The EU is currently exploring a range of new initiatives aimed at improving the functioning of Europe’s borders, including the use of biometric checks such as fingerprinting and face scanning. Simon Davies assesses the nature of these reforms, noting that the new system has the potential to provoke controversy not only within Europe, but also in the wider international context. He argues that the process has also been characterised by confusion, complexity and a lack of transparency, which may inhibit building the level of trust necessary to make the scheme viable.
After a decade of planning, Europe has embarked on the first phase of its ambition to create a fully integrated automated border crossing (ABC) system for arrivals and departures throughout the region. The outcome could well be that hundreds of millions of EU residents and visitors will be fingerprinted and their faces electronically scanned.
ABC gates, which have already been trailed in a number of European entry points, involve machinery that is able to scan passports and faces and match fingerprints – a process known as biometrics. The procedure is likely to provoke controversy not only in Europe but in numerous overseas countries, notably the United States and Brazil.
The biometric process is not novel. The requirement for fingerprints is becoming common globally for visa applications, but the US-VISIT entry program goes further by requiring all visitors to the United States to submit to fingerprinting and face scanning, as does Japan, Malaysia, Korea, Afghanistan and Thailand. Australia and New Zealand are also trailing such programmes for selected countries.
The EU has implemented a Smart Borders initiative to streamline and integrate border crossings into Europe. The precise goal is unclear, other than an aspiration to build a more efficient and secure entry and exit system. Biometrics such as fingerprints and facial recognition are however continually featured as having a huge potential, particularly for regular visitors. Beyond that, Europe is still exploring practicalities. The one element that is certain is that biometrics will occupy a central role in identity and verification at the border. Central to all these efforts is the aim of integration, which is mentioned specifically in Article 77 of the Lisbon Treaty.
The strategy is complex, perplexing and often opaque. The European Commission’s “border package”, announced in February 2008, came on top of a biometric standard for EU passports and ID cards (fingerprints) currently being implemented, biometric resident third country national permits (with optional e-gov “chips”), the Visa Information System (VIS, collecting and storing the fingerprints of all visitors) and a planned EU-PNR (passenger name record) database system.
The “package” covers an “entry-exit” system for visitors in and out of the 26-nation Schengen area; an “automated border crossing system” for bona fide travellers and EU citizens; an “Electronic System of Travel Authorisation” (ESTA, like the USA is to bring in) requiring prior “authorisation to travel”, a “European Border Surveillance System” (EUSOR) and the “Integrated European Border Management Strategy”.
The European Data Protection Supervisor (EDPS) is less than impressed, warning of “far reaching proposals implying the surveillance of the movements of individuals follow[ing] each other at an amazing pace”. The “sheer number” of proposals coming out in a “seemingly piecemeal way” make it extremely difficult for parliaments and civil society to “contribute meaningfully”, the EDPS says.
Many complex surveillance and identity systems start their life by beta testing a sophisticated user population, and the EU automated border system will be no different. Its initial phase involves compulsory targeting of frequent travellers (though the definition of “frequent” remains unclear). The European Commission last year confirmed: “The future development of EU policy will require processing frequent third country travellers at the external border crossing points by verifying their biometrics during the ABC process.” Once the system’s bugs have been ironed out with this population the way will be clear to make the process universal for all travellers.
The EU is not acting alone. There is a global push for the adoption of electric passports with embedded biometrics. Such documents, containing a contactless (RFID) chip are capable of storing biometrics. The International Civil Aviation Organisation (ICAO) set a goal for all countries to have this generation of passports operable in 2010, though that target has not been met.
At the core of the next EU phase is a new €15 million Commission-funded research programme “Enhancing the workflow and functionalities of Automated Border Control (ABC) gates – Integration Project”. The internal documentation advises that the project goal is the: “Development of a modular, easy to integrate, optimized, next generation automatic border control solution that allows secure, fast and comfortable border crossing checks for European and frequent 3rd country travellers; and incorporates new technologies which enable harmonized concepts for all types of border crossing points and all official identity e-Documents.”
The 20-partner consortium that won this contract includes: the Austrian Ministry of Interior BM.I; the Austrian Institute of Technology AIT; the Austrian State Printing House; the Finnish Border Guard RVL; Giesecke & Devrient – Industrial Partner; the International Centre for Migration Policy Development – Public Authority; and the European Commission Joint Research Center – Public Authority. The level of secrecy of these projects is a cause for concern.
On 2nd August 2012 Günter Schumacher, principal researcher for the European Commission’s Joint Research Center emailed me to ask if I would consider nomination for membership of the project’s Privacy Advisory Board. I will let the chain of correspondence speak for itself. Suffice it to say that the consortium appears unwilling to share detailed information even with those experts it wishes to second onto the project. I – doubtless in common with many others – could not be party to a secret process. The one document I did receive says little, though the schemer indicates that privacy and legal rights do form a visible part of the programme.
This situation is not good for Europe or for the rest of the world. Confusion, complexity and lack of transparency will not build the level of trust necessary to make this scheme viable.
This article is also available on Simon Davies’ website The Privacy Surgeon.
Note: This article gives the views of the author, and not the position of EUROPP – European Politics and Policy, nor of the London School of Economics.
Shortened URL for this post: http://bit.ly/NK71wC
Simon Davies is founder of the watchdog group Privacy International. He has been a visiting scholar at the University of Greenwich and the University of Essex, a Distinguished Visiting Scholar at George Washington University and for 14 years until 2011 was appointed to the London School of Economics, where he taught the MSc Masters course in “Privacy & Data Protection”. He is also co-director of the LSE’s Policy Engagement Network and is currently a project director with the LSE.