Feeds

Much of UK biometric passport data for archive, police use only?

Minister maybe blurts truth - but it won't fit anyway

Beginner's guide to SSL certificates

Passports and ID cards are unlikely to actually use most the "13 biometrics" the Government proposes to collect on all citizens, which is probably just as well, because they won't fit. But much of the biometric data that will be collected on registration will hardly ever be used. In a parliamentary answer to questioning by Lynne Jones MP last week, Home Office Minister Andy Burnham said that: "As the images [the biometric data] will not be required for routine matching and may only be used for generating the template on enrolment and subsequent biometric renewal, they could therefore be stored in a separate database which may be managed as an archive."

The amount of biometric data that can be housed on an ID card is a simple matter of available real estate, and that means there will be clear limits on the nature of the local (i.e., compare holder to data on card) checks that can be carried out. Burnham's answer, however, indicates that even 'higher security' biometric checks via the NIR will use only a subset of the data gathered, with the balance being 'for the record', allowing the Government to run a full ID check on you every time you have to renew your passport or card. But it will be of no earthly use to anybody else. If some of the data is not used, there will be no need for it to be part of the NIR (indeed, this would be very poor IT practice), and it could be housed separately. Burnham's use of the word "archive" should not however be taken to mean the data will be used solely on enrolment and renewal; the Home Office's document Identity Cards Scheme - Benefits Overview anticipates the ID scheme being used for "police identifying fingerprints from scenes of crime", and this will clearly require access to a full set of fingerprint biometric data, which implies that security services will have access to the archive.

No firm decision on identity scheme data storage have yet been taken, according to Burnham, but at minimum the passport will include an ICAO standard "high resolution image" that can be read by machine. "It is also assumed," he says, "that images of the other biometrics will be stored at a sufficient resolution to enable templates (the compact encodings of the essential patterns in iris and fingerprint biometrics which are used by matching algorithms) to be regenerated should the matching technology being used by the Identity Cards scheme be updated or changed."

That however is where he switches from what's actually carried in the passport (and, assuming the use of the same technology, the ID card), to data that may simply be squirrelled away in the Home Office archives. According to the Passport Office's published statements the passport will contain a facial image, but the inclusion of other biometrics is simply an option that will be considered. Europe however intends to include both facial and fingerprint from 2008, and while the UK is not bound by this decision because it is not part of the Schengen agreement, the UK Government intends to toe the line anyway. So whatever the Passport Office says, we can assume fingerprints will be added.

The ICAO biometric standard calls for a minimum of 32K storage, but 64K, which has been adopted for the US passport, looks likely to be the de facto world standard. The templates Burnham refers to "might be expected to take up a few 10's of Kilobytes per person", so should be no great challenge as far as central storage is concerned, but that is clearly not the case when it comes to a 64K chip in the passport. According to data prepared for the European Council of Ministers, the facial image will take up 12-15K, while fingerprints are expected to require 12K per finger. The European standard biometric passport is currently planned to include facial image and two fingerprints, so Europe's biometric data mops up 36-40K. More storage will be used by other data so, as and when the UK does add fingerprint, it's difficult to see how it could go much beyond Europe's two without going to the expense of increasing the available storage. This implies that when it comes to recognition of individuals without the presence of a card of passport (as in 'you are your ID'), the system will rely on two fingerprints alone, given the relatively poor performance of facial in such scenarios.

And iris data, which the UK likes but which is not part of the European proposals? In your dreams, we'd say. Incidentally, some people do argue that a signature is a biometric, and we can't see why it shouldn't be. So, strictly speaking, the UK scheme will use 14 biometrics, not 13, as the signature will be stored too. We commend this as a cheap marketing upgrade to the snake oil salesmen at the Home Office explaining why the scheme's so amazingly secure.

And about that biometric passport rollout... Given that, as the Home Office insists, the infrastructure for ID cards, including enrolment centres, is needed anyway in order to meet ICAO biometric passport requirements, there are just a few things about the Passport Office's release schedules that seem not entirely to add up. We've just passed one small milestone in the form of the new rules for passport photos, which try to make it easier for machines by telling you to keep your head straight, tuck your teeth in and stop looking so shiny, etc.*. The next step is due early next year, when the issuing of biometric passports begins. But as we shall see shortly, "biometric" is something of a misnomer here, because really all it means at first is that they'll have a chip in them.

But you'll still apply for them in the same way, using the same normal (albeit with your teeth tucked in) pictures, and they'll be ICAO-compliant biometric passports anyway. We do not yet have an ETA for the biometric enrolment centres we'll have to show up at in order to have the full range of data collected, which is understandable insofar as the ID Cards Bill has not yet been passed, but would be perplexing if the enrolment centres were necessary for biometric passports. Which, as we keep saying, they're not.

The Passport Office does however intend that new applicants for passports will have to report for personal interview from late next year, and that's the obvious opportunity for the commencement of biometric enrolment. So, biometric passport rollout using normal (come on, we've told you to keep your head straight) pictures and processes, early 2006. Enrolment centres 'needed' for biometric passports, late 2006 at the earliest. Your honour, we rest our case. The Government's linkage between ID cards and passports is phoney. ®

* If you think about what's happening here, the Rise of the Machines is all too obvious. The deployment of technology means that just looking approximately like yourself, which has been enough to satisfy dozing border control operatives for many years, is no longer enough. You now need to look like what the machines imagine you should look like. The new rules haven't been in place long and were cunningly brought in after the summer passport rush, so we can probably look forward to the reports of many horror stories that haven't yet happened. The Sunday Times has started collecting, but disappointingly the original appeal for contributions is funnier than the subsequent selection of the best. Help them out, people...

Passport trivia(?): According to an answer given by Andy Burnham on 18th October, the total number of lost or stolen passports reported in the UK in 2004 was 306,406. The 2003 figure was 184,301, so the increase was much larger than in previous years (2002 - 166,358, 2001 - 148,230, 2000 - 114,624). One wonders what factors might underlie this apparently disturbing trend, but one very much doubts that it has yet occurred to the Home Office to do so.

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.