Feeds

Much of UK biometric passport data for archive, police use only?

Minister maybe blurts truth - but it won't fit anyway

Application security programs and practises

Passports and ID cards are unlikely to actually use most the "13 biometrics" the Government proposes to collect on all citizens, which is probably just as well, because they won't fit. But much of the biometric data that will be collected on registration will hardly ever be used. In a parliamentary answer to questioning by Lynne Jones MP last week, Home Office Minister Andy Burnham said that: "As the images [the biometric data] will not be required for routine matching and may only be used for generating the template on enrolment and subsequent biometric renewal, they could therefore be stored in a separate database which may be managed as an archive."

The amount of biometric data that can be housed on an ID card is a simple matter of available real estate, and that means there will be clear limits on the nature of the local (i.e., compare holder to data on card) checks that can be carried out. Burnham's answer, however, indicates that even 'higher security' biometric checks via the NIR will use only a subset of the data gathered, with the balance being 'for the record', allowing the Government to run a full ID check on you every time you have to renew your passport or card. But it will be of no earthly use to anybody else. If some of the data is not used, there will be no need for it to be part of the NIR (indeed, this would be very poor IT practice), and it could be housed separately. Burnham's use of the word "archive" should not however be taken to mean the data will be used solely on enrolment and renewal; the Home Office's document Identity Cards Scheme - Benefits Overview anticipates the ID scheme being used for "police identifying fingerprints from scenes of crime", and this will clearly require access to a full set of fingerprint biometric data, which implies that security services will have access to the archive.

No firm decision on identity scheme data storage have yet been taken, according to Burnham, but at minimum the passport will include an ICAO standard "high resolution image" that can be read by machine. "It is also assumed," he says, "that images of the other biometrics will be stored at a sufficient resolution to enable templates (the compact encodings of the essential patterns in iris and fingerprint biometrics which are used by matching algorithms) to be regenerated should the matching technology being used by the Identity Cards scheme be updated or changed."

That however is where he switches from what's actually carried in the passport (and, assuming the use of the same technology, the ID card), to data that may simply be squirrelled away in the Home Office archives. According to the Passport Office's published statements the passport will contain a facial image, but the inclusion of other biometrics is simply an option that will be considered. Europe however intends to include both facial and fingerprint from 2008, and while the UK is not bound by this decision because it is not part of the Schengen agreement, the UK Government intends to toe the line anyway. So whatever the Passport Office says, we can assume fingerprints will be added.

The ICAO biometric standard calls for a minimum of 32K storage, but 64K, which has been adopted for the US passport, looks likely to be the de facto world standard. The templates Burnham refers to "might be expected to take up a few 10's of Kilobytes per person", so should be no great challenge as far as central storage is concerned, but that is clearly not the case when it comes to a 64K chip in the passport. According to data prepared for the European Council of Ministers, the facial image will take up 12-15K, while fingerprints are expected to require 12K per finger. The European standard biometric passport is currently planned to include facial image and two fingerprints, so Europe's biometric data mops up 36-40K. More storage will be used by other data so, as and when the UK does add fingerprint, it's difficult to see how it could go much beyond Europe's two without going to the expense of increasing the available storage. This implies that when it comes to recognition of individuals without the presence of a card of passport (as in 'you are your ID'), the system will rely on two fingerprints alone, given the relatively poor performance of facial in such scenarios.

And iris data, which the UK likes but which is not part of the European proposals? In your dreams, we'd say. Incidentally, some people do argue that a signature is a biometric, and we can't see why it shouldn't be. So, strictly speaking, the UK scheme will use 14 biometrics, not 13, as the signature will be stored too. We commend this as a cheap marketing upgrade to the snake oil salesmen at the Home Office explaining why the scheme's so amazingly secure.

And about that biometric passport rollout... Given that, as the Home Office insists, the infrastructure for ID cards, including enrolment centres, is needed anyway in order to meet ICAO biometric passport requirements, there are just a few things about the Passport Office's release schedules that seem not entirely to add up. We've just passed one small milestone in the form of the new rules for passport photos, which try to make it easier for machines by telling you to keep your head straight, tuck your teeth in and stop looking so shiny, etc.*. The next step is due early next year, when the issuing of biometric passports begins. But as we shall see shortly, "biometric" is something of a misnomer here, because really all it means at first is that they'll have a chip in them.

But you'll still apply for them in the same way, using the same normal (albeit with your teeth tucked in) pictures, and they'll be ICAO-compliant biometric passports anyway. We do not yet have an ETA for the biometric enrolment centres we'll have to show up at in order to have the full range of data collected, which is understandable insofar as the ID Cards Bill has not yet been passed, but would be perplexing if the enrolment centres were necessary for biometric passports. Which, as we keep saying, they're not.

The Passport Office does however intend that new applicants for passports will have to report for personal interview from late next year, and that's the obvious opportunity for the commencement of biometric enrolment. So, biometric passport rollout using normal (come on, we've told you to keep your head straight) pictures and processes, early 2006. Enrolment centres 'needed' for biometric passports, late 2006 at the earliest. Your honour, we rest our case. The Government's linkage between ID cards and passports is phoney. ®

* If you think about what's happening here, the Rise of the Machines is all too obvious. The deployment of technology means that just looking approximately like yourself, which has been enough to satisfy dozing border control operatives for many years, is no longer enough. You now need to look like what the machines imagine you should look like. The new rules haven't been in place long and were cunningly brought in after the summer passport rush, so we can probably look forward to the reports of many horror stories that haven't yet happened. The Sunday Times has started collecting, but disappointingly the original appeal for contributions is funnier than the subsequent selection of the best. Help them out, people...

Passport trivia(?): According to an answer given by Andy Burnham on 18th October, the total number of lost or stolen passports reported in the UK in 2004 was 306,406. The 2003 figure was 184,301, so the increase was much larger than in previous years (2002 - 166,358, 2001 - 148,230, 2000 - 114,624). One wonders what factors might underlie this apparently disturbing trend, but one very much doubts that it has yet occurred to the Home Office to do so.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.