Feeds

UK EU presidency aims for Europe-wide biometric ID card

Here's a blueprint we prepared earlier...

  • alert
  • submit to reddit

High performance access to file storage

The UK is using its Presidency of the Council of the European Union to push for the adoption of biometric ID cards and associated standards across the whole of the EU. In a proposal issued on Monday (11th July), the UK calls for the drafting of "common standards for national identity cards taking into account the achievements in relation to the EU passport and in the ICAO framework."

The tiptoeing around ICAO is significant, because the current ICAO standard covers only passports, and effectively only requires a facial biometric. The UK Government's piggybacking fingerprints and ID cards on the back of this is therefore entirely self-inflicted, as is the EU decision to incorporate fingerprints in passports. The UK proposal (which is available at Statewatch) ratchets this up further not by actually saying the whole of Europe has to do biometric ID cards in order to comply with ICAO, but by couching the matter within an ICAO context. It's the UK Government reasoning of 'might as well do it because we're doing the passports already' projected across an entire continent.

Under the proposal the first phase ID standards are intended to have been drawn up by the end of March 2006, and to cover use of biometrics, common standards for the card interface and measures "(including Enhanced Access Control and PKI) which may be used to ensure that data stored on Identity Cards is appropriately protected but can be read by other Member States."

The topics proposed for discussion in a second phase provide clear signposts as to where we're going with all this. Common minimum standards "would seem important" for the security of the enrolment and issuing processes, it says. This signals that Europe as a whole is to be pushed towards the UK view of the ID card as a 'gold standard' for identity. This certainly doesn't square with the way ID cards are currently viewed in the rest of Europe, and is not necessarily in line with what some other member states are currently doing in terms of next generation identity documents. The current French proposals, for example, take a decentralised approach to the issuing process which probably would not meet the levels of security on enrolment and issuing that the UK would like Europe to impose. Nor indeed should it, necessarily; it rather depends on how a country intends to deal with identity, and what the purposes of its ID documents are.

Also up for discussion are more work on digital signatures, where the document says an EU standard already exists, and "how best to allow for exchange of information on issues of common interest, including anti-fraud measures taken in different Member States and any significant changes in the format of national Identity Cards."

We're tiptoeing a little again here, because simply achieving an EU ID card that can be read anywhere in the EU (and, no doubt, elsewhere) doesn't match the UK's internal plans. The IDC card has to be read against central and national databases set up to facilitate "exchange of information on issues of common interest". Which could, you might speculate, include many things, and no doubt will. The EU is currently building a second generation of its Visa Information System database, but further areas of data interchange will be created in the name of security, and as a consequence of the systems used for border control being blurred into general identity document use within the EU by the Council of Ministers.

It won't be feasible for an EU equivalent of the UK National Identity Register to be built directly as a sort of 'index to everything', because national safeguards and/or public opinion would not allow it. Growing such a beast by stages and sucking the refuseniks in because they've little other choice is however a route that the Council of Ministers and the core supporters of the security agenda within it can drive.

In addition to the pan-European push, the UK Government is putting pressure on Ireland over identity cards. Irish Justice minister Michael McDowell has gone on the record as opposing ID cards, saying that "I don't want to go down that road if I can avoid doing so", but this week he conceded that if the UK ID scheme goes ahead Ireland may have little choice. This latest 'Irish question' figures regularly in the UK Parliament's ID card debates because Irish citizens may currently travel and live within the UK without controls. If the arrangements don't change and UK citizens have compulsory ID cards, Irish citizens would therefore constitute a giant hole in the scheme.

Despite the obviousness of the problem, UK Government answers on the subject have been decidedly evasive. Clarke however recently confirmed he had had "informal discussions" with Irish ministers, and recent reports (registration required) say the introduction of Irish ID cards is now seen as inevitable, and that the Irish Government is considering turning the social welfare card into an ID card.

Clarke himself bobbed and weaved more than a little on this in the recent ID card debate. Asked by Ian Paisley to confirm that "none of the data that we are discussing can be dispensed outside this United Kingdom", Clarke replied that he was "happy to give that assurance... the Identity Cards Bill does not allow information to be provided from the national identity register to any foreign Government. That is the position - full stop."

If only it were. The National Identity Register is the key to the data, not the data itself. Clarke subsequently got more specific with "it is certainly the case that we would not release data from our databases to the Irish Government. That is the case - pure and simple." The Irish Government has similarly guaranteed in the other direction, but it is not pure and simple, as such. A data sharing regime at a European level (i.e., precisely what Clarke is pushing for via the Council of Ministers) would quite clearly necessitate the release of "data from our databases" to the Irish Government, and vice versa. First create your monster, then obey its instructions because you 'have no choice.' ®

Related links:

Statewatch
UK biometric ID card morphs into £30 'passport lite'
US biometric ID request raises ID concern in UK
HP to build EU's biometric ID, terror database

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.