Feeds

EU biometric visa trial opts for the tinfoil sleeve

Clash and burn for single ID dream?

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The US-inspired wet dream of a single, global identity document isn't quite dead, but with the announcement of Europe's biometric visa trial this week it doesn't look well. Smartcard specialist Gemplus has got the gig, working with prime contractor Sagem, for an initial trial in France and Belgium, and the visa format to be used is, er, a separate card.

The slight snag with the single biometric identity document - as we've noted here in the past - was identified by Brussels' techies late last year. The technology is intended to use contactless chip technology, despite the obvious gotcha that it'll be perfectly feasible for unauthorised readers to lift data from your passport. But if you've got multiple travel validations using the same technology in the same passport document, having them all chattering at the same timed screws up the readers. As the techies reported last year, the original plan to have visas using contactless technology in a passport which itself uses that technology just plain doesn't work.

Europe currently intends to implement common standards for biometric visas as part of its Visa Information System, so another way forward (not necessarily the word we'd use ourselves...) had to be found. The separate card format now being used in the Gemplus pilot looked like the most viable of the options the techies put forward on their announcement of the sad death of Plan A.

The pilot is being carried out as part of the Biodev project, which is being run by an ad hoc group of EU member states and deals with immigrant visa holders within the Schengen area. The card uses Gemborder 2 technology, contains fingerprint and facial plus sundry other data, and is "carried in a cardholder pocket placed inside the passport books", it says here. Keeping the card in a protective sleeve stops its chatter interfering where it's not wanted - the announcement doesn't specify tinfoil, but the sleeve will no doubt use something of that ilk. Gemplus describes Gemborder2 as "ICAO-compliant contactless chip technology for electronic passports and visas", which is true after a fashion, but misleading in that it tends to suggest the ICAO standard is wider-ranging than it actually is. ICAO merely requires a facial biometric for the passport, and practically everything else is optional.

The Biodev pilot shouldn't initially have much trouble with clashing chips, as contactless biometric passports will only start to roll out in the next six to nine months, but there are still likely to be problems associated with the visa being a separate document, rather than something stuck into the passport. This will be exacerbated when biometric passports do exist, and the confusion that's going to be caused by the need to have the right document out of its protective sleeve and the other documents in it should be obvious to everybody except our rulers.

As Europe's visa is intended to be standard and Europe will be one of the first on the block with biometric visas, interoperability and multiple visas shouldn't be major problems initially, but there are likely to be difficulties as and when everybody else joins in, and people with half a dozen wibbling bits of plastic start showing up at Roissy Charles de Gaulle.

Pause, friends, and think for a moment about what's happening now, and what the overall objective is. The US, Europe and various other countries are driving towards a global biometric backed ID system where networks of computers (e.g. Europe's VIS) and databases exchange information on the movements of everybody. Now, if the networks and data exchanges actually worked, then they'd know immediately if an individual identified via their passport (or even just their biometrics) had a visa. So in the long term there should be no need for spare bits of plastic, unless of course the authorities who steadfastly tell us this stuff will work don't really believe it will.

And think about the immediate point of the contactless biometric visa, the contactless biometric passport, and the nature of progress. Current passport standards are vulnerable to forgery, but the use of a facial biometric in the ICAO standard makes forgery much harder, and does a far better job of linking the holder to the document. So in principle, so long as the issuing hasn't been fraudulent, with an ICAO passport there's a considerably higher probability that the person holding the passport is actually the person border control thinks they are.

Current passports are in the main machine readable, so again in principle you can look up the individual to see if they're on any kind of watchlist. Current visas are generally stuck into the passport, so the border control operative is able to check the visa status of an individual by the simple expedient of opening the passport and looking at the visa. Effectively, with the addition of stronger forgery protection (which ICAO is) and tighter procedures on fraudulent application the current system could work pretty much in the way our lords and masters intend the systems they're building to work. In point of fact, if they'd actually finished building the current systems and they actually employed them, they could have been live ten years ago, or more.

But no - progress dictates that we must all have our documents read by machines, not people, and that the border control operatives who currently don't have time/ can't be bothered to open our passports and look at them switch jobs. Instead of guarding the borders, in the wondrous future they'll be queue-minders specialising in stopping jet-lagged travellers waving the wrong bit of plastic at the machine, and finding which pocket they put the blasted visa in. ®

Related stories:

HP to build EU's biometric ID, terror database
Security and interop issues cause EU biometric passport delays
Smile: you're under global surveillance
EU goes on biometric LSD trip

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.