Feeds

EU, US plan 'clear to fly' checks for visa waiver revamp

US 'modernises' visa waivers, Frattini wants to join in

Secure remote control for conventional and virtual desktops

The Visa Waiver Programme (VWP), which allows EU citizens visa-free entry to the United States, is to be 'modernised' into virtual oblivion, and replaced by far more invasive 'pre-authorisation' systems on both sides of the Atlantic. This is revealed in an exchange of letters between EU Commissioner for Justice, Freedom (sic) & Security Franco Frattini and US Homeland Security Secretary Michael Chertoff earlier this year (see Statewatch for Frattini and Chertoff letters).

Frattini's letter ostensibly tackles Chertoff on the issue of full reciprocity in visa free travel for both US and EU citizens, the issue here being that the EU's newer Member States have not yet been allowed by the US to participate in the waiver scheme. The EU has been lobbying the US for some time over this without success, and the matter has now been complicated by US legislation to, in Chertoff's words, "enhance the security of the VWP." The key enhancement is a system which will collect "basic biographic data about passengers who wish to travel to the United States."

This system, the Electronic Travel Authorization (ETA, there's a weird coincidence) will effectively be a pre-authorisation system for US entry, or, as Chertoff puts it, "a passenger will, in effect, make a reservation with the United States." It will apply to all travellers, with those passing being clear to board, while the rest can be flagged for more detailed investigation or simply refused. So although it will not be a visa system as such, the kind of information and checks involved will be similar to those used in a visa application. As and when it's operational it will be a visa-like system, operating on-the-fly (as it were).

There's no actual visa involved, so it can still be claimed that the visa is waived, but the extent of the information required, the checking involved and the pre-authorisation means that it can also be viewed as a 'visas for all' programme. Chertoff himself makes this a little clearer: "We can no longer afford to assume that all citizens of VWP countries represent lesser security threats, and that all citizens of non-VWP countries represent greater threats. Instead, we need a program that screens for risks on a passenger-by-passenger." So really, it's the VWP 'whitelist' of countries that's toast.

What's Frattini's stance on this? He lobbies strongly for the new EU States to be included in the VWP, and quibbles some aspects of the new US rules. Visa reciprocity and readmission, where the new rules require that VWP members accept all their national for readmission "soon after they are issued a final order of removal", are he stresses matters of "EU competence", which is code for 'please stop trying to negotiate separate deals with EU Member States. Chertoff responds with: "DHS is pleased to have already begun discussions of these new security measures with some of the Roadmap countries that will be eligible for admission under the modified program. We also look forward to discussions over the next two years with existing VWP members, many of which have already implemented security measures similar to the new VWP requirements which may ultimately be deemed to satisfy these obligation."

This is code for 'go screw yourself, Franco.'

Frattini is however an unconvincing defender of the status quo anyway, because he really wants to build the EU an ETA of its own, so that the EU and US can happily engage in mutual invasive biographical data sharing. Frattini is already deploying an EU Passenger Name Record (PNR) system in response to the personal data grab the US prepared earlier, and now: "In particular we would be interested in being informed and consulted on the planned Electronic Travel Authorization system (ETA) for all travellers coming to the US. The EU may consider the introduction of a similar reciprocal system at the EU level. Close cooperation and consultation with the US on characteristics, compatibilities and other aspects of both systems would therefore be very useful."

He likes it and wants one, doesn't he? And: "In this context EU citizens already provide information to the US through embarkation cards and API [Advance Passenger Information] and PNR data. We would open to further consideration of bilateral arrangements on data exchange at the European level, as suggested by the draft Visa Waiver Programme legislation."

As far as the new EU States are concerned, entry to the current VWP seems as remote a possibility as ever. This is conditional on the implementation of an exit system in the US, using biographical information at first, and biometric by mid-2009. But a US Government Accountability Office (GAO) report earlier this year said: "The prospects for successfully delivering an operational exit solution are as uncertain today as they were four years ago." (see Statewatch).

We should at this point draw the reader's attention to the fascinating quote from the GAO report: "According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE [Point of Exit] facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles."

Think about that one - "biometrically verify... without requiring [persons] to stop and/or exit their vehicles." This, we hypothesise, is how they propose to do it. The DHS already has wacky ideas for reading biometric ID from busloads of people at border points without anybody getting off the bus. So you'd just kind of point a big magic beam at a passing vehicle (we swear we're not making this up), and all of the ID cards and passports would get read. But that doesn't verify biometric ID, it just tallies up ID documents. So, ruling out fingerprint (just slap the reader as you drive by - no, we don't think so) and iris, we're left with face. Everybody puts their ID on the dash, and smiles for the cameras as they go by? This is the least totally impossible way of biometrically verifying the ID of people in moving vehicles that we can think of, and presumably the DHS reps had their fingers crossed when the said they think they'll be doing this at the Mexican border in five to ten years... ®

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.