Feeds

ICO queries Heathrow T5's huge fingerprint scam scan

National security now wholly funded by shopping

Secure remote control for conventional and virtual desktops

The government, the British Airports Authority and the Information Commissioner's Office are arguing over fingerprinting at Heathrow's new Terminal 5, which is due to open on Thursday. T5 is to use a 'count them all in, count them all out' biometric system to log entry and exit to the departure lounge, but the ICO thinks the move may breach the Data Protection Act, and has demanded an explanation from BAA.

Fingerprints are to be taken because T5 will use a single departure lounge for international and domestic passengers, and there is therefore a need to tie the passengers to their tickets. Otherwise, it is claimed, passengers could swap tickets in the lounge, and incoming terror suspects could slip into the UK via a regional airport without going through immigration. Instead of, one assumes, continuing their transit unhindered to Schiphol or whatever. It is not immediately obvious why someone who's going to be ID'd as a dangerous terrorist by the Borders & Immigration Agency at the immigration desk is not going to be similarly ID'd on the passenger manifest, but this is by no means the only thing that isn't immediately obvious.

The ICO wants the BAA to explain why fingerprinting is needed at all, pointing out that photographs are less intrusive, and are used at other BAA airports which have a single lounge for all passengers. BAA blames the government, and says in a statement: "When BAA announced plans for common departure lounges, the BIA was keen on a reliable biometric element to border control. Fingerprinting was selected as the most robust method by BAA, the BIA and other government departments."

The government, meanwhile, blames BAA. According to the Home Office: "We requested that they take measures to ensure the integrity of the UK border. We are content that the measures they have taken ensure the security of the UK border. The design of the system is a matter for BAA."*

And it's being done at Heathrow, but not at other airports, because Heathrow is special, "because there was a higher risk at Heathrow." Right... Except that it's only being done at Heathrow so far.

The system being deployed at Heathrow has in fact been running, without fingerprinting, at Gatwick for over three years. The Gatwick Common User Lounge System (CULS) was developed by Advantage System Solutions, and "is designed to allow domestic passengers to use CUL facilities (shops, restaurants etc.) at a London airport – which would otherwise only be available to international passengers." From BAA's point of view having all of the passengers in one huge retail complex is good for business, and we should be clear here that single departure lounges are a part of BAA's broad strategic plan, not just some weird design feature of Heathrow Terminal 5.

The Gatwick deployment involves taking a digital photograph on entry to the lounge, and attaching a barcode label to the boarding pass. Scanning this at the departure gate brings the photo up on screen, and security compares it with the live item. The system ought to be fairly reliable provided security is paying attention, and the addition of a facial recognition facility (as anticipated by Advantage), would tighten the system up further.

For Heathrow, however, this system has morphed into PASS, Passenger Authentication Scanning System. PASS consists of three components - ICISS (Integrated Communication Information and Security System), which is used in conjunction with Internet check-in; CULS; and fingerprinting. This last is the only real 'new' feature of PASS, which otherwise seems a repackaging of CULS and ICISS, both of which have been running together for several years. And as they've been doing so at Gatwick without fingerprints, the new feature (the technology is supplied by Germany's Dermalog) is clearly optional, probably disproportionate, and unnecessarily invasive.

* We shouldn't let the Home Office's apparent denial of responsibility for "the integrity of the UK border" pass unnoticed. Aside from the people at the immigration desks, these days Home Office employees can be pretty scarce at UK airports. You check in online or with an airline employee, contract security people scan your ticket, and scan you for weaponry, and airline and contract staff check your ID at the departure gate. The Home Office certainly isn't paying money for very much of that already, and if it's got BAA stumping up for digital photography, fingerprint scanners and watch-list look-ups (which it has), and airlines supplying passenger lists and quaking at the prospect of being fined for shipping in illegal immigrants (which they are), then yes, you begin to see what it means. And to wonder what it's for. ®

New hybrid storage solutions

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.