28 March 2012
fingerprinting for all passports
- EU to back demand by Italy, Germany, France, Greece, Spain, Malta, Lithuania, Poland and Slovenia for mandatory fingerprinting
- only Sweden, Finland, Estonia and Latvia oppose move
- UK and Germany want to have a third biometric - "iris scans" too in addition to facial scans and fingerprints
- EU Data Protection Commissioners are: "fundamentally" opposed to the creation of an EU-wide database
The Council of Justice and Home Ministers (JHA Council) on Monday in Luxembourg (25 October) is expected to reverse the decision of the JHA Council on 8 June - which agreed that facial images were to be compulsory for all passports and travel documents and fingerprints optional - by making a second biometric identifier, fingerprints, mandatory. Draft Council Regulation on standards for security features and biometrics in passports and travel documents issued by Member States (doc no: 13490/04, 19.10.04, pdf)
This will mean that everyone of of the 450 million people with passports in the EU will have to queue up in "processing centres" and compulsorily have their fingerprints taken and have a "facial scan". The biometric data gathered will be stored on a "chip" embedded in the new passports. Personal details and the biometric data will be held on national databases and on a EU-wide database of European Register for issued passports - the latter will be on the Schengen Information System (SIS II) and be accessible by law enforcement agencies.
The Regulation will be sent to the European Parliament for "Opinion" under the "consultation" procedure - the parliament's Opinions are routinely ignored by the Council. The proposed legal basis of the measure (Title IV, Article 62.2a) has been questioned - see: Report from UK Parliament's Select Committee on European Scrutiny (link) and Statewatch's legal analysis Moreover, the Council has failed to act on Article 67 of the Treaty of Amsterdam which said that after five years of entry into force (ie: 1 May 2004) it should take a decision to move all or part of Title IV over to "co-decision" (Article 251). If the Council had acted as it was obliged, and because it has yet to formally adopt this Draft Regulation, "co-decision" would have applied. Under co-decision the European Parliament and the Council have to agree on the text adopted. It may be that, should the parliament reject the measure, its only recourse will be to challenged its legal basis before the court.
binding in their entirety on all 25 member states.
The position remained the same with facial images being mandatory and fingerprints optional until 28 September when - at the meeting of the Visa Working Party:
"four delegations indicated that they were still of the opinion that the second identifier [fingerprints] should become mandatory"
These four governments who re-opened the question of mandatory fingerprinting were:
They were determined to raise the issue again and did at the Mixed Committee "at Senior Officials level" on 14 October (held "in the margins" of COREPER on that day). [Note: COREPER is the top-level meeting of permanent representatives of each of the 25 EU governments based in Brussels; the "Mixed Committee" is comprised of the 25 governments plus Norway and Iceland, who take part in the Schengen acquis].
At this meeting, on 14 October, Italy, Germany, France and Greece were joined by Spain, Malta, Lithuania, Poland and Slovenia in calling for fingerprinting to be a mandatory second biometric identifier.
Estonia and Latvia:
"stated that they could not accept this re-opening of discussions on the second biometric identifier to become mandatory."
Denmark and Portugal while supporting the idea of a second mandatory identifier, emphasised the technical and financial implications.
The "Background" Note (sent out on 20.10.04) put out by the Council General Secretariat for the meeting of the JHA Council on 25-26 October says:
"The Mixed Committee at technical level agreed on 14 October to also include fingerprints as a mandatory identifier. Ministers will be asked to confirm the agreement already reached at technical level"
In addition a recent draft (7.10.04) says that Germany want an optional third identifier, "iris scan", to be included and the:
"UK supported this suggestion"
The JHA Council on 25-26 October will also be discussing the deadlines for the introduction of biometric identifiers on passports. The Mixed Committee says there is "broad agreement" that "facial images" should be required 18 months after the adoption of the Regulation and fingerprints after 24 months. Seven of the ten new member states want at least 24 months for both.
According to the European Commission there are no reliable figures as to the number of passports issued each year (or the totals issued) for each of the 25 member states. It is therefore impossible to estimate the total cost at national level and the total cost of establishing the EU-wide passport database.
The draft Regulation says that "it does not apply to identity cards issued" at national level. However, the follow-on to the "Tampere" programme, the "Hague Programme" on justice and home affairs to be adopted at the EU Summit on 4-5 November, includes laying down "minimum standards for national identity cards" that will include biometrics. ID cards are widely used as a means of identification for air, sea and land travel; within the EU.
Data Protection - Chair of Article 29 Working Party consulted
by Dutch Presidency
"fundamental objection of the Art. 29 WP to the
establishment of a centralised data base: the sole purpose
of the draft Regulation should be verification of the identity
of the holder of the travel document which ought to be dealt
with by storing biometric data in the travel document itself"
He said that data should not be accessible by "unauthorised authorities", citizens should know what authorities (agencies) had the right of access (this information should be publicly available) and:
"Finally, he made clear that the use of information as referred to in Art. 4 (3) should be strictly limited to the purpose of the Regulation, which is verification/identification of the holder of the document." (emphasis added)
On behalf of the Article 29 Working Party Mr Schaar made four suggestions for changes in the text. Two of these four carried through to the final version but two did not.
The suggested changes to Article 2:
"Text suggested by the Art. 29 WP:
2. The storage medium may only be used
a) by the competent authorities of the Member States for reading, storing, modifying and erasing data and
b) by authorised bodies entitled to read the data. The technical specifications have to guarantee that no other use of or access to the data contained in the storage medium may take place."
and suggested changes to Article 3:
"Text suggested by the Art. 29 WP
3. Each Member State shall set up a register of competent
authorities for processing data as referred to in Article 2(2)."
The Article 29 Working Party was seeking to ensure that a "register" of agencies is created in each country setting out those allowed to have access to the data held and further that the technical specifications should rule out any other "use" of the data. For example, if the intelligence and security agencies (or a non-EU state like the USA) is to have access then this should be known and they would be precluded from using the data for other purposes.
"Facial image" or "facial scan"?
The term "facial image" is used in two different ways. First, as a digitised copy of the standard passport photo - this is what has been set as the minimum international standard by the ICAO. This digitised "copy" is placed on a micro-chip inserted in the passport or (passport plastic card). This "copy" can be checked on the spot (eg: at an airport) to establish whether the person presenting a passport is the same as the "copy" on the chip - this is known as a "one-to-one" check and is reasonably accurate. However, undertaking a "one-to-many" check - is the person presenting themselves the same as the record of the data held on a national database of say 50 million people is hopelessly inaccurate (some studies show up to 50% inaccuracy) and is primitive.
"Facial scan" on the other hand is different. These have to be taken in a controlled environment (eg: lighting and temperature) where a special camera takes a "picture" of a person recording up to 1,840 distinctive features of their face. This data is put onto the micro-chip. This requires the individual not simply to send in a photo by post but to attend a "processing centre" (ie: the active participation of a person). Tests shows this is more accurate on "one-to-many" checks but even this biometric has thrown up a 1-5% error rate.
Tony Bunyan, Statewatch editor, comments:
"Hundreds of millions of EU citizens are going to have to attend a "processing centre" where they are going to be compulsorily fingerprinted and a special "facial scan" taken of them - and they will have to re-present themselves every ten years to go through the same process.
This intrusion into personal privacy is compounded by the failure to limit access to the data held and its further use for purposes other than checking on a persons' identity.
This spells the beginning of the wholesale surveillance of movement where everyone is a "suspect". It seems that nothing has been learnt from the European experience of totalitarian regimes who also subsumed personal privacy to the demands of the state"
from UK Parliament's Select Committee on European Scrutiny (link)
8. Statewatch legal analysis: Legal analysis concludes: "no powers conferred upon the EC by the EC Treaty, taken separately or together, confer upon the EC the power to adopt the proposed Regulation"
proposal for a Regulation on biometrics documents for visas and
residence permits for third country nationals: COM
10. Article 29 Data Protection Working Party opinion on residence permits and visas (WP 96, pdf)
11. EU: Biometric documents take another step forward: Report on EU and G8
12. Biometrics - EU takes another step down the road to 1984, biometrics on visas and residence permits: Report
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.