Feeds

UK.gov's e-Borders zombie still lurks under the English Channel

Blighty just can't seem to get it right on entry and exit controls

Protecting against web application threats using SSL

“The UK government has made a commitment to reintroduce exit checks by 2015. The Home Office will deliver on this commitment,” said the Home Office in July. Actually, it probably won’t, replied deputy prime minister Nick Clegg.

Home secretary Theresa May told Parliament’s home affairs committee in April that exit checks were tied up with the e-Borders scheme. And that tie-up is why, on this issue, it may be advisable to agree with Nick.

The UK dropped paper-based embarkation controls in 1994 for ferries and in 1998 for everyone else, as they were seen as a waste of time and money. However, this left no comprehensive way of checking if people overstay their visas and limits the government’s knowledge of people leaving the country. There have been plans to bring exit controls back since at least 2006. The reason this has not happened appears to be a classic example of government surveillance overreach.

e-Borders, a £1.2bn system usually preceded by the word “troubled”, was set up by the last government to track all international travel in and out of the UK. It was tied closely to the failed identity card scheme: the former would prove your membership of Club Blighty, while e-Borders would be the bouncer that might let you in or out, in return for your name, passport or ID card details, travel, reservation and payment details. These details would be collected by the carrier, handed over 24-48 hours in advance to the government for risk analysis, then kept for a decade for data mining.

For flights this could be achieved relatively easily, given airlines already ask for lots of data beforehand, and that e-Borders was developed from Project Semaphore, a small-scale pilot focused on a few high-risk flights.

Building an impregnable digital wall along the British border presented an immediate problem: the Common Travel Area shared by the UK, the Republic of Ireland, the Isle of Man and the Channel Islands. That could allow people to get around e-Borders through the Republic, but the last government had a solution – it would require ID cards or passports for travel between Great Britain and Northern Ireland.

Leaving aside the introduction of internal passport checks, e-Borders ran into choppy waters even before Labour left office, with arguments over the legality of demanding advance data, given the EU right of free movement for all citizens of member countries. In 2009, Britain solved this by making e-Borders voluntary for those travelling from elsewhere in Europe – rather undermining it, you might think.

After the 2010 election, the coalition government terminated the contract of e-Borders’ original supplier, Raytheon’s “Trusted Borders” consortium, for poor performance – and ditched both ID cards and the idea of GB-NI passport checks. But it retained the e-Borders system, and the idea that it would eventually cover all international travel.

The system has gathered data on 622 million passenger and crew movements since 2005, and is adding more than 148 million movements a year, with data from 141 carriers on more than 4,700 routes. But expanding a system designed to work with the highly controlled, data-rich environment of air travel to other forms of international transport has not been plain sailing. To leave aside maritime clichés temporarily, take the train.

Signal failures

Eurostar does not participate in e-Borders, and the first and only official check on passengers leaving St Pancras International comes from the French police, just beyond the usually empty UK border desks. Such “juxtaposed” border controls – letting Britain run checks on Continental soil, and vice versa – were first introduced at the Channel Tunnel in 1994 for the sake of convenience.

Le Shuttle, the vehicle train between Kent and Pas de Calais – which does not provide data to e-Borders either, although it is considering doing so for freight customers – has controls at both ends, letting travellers clear both borders before they board. Juxtaposed controls were extended to Eurostar in 2001 and some ferry ports in 2003 in an attempt to reduce asylum claims by preventing undocumented people getting to Britain.

So far, so convenient. But as if to make up for the lack of British checks outbound, on the return journey travellers from Brussels or Lille often have to put up with double checks, at the juxtaposed border controls and St Pancras too. This is due to the “Lille loophole”, highlighted by a July report from the independent chief inspector of borders and immigration, John Vine.

Under the Schengen agreement, there are no border controls between 26 European countries including Belgium and France. Britain is not in Schengen, and the juxtaposed British border officials have no right to carry out an immigration check on someone with a ticket from Brussels to Lille. But a Lille loopholer might try to stay on the train on to Britain – hence the double border checks, and Eurostar sometimes carrying out full ticket checks after Lille but before Calais, where over-stayers can be taken off the train while still in France.

Some of Vine’s report was redacted by Theresa May, including details of “an effective process in the UK to identify passengers who had not had their identity or credentials checked prior to boarding the service in Brussels or Lille.” Whether this refers to something whizzy like facial recognition, or to the fact that on double-checked trains the first set of border guards stamp tickets to let the second ones see who has already been checked, is therefore a mystery. Vine is currently working on an inspection of e-Borders itself.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.