Feeds

UK to use passports to build national fingerprint database

ID card scheme, or parliament, not needed, apparently...

  • alert
  • submit to reddit

High performance access to file storage

Mandatory fingerprinting of new UK passport applicants is to begin next year, as a "building block" for a future ID card scheme, according to a Guardian report The Government's ID Card Bill was spiked after the election was announced, but the Government is said to contend that as passports are issued under royal prerogative, it doesn't need legislation to demand fingerprints from passport applicants.

So it's all going to be the Queen's fault, apparently. The intention is to require fingerprints from all those applying for their first passport from next year, with fingerprinting of those renewing existing passports to be phased in subsequently. First time applicants will have to attend one of 70 new passport offices for interview from next year, and can therefore be fingerprinted at the same time. From the point of view of passport security, interviewing of first time applicants is quite possibly a sensible move, because it will tend to reduce the success rate of fraudulent applicants. Hoovering up fingerprints at the same time, however, is quite another matter.

David Blunkett's Home Office peddled the fiction that international biometric passport requirements meant that most of the expense of the ID card scheme would have to be undertaken anyway, thus making the ID card itself a fairly small additional hurdle to cross. Neither of these claims is true. ICAO only requires a facial biometric on the passport (in mere mortalspeak, a digitised version of a normal passport photo is all we're talking about here). The EU intends to require fingerprints in addition to digitised mugshot, but because of its Schengen opt-out the UK isn't obliged to follow suit. So nobody's forcing us to have fingerprints on passports, and parliament has not yet approved any ID scheme that the fingerprints to be collected would be used for.

Provided it wins the election Blair's Labour Party intends to reintroduce its ID card plans, but it would then have to draft a new Bill and steer it through the new Parliament successfully, so going ahead with a major building block anyway seems just a tad presumptuous. But we have what we think is a highly plausible Black Helicopter scenario here - what if the national fingerprint database is not necessarily just a building block for an ID card scheme?

It is intended that police will be able to run routine scene of crime checks against the passport fingerprint database. This database will eventually contain data for most of the people in the UK, and progressive expansion of police fingerprinting powers has meant the police's own database is now quite substantial. The ID scheme that hasn't quite happened yet proposed to house the population's personal database in the national identity register, allegedly with adequate safeguards, but a passport fingerprint database effectively produces the guts of the ID scheme without the need for any safeguards, oversight, parliamentary approval or scrutiny.

The Government would therefore have biometric-linked data for everyone who has a passport or has been arrested (they get to keep the prints even if you're innocent), which would take it most of the way towards the national identity register even if it never quite got around to passing ID card legislation. The mere existence of this database would provide a handy jumping off point for future extension - one could, for example, reintroduce the notion of a "voluntary" ID card to make it easier to access Government services and simply to establish your identity "incontrovertibly."

It's possible that those pushing for the rapid expansion of a fingerprint database see it as providing some kind of crime-solving magic bullet. Such a belief, however, requires a substantial level of technical illiteracy. A fingerprint in a passport or ID card provides a reasonably accurate mechanism for the identification of an individual because you're simply comparing the actual finger with its purported print. It gets a little more complicated if you're doing an online check of a finger against a fingerprint database in order to establish someone's identity, but so long as both prints have been taken under comparable conditions, in principle it shouldn't be too hard to get a match, if one exists.

Scene of crime fingerprints are however an entirely different matter. These will be of varying quality, in many cases they will only be partial prints, and although it is possible to use some automation to narrow the search, human expertise is needed in order to establish a reasonable degree of certainty. Trawling a database of the entire UK population would therefore produce a fairly large number of possible matches, but would then require a very large number of fingerprint experts to narrow them down. At which point, other problems would arise. At the moment possible matches obtained by the police will almost always lead them to a suspect who has already been arrested for something, and who will therefore not necessarily be shocked, stunned or outraged by being asked to account for his movements on the night in question.

Once the fingerprint database of the future is live, however, that will not be the case, and it will only be a matter of time before a false match IDs a nun. Or a Home Secretary. ®

Related Stories:

Security and interop issues cause EU biometric passport delays
No hiding place? UK number plate cameras go national
UK gov ready to u-turn on passport-ID card link?
UK police fingerprint system collapses
FBI apology for Madrid bomb fingerprint fiasco
Fingerprints as ID - good, bad, ugly?

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.