established that a biometric will be used to tie the bearer to the document, and that we can use a secondary biometric to deal with disputes, and a network check in addition to this. But rewind - how, physically, are we handling this?

We need to have a reader that will take the biometric from the passport and compare it to a handprint (we'll assume we're doing fingers, OK?) which will probably be produced by placing one hand firmly on a flat surface. So we need the people coming in to understand what they're supposed to do and get it right, and we need to deal with failures to read the passport, and we need to intercept jokers, terrorists and our slower brethren who might be using false hands, cunning fingerprint gloves, or even just the wrong hand. We need an attendant combining a nice and a nasty attitude as appropriate to get them through, or whisk them off to another stage in the process where complete failures to read are checked more thoroughly. Maybe you get your terrorists in there, and you'll certainly get some immigration 'issues' but mostly you're likely to net perfectly innocent UK citizens whose fingers are worn/dirty or whose passports are bust. So you're detaining people you wouldn't have detained under the current system, and you need to undetain them pretty fast if you don't want unpleasant headlines about dud government IT systems in the press.

Aside from reading failures and hardware failures, you'll have false matches and failures to identify, and you need procedures to deal with these. For a false match you need to check the secondary biometric to arbitrate, so you need to move these people quickly to that reader, and through it without their thinking 'I am being accused of being a terrorist.' Failure to identify is trickier, because you need to decide on a procedure. If they fail to match up to an apparently working passport, they might also fail to match up to a network check, because you're comparing them to the same thing, right? So do you have a fraud, or do you have somebody with worn fingerprints? If the secondary biometric is iris, then you can check them with that and be pretty sure which, but can you trust facial to be used as a primary identifier? No, you can't, so you you're either treating all of this category of exception as suspect, or you're making human decisions that will, as previously, not always hit the right target. Given that you will be able to check (unless the network is down) whether or not the passport, name and ID exists on the database, you can at least flag failures to read for future investigation.

You might be able to avoid quite a bit of the above if you take a slightly different view of what it you're looking for. Failure to match, or false non-match, can be expected to run at a fairly high rate if false alarm/false match is kept down to an acceptable level. The bulk of your failures to match will, actually, be false non-matches, i.e. people who really are on the database but who don't match up to it in this particular instance. And a terrorist is unlikely to want to chance it on the basis that they've got, say a 5 per cent chance of getting through. So you ignore them all? Ah, but when word gets around, the bad guys and the multiple applicants will take steps to file down their fingerprints a little before they attempt entry, and your acceptable compromise starts to morph into a security hole. Which is why flagging failures is important.

The network check is obviously useful in cases of passport failure (NB it's an offence not to get it fixed once you know it's broken), but is dependent on the network being up and the response being swift. The Home Office appears to envisage a pretty high level of network checking, but it seems reasonable to doubt that this will happen in real life. Current UK passports first became machine-readable in 1988, but are seldom machine-read. Theoretically this could be used to check that the passport actually exists, that the bearer is not on a watchlist, and that it has not been notified lost or stolen - but possibly not in the latter case. The Passport Office announced a lost and stolen database in December 2003, so IND (the Immigration and Nationality Directorate) may only recently have been able to start looking.

Similarly IND has also been working on an automated fingerprint system, intended to match fingers against the 350,000 fingerprints (a 2001 figure) it has on file, and a "warnings list" system. It also has a case information system developed by Siemens and called ACID Warehouse. Really.

As we contemplate how effectively we're not using the systems we've had available for 15 years, we should consider the way we're currently not using it. In the EU citizen channel at the airport we'll probably have the picture page of our passport looked at and be nodded through. The introduction of machines will add a more time-consuming stage to this (failures in the queue will slow you up, even if you register first time) and more staff. The process will still need the staff on the desk looking you over, unless we're going to trust machine decision-making entirely as our front line. As non-UK passports won't work with the system, other EU citizens will now have to have their own channel, faster than the UK one, or be sent to the Channel of Death, where we send everybody else. But if they are they'll complain to Brussels, and we'll be told to stoppit. There are actually strict EU limits on what immigration is allowed to ask the local citizenry - did you know this? "As a result of judgements in the European Court of Justice (ECJ), an immigration officer may not require an EEA national to answer questions regarding the purpose and duration of his journey and the financial means available to him. Examination should be restricted to the occasional discretionary warnings index check. Questions may only be directed at establishing whether the person's admission to the United Kingdom would result in a threat to public policy, or public security or public health." (Source: IND general guidance document. Get lippy at your own risk and don't blame us.)

Many difficult questions will arise at the airport, where conditions will be just about as optimum as they can get. But what about elsewhere, what about the ferryport? At busy ones, the increasing size of the ferries can produce longish unloading queues already, and mostly all that happens is that drivers holding a clutch of things that looks like approximately the right number of the right documents are waved through. So where do we put the reader? And where do we put the holding area where all the passengers get out of the car, deliver their print and get back in? Where do we put the tailback (quick, there's another three ferryloads coming in)? Nightmare. Monitoring departures is actually harder, because typically the passport check is conducted by the ferry staff, and there's a non-secure holding area beyond this where passengers could be switched. We can all look forward to hearing how the government's going to figure this one out without bankrupting all the ferry companies.

Secure remote control for conventional and virtual desktops

Next page: The Police

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.