Feeds

EU, US plan 'clear to fly' checks for visa waiver revamp

US 'modernises' visa waivers, Frattini wants to join in

Next gen security for virtualised datacentres

The Visa Waiver Programme (VWP), which allows EU citizens visa-free entry to the United States, is to be 'modernised' into virtual oblivion, and replaced by far more invasive 'pre-authorisation' systems on both sides of the Atlantic. This is revealed in an exchange of letters between EU Commissioner for Justice, Freedom (sic) & Security Franco Frattini and US Homeland Security Secretary Michael Chertoff earlier this year (see Statewatch for Frattini and Chertoff letters).

Frattini's letter ostensibly tackles Chertoff on the issue of full reciprocity in visa free travel for both US and EU citizens, the issue here being that the EU's newer Member States have not yet been allowed by the US to participate in the waiver scheme. The EU has been lobbying the US for some time over this without success, and the matter has now been complicated by US legislation to, in Chertoff's words, "enhance the security of the VWP." The key enhancement is a system which will collect "basic biographic data about passengers who wish to travel to the United States."

This system, the Electronic Travel Authorization (ETA, there's a weird coincidence) will effectively be a pre-authorisation system for US entry, or, as Chertoff puts it, "a passenger will, in effect, make a reservation with the United States." It will apply to all travellers, with those passing being clear to board, while the rest can be flagged for more detailed investigation or simply refused. So although it will not be a visa system as such, the kind of information and checks involved will be similar to those used in a visa application. As and when it's operational it will be a visa-like system, operating on-the-fly (as it were).

There's no actual visa involved, so it can still be claimed that the visa is waived, but the extent of the information required, the checking involved and the pre-authorisation means that it can also be viewed as a 'visas for all' programme. Chertoff himself makes this a little clearer: "We can no longer afford to assume that all citizens of VWP countries represent lesser security threats, and that all citizens of non-VWP countries represent greater threats. Instead, we need a program that screens for risks on a passenger-by-passenger." So really, it's the VWP 'whitelist' of countries that's toast.

What's Frattini's stance on this? He lobbies strongly for the new EU States to be included in the VWP, and quibbles some aspects of the new US rules. Visa reciprocity and readmission, where the new rules require that VWP members accept all their national for readmission "soon after they are issued a final order of removal", are he stresses matters of "EU competence", which is code for 'please stop trying to negotiate separate deals with EU Member States. Chertoff responds with: "DHS is pleased to have already begun discussions of these new security measures with some of the Roadmap countries that will be eligible for admission under the modified program. We also look forward to discussions over the next two years with existing VWP members, many of which have already implemented security measures similar to the new VWP requirements which may ultimately be deemed to satisfy these obligation."

This is code for 'go screw yourself, Franco.'

Frattini is however an unconvincing defender of the status quo anyway, because he really wants to build the EU an ETA of its own, so that the EU and US can happily engage in mutual invasive biographical data sharing. Frattini is already deploying an EU Passenger Name Record (PNR) system in response to the personal data grab the US prepared earlier, and now: "In particular we would be interested in being informed and consulted on the planned Electronic Travel Authorization system (ETA) for all travellers coming to the US. The EU may consider the introduction of a similar reciprocal system at the EU level. Close cooperation and consultation with the US on characteristics, compatibilities and other aspects of both systems would therefore be very useful."

He likes it and wants one, doesn't he? And: "In this context EU citizens already provide information to the US through embarkation cards and API [Advance Passenger Information] and PNR data. We would open to further consideration of bilateral arrangements on data exchange at the European level, as suggested by the draft Visa Waiver Programme legislation."

As far as the new EU States are concerned, entry to the current VWP seems as remote a possibility as ever. This is conditional on the implementation of an exit system in the US, using biographical information at first, and biometric by mid-2009. But a US Government Accountability Office (GAO) report earlier this year said: "The prospects for successfully delivering an operational exit solution are as uncertain today as they were four years ago." (see Statewatch).

We should at this point draw the reader's attention to the fascinating quote from the GAO report: "According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE [Point of Exit] facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles."

Think about that one - "biometrically verify... without requiring [persons] to stop and/or exit their vehicles." This, we hypothesise, is how they propose to do it. The DHS already has wacky ideas for reading biometric ID from busloads of people at border points without anybody getting off the bus. So you'd just kind of point a big magic beam at a passing vehicle (we swear we're not making this up), and all of the ID cards and passports would get read. But that doesn't verify biometric ID, it just tallies up ID documents. So, ruling out fingerprint (just slap the reader as you drive by - no, we don't think so) and iris, we're left with face. Everybody puts their ID on the dash, and smiles for the cameras as they go by? This is the least totally impossible way of biometrically verifying the ID of people in moving vehicles that we can think of, and presumably the DHS reps had their fingers crossed when the said they think they'll be doing this at the Mexican border in five to ten years... ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.