[Dave Birch] There’s an identity-related debate going on about data sharing by government. I don’t mean to take sides on it, except to note that I would prefer to see a more technologically-informed debate, especially around the sharing of biometric data. I was making some notes about this in a data protection context and thought I would mention that the EU’s Data Protection Supervisor (a Mr. Peter Hustinx) has been saying that EU governments risk violating the protection of their citizen’s personal data by acting hastily in approving the use of biometrics because it was “rushing in a new era” of using biometric identifiers for security checks while standards for data protection were still not clear. In particular, he warned against cross-linking national biometric databases and he said that Europe needs standardised procedures for collecting biometric data as well as common rules and safeguards for the use of the sensitive information.

Technorati Tags: , ,

Apparently ignoring the EU’s Data Protection Supervisor, the EU’s Civil Liberties Committee (I’m not entirely sure what this is) has approved the setting up of a database to exchange information between Member States on non-EU citizens entering the Schengen area. More than a hundred countries’ citizens are required to have a visa issued by a Member State to enter the Schengen area. The new Visa Information System (VIS) should prevent an applicant who is refused a visa by one Schengen country applying to others (“visa shopping”); to facilitate the fight against fraud and checks at external borders;  to assist in the identification of those not meeting the conditions for entry, stay or residence in Schengen Member States; to ease the application of Dublin II regulation on asylum; and to help prevent threats to the internal security of Member States. The regulation says that biometrics will used under controlled circumstances, with the emphasis on first using the visa sticker number for verification, in conjunction with fingerprints, and with fallback procedures being put in place. It also says that “photographs will not be used for identification purposes as the technology is not yet ready”.

This phrase “controlled circumstances” reminded me of another recent visas story, this time concerning a Foreign Office data breach covering India, Russia and Nigeria. In the case of India, up to 50,000 Indian travellers could have been exposed to having personal details stolen because addresses, dates of birth and passport numbers accessible for more than a year. The Information Commissioner has sternly demanded a “full explanation” from the Foreign Office. Clearly, as data security professionals know, circumstances can be somewhat difficult to control.

I don’t have a visa for the U.K., of course, so I have no experience of using such systems, but as mentioned before I have been experiencing Britain’s biometric border control by using IRIS. Now, some people are very happy with this system:

I came back into the UK last week, and getting through passport control couldn’t have been easier. I walked into the IRIS eye scanning booth, where there was no line, and less than a minute later, I was done. In contrast, the corresponding US service called Clear is a joke.

On the other hand, I’ve been really annoyed by it never working. Although, to be fair, it has worked 50% of the time in the last two weeks (it didn’t work coming into terminal 4 from the U.S. but it did work coming into terminal 4 from Amsterdam). As it happens, I was at a seminar recently where Stephen Harrison, the Director of Policy at the U.K.’s Identity and Passport services gave the current (mid-2007) figures on IRIS. He said that there are 32 million visitors to the U.K. every year and 68 million trips abroad by people in the U.K. IRIS has 100,000 people registered on the system and the gates have been used 500,000 times.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: