Feeds

Home Office to order fingerprinting of air passengers

T5 plan back, but bigger and nastier

SANS - Survey on application security programs

Updated Fingerprinting of air passengers in the UK is back on the agenda, despite its having been derailed by the Information Commissioner earlier this year. the Home Office now plans to change aviation security rules to compel airport operators to collect fingerprints from next year onwards.

A 'count them in, count them out' system had been intended to be introduced on the opening of Heathrow Terminal 5 in May, but this was cancelled at the last minute after the Information Commissioner's Office queried the need for it, and warned that it could breach the Data Protection Act.

The British Airports Authority and the Borders & Immigration Agency (now known as the UK Borders Agency, formerly known as the Immigration & Nationality Directorate, sigh...) then argued entertainingly about which of them had wanted fingerprinting, each claiming it had been the other.

Then as now fingerprinting was intended to address the "problem" of airport lounges that mixed international and domestic passengers, the argument from the Home Office being that it would be possible for people to evade border checks by switching tickets with an accomplice. In May the Home Office claimed that it simply wanted a system that made this impossible, not necessarily one that used fingerprints, whereas now it appears to view fingerprints as the only acceptable solution.

According to the UKBA, the system will only be required at airports with mixed lounges. Later, it may also be used at some ports and the Channel Tunnel, although it's not at the moment particularly clear why. At most UK ferry ports it's certainly possible for people to exit the country without a passport check (because the holding area beyond the check isn't secure), but there's no obvious ticket switch scam that could be employed by incoming passengers, and collecting fingerprints would present major logistical difficulties.

Despite the ICO's objections to the T5 scheme in May, it has not been informed by the Home Office of plans to resume implementation or to extend it to other airports. A spokeswoman told The Register that its objections to the scheme that was planned for T5 still stand, and that it is seeking further information from the Home Office. In a statement, it said: "We have requested more information about the requirements the Agency may have for fingerprint checks on passengers where common airport departure lounges are in operation and our discussions with them are continuing. We have not received a formal response to date. Should the government issue instructions to BAA to collect fingerprint information from passengers at Terminal 5, we will examine the details very closely before deciding what action is appropriate."

In addition to being extended geographically, the fingerprinting scheme may also have been extended in scope. Newspaper reports over the weekend claimed that fingerprints collected would be checked against watchlists by UKBA and the security services, and if true, this would represent a very substantial piece of mission creep.

By design the aborted T5 fingerprint system was standalone, with no links to other databases and no retention of fingerprint records. In operation it was simply intended to collect passenger's fingerprints as they entered the departure lounge, and match them up at the gate when they boarded their flight. The fingerprint records collected, BAA said, would be destroyed at the end of each day, and would not generally be accessed by the security services.

The Home Office, in The Register's opinion, would undoubtedly like to be able to use biometrics collected at ports of entry as a dragnet for wanted terrorists and criminals, and will most certainly be doing this when UK passports include fingerprints. But doing this under the 'common lounge' pretext would certainly mean a lot more trouble with the ICO, and probably wouldn't go down well with the travelling public.

We've asked the Home Office whether or not it intends to check the fingerprints against watchlists and/or retain them, but we have yet to get a response. ®

Update A Home Office spokeswoman said that it was difficult to give a "one size fits all" answer to our queries, and that "it would always depend on the situation." We pointed out that the original scheme planned for T5 had effectively been a one size fits all, that fingerprints taken as part of it would have simply been used to control access to the lounge, would not have been checked against watchlists, and would have been destroyed at the end of every working day.

Asked if the new situation was materially different from this, she repeated that it would "depend on individual cases." She added that it would be up to the airports, not UKBA, to satisfy the concerns of the ICO. If, as appears to be the case, the Home Office is reserving the right to examine and retain fingerprints, that's a difficult one to get your head around.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.