Feeds

EU, US plan 'clear to fly' checks for visa waiver revamp

US 'modernises' visa waivers, Frattini wants to join in

Maximizing your infrastructure through virtualization

The Visa Waiver Programme (VWP), which allows EU citizens visa-free entry to the United States, is to be 'modernised' into virtual oblivion, and replaced by far more invasive 'pre-authorisation' systems on both sides of the Atlantic. This is revealed in an exchange of letters between EU Commissioner for Justice, Freedom (sic) & Security Franco Frattini and US Homeland Security Secretary Michael Chertoff earlier this year (see Statewatch for Frattini and Chertoff letters).

Frattini's letter ostensibly tackles Chertoff on the issue of full reciprocity in visa free travel for both US and EU citizens, the issue here being that the EU's newer Member States have not yet been allowed by the US to participate in the waiver scheme. The EU has been lobbying the US for some time over this without success, and the matter has now been complicated by US legislation to, in Chertoff's words, "enhance the security of the VWP." The key enhancement is a system which will collect "basic biographic data about passengers who wish to travel to the United States."

This system, the Electronic Travel Authorization (ETA, there's a weird coincidence) will effectively be a pre-authorisation system for US entry, or, as Chertoff puts it, "a passenger will, in effect, make a reservation with the United States." It will apply to all travellers, with those passing being clear to board, while the rest can be flagged for more detailed investigation or simply refused. So although it will not be a visa system as such, the kind of information and checks involved will be similar to those used in a visa application. As and when it's operational it will be a visa-like system, operating on-the-fly (as it were).

There's no actual visa involved, so it can still be claimed that the visa is waived, but the extent of the information required, the checking involved and the pre-authorisation means that it can also be viewed as a 'visas for all' programme. Chertoff himself makes this a little clearer: "We can no longer afford to assume that all citizens of VWP countries represent lesser security threats, and that all citizens of non-VWP countries represent greater threats. Instead, we need a program that screens for risks on a passenger-by-passenger." So really, it's the VWP 'whitelist' of countries that's toast.

What's Frattini's stance on this? He lobbies strongly for the new EU States to be included in the VWP, and quibbles some aspects of the new US rules. Visa reciprocity and readmission, where the new rules require that VWP members accept all their national for readmission "soon after they are issued a final order of removal", are he stresses matters of "EU competence", which is code for 'please stop trying to negotiate separate deals with EU Member States. Chertoff responds with: "DHS is pleased to have already begun discussions of these new security measures with some of the Roadmap countries that will be eligible for admission under the modified program. We also look forward to discussions over the next two years with existing VWP members, many of which have already implemented security measures similar to the new VWP requirements which may ultimately be deemed to satisfy these obligation."

This is code for 'go screw yourself, Franco.'

Frattini is however an unconvincing defender of the status quo anyway, because he really wants to build the EU an ETA of its own, so that the EU and US can happily engage in mutual invasive biographical data sharing. Frattini is already deploying an EU Passenger Name Record (PNR) system in response to the personal data grab the US prepared earlier, and now: "In particular we would be interested in being informed and consulted on the planned Electronic Travel Authorization system (ETA) for all travellers coming to the US. The EU may consider the introduction of a similar reciprocal system at the EU level. Close cooperation and consultation with the US on characteristics, compatibilities and other aspects of both systems would therefore be very useful."

He likes it and wants one, doesn't he? And: "In this context EU citizens already provide information to the US through embarkation cards and API [Advance Passenger Information] and PNR data. We would open to further consideration of bilateral arrangements on data exchange at the European level, as suggested by the draft Visa Waiver Programme legislation."

As far as the new EU States are concerned, entry to the current VWP seems as remote a possibility as ever. This is conditional on the implementation of an exit system in the US, using biographical information at first, and biometric by mid-2009. But a US Government Accountability Office (GAO) report earlier this year said: "The prospects for successfully delivering an operational exit solution are as uncertain today as they were four years ago." (see Statewatch).

We should at this point draw the reader's attention to the fascinating quote from the GAO report: "According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE [Point of Exit] facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles."

Think about that one - "biometrically verify... without requiring [persons] to stop and/or exit their vehicles." This, we hypothesise, is how they propose to do it. The DHS already has wacky ideas for reading biometric ID from busloads of people at border points without anybody getting off the bus. So you'd just kind of point a big magic beam at a passing vehicle (we swear we're not making this up), and all of the ID cards and passports would get read. But that doesn't verify biometric ID, it just tallies up ID documents. So, ruling out fingerprint (just slap the reader as you drive by - no, we don't think so) and iris, we're left with face. Everybody puts their ID on the dash, and smiles for the cameras as they go by? This is the least totally impossible way of biometrically verifying the ID of people in moving vehicles that we can think of, and presumably the DHS reps had their fingers crossed when the said they think they'll be doing this at the Mexican border in five to ten years... ®

Top three mobile application threats

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.