Feeds

EU ministers approve biometric ID, fingerprint data sharing

All this and record retention too!

Beginner's guide to SSL certificates

The European biometric ID card takes another step forward this week, with the European Justice and Home Affairs Council set to approve "minimum security standards" for national ID cards. Alongside this the Council will be roadmapping the rollout of Europe's biometric visa system, which will contain the fingerprints of 70 million people within the next few years, and hearing European Commission proposals for greater sharing of fingerprint data.

The latter proposals cover the existing Schengen Information System (SIS), its Visa Information System successor (VIS/Schengen II), and the EURODAC database of asylum seekers and illegal immigrants, but the Commission will also be raising "other initiatives", including the consideration of "a system for monitoring entry and exit movements", a "frequent traveller" system and the creation of "a European criminal Automated Fingerprints Identification System (AFIS)." So although some European states (not the UK) are strongly against the creation of a central biometric database of all their citizens, the construction of large-scale pan-European fingerprint systems proceeds apace.

The "minimum security standards" to be adopted for ID cards are effectively those already adopted for the European biometric passport, "bearing in mind the need for interoperability based on ICAO standards", and consist of an RFID chip containing facial and two fingerprint biometrics. Applicants will be required to attend in person (as is already planned in the UK), and "applications should be verified by authorised personnel against existing databases... for example, civil registers, passport and identity cards databases or driving licence registers."

According to UK Home Secretary Charles Clarke, in a written statement to Parliament yesterday, these security standards "will be important in addressing the weak link in EU travel documentation." Up to a point, Home Secretary, but there's a deal of frog-boiling going on here, as the Ministers slowly establish the ID cards and the databases without involving the voters or the legislatures.

Within the Schengen area of Europe (the UK isn't part of this) there are no permanent border controls, hence no need for ID at borders. Nor is an ID card necessarily required for air travel within the area (or for that matter between the UK and Ireland) - numerous different classes of identification are acceptable to various different carriers, and a fair bit of discretion is quite often exercised. Several of the current generation of European national ID cards are eminently forgeable, hence Clarke's "weak link", but as Europe's laws currently stand the holes a European biometric ID standard would plug are strictly limited. Although the requirement to carry national ID and produce it on demand exists in some European countries, there's no such general requirement, which limits the use of biometric ID for European internal controls. In the case of the UK, the ability to read non-UK ID cards at borders might be helpful, and this could initially be done via the biometric readers installed to support the biometric visa rollout. But in the absence of a central biometric database of European citizens it will only be possible to compare the bearer's fingerprints with the data on the card, so the system is only secure if the card really cannot be forged, and if cards don't end up being issued fraudulently.

The "standard" ID card is also not entirely standard, in that its endorsement by the Justice and Home Affairs Council is actually non-binding. This theoretically means that member states don't have to adhere to it if they don't want to, but as it's being agreed by the states on an intergovernmental basis it's more a case of the Interior Ministers committing to a standard European ID card without it being subject to any national or European parliamentary scrutiny. Implementation via this mechanism (which Statewatch editor Tony Bunyan terms "soft-law", and says is becoming increasingly common) also allows the Ministers to implement programmes in areas where their legal standing is at best dubious (see Statewatch for the legal position on biometric ID and passports).

Much of the current European security and anti-terror agenda falls into the "soft-law" category, with decisions made first by (in Clarke's words) "representatives of the Member States meeting inter-governmentally" in "the margins of the Council", then enshrined in law once an ill-balanced 'compromise' can be beaten out of the EU Parliament; Member State legislatures need not waste their time applying for a place in this process. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.