Feeds

US biometric ID request raises ID concern in UK

Don't want a betamax situation

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The UK government plans to issue its ID card as a passport with biometric identifiers stored in a chip – and the US wants those chips to be compatible with its own scanners, raising the possibility that US agencies could have access to the ID Card database.

The US call for biometric standardisation exceeds currently agreed international standards for airline navigation, safety and security. In 2003, it was agreed by the International Civil Aviation Organisation (ICAO) that the initial international biometric standard for passports would be facial mapping, although additional biometrics such as fingerprinting could be included.

Currently, for example, all foreign visitors entering the US have their two index fingers scanned, and a digital photograph taken before they are granted entry. Most visitors are also required to obtain a visa.

Nature of the US request

Michael Chertoff, US Secretary of Homeland Security, last week said this the EU and US were close to a deal on the introduction of biometrics in passports for those seeking entry to the US, and urged the EU to ensure compatibility between EU and US biometric systems.

According to press reports, Chertoff has also asked the UK to consider chip compatibility in respect of the proposed UK national identity card scheme.

He told reporters: "It would be a very bad thing if we all invested huge amounts of money in biometric systems and they didn't work with each other."

"Hopefully, we're not going to do VHS and Betamax with our chips,” he added.

Compatibility could deliver on-line data exchange

According to The Independent newspaper, this could mean that information held on UK identity cards could be accessed in the US.

The potential for this link arises because of the decisions of the International Civil Aviation Organisation (ICAO) to promote an international standard for passports. These decisions have been reinforced by a decision of the Council of Ministers of the European Community to introduce a common format passport for member states.

The decision of the UK government to link the ID cards with the passport means that the UK's ID card will be compatible with international passport standards. According to the Passport Office website, "For many UK citizens the identity card will be issued as passports come up for renewal or for first time applications." As a result, "The Home Office, the UKPS and other government departments will now work together "to start to lay the foundations for the scheme, which will establish a more secure means of proving people's identity."

As part of this process, the UKPS "will progress its major anti-fraud and secure identity initiatives including the addition of a biometric to the British passport. So if a biometric passport is linked to the ID Card in a common format which is compatible with the USA's travel requirement, then direct USA access to the ID Card/Passport database becomes an option in relation to travel to the USA."

Lack of biometrics still a problem

The US had initially set 26 October 2004 as the date by which Visa Waiver Program travellers were supposed to present a biometric passport for visa-free travel to the US, but extended it for one year when it became clear that the 27 states that are eligible for the Program – including the UK – would be unable to comply.

Unfortunately EU countries are still unable to produce the biometrically-enabled passports, and unless the US is prepared to extend its deadline again, EU visitors to the US will soon find themselves obliged to obtain a visa before they will be granted entry.

According to reports, the US and EU are now close to a deal on the timing of the biometric passport requirement.

Biometric passports and terrorism

Biometric passports have been identified by governments throughout the world as a key factor in the fight against terrorism, and their implementation is being driven by the US.

The USA-PATRIOT Act, passed by the US Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying aliens seeking admission into the US, within two years.

The schedule for its implementation was accelerated by another piece of legislation, the little-known Enhanced Border Security and Visa Entry Reform Act 2002. Part of this second law included seeking international co-operation with this standard. The incentive to international co-operation was made clear:

"By October 26, 2004, in order for a country to remain eligible for participation in the visa waiver program its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the International Civil Aviation Organization (ICAO)."

Citizens from those countries belonging to the Visa Waiver Program (including many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) do not require a visa, but as from 26 October last year, have been obliged to show a machine-readable passport.

Unless a further deadline extension is reached, VWP citizens entering the US after 26 October 2005 must, if their passport is issued after 26 October 2005, use a machine-readable, biometrically-enabled passport or obtain a visa.

Copyright © 2005, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related stories

Belgians in cunning misspelt ID card plan
ID cards technology is ready, says UK minister
UK ID scheme rides again, as biggest ID fraud of them all
EU biometric visa trial opts for the tinfoil sleeve
Congress passes Gestapo ID legislation
Malaysia to fingerprint all new-born children
HP to build EU's biometric ID, terror database
Not as guilty as he looks? The Met chief, Labour and ID cards
Clarke calls for ID cards after imagining huge poison terror ring
Carjackers swipe biometric Merc, plus owner's finger
Civil liberty group pans EU biometrics plans

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.