Feeds

ICO queries Heathrow T5's huge fingerprint scam scan

National security now wholly funded by shopping

Build a business case: developing custom apps

The government, the British Airports Authority and the Information Commissioner's Office are arguing over fingerprinting at Heathrow's new Terminal 5, which is due to open on Thursday. T5 is to use a 'count them all in, count them all out' biometric system to log entry and exit to the departure lounge, but the ICO thinks the move may breach the Data Protection Act, and has demanded an explanation from BAA.

Fingerprints are to be taken because T5 will use a single departure lounge for international and domestic passengers, and there is therefore a need to tie the passengers to their tickets. Otherwise, it is claimed, passengers could swap tickets in the lounge, and incoming terror suspects could slip into the UK via a regional airport without going through immigration. Instead of, one assumes, continuing their transit unhindered to Schiphol or whatever. It is not immediately obvious why someone who's going to be ID'd as a dangerous terrorist by the Borders & Immigration Agency at the immigration desk is not going to be similarly ID'd on the passenger manifest, but this is by no means the only thing that isn't immediately obvious.

The ICO wants the BAA to explain why fingerprinting is needed at all, pointing out that photographs are less intrusive, and are used at other BAA airports which have a single lounge for all passengers. BAA blames the government, and says in a statement: "When BAA announced plans for common departure lounges, the BIA was keen on a reliable biometric element to border control. Fingerprinting was selected as the most robust method by BAA, the BIA and other government departments."

The government, meanwhile, blames BAA. According to the Home Office: "We requested that they take measures to ensure the integrity of the UK border. We are content that the measures they have taken ensure the security of the UK border. The design of the system is a matter for BAA."*

And it's being done at Heathrow, but not at other airports, because Heathrow is special, "because there was a higher risk at Heathrow." Right... Except that it's only being done at Heathrow so far.

The system being deployed at Heathrow has in fact been running, without fingerprinting, at Gatwick for over three years. The Gatwick Common User Lounge System (CULS) was developed by Advantage System Solutions, and "is designed to allow domestic passengers to use CUL facilities (shops, restaurants etc.) at a London airport – which would otherwise only be available to international passengers." From BAA's point of view having all of the passengers in one huge retail complex is good for business, and we should be clear here that single departure lounges are a part of BAA's broad strategic plan, not just some weird design feature of Heathrow Terminal 5.

The Gatwick deployment involves taking a digital photograph on entry to the lounge, and attaching a barcode label to the boarding pass. Scanning this at the departure gate brings the photo up on screen, and security compares it with the live item. The system ought to be fairly reliable provided security is paying attention, and the addition of a facial recognition facility (as anticipated by Advantage), would tighten the system up further.

For Heathrow, however, this system has morphed into PASS, Passenger Authentication Scanning System. PASS consists of three components - ICISS (Integrated Communication Information and Security System), which is used in conjunction with Internet check-in; CULS; and fingerprinting. This last is the only real 'new' feature of PASS, which otherwise seems a repackaging of CULS and ICISS, both of which have been running together for several years. And as they've been doing so at Gatwick without fingerprints, the new feature (the technology is supplied by Germany's Dermalog) is clearly optional, probably disproportionate, and unnecessarily invasive.

* We shouldn't let the Home Office's apparent denial of responsibility for "the integrity of the UK border" pass unnoticed. Aside from the people at the immigration desks, these days Home Office employees can be pretty scarce at UK airports. You check in online or with an airline employee, contract security people scan your ticket, and scan you for weaponry, and airline and contract staff check your ID at the departure gate. The Home Office certainly isn't paying money for very much of that already, and if it's got BAA stumping up for digital photography, fingerprint scanners and watch-list look-ups (which it has), and airlines supplying passenger lists and quaking at the prospect of being fined for shipping in illegal immigrants (which they are), then yes, you begin to see what it means. And to wonder what it's for. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?