Feeds

EU ministers approve biometric ID, fingerprint data sharing

All this and record retention too!

Designing a Defense for Mobile Applications

The European biometric ID card takes another step forward this week, with the European Justice and Home Affairs Council set to approve "minimum security standards" for national ID cards. Alongside this the Council will be roadmapping the rollout of Europe's biometric visa system, which will contain the fingerprints of 70 million people within the next few years, and hearing European Commission proposals for greater sharing of fingerprint data.

The latter proposals cover the existing Schengen Information System (SIS), its Visa Information System successor (VIS/Schengen II), and the EURODAC database of asylum seekers and illegal immigrants, but the Commission will also be raising "other initiatives", including the consideration of "a system for monitoring entry and exit movements", a "frequent traveller" system and the creation of "a European criminal Automated Fingerprints Identification System (AFIS)." So although some European states (not the UK) are strongly against the creation of a central biometric database of all their citizens, the construction of large-scale pan-European fingerprint systems proceeds apace.

The "minimum security standards" to be adopted for ID cards are effectively those already adopted for the European biometric passport, "bearing in mind the need for interoperability based on ICAO standards", and consist of an RFID chip containing facial and two fingerprint biometrics. Applicants will be required to attend in person (as is already planned in the UK), and "applications should be verified by authorised personnel against existing databases... for example, civil registers, passport and identity cards databases or driving licence registers."

According to UK Home Secretary Charles Clarke, in a written statement to Parliament yesterday, these security standards "will be important in addressing the weak link in EU travel documentation." Up to a point, Home Secretary, but there's a deal of frog-boiling going on here, as the Ministers slowly establish the ID cards and the databases without involving the voters or the legislatures.

Within the Schengen area of Europe (the UK isn't part of this) there are no permanent border controls, hence no need for ID at borders. Nor is an ID card necessarily required for air travel within the area (or for that matter between the UK and Ireland) - numerous different classes of identification are acceptable to various different carriers, and a fair bit of discretion is quite often exercised. Several of the current generation of European national ID cards are eminently forgeable, hence Clarke's "weak link", but as Europe's laws currently stand the holes a European biometric ID standard would plug are strictly limited. Although the requirement to carry national ID and produce it on demand exists in some European countries, there's no such general requirement, which limits the use of biometric ID for European internal controls. In the case of the UK, the ability to read non-UK ID cards at borders might be helpful, and this could initially be done via the biometric readers installed to support the biometric visa rollout. But in the absence of a central biometric database of European citizens it will only be possible to compare the bearer's fingerprints with the data on the card, so the system is only secure if the card really cannot be forged, and if cards don't end up being issued fraudulently.

The "standard" ID card is also not entirely standard, in that its endorsement by the Justice and Home Affairs Council is actually non-binding. This theoretically means that member states don't have to adhere to it if they don't want to, but as it's being agreed by the states on an intergovernmental basis it's more a case of the Interior Ministers committing to a standard European ID card without it being subject to any national or European parliamentary scrutiny. Implementation via this mechanism (which Statewatch editor Tony Bunyan terms "soft-law", and says is becoming increasingly common) also allows the Ministers to implement programmes in areas where their legal standing is at best dubious (see Statewatch for the legal position on biometric ID and passports).

Much of the current European security and anti-terror agenda falls into the "soft-law" category, with decisions made first by (in Clarke's words) "representatives of the Member States meeting inter-governmentally" in "the margins of the Council", then enshrined in law once an ill-balanced 'compromise' can be beaten out of the EU Parliament; Member State legislatures need not waste their time applying for a place in this process. ®

Using blade systems to cut costs and sharpen efficiencies

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.