UK plans 'real-time' no-fly lists plus fingerprint ID for air travel
'No finger, no fly' to commence at Heathrow
As has been illustrated all too frequently in the past, they don't tell immigration ministers anything - and, if what he had to say this week at the official unveiling of Heathrow's biometric trial is anything to go by, current incumbent Liam Byrne is no exception. Quoted here in the Telegraph, Byrne observes that he does not see the Heathrow system as being a "stand-alone scheme", and that the Government wanted to see it used as part of efforts to control immigration and to check the identity of people coming to this country.
So perhaps now would be a good time for us to introduce Mr Byrne to those aspects of the scheme that haven't been widely publicised, but in which his department is intimately involved. They're to do with universal biometric entry validation for British airports, and with checking the records, including immigration status, of those participating in the current trial, miSense.
Amusingly, although the misSense pilot only had two stages when we covered it last week, it has now sprouted a third deck, miSenseallclear - here we have before and after (NB late arriving readers, this will make no sense at all once the Google cache flushes, but trust us).
miSenseallclear "involves the forwarding of interactive Advance Passenger Information (iAPI) for analysis by UK authorities, prior to passengers boarding their flight," and the explanation here fleshes that out nicely. This part of the trial is intended to test the capability of providing UK border control agencies with passenger information prior to flight departure" and (sinister voice on) "enables real-time interaction between airline and government on a passenger-by-passenger basis... The objective is to prove the technical and operational feasibility of 'Board/No-Board' processing in the live UK environment and will simulate as far as possible a real situation". Our incredulous emphasis there - are they suggesting that flights to Hong Kong and the UAE are in some way unreal, possibly even entirely imaginary?
Or possibly they mean that for the purposes of this trial, No Boards will be purely advisory: "miSenseallclear will be conducted without imposing the outcome of the board/no-board decision upon the participating airlines. There, Emirates and Cathay Pacific passengers, doesn't that make you feel a whole heap safer? "Hey, Immigration & Nationality Directorate here - Mr K Mohammed is showing up in our records as a dangerous al Qaeda terror bomber controller, but hey, that's cool, just you go ahead and let him on the plane. Best check him for handcream though..."
No, friends, we don't really think these decisions are going to be viewed by the airlines as purely advisory either. But the process they're trying to iron out here is clear. The passenger enrols in the system, their records are shipped over to the UK authorities for a decision on whether they can fly or not, and the answer is intended to ping back before flight departure time. As miSense is intended to be a pre-registration scheme it won't be necessary in many cases to come back with a response within a couple of hours, so it needn't be exactly "real-time", but even here IND will apparently have to come up with its response within 24 hours, as the miSensePlus membership cards are issued on enrolment, and activated 24 hours after that. The Register finds it difficult to think of anything IND can do within 24 hours, unless you count correcting yesterday's figures.
And within six months, 24 hours is going to be too long anyway, if we take into account something else Liam Byrne didn't mention. The miSense system is linked to Advantage Systems Solutions' Internet Check-In Scanning System (ICISS), which is operational at ten UK airports and which is used for security checks on home printed online check-in boarding cards. Advantage has also already run a trial of biometric systems at Heathrow, and in September announced that it had won the contract to build a Passenger Authentication Scanning System (PASS) for Heathrow, with rollout commencing in Terminal 1 in April 2007, followed by Terminal 5 in September 2007.
This system has quite a lot in common with the MiSense system, the basic principle being that it turns the departure lounge into a secure zone (yes, we know it's supposed to be a secure zone already) with biometrics governing entry and exit. Documents and fingers are produced prior to entry, and then biometrics are checked on exit as the passenger boards the flight. And do not expect the words 'voluntary participation' to figure in the announcement when this one goes live - at minimum it will operate as a system to count them all in and match them on the way out, while the intention is clearly for the UK authorities to be able to deliver that real-time 'Board/No Board' decision for every passenger. Don't hold your breath for full implementation of that part of the deal though (but on the other hand, considering that the UK Government has precious few records to check people against, aside from the big online list of international terrorists, criminals, immigration defaulters and sundry villains it imagines will exist one day, the early checks could be pretty fast). UK immigration does however gain something even if the live Board/No Board system can't be achieved. It will have the data to produce comprehensive movement records for air travellers, and could therefore claim to have achieved the goal of 'knowing who's coming in and who's going out.' Knowing that 'he went thataway' is not always wholly helpful, and can cause embarrassment.
But Hello, Security Hole? The non-existence of the definitive Observer's Book of Terror Bombers is actually pretty important, because in most cases the liberal sprinkling of biometric pixie dust will make damn-all difference to the security situation. Think about it - currently, the UK Government has fingerprint records of very few of the people passing through Heathrow (higher at Stansted, obviously), the immigration services have online access to (educated guess) none of the records the Government does have, and the format of these records quite probably won't match up with the format of the prints being taken at enrolment. So you can match up the miSense passengers with the miSense records (which you've promised to destroy at the end of January), and under PASS you can confirm (probably...) that the finger that's going out is the finger that came in, but all that of itself identifies is the finger (probably...). What is it that makes you think this finger is really associated with a particular identity?
Out there in the Futureland of imaginary Big Lists, a Big List that associates fingers with actual identities will exist in the shape of the National Identity Register, so when Byrne says of miSense that: "This is a good example of how ID cards will be useful when helping people move through security", what he really means is that 'this system would stand a considerably better chance of being successful if all of you buggers already had biometric ID cards and we had you on a huge database.' Currently, however, and until such time as a working and accurate National Identity Register exists, the only mechanism that can be used to identity the traveller is the passport. And even in the ideal planned future, the NIR will only cover UK residents anyway. So the miSense/PASS system is like the current system, except that the passport is being used to establish the credentials of the fingerprint as proof of identity. The fingerprint will frequently, wrongly, be viewed as providing a stronger proof of identity, but in most cases this 'proof' is only as strong or as weak as the passport itself. If you could previously get through on a forged, stolen or fraudulently obtained passport, then so long as your fingerprints can't be matched up for other reasons, you'll still get through.
This becomes potentially dangerous when people start to presume that the fingerprint is of itself strong proof of identity, and/or that the fingerprint is necessarily attached to the finger that originally produced it. So in some instances it may turn out not to be necessary for the supporting passport to be present, for the face in the passport to match the face of the bearer (people will look less, and sometimes they won't look at all), or for the original finger to operate the unattended check-in kiosk or security barrier. So if nobody's watching closely, the rubber finger gag might just be enough to get you through immigration. And if it turns out you can get enough information from a biometric passport (second generation fingerprint version) or ID card to build a rubber finger, well... ®
Sponsored: Magic Quadrant for Client Management Tools