28 March 2012
to "1984" Part 2
EU: Everyone will have to have their fingerprints taken to get a passport
- everyone wanting a passport will have to "enrol" and have a digitised picture taken which is then stored on a microchip in the passport
- a centralised, biometric-based, "European Passport Register" will be set up and then it will become compulsory for everyone to give their fingerprints too
- all EU citizens holding passports, every resident third country national and everyone visiting the EU with a visa will have their personal biometric "identifiers" plus personal data stored on the new generation Schengen Information System (SIS II)
- all ID cards should also contain biometric data
- this will enable the wholesale surveillance of all movement not just into the EU but within the EU too
For EU citizens getting a passport is quite straightforward, you fill in the form, get your picture taken in a photo booth and simply post both to the passport office. This simple process is about to change: to get a passport you will have to present yourself to an "enrolment centre" where a special picture will be taken of you and then you will have to have your fingerprints taken. These will then be held on a European database with personal data.
The legal basis
for the proposal is highly dubious, see: Commissions EU
biometric passport proposal exceeds the ECs powers, Statewatch
legal analysis concludes that: "no powers conferred upon the EC by the
EC Treaty, taken separately or together, confer upon the EC the
power to adopt the proposed Regulation": Legal
The proposal is that a "facial image" will become the primary biometric identifier and the decision to include fingerprints as a second would be up to decision-making at national level.
In justification the Commission first presents an utterly circular argument - because the decision had already been taken to introduce biometric data on visas and residence permits EU passports "should not lag behind". And further that there must be "coherence" as "malafide persons" might decide not to get a visa or a residence permit (as if they have any choice) and try and get:
less secured passport and identity card of EU nationals, the
latter documents should also be upgraded"
Yes, the Commission is also slipping in the proposal that all ID cards should also have biometric data. While at the:
"EU level, a centralised, biometric-based "EU Passport Register" which would contain the fingerprint(s) of passport applicants together with relevant passport number and most probably some other, but limited, relevant data... could be created"
Wait a minute, were not fingerprints to be an optional second identifier? Here the Commission is saying they would be mandatory.
They also argue that the:
of security features including biometrics for the European passport
would also have a big impact on our relations with third countries,
for example the USA"
The measure would also meet the "Recommendations" adopted by the ICAO (International Civil Aviation Organisation) - but these "Recommendations" were written the USA and leading EU states, notably the UK.
"coherence with the proposals on visa and residence permits of course does not necessarily mean that for each area, an identical solution should be adopted"
Why "of course", why not? No argument is offered.
But there is a clue in the last sentence of the same paragraph:
will change with the second step, the creation of the European
Register for issued passports. In this case, the fingerprint
has to be taken and registered in order to enable background
searches (one-to-many)" (emphasis added)
Could it be that the Commission thinks people might object to having their fingerprints taken in order to get a passport and they want to put this off until "step 2"?
And what of the initial, mandatory identifier, "facial images"? Well, the technology is not in place and will not be for a long time in most countries. So initially they propose relying on "the high resolution electronic portrait" or in plan language the kind photos currently used and taken in a photo booth in the shopping centre - this they will "digitise" and put on the chip - which will allow "one-to-one" checks to be made at "borders" (external borders or internal borders?). Later when the technology is in place "facial recognition systems with a digital photo" will be taken when you "enrol". This "facial scan" will plot 1,800 distinctive features of your face, then be transferred to a template and the image transferred to the microchip in your passport.
"one-to-one" simply means checking that you are the same person as the document you are carrying. "one-to-many" means the border official checks your biometrics against the whole database of millions and millions. But did not the Commission's own report on the visa system (VIS, which is planned to hold a mere 70 million records over the first ten years) say that the more individual biometrics you put into the database the greater the error rate?
How is data
protection is possible when the present system cannot cope?
The Commission says that the data held will come under the EC 1995 Directive on data protection but the section on data protection is "economical with the truth". It repeats word for word the first part of the section on data protection from the proposal to bring in biometrics for visas and residence permits but leaves out more critical comments. The proposal on EU passports notes that data protection authorities "have a particular lack of resources" and leaves out the following previous comments:
difficulties may affect independence. Independence in the taking
of decisions is a sine qua no for the correct functioning of
the system... if these tendencies are confirmed, they are reasons
for serious concern.."
However, it is not just a question of resources it is also the fact that the powers of investigation of national data protection authorities varies greatly from state to state, as does the size of their staff and budget. Most are under-resourced and few have "investigative powers" which are meaningful (ie: the power to arrive unannounced to carry out an inspection).
There are substantial reasons for believing that the way the 1995 Directive on Data Protection operates will offer few safeguards and further that there seems to be little political will either by the Commission and EU governments to make the Directive effective. It took eight years for the Commission to produce the first annual report on the 1995 Directive. This highlighted a number of concerns but we have yet to see any proposals to meet them.
Added to this
has been the systematic undermining of the protection offered
by the 1995 Directive in the Europol-USA agreement, the EU-USA
agreements on extradition, the passing of passenger data to the
USA (PNR) and a multitude of agreements between Europol and third
Storage medium, "enrolment" equipment
"as it might be necessary to store a facial image and fingerprint images"
and second because:
States [may] wish to add some alphanumeric data"
The proposal is very vague on detail. For example, "the cost of such microchip is not known". Whereas for visas and residence permits the proposal is to take two fingerprints (because the technology for taking all ten fingers is expensive) this make no recommendation - it does say "equipment for the enrolment of ten fingers (flat) costs roughly seven thousand euro" (about £5,000 and a lots them them would be needed). "Verifications systems" also have to be installed at every border post (to check EU passports, visas and residence permits).
How the system
In some member states it will start with "digitising" existing passport photos, in others "facial recognition systems with a digital photo" will require a person to be "enrolled" for the taking of a special image (logging up to 1,800 special "characteristics" of a person's face), and in others this will be supplemented by the taking of fingerprints too.
data will be stored:
i) on a microchip in the EU passport and
ii) on a national database.
During this "stage 1" the micro-chipped biometric passport will be checked on a "one-to-one" basis (are you the person you say you are on your documents) and "one-to-many" on national databases. Initially border checkpoints will be largely "one-to-one".
In the "2nd stage" a centralised, biometric "European Passport Register" will be created from the national databases. At this stage two biometrics will be required on "enrolment" - facial scans and fingerprints. This "Register" will be held on the Schengen Information System (SIS II).
As passports have to be renewed every ten years new "start-of-the-art" microchips will be inserted every time.
There are no proposals to make the 1995 Directive on Data Protection work properly.
Tony Bunyan, Statewatch editor, comments:
"This is one of the most badly drafted proposals to come out of the Commission, there is no timetable, no costings and it is legally highly dubious. There are no plans, or political will, to make data protection effective in protecting the right to privacy or to guard against the misuse and abuse of the data.
The rationale for the measure is another response to 11 September and the "war on terrorism". It has little to do with combating "terrorism" and a lot to do with the demands of the law enforcement agencies for the surveillance of everyone's movements.
This measure, together with many others in the pipeline at EU and national level, are geared to creating a society where everyone's movements and communications (by phone and e-mail) are subject to surveillance, where everyone is a "suspect". Such a society has more in common with an authoritarian state than a democracy"
3. EU: Security
research programme to look at creating "smart" biometric
documents which will "locate,identify and follow the movement
of persons" through "automatic chips with positioning":
4. Commission proposal for a Regulation on biometrics documents for visas and residence permits for third country nationals: COM (2003) 558 (pdf)
5. Article 29 Data Protection Working Party opinion on biometrics (WP 80) (pdf)
6. Biometrics - EU takes another step down the road to 1984, biometrics on visas and residence permits: Report
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.