What you need to know about cloud backup

The Visa Waiver Programme (VWP), which allows EU citizens visa-free entry to the United States, is to be 'modernised' into virtual oblivion, and replaced by far more invasive 'pre-authorisation' systems on both sides of the Atlantic. This is revealed in an exchange of letters between EU Commissioner for Justice, Freedom (sic) & Security Franco Frattini and US Homeland Security Secretary Michael Chertoff earlier this year (see Statewatch for Frattini and Chertoff letters).

Frattini's letter ostensibly tackles Chertoff on the issue of full reciprocity in visa free travel for both US and EU citizens, the issue here being that the EU's newer Member States have not yet been allowed by the US to participate in the waiver scheme. The EU has been lobbying the US for some time over this without success, and the matter has now been complicated by US legislation to, in Chertoff's words, "enhance the security of the VWP." The key enhancement is a system which will collect "basic biographic data about passengers who wish to travel to the United States."

There's no actual visa involved, so it can still be claimed that the visa is waived, but the extent of the information required, the checking involved and the pre-authorisation means that it can also be viewed as a 'visas for all' programme. Chertoff himself makes this a little clearer: "We can no longer afford to assume that all citizens of VWP countries represent lesser security threats, and that all citizens of non-VWP countries represent greater threats. Instead, we need a program that screens for risks on a passenger-by-passenger." So really, it's the VWP 'whitelist' of countries that's toast.

What's Frattini's stance on this? He lobbies strongly for the new EU States to be included in the VWP, and quibbles some aspects of the new US rules. Visa reciprocity and readmission, where the new rules require that VWP members accept all their national for readmission "soon after they are issued a final order of removal", are he stresses matters of "EU competence", which is code for 'please stop trying to negotiate separate deals with EU Member States. Chertoff responds with: "DHS is pleased to have already begun discussions of these new security measures with some of the Roadmap countries that will be eligible for admission under the modified program. We also look forward to discussions over the next two years with existing VWP members, many of which have already implemented security measures similar to the new VWP requirements which may ultimately be deemed to satisfy these obligation."

This is code for 'go screw yourself, Franco.'

Frattini is however an unconvincing defender of the status quo anyway, because he really wants to build the EU an ETA of its own, so that the EU and US can happily engage in mutual invasive biographical data sharing. Frattini is already deploying an EU Passenger Name Record (PNR) system in response to the personal data grab the US prepared earlier, and now: "In particular we would be interested in being informed and consulted on the planned Electronic Travel Authorization system (ETA) for all travellers coming to the US. The EU may consider the introduction of a similar reciprocal system at the EU level. Close cooperation and consultation with the US on characteristics, compatibilities and other aspects of both systems would therefore be very useful."

He likes it and wants one, doesn't he? And: "In this context EU citizens already provide information to the US through embarkation cards and API [Advance Passenger Information] and PNR data. We would open to further consideration of bilateral arrangements on data exchange at the European level, as suggested by the draft Visa Waiver Programme legislation."

As far as the new EU States are concerned, entry to the current VWP seems as remote a possibility as ever. This is conditional on the implementation of an exit system in the US, using biographical information at first, and biometric by mid-2009. But a US Government Accountability Office (GAO) report earlier this year said: "The prospects for successfully delivering an operational exit solution are as uncertain today as they were four years ago." (see Statewatch).

We should at this point draw the reader's attention to the fascinating quote from the GAO report: "According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE [Point of Exit] facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles."

Think about that one - "biometrically verify... without requiring [persons] to stop and/or exit their vehicles." This, we hypothesise, is how they propose to do it. The DHS already has wacky ideas for reading biometric ID from busloads of people at border points without anybody getting off the bus. So you'd just kind of point a big magic beam at a passing vehicle (we swear we're not making this up), and all of the ID cards and passports would get read. But that doesn't verify biometric ID, it just tallies up ID documents. So, ruling out fingerprint (just slap the reader as you drive by - no, we don't think so) and iris, we're left with face. Everybody puts their ID on the dash, and smiles for the cameras as they go by? This is the least totally impossible way of biometrically verifying the ID of people in moving vehicles that we can think of, and presumably the DHS reps had their fingers crossed when the said they think they'll be doing this at the Mexican border in five to ten years... ®

Agentless Backup is Not a Myth