Feeds

UK EU presidency aims for Europe-wide biometric ID card

Here's a blueprint we prepared earlier...

  • alert
  • submit to reddit

New hybrid storage solutions

The UK is using its Presidency of the Council of the European Union to push for the adoption of biometric ID cards and associated standards across the whole of the EU. In a proposal issued on Monday (11th July), the UK calls for the drafting of "common standards for national identity cards taking into account the achievements in relation to the EU passport and in the ICAO framework."

The tiptoeing around ICAO is significant, because the current ICAO standard covers only passports, and effectively only requires a facial biometric. The UK Government's piggybacking fingerprints and ID cards on the back of this is therefore entirely self-inflicted, as is the EU decision to incorporate fingerprints in passports. The UK proposal (which is available at Statewatch) ratchets this up further not by actually saying the whole of Europe has to do biometric ID cards in order to comply with ICAO, but by couching the matter within an ICAO context. It's the UK Government reasoning of 'might as well do it because we're doing the passports already' projected across an entire continent.

Under the proposal the first phase ID standards are intended to have been drawn up by the end of March 2006, and to cover use of biometrics, common standards for the card interface and measures "(including Enhanced Access Control and PKI) which may be used to ensure that data stored on Identity Cards is appropriately protected but can be read by other Member States."

The topics proposed for discussion in a second phase provide clear signposts as to where we're going with all this. Common minimum standards "would seem important" for the security of the enrolment and issuing processes, it says. This signals that Europe as a whole is to be pushed towards the UK view of the ID card as a 'gold standard' for identity. This certainly doesn't square with the way ID cards are currently viewed in the rest of Europe, and is not necessarily in line with what some other member states are currently doing in terms of next generation identity documents. The current French proposals, for example, take a decentralised approach to the issuing process which probably would not meet the levels of security on enrolment and issuing that the UK would like Europe to impose. Nor indeed should it, necessarily; it rather depends on how a country intends to deal with identity, and what the purposes of its ID documents are.

Also up for discussion are more work on digital signatures, where the document says an EU standard already exists, and "how best to allow for exchange of information on issues of common interest, including anti-fraud measures taken in different Member States and any significant changes in the format of national Identity Cards."

We're tiptoeing a little again here, because simply achieving an EU ID card that can be read anywhere in the EU (and, no doubt, elsewhere) doesn't match the UK's internal plans. The IDC card has to be read against central and national databases set up to facilitate "exchange of information on issues of common interest". Which could, you might speculate, include many things, and no doubt will. The EU is currently building a second generation of its Visa Information System database, but further areas of data interchange will be created in the name of security, and as a consequence of the systems used for border control being blurred into general identity document use within the EU by the Council of Ministers.

It won't be feasible for an EU equivalent of the UK National Identity Register to be built directly as a sort of 'index to everything', because national safeguards and/or public opinion would not allow it. Growing such a beast by stages and sucking the refuseniks in because they've little other choice is however a route that the Council of Ministers and the core supporters of the security agenda within it can drive.

In addition to the pan-European push, the UK Government is putting pressure on Ireland over identity cards. Irish Justice minister Michael McDowell has gone on the record as opposing ID cards, saying that "I don't want to go down that road if I can avoid doing so", but this week he conceded that if the UK ID scheme goes ahead Ireland may have little choice. This latest 'Irish question' figures regularly in the UK Parliament's ID card debates because Irish citizens may currently travel and live within the UK without controls. If the arrangements don't change and UK citizens have compulsory ID cards, Irish citizens would therefore constitute a giant hole in the scheme.

Despite the obviousness of the problem, UK Government answers on the subject have been decidedly evasive. Clarke however recently confirmed he had had "informal discussions" with Irish ministers, and recent reports (registration required) say the introduction of Irish ID cards is now seen as inevitable, and that the Irish Government is considering turning the social welfare card into an ID card.

Clarke himself bobbed and weaved more than a little on this in the recent ID card debate. Asked by Ian Paisley to confirm that "none of the data that we are discussing can be dispensed outside this United Kingdom", Clarke replied that he was "happy to give that assurance... the Identity Cards Bill does not allow information to be provided from the national identity register to any foreign Government. That is the position - full stop."

If only it were. The National Identity Register is the key to the data, not the data itself. Clarke subsequently got more specific with "it is certainly the case that we would not release data from our databases to the Irish Government. That is the case - pure and simple." The Irish Government has similarly guaranteed in the other direction, but it is not pure and simple, as such. A data sharing regime at a European level (i.e., precisely what Clarke is pushing for via the Council of Ministers) would quite clearly necessitate the release of "data from our databases" to the Irish Government, and vice versa. First create your monster, then obey its instructions because you 'have no choice.' ®

Related links:

Statewatch
UK biometric ID card morphs into £30 'passport lite'
US biometric ID request raises ID concern in UK
HP to build EU's biometric ID, terror database

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.