Feeds

ICO queries Heathrow T5's huge fingerprint scam scan

National security now wholly funded by shopping

The Power of One Infographic

The government, the British Airports Authority and the Information Commissioner's Office are arguing over fingerprinting at Heathrow's new Terminal 5, which is due to open on Thursday. T5 is to use a 'count them all in, count them all out' biometric system to log entry and exit to the departure lounge, but the ICO thinks the move may breach the Data Protection Act, and has demanded an explanation from BAA.

Fingerprints are to be taken because T5 will use a single departure lounge for international and domestic passengers, and there is therefore a need to tie the passengers to their tickets. Otherwise, it is claimed, passengers could swap tickets in the lounge, and incoming terror suspects could slip into the UK via a regional airport without going through immigration. Instead of, one assumes, continuing their transit unhindered to Schiphol or whatever. It is not immediately obvious why someone who's going to be ID'd as a dangerous terrorist by the Borders & Immigration Agency at the immigration desk is not going to be similarly ID'd on the passenger manifest, but this is by no means the only thing that isn't immediately obvious.

The ICO wants the BAA to explain why fingerprinting is needed at all, pointing out that photographs are less intrusive, and are used at other BAA airports which have a single lounge for all passengers. BAA blames the government, and says in a statement: "When BAA announced plans for common departure lounges, the BIA was keen on a reliable biometric element to border control. Fingerprinting was selected as the most robust method by BAA, the BIA and other government departments."

The government, meanwhile, blames BAA. According to the Home Office: "We requested that they take measures to ensure the integrity of the UK border. We are content that the measures they have taken ensure the security of the UK border. The design of the system is a matter for BAA."*

And it's being done at Heathrow, but not at other airports, because Heathrow is special, "because there was a higher risk at Heathrow." Right... Except that it's only being done at Heathrow so far.

The system being deployed at Heathrow has in fact been running, without fingerprinting, at Gatwick for over three years. The Gatwick Common User Lounge System (CULS) was developed by Advantage System Solutions, and "is designed to allow domestic passengers to use CUL facilities (shops, restaurants etc.) at a London airport – which would otherwise only be available to international passengers." From BAA's point of view having all of the passengers in one huge retail complex is good for business, and we should be clear here that single departure lounges are a part of BAA's broad strategic plan, not just some weird design feature of Heathrow Terminal 5.

The Gatwick deployment involves taking a digital photograph on entry to the lounge, and attaching a barcode label to the boarding pass. Scanning this at the departure gate brings the photo up on screen, and security compares it with the live item. The system ought to be fairly reliable provided security is paying attention, and the addition of a facial recognition facility (as anticipated by Advantage), would tighten the system up further.

For Heathrow, however, this system has morphed into PASS, Passenger Authentication Scanning System. PASS consists of three components - ICISS (Integrated Communication Information and Security System), which is used in conjunction with Internet check-in; CULS; and fingerprinting. This last is the only real 'new' feature of PASS, which otherwise seems a repackaging of CULS and ICISS, both of which have been running together for several years. And as they've been doing so at Gatwick without fingerprints, the new feature (the technology is supplied by Germany's Dermalog) is clearly optional, probably disproportionate, and unnecessarily invasive.

* We shouldn't let the Home Office's apparent denial of responsibility for "the integrity of the UK border" pass unnoticed. Aside from the people at the immigration desks, these days Home Office employees can be pretty scarce at UK airports. You check in online or with an airline employee, contract security people scan your ticket, and scan you for weaponry, and airline and contract staff check your ID at the departure gate. The Home Office certainly isn't paying money for very much of that already, and if it's got BAA stumping up for digital photography, fingerprint scanners and watch-list look-ups (which it has), and airlines supplying passenger lists and quaking at the prospect of being fined for shipping in illegal immigrants (which they are), then yes, you begin to see what it means. And to wonder what it's for. ®

Maximizing your infrastructure through virtualization

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.