Original URL: https://www.theregister.com/2005/08/04/uk_border_security_analysis/

Skip the border guard, fast-track the IT - security, UK style

Hold the terror crisis while we design our response

By John Lettice

Posted in Legal, 4th August 2005 13:51 GMT

Analysis Well, well, well. On 5th July The Register noted that the only passport control for travellers exiting the UK via Waterloo Eurostar terminal was operated by the French, and observed: "No doubt they're telling us how many of our terrorists are leaving the country." Or not, apparently - bomb suspect Osman Hussain, arrested in Rome last week, is thought to have fled the UK via Waterloo Eurostar on 26th July.

The Government spokesman the media could get hold of last weekend, leader of the House of Commons Geoff Hoon, said that the Government was looking into whether there should be "additional" passport checks on Eurostar, and added that the matter showed the need for identity cards because "it's vitally important that we know who is coming in as well as going out." Meanwhile the Observer reported plans by ministers to accelerate the introduction of the e-borders system in order to increase border security.

So shall we just sum that up? A terror suspect appears to have fled the country by the simple expedient of walking past an empty desk, and the Government's reaction is not to put somebody at the desk, or to find out why, during one of the biggest manhunts London has ever seen, it was empty in the first place. No, the Government's reaction is to explain its abject failure to play with the toys it's got by calling for bigger, more expensive toys sooner. Asked about passport checks at Waterloo on Monday of this week, the Prime Minister's spokeswoman said we do have passport checks - which actually we do, sort of. But, as we'll explain shortly, we also have empty desks to go with them.

Hoon asserts that "enhanced security" for both entry and exit has been in operation in recent weeks. However, on 28th July, seven days after the second bombing attempts and two days after Hussain is thought to have used the terminal, there were again no formal UK exit controls at Eurostar Waterloo. There is no justification for this sorry situation, but there is an explanation.

There are approximately 120 immigration officials based at Waterloo, but their area of operation includes the UK passport checks on passengers boarding trains bound for Waterloo. UK checks on exiting passports were abandoned last year. At most UK ports and airports passports need to be presented at check-in, whether or not there is also a check operated by UK immigration. At Waterloo, however, there is no requirement for Eurostar to check passports, so the only thing stopping you (up until, we would guess, Monday 1st August) boarding a train with no ID at all was the French immigration desk. It's likely that Eurostar is a special case not because of any particular truculence on the company's part but because the ticket check is an automatic turnstile, the system designers having wrongly anticipated that UK immigration would be manning the UK immigration kiosks immediately beyond those turnstiles. So whereas most carrier-operated passport checks don't need extra staff because they're undertaken during a manual check-in, Eurostar would have to employ extra people and figure out someplace to put them.

At this juncture Eurostar regulars might pipe up, "At the immigration kiosks, of course, seeing immigration isn't using them!" But this is what's been happening elsewhere anyway, sort of. The Government has been progressively increasing the requirement on carriers to keep accurate passenger lists and to make them available to the Government, and the current immigration bill includes more provisions in this area. Entry and exit checks by immigration officers, where such checks exist, vary greatly; they could be random stops, a simple check of the face against the passport, or the machine readable section of the passport might be checked.

Watchlists exist, but you can see the problem here. If the only comprehensive lists of those entering and exiting the UK are the ones generated by the carriers, then in order to operate a watchlist effectively it's necessary for those lists to be available to the security services immediately, in a digital format that they can work with. This however is something that security forces throughout the world would like to be able to do, rather than something they have already achieved, and the various flubs associated with USA-bound European flights last year indicate that there's more than a little desperate hand-tooling to what they've got right now.

Quite obviously, even if travellers lists at some points of departure were available online immediately before travel (which we doubt is the case), then not every last check-in desk is going to be on the network. What we've got now, therefore, is a system where comprehensive lists of entries and exits can only be compiled and consulted after the event. So they might be helpful in terms of 'he went thataway', but they're useless in terms of 'stop that man!'

Now, consider what all those immigration officers are doing in Paris, Brussels and Calais, and why those desks at Waterloo are empty. The Home Office has over the last few years been determined to get a lid on illegal immigration, and in particular, to stop people appearing in the UK and then claiming political asylum. Nabbing them before they actually get to the UK means they have to claim asylum where they're nabbed. This approach has been relatively successful, and you'll have noted that the reduction in asylum claims is one of the few impressive immigration statistics the Government has.

But if the immigration service is putting much of its efforts into stopping people getting in, there is a possibility that its effectiveness in dealing with people going out might well decline. This seems to be what has been happening; if we consult this report, we see John Tincey, a representative of the immigration officers' union, pointing out that post-bomb instructions to put staff on exit controls have interfered with the ability of his members to chase up failed asylum seekers, which threatens their ability to meet Home Office removal targets. And it seems pretty obvious that the removal of exit checks last year was a direct consequence of Home Office demands that these targets be met.

If these priorities ever made sense, then quite clearly they didn't after the attacks of 7th and 21st July, with controls after the 21st being particularly vital, as the would-be bombers were all alive, and being sought. Controls of sorts were imposed after the 7th, but then removed on the 17th and reinstated on the 21st. Tincey's complaints make it clear that these controls were (and presumably still are) stressing the system, and the mysterious removal of controls on the 17th does seem to indicate that the system still doesn't want to let go of the immigration priority, and hasn't grasped that with current resources the fight against terrorism and the fight against illegal immigration can't both be prosecuted effectively.

Tincey also tells us something about the nature of the controls that were reinstated. These checks, he told the Times were not proper embarkation control but an immigration service operation "'in support of Special Branch'. Immigration staff helped Special Branch officers to check passports against a list of suspects."

At Waterloo at least, these checks must have been a combination of random stops and of individuals the Special Branch officers thought resembled people they were looking for. It's not clear who they might have been looking for from 7th-17th July, but from the 21st the list would have included the four whose pictures had been widely distributed. The picture of the suspect thought to have exited via Waterloo was however the worst of these, and he wouldn't have been readily recognised.

The defects of this as a border control system (even if we skip the defect of it being temporary) are clear. As whatever watchlist that's being operated is not being checked systematically against all of the passports going out, you're only going to catch a fugitive via a visual ID or a lucky random stop. A system where you've got somebody on the desk checking every passport is by no means perfect, because it doesn't necessarily nail people travelling under another name, but it's better than giving them a very good shot at just waltzing out of the country on their own passport. Even without a network, it should not be beyond the wit of man to knock up a system that machine reads the passport and checks it against a digitised watchlist. Sure, it's not e-borders, but it's something you could start deploying next week if you could bring yourself to pay the staff needed to operate it.

Instead of which, we're having an enquiry which will no doubt eventually come up with the fairly obvious conclusions that you're not going to catch people if you're not really looking for them, and that the pursuit of immigration targets has severely impacted our ability to look for them. Alongside this, our inability to police our borders adequately will be presented by the Government as justification for the accelerated deployment of the IT schemes that will fix everything. Honest.

The e-borders fix So shall we just look at how e-borders proposes to do that? The Observer story has a helpful rundown of the brochure. "The 'e-borders' scheme - under which passengers' details will automatically be scanned against police, intelligence and immigration watchlists before they reach the boarding gate - is not due to be introduced until 2008. However, ministers are investigating whether the programme, which also keeps an electronic record of people leaving Britain, can be speeded up because of its potential usefulness as a weapon against terrorism."

We should consider where these scans take place, and against what. Currently the only possible source for a comprehensive list of travellers, as we've already established, lies in the carriers' passenger lists. So in order to check against these, e-borders needs to be online to the carriers, and it needs the carriers to provide full lists of passengers as soon as they're completed, or at least prior to the passengers' arrival at their destination. Interestingly, even currently pending immigration legislation doesn't place such a requirement on carriers, so we can expect more laws, involving a heavy IT spend for carriers, to underpin e-borders. In addition to that, there will have to be substantial IT spend at the Government end. That could be accounted for in some way as part of the ID scheme spend (which as we've pointed out repeatedly here, isn't really accounted for as such), but although e-borders is clearly ID scheme related, any move to accelerate its deployment would be undermined if it were dependent on the ID scheme at too early a stage. Accelerating the ID scheme as well probably isn't an option, but that might not stop them trying.

As and when (or if) the ID scheme does ship, and in the unlikely event of the global biometric ID vision ever shipping to go with it, we can see an alternative definition of what's scanned. ID goes in machine, ID is checked against watchlists, passenger goes through turnstile or, lights flash and squads of heavily-armed officers descend. But again we have to consider who's installing and operating the scanning equipment. If the system is seen as a progression from the current UK system (yes that's right, the one that doesn't entirely work right now), then it's possible that the check will still be devolved to the carrier, and that immigration will maintain its current 'wide perimeter' approach to incoming travellers. But the biometric check is only useful if the process is sufficiently supervised to guard against spoofing or passport switching. That means you either rely on the carrier to supervise, or you put more immigration staff on the case after all. Carrier supervision is not necessarily secure, because the carrier's primary goal is to avoid transporting passengers without proper documentation (the immigration imperative again), not national security. Incidentally, right now there's no guard against ID switching at most UK or continental ferryports - all they do after the passport check is count heads, and the area beyond the passport check is usually walk-in, walk-out. Freddie Forsyth got rich spotting this kind of loophole...

I've got a little list. Not But shall we just pretend we've got sufficient IT deployed to produce traveller data that we can check? Now, what is it that we're checking against? These "police, intelligence and immigration watchlists" e-borders is intended to check against are actually things we'd like to have, rather than ones we have, as such. There is no single, up to date watchlist for any of these categories, and there is most certainly not a single 'electronic alarm list in the sky' that can be compared with lists of entries and exits. The UK's various police forces aren't even in a position to exchange wanted lists with one another easily, and there are obvious problems in dealing with the more specialised lists the various arms of the security services have - in many cases, these people aren't going to want to tell everybody else who they're looking for, right? (This was possibly the case at Waterloo - the security services are thought to have had the suspect's name on the 26th, but it hadn't been made public, so they might not even have told the immigration officer standing beside them.)

And immigration watchlists? Well, when David Blunkett was at the Home Office (which was when exit controls were abandoned, we should note), his repetition of "clean database" with reference to the National Identity Register was all too telling. Some indication of the unclean nature of the databases the Home Office currently has is provided by a recent National Audit Office report, which found that the Immigration and Nationality Directorate had full records for only 155,000 of 283,500 failed asylum seekers who could still be living in the UK. Some of the missing may have left of their own accord, or they may not have. We may never know.

Nor is the situation regarding immigration data in general likely to be any better. Historically many of the stamps used by IND to denote visa or residence status in passports have been trivial to forge, and although more fraud-proof versions have been introduced in the past couple of years, the earlier versions are still valid. You can get an idea of the problem if you consult IND's guide to stamps for employers. Some of these (including the eminently potato-printable Indefinite Leave to Remain) have no dates on them at all, so unless IND has completely accurate records of when all of these were issued, then it quite possibly can't be sure whether or not a stamp it is purported to have issued is genuine.

Does IND have such lists? It's doubtful. The Home Office spent several days trying to check the immigration status of Jean Charles de Menezes, the Brazilian shot dead by police on 22nd July then accused (by "security sources") of overstaying his visa. Ultimately, however, the Home Office issued a statement which suggested (but did not state categorically) that his Indefinite Leave to Remain stamp was forged, referring not to IND records but to the actual stamp in the passport as indicating this. Which suggests they couldn't find a record of issuing an ILR, but couldn't necessarily be confident that their not being able to find one meant that one hadn't been issued. Nor, given that they still don't say it definitely was forged, is it entirely certain that they're sure now.

Which does leave IND looking very much like an organisation that has no lists of sufficient substance to put into the watchlists. No failed asylum seekers list, no visa overstayer's list, no lists of those who have been issued with one or more of the many different permissions regarding residence and employment status the Home Office has granted in the past, and is granting now. The quality of the permissions it has and is granting is also an issue, because in doing so it is in effect creating a UK identity of some sort for the recipient. The issue that led to the resignation of Home Office Minister Beverley Hughes last year provides an example of how such ID can be dubious in origin, and how the processes tend to drive its creation. Large numbers of applications, many of them obviously fraudulent, were granted in the UK, often against the advice of staff in the originating country, in order to clear a backlog.

This is sufficiently like the situation with respect to border control that one can reasonably think of it as being a feature of the organisation. Ministers push for backlogs to be cleared, staff are redeployed and processes accelerated in order to deliver, standards drop and holes appear elsewhere in the organisation as a consequence. In business terms you could think of it as the fire brigading approach to management.

Captain Technology will save us! We've come some considerable distance from our start point, the simple problem that our border security is currently inadequate, and the Government response that its weakness shows the need for high tech border control systems and ID cards. But it's necessary to cover that distance - and more - in order to illustrate that the systems that are presented as a simple technological fix to an immediate problem will require radical changes and upgrades across a wide range of systems before the fix even gets viable, never mind simple. You can't check ID credentials if you haven't deployed mechanisms to check them, and you can't check them against anything if you haven't got working systems to generate the data to check against. And if you're pouring dubious ID credentials into one end of the system in order to generate ID which you have then defined as 'good' (e.g. "Osman Hussain's" British passport, because maybe he's really called Hamdi Isaac) then maybe you're just checking a dud ID against dud data. "Details will be scanned automatically against police, intelligence and immigration watchlists before they reach the boarding gate"?

Sure. In a couple of years, in the unlikely event that the deployment can be accelerated and all of the other IT systems it will depend on can be up and running by the same time. Meanwhile there are at least some people who seem to think we're in some kind of war, and some of these people are also telling us that we do have border checks, while failing to mention that these border checks can't by their nature work effectively, and can't be maintained without either more staff or a change in priorities for the immigration service.

We have an immediate problem, a dubious and unsustainable short term sticking plaster solution, and dreams of technology that will solve all of our problems at some point in the future. So, how many Whitehall enquiries does it take to say it? Pay people to stand at the desks and check passports, start trying to co-ordinate, digitise and distribute watchlists to check the passports against and (tougher one, do it after you've done the easy bits) try to stop fire brigading from one backlog crisis to the next, and start thinking about the big picture. ®

Related stories:

Ministers want e-borders fast-tracked
How Blair high tech 'security' pledge will fix the wrong problem
Blair's Britain vies with US in ID snoop wars
UK gov pilots passenger tracking in fight against terror