Feeds

US biometric ID request raises ID concern in UK

Don't want a betamax situation

  • alert
  • submit to reddit

Top three mobile application threats

The UK government plans to issue its ID card as a passport with biometric identifiers stored in a chip – and the US wants those chips to be compatible with its own scanners, raising the possibility that US agencies could have access to the ID Card database.

The US call for biometric standardisation exceeds currently agreed international standards for airline navigation, safety and security. In 2003, it was agreed by the International Civil Aviation Organisation (ICAO) that the initial international biometric standard for passports would be facial mapping, although additional biometrics such as fingerprinting could be included.

Currently, for example, all foreign visitors entering the US have their two index fingers scanned, and a digital photograph taken before they are granted entry. Most visitors are also required to obtain a visa.

Nature of the US request

Michael Chertoff, US Secretary of Homeland Security, last week said this the EU and US were close to a deal on the introduction of biometrics in passports for those seeking entry to the US, and urged the EU to ensure compatibility between EU and US biometric systems.

According to press reports, Chertoff has also asked the UK to consider chip compatibility in respect of the proposed UK national identity card scheme.

He told reporters: "It would be a very bad thing if we all invested huge amounts of money in biometric systems and they didn't work with each other."

"Hopefully, we're not going to do VHS and Betamax with our chips,” he added.

Compatibility could deliver on-line data exchange

According to The Independent newspaper, this could mean that information held on UK identity cards could be accessed in the US.

The potential for this link arises because of the decisions of the International Civil Aviation Organisation (ICAO) to promote an international standard for passports. These decisions have been reinforced by a decision of the Council of Ministers of the European Community to introduce a common format passport for member states.

The decision of the UK government to link the ID cards with the passport means that the UK's ID card will be compatible with international passport standards. According to the Passport Office website, "For many UK citizens the identity card will be issued as passports come up for renewal or for first time applications." As a result, "The Home Office, the UKPS and other government departments will now work together "to start to lay the foundations for the scheme, which will establish a more secure means of proving people's identity."

As part of this process, the UKPS "will progress its major anti-fraud and secure identity initiatives including the addition of a biometric to the British passport. So if a biometric passport is linked to the ID Card in a common format which is compatible with the USA's travel requirement, then direct USA access to the ID Card/Passport database becomes an option in relation to travel to the USA."

Lack of biometrics still a problem

The US had initially set 26 October 2004 as the date by which Visa Waiver Program travellers were supposed to present a biometric passport for visa-free travel to the US, but extended it for one year when it became clear that the 27 states that are eligible for the Program – including the UK – would be unable to comply.

Unfortunately EU countries are still unable to produce the biometrically-enabled passports, and unless the US is prepared to extend its deadline again, EU visitors to the US will soon find themselves obliged to obtain a visa before they will be granted entry.

According to reports, the US and EU are now close to a deal on the timing of the biometric passport requirement.

Biometric passports and terrorism

Biometric passports have been identified by governments throughout the world as a key factor in the fight against terrorism, and their implementation is being driven by the US.

The USA-PATRIOT Act, passed by the US Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying aliens seeking admission into the US, within two years.

The schedule for its implementation was accelerated by another piece of legislation, the little-known Enhanced Border Security and Visa Entry Reform Act 2002. Part of this second law included seeking international co-operation with this standard. The incentive to international co-operation was made clear:

"By October 26, 2004, in order for a country to remain eligible for participation in the visa waiver program its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the International Civil Aviation Organization (ICAO)."

Citizens from those countries belonging to the Visa Waiver Program (including many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) do not require a visa, but as from 26 October last year, have been obliged to show a machine-readable passport.

Unless a further deadline extension is reached, VWP citizens entering the US after 26 October 2005 must, if their passport is issued after 26 October 2005, use a machine-readable, biometrically-enabled passport or obtain a visa.

Copyright © 2005, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related stories

Belgians in cunning misspelt ID card plan
ID cards technology is ready, says UK minister
UK ID scheme rides again, as biggest ID fraud of them all
EU biometric visa trial opts for the tinfoil sleeve
Congress passes Gestapo ID legislation
Malaysia to fingerprint all new-born children
HP to build EU's biometric ID, terror database
Not as guilty as he looks? The Met chief, Labour and ID cards
Clarke calls for ID cards after imagining huge poison terror ring
Carjackers swipe biometric Merc, plus owner's finger
Civil liberty group pans EU biometrics plans

Top three mobile application threats

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.