Protest against global biometrics database

Out-Law News | 30 Mar 2004 | 12:00 am | 3 min. read

Civil liberties groups from the UK and US have today sent an open letter to the body responsible for standardising travel documents, protesting that current proposals will result in a distributed international database on all passport holders.

The International Civil Aviation Organisation (ICAO) is a UN-level body that acts on behalf of governments to create international standards for airline navigation, safety and security. The group is currently meeting in Cairo, where it is discussing such issues as the standards for biometric passports and the transfer of airline passenger data.

A wide range of privacy, human rights and civil liberties organisations are concerned by the global biometric identity system that they say will be created, without debate, by the standards being set by the ICAO – in particular those requiring the use of biometrics and Radio Frequency Identification (RFID) tags.

They have therefore sent an open letter to the ICAO detailing their concerns, signed by, among others, Privacy International, the American Civil Liberties Union, the Electronic Frontier Foundation, Statewatch, the Foundation for Information Policy Research, the Association for Progressive Communications, and the Privacy Rights Clearinghouse.

According to Privacy International, the ICAO has agreed that the initial international biometric standard for passports will be facial mapping. Adequate memory space in newly issued passports will be reserved for additional biometrics such as fingerprinting at the discretion of every government. The EU is already calling for fingerprints to be included, along with an associated European register of all biometrics. National authorities will store and share these vast data reserves.

The measures, supported by the US and the EU, will ultimately create an electronic ID system on hundreds of millions of travellers, says Privacy International. Despite serious implications for privacy and personal security, the process is occurring without public engagement or debate, according to the groups.

They warn that, rather than allowing this important issue to be decided by parliaments, governments have delegated the setting of standards to the ICAO.

The legislative drivers for the ICAO system are already in place. The USA-PATRIOT Act, passed by the US Congress after the events of September 2001, included the requirement that the President certify a biometric technology standard for use in identifying aliens seeking admission into the US, within two years.

The schedule for its implementation was accelerated by another piece of legislation, the little known Enhanced Border Security and Visa Entry Reform Act 2002. Part of this second law included seeking international co-operation with this standard. The incentive to international co-operation was made clear:

"By October 26, 2004, in order for a country to remain eligible for participation in the visa waiver program its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the
International Civil Aviation Organization (ICAO)."

This deadline is unlikely to be met and, according to reports, the Bush administration has already asked Congress to extend the deadline to December 2006.

Nevertheless, these laws gave momentum to the standards that were being considered at the ICAO by requiring visa waiver countries (which include many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) to implement biometrics into their Machine-Readable Travel Documents (MRTDs), i.e. passports.

This means, says Privacy International, that the biometric details of more than a billion people will be electronically stored by 2015.

The letter warns:

"We are increasingly concerned that the biometric travel document initiative is part and parcel of a larger surveillance infrastructure monitoring the movement of individuals globally that includes Passenger-Name Record transfers, API systems and the creation of an intergovernmental network of interoperable electronic data systems to facilitate access to each country's law enforcement and intelligence information."

Privacy International has warned of "unprecedented" security threats that could arise from the plan because of potential access by terrorists and organised crime. Furthermore, the biometric standard being adopted is "fundamentally flawed" and will result in a substantial number of passengers being falsely identified as potential terrorists or wrongly accused of holding fraudulent passports.

Dr Gus Hosein, Senior Fellow with Privacy International, warned: "This is a potentially perilous plan. The ICAO must go back to the drawing board or hold itself responsible for creating the first truly global biometric database".

"Governments may claim that they are under an international obligation to create national databases of fingerprints and face scans but we will soon see nations with appalling human rights records generating massive databases, and then requiring our own fingerprints and face-scans as we travel."