Feeds

EU ministers approve biometric ID, fingerprint data sharing

All this and record retention too!

Choosing a cloud hosting partner with confidence

The European biometric ID card takes another step forward this week, with the European Justice and Home Affairs Council set to approve "minimum security standards" for national ID cards. Alongside this the Council will be roadmapping the rollout of Europe's biometric visa system, which will contain the fingerprints of 70 million people within the next few years, and hearing European Commission proposals for greater sharing of fingerprint data.

The latter proposals cover the existing Schengen Information System (SIS), its Visa Information System successor (VIS/Schengen II), and the EURODAC database of asylum seekers and illegal immigrants, but the Commission will also be raising "other initiatives", including the consideration of "a system for monitoring entry and exit movements", a "frequent traveller" system and the creation of "a European criminal Automated Fingerprints Identification System (AFIS)." So although some European states (not the UK) are strongly against the creation of a central biometric database of all their citizens, the construction of large-scale pan-European fingerprint systems proceeds apace.

The "minimum security standards" to be adopted for ID cards are effectively those already adopted for the European biometric passport, "bearing in mind the need for interoperability based on ICAO standards", and consist of an RFID chip containing facial and two fingerprint biometrics. Applicants will be required to attend in person (as is already planned in the UK), and "applications should be verified by authorised personnel against existing databases... for example, civil registers, passport and identity cards databases or driving licence registers."

According to UK Home Secretary Charles Clarke, in a written statement to Parliament yesterday, these security standards "will be important in addressing the weak link in EU travel documentation." Up to a point, Home Secretary, but there's a deal of frog-boiling going on here, as the Ministers slowly establish the ID cards and the databases without involving the voters or the legislatures.

Within the Schengen area of Europe (the UK isn't part of this) there are no permanent border controls, hence no need for ID at borders. Nor is an ID card necessarily required for air travel within the area (or for that matter between the UK and Ireland) - numerous different classes of identification are acceptable to various different carriers, and a fair bit of discretion is quite often exercised. Several of the current generation of European national ID cards are eminently forgeable, hence Clarke's "weak link", but as Europe's laws currently stand the holes a European biometric ID standard would plug are strictly limited. Although the requirement to carry national ID and produce it on demand exists in some European countries, there's no such general requirement, which limits the use of biometric ID for European internal controls. In the case of the UK, the ability to read non-UK ID cards at borders might be helpful, and this could initially be done via the biometric readers installed to support the biometric visa rollout. But in the absence of a central biometric database of European citizens it will only be possible to compare the bearer's fingerprints with the data on the card, so the system is only secure if the card really cannot be forged, and if cards don't end up being issued fraudulently.

The "standard" ID card is also not entirely standard, in that its endorsement by the Justice and Home Affairs Council is actually non-binding. This theoretically means that member states don't have to adhere to it if they don't want to, but as it's being agreed by the states on an intergovernmental basis it's more a case of the Interior Ministers committing to a standard European ID card without it being subject to any national or European parliamentary scrutiny. Implementation via this mechanism (which Statewatch editor Tony Bunyan terms "soft-law", and says is becoming increasingly common) also allows the Ministers to implement programmes in areas where their legal standing is at best dubious (see Statewatch for the legal position on biometric ID and passports).

Much of the current European security and anti-terror agenda falls into the "soft-law" category, with decisions made first by (in Clarke's words) "representatives of the Member States meeting inter-governmentally" in "the margins of the Council", then enshrined in law once an ill-balanced 'compromise' can be beaten out of the EU Parliament; Member State legislatures need not waste their time applying for a place in this process. ®

Security for virtualized datacentres

More from The Register

next story
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.