Replace your broken biometric passport? Just say no...
How can they tell with no readers, anyway?
The NAO report also identifies issues with the current ePassport border control regime, and further issues to come. Essentially all that IPS has managed to do so far is to switch over to a new passport format and ship it without messing up - but practically all of the 'advantages' of the new system have yet to be switched on. The readers for the new passports have, largely, yet to be deployed and the Immigration & Nationality Directorate only began testing of high volume throughput for ePassports in November of last year. In theory, they hope, it will take eight seconds to run a passport through a reader, but they really have no worthwhile experience of what happens when a couple of 747 loads of biometric passports all hit the barriers at the same time. And, if we again consider the possibility of broken chips, we should factor in here what the report has to say about how failures will be dealt with: "In instances where the chip cannot be read, secondary screening measures need to be in operation to maintain the increased security offered by the implementation of ePassports."
So in IPS's ideal world, the bearers of the small number of dud passports are encouraged to get them replaced by the judicious application of more tedious "secondary screening measures." But, should it turn out there are large numbers of failures, these secondary measures (which we can surely expect to be somewhat ad hoc and confused) will result in tailbacks at the barriers, or subsidiary tailbacks at the secondary screening with knock-on tailbacks at the barriers, or IND operatives putting their hands up and just letting everyone through. Which was by no means unknown in the pre-ePassport world.
And the screening in an extreme ideal world where none of the chips are broken has problems that will persist, even after the front desk readers are installed. Says the report: "Immigration Officers will, until September 2007, have to leave the front desk to undertake additional checks of the digital signature using the readers located in back offices." There is, apparently, a "technical issue preventing full functionality at front desks," and as an interim measure an extra 200 readers are to be installed in back offices to check digital signatures.
It's not clear from the report what precisely the technical issue is, but clearly the front line readers aren't able to check that the passport being checked is genuine, and they're also unable to establish this via a network connection. Immigration officers can check that the passport is genuine, but that's going to take a good deal longer than eight seconds, so it's only going to be done in 'special cases'.
Further problems will arise when IPS moves on to the next generation of ePassport, which will include fingerprint as well as facial biometric, because the chip's too small. The UK's biometric-hungry Home Office has from the outset been mustard keen on wildly exceeding the ICAO biometric passport spec by grabbing all ten fingerprints, mugshot and iris images (although the latter may now have been pretty well postponed forever), but in common with other EU countries it has conceded the point that unless you use chips with more memory than the chips they're actually using, you can only fit a facial image and two fingerprints onto them. But despite this, it turns out the chip still isn't good enough.
Says the report, "although there is spare capacity on the chip to store two fingerprints, the current model of chip has insufficient capability to accommodate the enhanced operating system and electronic key infrastructure required to protect fingerprint data. IPS "believes that existing production lines will only require minor modifications to insert a larger capacity chip into the ePassport and load data onto it," but it doesn't know how much this, the chips themselves, or the enhanced operating system, will cost. In paralel to the expression of this lack of knowledge, incidentally, the UK's representatives at the EU's Justice and Home Affairs Committee have been airily claiming that ten fingerprints will ultimately be fine because of how fast the technology improves, i.e. the IT strategy is that 'something is bound to turn up.'
More opportunities for spending lots more money are associated with the facial biometric, or 'picture', as we used to call it. "we were told by our consultants that the use of current facial recognition technology with two dimensional images (as is the case for ePassports) is not sufficiently reliable to enable fully automated searches even in relatively small databases, and performance is known to decline as database size increases... current facial recognition software cannot be used to check new applications against the entire database of existing ePassport holders." IPS says that its pilot of facial recognition software on new applications has revealed "over 400 confirmed facial matches", but given what the NAO has to say, it seems likely that IPS doesn't have anything that could be generally deployed, and that what ministers have been telling us about the impossibility of one face appearing on more than one ePassport is not entirely true, for the moment.
IPS, undaunted, nevertheless "believes there is good potential in the future for one-to-one comparison of the image held on the passport chip with the passport holder standing at border control, which could eventually enable automated border control of the sort currently being trialled in Australia."
So to sum up the reader situation, the readers that have not yet been installed will not operate at full spec at least before September, until which time an interim bodge will be applied, or more likely ignored, by immigration officers. Subsequently the readers will all have to be upgraded to deal with fingerprints, and the network (if by that time it has sort of magically appeared and started working) will probably need more work to accommodate the fingerprint system security. And on top of that, gosh, maybe we should roll out facial recognition software to all readers as standard too.
There's lots more - IPS has been consultants a-go-go, spending £4.9 million on them from May 2003 to November 2006, £322,000 on fixed-term contractors, £2.1 million on legal and accountancy advisers, partially to drive down the cost of the main contract, and (ah yes, remember them?) IPS also managed to spend £82,000 on paying its own staff. The NAO is quite reasonably worried that all of the expertise and knowledge of the project could quite easily vanish with the contractors, leaving a deskilled and disempowered staff to pick up the pieces.
Aside from fixing this by bringing more skills in-house in the future, it's recommended that future upgrades (does this include everything that's not connected or working yet?) should be managed as "a cross-agency project encompassing the Identity and Passport Service, the Foreign & Commonwealth Office and the Immigration and Nationality Directorate with a Senior Responsible Owner, a single project plan and project board." We feel that by reading between the report's lines we can infer a certain amount of finger-pointing between these three organisations having taken place - so the process of carving this one up should be a rich source of entertainment. ®
Sponsored: Global DDoS threat landscape report