Feeds

US biometric ID request raises ID concern in UK

Don't want a betamax situation

  • alert
  • submit to reddit

High performance access to file storage

The UK government plans to issue its ID card as a passport with biometric identifiers stored in a chip – and the US wants those chips to be compatible with its own scanners, raising the possibility that US agencies could have access to the ID Card database.

The US call for biometric standardisation exceeds currently agreed international standards for airline navigation, safety and security. In 2003, it was agreed by the International Civil Aviation Organisation (ICAO) that the initial international biometric standard for passports would be facial mapping, although additional biometrics such as fingerprinting could be included.

Currently, for example, all foreign visitors entering the US have their two index fingers scanned, and a digital photograph taken before they are granted entry. Most visitors are also required to obtain a visa.

Nature of the US request

Michael Chertoff, US Secretary of Homeland Security, last week said this the EU and US were close to a deal on the introduction of biometrics in passports for those seeking entry to the US, and urged the EU to ensure compatibility between EU and US biometric systems.

According to press reports, Chertoff has also asked the UK to consider chip compatibility in respect of the proposed UK national identity card scheme.

He told reporters: "It would be a very bad thing if we all invested huge amounts of money in biometric systems and they didn't work with each other."

"Hopefully, we're not going to do VHS and Betamax with our chips,” he added.

Compatibility could deliver on-line data exchange

According to The Independent newspaper, this could mean that information held on UK identity cards could be accessed in the US.

The potential for this link arises because of the decisions of the International Civil Aviation Organisation (ICAO) to promote an international standard for passports. These decisions have been reinforced by a decision of the Council of Ministers of the European Community to introduce a common format passport for member states.

The decision of the UK government to link the ID cards with the passport means that the UK's ID card will be compatible with international passport standards. According to the Passport Office website, "For many UK citizens the identity card will be issued as passports come up for renewal or for first time applications." As a result, "The Home Office, the UKPS and other government departments will now work together "to start to lay the foundations for the scheme, which will establish a more secure means of proving people's identity."

As part of this process, the UKPS "will progress its major anti-fraud and secure identity initiatives including the addition of a biometric to the British passport. So if a biometric passport is linked to the ID Card in a common format which is compatible with the USA's travel requirement, then direct USA access to the ID Card/Passport database becomes an option in relation to travel to the USA."

Lack of biometrics still a problem

The US had initially set 26 October 2004 as the date by which Visa Waiver Program travellers were supposed to present a biometric passport for visa-free travel to the US, but extended it for one year when it became clear that the 27 states that are eligible for the Program – including the UK – would be unable to comply.

Unfortunately EU countries are still unable to produce the biometrically-enabled passports, and unless the US is prepared to extend its deadline again, EU visitors to the US will soon find themselves obliged to obtain a visa before they will be granted entry.

According to reports, the US and EU are now close to a deal on the timing of the biometric passport requirement.

Biometric passports and terrorism

Biometric passports have been identified by governments throughout the world as a key factor in the fight against terrorism, and their implementation is being driven by the US.

The USA-PATRIOT Act, passed by the US Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying aliens seeking admission into the US, within two years.

The schedule for its implementation was accelerated by another piece of legislation, the little-known Enhanced Border Security and Visa Entry Reform Act 2002. Part of this second law included seeking international co-operation with this standard. The incentive to international co-operation was made clear:

"By October 26, 2004, in order for a country to remain eligible for participation in the visa waiver program its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the International Civil Aviation Organization (ICAO)."

Citizens from those countries belonging to the Visa Waiver Program (including many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) do not require a visa, but as from 26 October last year, have been obliged to show a machine-readable passport.

Unless a further deadline extension is reached, VWP citizens entering the US after 26 October 2005 must, if their passport is issued after 26 October 2005, use a machine-readable, biometrically-enabled passport or obtain a visa.

Copyright © 2005, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related stories

Belgians in cunning misspelt ID card plan
ID cards technology is ready, says UK minister
UK ID scheme rides again, as biggest ID fraud of them all
EU biometric visa trial opts for the tinfoil sleeve
Congress passes Gestapo ID legislation
Malaysia to fingerprint all new-born children
HP to build EU's biometric ID, terror database
Not as guilty as he looks? The Met chief, Labour and ID cards
Clarke calls for ID cards after imagining huge poison terror ring
Carjackers swipe biometric Merc, plus owner's finger
Civil liberty group pans EU biometrics plans

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.