Feeds

UK.gov's e-Borders zombie still lurks under the English Channel

Blighty just can't seem to get it right on entry and exit controls

Securing Web Applications Made Simple and Scalable

“The UK government has made a commitment to reintroduce exit checks by 2015. The Home Office will deliver on this commitment,” said the Home Office in July. Actually, it probably won’t, replied deputy prime minister Nick Clegg.

Home secretary Theresa May told Parliament’s home affairs committee in April that exit checks were tied up with the e-Borders scheme. And that tie-up is why, on this issue, it may be advisable to agree with Nick.

The UK dropped paper-based embarkation controls in 1994 for ferries and in 1998 for everyone else, as they were seen as a waste of time and money. However, this left no comprehensive way of checking if people overstay their visas and limits the government’s knowledge of people leaving the country. There have been plans to bring exit controls back since at least 2006. The reason this has not happened appears to be a classic example of government surveillance overreach.

e-Borders, a £1.2bn system usually preceded by the word “troubled”, was set up by the last government to track all international travel in and out of the UK. It was tied closely to the failed identity card scheme: the former would prove your membership of Club Blighty, while e-Borders would be the bouncer that might let you in or out, in return for your name, passport or ID card details, travel, reservation and payment details. These details would be collected by the carrier, handed over 24-48 hours in advance to the government for risk analysis, then kept for a decade for data mining.

For flights this could be achieved relatively easily, given airlines already ask for lots of data beforehand, and that e-Borders was developed from Project Semaphore, a small-scale pilot focused on a few high-risk flights.

Building an impregnable digital wall along the British border presented an immediate problem: the Common Travel Area shared by the UK, the Republic of Ireland, the Isle of Man and the Channel Islands. That could allow people to get around e-Borders through the Republic, but the last government had a solution – it would require ID cards or passports for travel between Great Britain and Northern Ireland.

Leaving aside the introduction of internal passport checks, e-Borders ran into choppy waters even before Labour left office, with arguments over the legality of demanding advance data, given the EU right of free movement for all citizens of member countries. In 2009, Britain solved this by making e-Borders voluntary for those travelling from elsewhere in Europe – rather undermining it, you might think.

After the 2010 election, the coalition government terminated the contract of e-Borders’ original supplier, Raytheon’s “Trusted Borders” consortium, for poor performance – and ditched both ID cards and the idea of GB-NI passport checks. But it retained the e-Borders system, and the idea that it would eventually cover all international travel.

The system has gathered data on 622 million passenger and crew movements since 2005, and is adding more than 148 million movements a year, with data from 141 carriers on more than 4,700 routes. But expanding a system designed to work with the highly controlled, data-rich environment of air travel to other forms of international transport has not been plain sailing. To leave aside maritime clichés temporarily, take the train.

Signal failures

Eurostar does not participate in e-Borders, and the first and only official check on passengers leaving St Pancras International comes from the French police, just beyond the usually empty UK border desks. Such “juxtaposed” border controls – letting Britain run checks on Continental soil, and vice versa – were first introduced at the Channel Tunnel in 1994 for the sake of convenience.

Le Shuttle, the vehicle train between Kent and Pas de Calais – which does not provide data to e-Borders either, although it is considering doing so for freight customers – has controls at both ends, letting travellers clear both borders before they board. Juxtaposed controls were extended to Eurostar in 2001 and some ferry ports in 2003 in an attempt to reduce asylum claims by preventing undocumented people getting to Britain.

So far, so convenient. But as if to make up for the lack of British checks outbound, on the return journey travellers from Brussels or Lille often have to put up with double checks, at the juxtaposed border controls and St Pancras too. This is due to the “Lille loophole”, highlighted by a July report from the independent chief inspector of borders and immigration, John Vine.

Under the Schengen agreement, there are no border controls between 26 European countries including Belgium and France. Britain is not in Schengen, and the juxtaposed British border officials have no right to carry out an immigration check on someone with a ticket from Brussels to Lille. But a Lille loopholer might try to stay on the train on to Britain – hence the double border checks, and Eurostar sometimes carrying out full ticket checks after Lille but before Calais, where over-stayers can be taken off the train while still in France.

Some of Vine’s report was redacted by Theresa May, including details of “an effective process in the UK to identify passengers who had not had their identity or credentials checked prior to boarding the service in Brussels or Lille.” Whether this refers to something whizzy like facial recognition, or to the fact that on double-checked trains the first set of border guards stamp tickets to let the second ones see who has already been checked, is therefore a mystery. Vine is currently working on an inspection of e-Borders itself.

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.