Home Office to order fingerprinting of air passengers
T5 plan back, but bigger and nastier
Updated Fingerprinting of air passengers in the UK is back on the agenda, despite its having been derailed by the Information Commissioner earlier this year. the Home Office now plans to change aviation security rules to compel airport operators to collect fingerprints from next year onwards.
A 'count them in, count them out' system had been intended to be introduced on the opening of Heathrow Terminal 5 in May, but this was cancelled at the last minute after the Information Commissioner's Office queried the need for it, and warned that it could breach the Data Protection Act.
The British Airports Authority and the Borders & Immigration Agency (now known as the UK Borders Agency, formerly known as the Immigration & Nationality Directorate, sigh...) then argued entertainingly about which of them had wanted fingerprinting, each claiming it had been the other.
Then as now fingerprinting was intended to address the "problem" of airport lounges that mixed international and domestic passengers, the argument from the Home Office being that it would be possible for people to evade border checks by switching tickets with an accomplice. In May the Home Office claimed that it simply wanted a system that made this impossible, not necessarily one that used fingerprints, whereas now it appears to view fingerprints as the only acceptable solution.
According to the UKBA, the system will only be required at airports with mixed lounges. Later, it may also be used at some ports and the Channel Tunnel, although it's not at the moment particularly clear why. At most UK ferry ports it's certainly possible for people to exit the country without a passport check (because the holding area beyond the check isn't secure), but there's no obvious ticket switch scam that could be employed by incoming passengers, and collecting fingerprints would present major logistical difficulties.
Despite the ICO's objections to the T5 scheme in May, it has not been informed by the Home Office of plans to resume implementation or to extend it to other airports. A spokeswoman told The Register that its objections to the scheme that was planned for T5 still stand, and that it is seeking further information from the Home Office. In a statement, it said: "We have requested more information about the requirements the Agency may have for fingerprint checks on passengers where common airport departure lounges are in operation and our discussions with them are continuing. We have not received a formal response to date. Should the government issue instructions to BAA to collect fingerprint information from passengers at Terminal 5, we will examine the details very closely before deciding what action is appropriate."
In addition to being extended geographically, the fingerprinting scheme may also have been extended in scope. Newspaper reports over the weekend claimed that fingerprints collected would be checked against watchlists by UKBA and the security services, and if true, this would represent a very substantial piece of mission creep.
By design the aborted T5 fingerprint system was standalone, with no links to other databases and no retention of fingerprint records. In operation it was simply intended to collect passenger's fingerprints as they entered the departure lounge, and match them up at the gate when they boarded their flight. The fingerprint records collected, BAA said, would be destroyed at the end of each day, and would not generally be accessed by the security services.
The Home Office, in The Register's opinion, would undoubtedly like to be able to use biometrics collected at ports of entry as a dragnet for wanted terrorists and criminals, and will most certainly be doing this when UK passports include fingerprints. But doing this under the 'common lounge' pretext would certainly mean a lot more trouble with the ICO, and probably wouldn't go down well with the travelling public.
We've asked the Home Office whether or not it intends to check the fingerprints against watchlists and/or retain them, but we have yet to get a response. ®
Update A Home Office spokeswoman said that it was difficult to give a "one size fits all" answer to our queries, and that "it would always depend on the situation." We pointed out that the original scheme planned for T5 had effectively been a one size fits all, that fingerprints taken as part of it would have simply been used to control access to the lounge, would not have been checked against watchlists, and would have been destroyed at the end of every working day.
Asked if the new situation was materially different from this, she repeated that it would "depend on individual cases." She added that it would be up to the airports, not UKBA, to satisfy the concerns of the ICO. If, as appears to be the case, the Home Office is reserving the right to examine and retain fingerprints, that's a difficult one to get your head around.
Sponsored: 2016 Cyberthreat defense report