Feeds

EU ministers approve biometric ID, fingerprint data sharing

All this and record retention too!

Next gen security for virtualised datacentres

The European biometric ID card takes another step forward this week, with the European Justice and Home Affairs Council set to approve "minimum security standards" for national ID cards. Alongside this the Council will be roadmapping the rollout of Europe's biometric visa system, which will contain the fingerprints of 70 million people within the next few years, and hearing European Commission proposals for greater sharing of fingerprint data.

The latter proposals cover the existing Schengen Information System (SIS), its Visa Information System successor (VIS/Schengen II), and the EURODAC database of asylum seekers and illegal immigrants, but the Commission will also be raising "other initiatives", including the consideration of "a system for monitoring entry and exit movements", a "frequent traveller" system and the creation of "a European criminal Automated Fingerprints Identification System (AFIS)." So although some European states (not the UK) are strongly against the creation of a central biometric database of all their citizens, the construction of large-scale pan-European fingerprint systems proceeds apace.

The "minimum security standards" to be adopted for ID cards are effectively those already adopted for the European biometric passport, "bearing in mind the need for interoperability based on ICAO standards", and consist of an RFID chip containing facial and two fingerprint biometrics. Applicants will be required to attend in person (as is already planned in the UK), and "applications should be verified by authorised personnel against existing databases... for example, civil registers, passport and identity cards databases or driving licence registers."

According to UK Home Secretary Charles Clarke, in a written statement to Parliament yesterday, these security standards "will be important in addressing the weak link in EU travel documentation." Up to a point, Home Secretary, but there's a deal of frog-boiling going on here, as the Ministers slowly establish the ID cards and the databases without involving the voters or the legislatures.

Within the Schengen area of Europe (the UK isn't part of this) there are no permanent border controls, hence no need for ID at borders. Nor is an ID card necessarily required for air travel within the area (or for that matter between the UK and Ireland) - numerous different classes of identification are acceptable to various different carriers, and a fair bit of discretion is quite often exercised. Several of the current generation of European national ID cards are eminently forgeable, hence Clarke's "weak link", but as Europe's laws currently stand the holes a European biometric ID standard would plug are strictly limited. Although the requirement to carry national ID and produce it on demand exists in some European countries, there's no such general requirement, which limits the use of biometric ID for European internal controls. In the case of the UK, the ability to read non-UK ID cards at borders might be helpful, and this could initially be done via the biometric readers installed to support the biometric visa rollout. But in the absence of a central biometric database of European citizens it will only be possible to compare the bearer's fingerprints with the data on the card, so the system is only secure if the card really cannot be forged, and if cards don't end up being issued fraudulently.

The "standard" ID card is also not entirely standard, in that its endorsement by the Justice and Home Affairs Council is actually non-binding. This theoretically means that member states don't have to adhere to it if they don't want to, but as it's being agreed by the states on an intergovernmental basis it's more a case of the Interior Ministers committing to a standard European ID card without it being subject to any national or European parliamentary scrutiny. Implementation via this mechanism (which Statewatch editor Tony Bunyan terms "soft-law", and says is becoming increasingly common) also allows the Ministers to implement programmes in areas where their legal standing is at best dubious (see Statewatch for the legal position on biometric ID and passports).

Much of the current European security and anti-terror agenda falls into the "soft-law" category, with decisions made first by (in Clarke's words) "representatives of the Member States meeting inter-governmentally" in "the margins of the Council", then enshrined in law once an ill-balanced 'compromise' can be beaten out of the EU Parliament; Member State legislatures need not waste their time applying for a place in this process. ®

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?