Feeds

EU, US plan 'clear to fly' checks for visa waiver revamp

US 'modernises' visa waivers, Frattini wants to join in

Secure remote control for conventional and virtual desktops

The Visa Waiver Programme (VWP), which allows EU citizens visa-free entry to the United States, is to be 'modernised' into virtual oblivion, and replaced by far more invasive 'pre-authorisation' systems on both sides of the Atlantic. This is revealed in an exchange of letters between EU Commissioner for Justice, Freedom (sic) & Security Franco Frattini and US Homeland Security Secretary Michael Chertoff earlier this year (see Statewatch for Frattini and Chertoff letters).

Frattini's letter ostensibly tackles Chertoff on the issue of full reciprocity in visa free travel for both US and EU citizens, the issue here being that the EU's newer Member States have not yet been allowed by the US to participate in the waiver scheme. The EU has been lobbying the US for some time over this without success, and the matter has now been complicated by US legislation to, in Chertoff's words, "enhance the security of the VWP." The key enhancement is a system which will collect "basic biographic data about passengers who wish to travel to the United States."

This system, the Electronic Travel Authorization (ETA, there's a weird coincidence) will effectively be a pre-authorisation system for US entry, or, as Chertoff puts it, "a passenger will, in effect, make a reservation with the United States." It will apply to all travellers, with those passing being clear to board, while the rest can be flagged for more detailed investigation or simply refused. So although it will not be a visa system as such, the kind of information and checks involved will be similar to those used in a visa application. As and when it's operational it will be a visa-like system, operating on-the-fly (as it were).

There's no actual visa involved, so it can still be claimed that the visa is waived, but the extent of the information required, the checking involved and the pre-authorisation means that it can also be viewed as a 'visas for all' programme. Chertoff himself makes this a little clearer: "We can no longer afford to assume that all citizens of VWP countries represent lesser security threats, and that all citizens of non-VWP countries represent greater threats. Instead, we need a program that screens for risks on a passenger-by-passenger." So really, it's the VWP 'whitelist' of countries that's toast.

What's Frattini's stance on this? He lobbies strongly for the new EU States to be included in the VWP, and quibbles some aspects of the new US rules. Visa reciprocity and readmission, where the new rules require that VWP members accept all their national for readmission "soon after they are issued a final order of removal", are he stresses matters of "EU competence", which is code for 'please stop trying to negotiate separate deals with EU Member States. Chertoff responds with: "DHS is pleased to have already begun discussions of these new security measures with some of the Roadmap countries that will be eligible for admission under the modified program. We also look forward to discussions over the next two years with existing VWP members, many of which have already implemented security measures similar to the new VWP requirements which may ultimately be deemed to satisfy these obligation."

This is code for 'go screw yourself, Franco.'

Frattini is however an unconvincing defender of the status quo anyway, because he really wants to build the EU an ETA of its own, so that the EU and US can happily engage in mutual invasive biographical data sharing. Frattini is already deploying an EU Passenger Name Record (PNR) system in response to the personal data grab the US prepared earlier, and now: "In particular we would be interested in being informed and consulted on the planned Electronic Travel Authorization system (ETA) for all travellers coming to the US. The EU may consider the introduction of a similar reciprocal system at the EU level. Close cooperation and consultation with the US on characteristics, compatibilities and other aspects of both systems would therefore be very useful."

He likes it and wants one, doesn't he? And: "In this context EU citizens already provide information to the US through embarkation cards and API [Advance Passenger Information] and PNR data. We would open to further consideration of bilateral arrangements on data exchange at the European level, as suggested by the draft Visa Waiver Programme legislation."

As far as the new EU States are concerned, entry to the current VWP seems as remote a possibility as ever. This is conditional on the implementation of an exit system in the US, using biographical information at first, and biometric by mid-2009. But a US Government Accountability Office (GAO) report earlier this year said: "The prospects for successfully delivering an operational exit solution are as uncertain today as they were four years ago." (see Statewatch).

We should at this point draw the reader's attention to the fascinating quote from the GAO report: "According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE [Point of Exit] facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles."

Think about that one - "biometrically verify... without requiring [persons] to stop and/or exit their vehicles." This, we hypothesise, is how they propose to do it. The DHS already has wacky ideas for reading biometric ID from busloads of people at border points without anybody getting off the bus. So you'd just kind of point a big magic beam at a passing vehicle (we swear we're not making this up), and all of the ID cards and passports would get read. But that doesn't verify biometric ID, it just tallies up ID documents. So, ruling out fingerprint (just slap the reader as you drive by - no, we don't think so) and iris, we're left with face. Everybody puts their ID on the dash, and smiles for the cameras as they go by? This is the least totally impossible way of biometrically verifying the ID of people in moving vehicles that we can think of, and presumably the DHS reps had their fingers crossed when the said they think they'll be doing this at the Mexican border in five to ten years... ®

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.