Feeds

UK.gov's e-Borders zombie still lurks under the English Channel

Blighty just can't seem to get it right on entry and exit controls

Reducing security risks from open source software

“The UK government has made a commitment to reintroduce exit checks by 2015. The Home Office will deliver on this commitment,” said the Home Office in July. Actually, it probably won’t, replied deputy prime minister Nick Clegg.

Home secretary Theresa May told Parliament’s home affairs committee in April that exit checks were tied up with the e-Borders scheme. And that tie-up is why, on this issue, it may be advisable to agree with Nick.

The UK dropped paper-based embarkation controls in 1994 for ferries and in 1998 for everyone else, as they were seen as a waste of time and money. However, this left no comprehensive way of checking if people overstay their visas and limits the government’s knowledge of people leaving the country. There have been plans to bring exit controls back since at least 2006. The reason this has not happened appears to be a classic example of government surveillance overreach.

e-Borders, a £1.2bn system usually preceded by the word “troubled”, was set up by the last government to track all international travel in and out of the UK. It was tied closely to the failed identity card scheme: the former would prove your membership of Club Blighty, while e-Borders would be the bouncer that might let you in or out, in return for your name, passport or ID card details, travel, reservation and payment details. These details would be collected by the carrier, handed over 24-48 hours in advance to the government for risk analysis, then kept for a decade for data mining.

For flights this could be achieved relatively easily, given airlines already ask for lots of data beforehand, and that e-Borders was developed from Project Semaphore, a small-scale pilot focused on a few high-risk flights.

Building an impregnable digital wall along the British border presented an immediate problem: the Common Travel Area shared by the UK, the Republic of Ireland, the Isle of Man and the Channel Islands. That could allow people to get around e-Borders through the Republic, but the last government had a solution – it would require ID cards or passports for travel between Great Britain and Northern Ireland.

Leaving aside the introduction of internal passport checks, e-Borders ran into choppy waters even before Labour left office, with arguments over the legality of demanding advance data, given the EU right of free movement for all citizens of member countries. In 2009, Britain solved this by making e-Borders voluntary for those travelling from elsewhere in Europe – rather undermining it, you might think.

After the 2010 election, the coalition government terminated the contract of e-Borders’ original supplier, Raytheon’s “Trusted Borders” consortium, for poor performance – and ditched both ID cards and the idea of GB-NI passport checks. But it retained the e-Borders system, and the idea that it would eventually cover all international travel.

The system has gathered data on 622 million passenger and crew movements since 2005, and is adding more than 148 million movements a year, with data from 141 carriers on more than 4,700 routes. But expanding a system designed to work with the highly controlled, data-rich environment of air travel to other forms of international transport has not been plain sailing. To leave aside maritime clichés temporarily, take the train.

Signal failures

Eurostar does not participate in e-Borders, and the first and only official check on passengers leaving St Pancras International comes from the French police, just beyond the usually empty UK border desks. Such “juxtaposed” border controls – letting Britain run checks on Continental soil, and vice versa – were first introduced at the Channel Tunnel in 1994 for the sake of convenience.

Le Shuttle, the vehicle train between Kent and Pas de Calais – which does not provide data to e-Borders either, although it is considering doing so for freight customers – has controls at both ends, letting travellers clear both borders before they board. Juxtaposed controls were extended to Eurostar in 2001 and some ferry ports in 2003 in an attempt to reduce asylum claims by preventing undocumented people getting to Britain.

So far, so convenient. But as if to make up for the lack of British checks outbound, on the return journey travellers from Brussels or Lille often have to put up with double checks, at the juxtaposed border controls and St Pancras too. This is due to the “Lille loophole”, highlighted by a July report from the independent chief inspector of borders and immigration, John Vine.

Under the Schengen agreement, there are no border controls between 26 European countries including Belgium and France. Britain is not in Schengen, and the juxtaposed British border officials have no right to carry out an immigration check on someone with a ticket from Brussels to Lille. But a Lille loopholer might try to stay on the train on to Britain – hence the double border checks, and Eurostar sometimes carrying out full ticket checks after Lille but before Calais, where over-stayers can be taken off the train while still in France.

Some of Vine’s report was redacted by Theresa May, including details of “an effective process in the UK to identify passengers who had not had their identity or credentials checked prior to boarding the service in Brussels or Lille.” Whether this refers to something whizzy like facial recognition, or to the fact that on double-checked trains the first set of border guards stamp tickets to let the second ones see who has already been checked, is therefore a mystery. Vine is currently working on an inspection of e-Borders itself.

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.