EU biometric visa trial opts for the tinfoil sleeve

Clash and burn for single ID dream?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

The US-inspired wet dream of a single, global identity document isn't quite dead, but with the announcement of Europe's biometric visa trial this week it doesn't look well. Smartcard specialist Gemplus has got the gig, working with prime contractor Sagem, for an initial trial in France and Belgium, and the visa format to be used is, er, a separate card.

The slight snag with the single biometric identity document - as we've noted here in the past - was identified by Brussels' techies late last year. The technology is intended to use contactless chip technology, despite the obvious gotcha that it'll be perfectly feasible for unauthorised readers to lift data from your passport. But if you've got multiple travel validations using the same technology in the same passport document, having them all chattering at the same timed screws up the readers. As the techies reported last year, the original plan to have visas using contactless technology in a passport which itself uses that technology just plain doesn't work.

Europe currently intends to implement common standards for biometric visas as part of its Visa Information System, so another way forward (not necessarily the word we'd use ourselves...) had to be found. The separate card format now being used in the Gemplus pilot looked like the most viable of the options the techies put forward on their announcement of the sad death of Plan A.

The pilot is being carried out as part of the Biodev project, which is being run by an ad hoc group of EU member states and deals with immigrant visa holders within the Schengen area. The card uses Gemborder 2 technology, contains fingerprint and facial plus sundry other data, and is "carried in a cardholder pocket placed inside the passport books", it says here. Keeping the card in a protective sleeve stops its chatter interfering where it's not wanted - the announcement doesn't specify tinfoil, but the sleeve will no doubt use something of that ilk. Gemplus describes Gemborder2 as "ICAO-compliant contactless chip technology for electronic passports and visas", which is true after a fashion, but misleading in that it tends to suggest the ICAO standard is wider-ranging than it actually is. ICAO merely requires a facial biometric for the passport, and practically everything else is optional.

The Biodev pilot shouldn't initially have much trouble with clashing chips, as contactless biometric passports will only start to roll out in the next six to nine months, but there are still likely to be problems associated with the visa being a separate document, rather than something stuck into the passport. This will be exacerbated when biometric passports do exist, and the confusion that's going to be caused by the need to have the right document out of its protective sleeve and the other documents in it should be obvious to everybody except our rulers.

As Europe's visa is intended to be standard and Europe will be one of the first on the block with biometric visas, interoperability and multiple visas shouldn't be major problems initially, but there are likely to be difficulties as and when everybody else joins in, and people with half a dozen wibbling bits of plastic start showing up at Roissy Charles de Gaulle.

Pause, friends, and think for a moment about what's happening now, and what the overall objective is. The US, Europe and various other countries are driving towards a global biometric backed ID system where networks of computers (e.g. Europe's VIS) and databases exchange information on the movements of everybody. Now, if the networks and data exchanges actually worked, then they'd know immediately if an individual identified via their passport (or even just their biometrics) had a visa. So in the long term there should be no need for spare bits of plastic, unless of course the authorities who steadfastly tell us this stuff will work don't really believe it will.

And think about the immediate point of the contactless biometric visa, the contactless biometric passport, and the nature of progress. Current passport standards are vulnerable to forgery, but the use of a facial biometric in the ICAO standard makes forgery much harder, and does a far better job of linking the holder to the document. So in principle, so long as the issuing hasn't been fraudulent, with an ICAO passport there's a considerably higher probability that the person holding the passport is actually the person border control thinks they are.

Current passports are in the main machine readable, so again in principle you can look up the individual to see if they're on any kind of watchlist. Current visas are generally stuck into the passport, so the border control operative is able to check the visa status of an individual by the simple expedient of opening the passport and looking at the visa. Effectively, with the addition of stronger forgery protection (which ICAO is) and tighter procedures on fraudulent application the current system could work pretty much in the way our lords and masters intend the systems they're building to work. In point of fact, if they'd actually finished building the current systems and they actually employed them, they could have been live ten years ago, or more.

But no - progress dictates that we must all have our documents read by machines, not people, and that the border control operatives who currently don't have time/ can't be bothered to open our passports and look at them switch jobs. Instead of guarding the borders, in the wondrous future they'll be queue-minders specialising in stopping jet-lagged travellers waving the wrong bit of plastic at the machine, and finding which pocket they put the blasted visa in. ®

Related stories:

HP to build EU's biometric ID, terror database
Security and interop issues cause EU biometric passport delays
Smile: you're under global surveillance
EU goes on biometric LSD trip

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story


5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.