EU moots 'deep background' checks for racist-free border controls

The biometric meritocracy

Beginner's guide to SSL certificates

Europe plans to avoid the routine discrimination against foreigners at border controls by using deep background checks of individual people to manage immigration.

The EU hopes the plans will appease US doubts about the visa waivers it doles out almost indiscriminately to citizens of allied countries. The US approach, as demonstrated by the controversial PNR (passenger name records) stitch-up, demonstrates a desire to discriminate good immigrants from bad immigrants more effectively using detailed intelligence reports.

The EU solution to this problem was presented to delegates of the Biometrics 2006 conference last week and bears some relation to border controls systems already implemented in the United Arab Emirates, Israel and along the Chinese border with Hong Kong, which gained its supposed predilection for biometric identification when it had identity cards foisted on its people by the colonial British administration in the 1940s.

The Europeans are aware of the negative connotations, which is why their solution to the problem, the Trusted Traveller Programme, was recently renamed the Registered Traveller Programme. The implication of the old name was that European border controls intend to become more suspicious of people who are not fully paid up members of the omniscient state, which it does.

It is, however, being presented as a means of avoiding discrimination against people coming in and out of Europe merely on the basis of their country of origin or the colour of their skin.

Why tag nationality?

A convincing argument along these lines was presented by Dr Frank Paul, head of large-scale computer systems at the European Commission's directorate of Justice, Freedom and Security, and the man responsible for implementing the biometric immigration systems across the continent.

Europeans cannot say that all people from these countries are security risks, said Paul. Not only is this bigoted, but clearly impractical for airport security.

"Why tag nationality," said Paul, "It's an abstract identity [that] has no relation to personal risk. So we'll have to do specific background checks on individuals."

The Commission is conducting a feasibility study for this "person-centric approach" to immigration, which it will report next June.

It is presenting this as a way of "facilitating" the travel of those people the state can trust without any shadow of a doubt. This will mean a two-speed Europe for all those people coming in and out of the continent's ports of entry - those people who have immaculate personal histories, sparkling curriculum vitae, will breeze through immigration via fast-track, biometric immigration gates.

The background checks would be even more detailed than those provided to US officials in the US-VISIT biometric immigration programme. Though the details of how these checks will be assembled has not been decided, the approach being developed in Europe, as elsewhere, is one of data shared between immigration, police, intelligence and civil databases.

European law doesn't allow this sort of routine data-sharing to happen right now, but the various biometric systems being built in Brussels are being designed with a common database. These systems will be designed so they are virtually separate - with Chinese walls, if you like. Should the legislation change, it would be easy for the databases to be merged to create a broader profile of people on the system.

The basis of this is the Biometric Management System, the contract for which is being awarded any day now. This is where the fingerprints belonging to the subjects of the European civil and immigration intelligence system will be stored.

Hanging off this will be the systems underpinning a variety of projects under differing stages of technological and legislative development, but which are typically begun before they are approved in the European Parliament and Council: the Visa Information System (VIS), the Eurodac database of asylum seekers, the Shengen Information System II for intra-European travel and a system that is as yet just an idea, the European criminal fingerprint database.

These plans might bring Europe into closer alignment with US ideas of intelligence gathering and lay the foundation for the global immigration database that is already being discussed by the US and its allies. But its inception will be interesting politically, as was demonstrated by the trouble over PNR.

Who blows up the planes?

PNR, Paul told conference delegates, demonstrated the different approaches the EU and US take to privacy.

"The trust issue is a US issue because there are members of congress who say, 'who were the people trying to blow up the planes in the UK? Were they third country nationals? No, they were UK citizens, so under the visa waiver programme they could have gone to the US," he said.

The Commission's idea of person-centric border controls would appease the US, but might not please data protection authorities, which have been dismayed by PNR and other US activities concerning European citizens' personal data.

On the European side, the trust issue is that the US have, by EU standards, inadequate legislation to protect citizens from abuse of data held on them by the state. But the EU's data protection authorities have a tentative hold over the matter anyway - because as a security issue it is not an EU legal competence.

And the future role that data protection authorities will play in this issue is uncertain. Troy Potter of the US Department of Homeland Security has set out to encourage the US' allies to agree legislation to enable their planned global immigration database, and told The Register last week that the US was prepared to do bilateral deals if the EU couldn't get its act together to share its immigration data.

There is also a British example being used to promote this idea amongst the faithful in Brussels. The idea is what some people call "positive discrimination" in immigration: taking people who do not suffer discrimination and making their lives even easier at immigration. It's what John Reid, the British Home Secretary, is calling "a revolution in border control", necessary to discriminate between those people likely to commit another 7/7 terrorist attack and those likely to do lots of shopping in Harrods. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.