Feeds

ICO queries Heathrow T5's huge fingerprint scam scan

National security now wholly funded by shopping

Remote control for virtualized desktops

The government, the British Airports Authority and the Information Commissioner's Office are arguing over fingerprinting at Heathrow's new Terminal 5, which is due to open on Thursday. T5 is to use a 'count them all in, count them all out' biometric system to log entry and exit to the departure lounge, but the ICO thinks the move may breach the Data Protection Act, and has demanded an explanation from BAA.

Fingerprints are to be taken because T5 will use a single departure lounge for international and domestic passengers, and there is therefore a need to tie the passengers to their tickets. Otherwise, it is claimed, passengers could swap tickets in the lounge, and incoming terror suspects could slip into the UK via a regional airport without going through immigration. Instead of, one assumes, continuing their transit unhindered to Schiphol or whatever. It is not immediately obvious why someone who's going to be ID'd as a dangerous terrorist by the Borders & Immigration Agency at the immigration desk is not going to be similarly ID'd on the passenger manifest, but this is by no means the only thing that isn't immediately obvious.

The ICO wants the BAA to explain why fingerprinting is needed at all, pointing out that photographs are less intrusive, and are used at other BAA airports which have a single lounge for all passengers. BAA blames the government, and says in a statement: "When BAA announced plans for common departure lounges, the BIA was keen on a reliable biometric element to border control. Fingerprinting was selected as the most robust method by BAA, the BIA and other government departments."

The government, meanwhile, blames BAA. According to the Home Office: "We requested that they take measures to ensure the integrity of the UK border. We are content that the measures they have taken ensure the security of the UK border. The design of the system is a matter for BAA."*

And it's being done at Heathrow, but not at other airports, because Heathrow is special, "because there was a higher risk at Heathrow." Right... Except that it's only being done at Heathrow so far.

The system being deployed at Heathrow has in fact been running, without fingerprinting, at Gatwick for over three years. The Gatwick Common User Lounge System (CULS) was developed by Advantage System Solutions, and "is designed to allow domestic passengers to use CUL facilities (shops, restaurants etc.) at a London airport – which would otherwise only be available to international passengers." From BAA's point of view having all of the passengers in one huge retail complex is good for business, and we should be clear here that single departure lounges are a part of BAA's broad strategic plan, not just some weird design feature of Heathrow Terminal 5.

The Gatwick deployment involves taking a digital photograph on entry to the lounge, and attaching a barcode label to the boarding pass. Scanning this at the departure gate brings the photo up on screen, and security compares it with the live item. The system ought to be fairly reliable provided security is paying attention, and the addition of a facial recognition facility (as anticipated by Advantage), would tighten the system up further.

For Heathrow, however, this system has morphed into PASS, Passenger Authentication Scanning System. PASS consists of three components - ICISS (Integrated Communication Information and Security System), which is used in conjunction with Internet check-in; CULS; and fingerprinting. This last is the only real 'new' feature of PASS, which otherwise seems a repackaging of CULS and ICISS, both of which have been running together for several years. And as they've been doing so at Gatwick without fingerprints, the new feature (the technology is supplied by Germany's Dermalog) is clearly optional, probably disproportionate, and unnecessarily invasive.

* We shouldn't let the Home Office's apparent denial of responsibility for "the integrity of the UK border" pass unnoticed. Aside from the people at the immigration desks, these days Home Office employees can be pretty scarce at UK airports. You check in online or with an airline employee, contract security people scan your ticket, and scan you for weaponry, and airline and contract staff check your ID at the departure gate. The Home Office certainly isn't paying money for very much of that already, and if it's got BAA stumping up for digital photography, fingerprint scanners and watch-list look-ups (which it has), and airlines supplying passenger lists and quaking at the prospect of being fined for shipping in illegal immigrants (which they are), then yes, you begin to see what it means. And to wonder what it's for. ®

Remote control for virtualized desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.