I made a mistake in my blog “Uncomfortable questions over biometric ID Cards and national security” posted on the 18th Feb. A couple of days after I had posted the text, the BBC carried reports that the Foreign Secretary had said that the new UK biometric passports were not used by those who assassinated a Hamas official in Dubai. I had written the blog assuming the passports were the biometric ones, so obviously my comments about how the biometric details were compromised was 100% wrong.
However, I do think that the Foreign Secretary’s claim that biometric passports would not have been exposed in this same way is misleading. The reason for saying this is that the use of biometrics raises a new set of privacy problems.
So, suppose someone tries to enter a country with a fake passport. How does one know that the passport is invalid, assuming that it is not an obvious error (e.g. incorrect design; wrong quality of paper or a serial number with an incorrect checksum)? If there is a chip embedded in passport, then the chip will no doubt be loaded with the biometric of the passport holder – the impersonator.
I think the only sure way is to check the details on the passport with the enrolment data and biometrics provided when the passport was issued. This in turn means that UK biometric data would have to be shared world-wide to most international airports – thus increasing the risk of compromising the biometric data of all travellers (as well as other passport details).
In addition, the audit trail associated with the Passport database would have to contain details of the check (i.e. where and when travellers were checked – and of course dated). The same would go for when the passport is examined by hotel reception, or traffic police, or in connection with eligibility for free health care or whatever.
This problem also pervades the ID Card, now promoted as a way for young adults to gain entrance to pubs and clubs. How is a bouncer on the door of a night club going to know whether the ID Card is a “good ‘un”? Answer, I think, by doing a check against what has been enrolled – and this updates the details on the audit trail of the National Identity Register.
In other words, fixing the problem of compromised passports could result in transfers of personal data and audit trails that could easily compromise the notion of privacy.
Uncomfortable questions over national security
(For completeness: this is the text of my revised 18th Feb blog that has not been removed)
Last week, the Foreign Secretary got up in the House of Commons to say that his legal action before the Court of Appeal was to protect intelligence vital to national security given to the UK by the USA’s national security agencies.
In relation to the intelligence issue, I accept that there are immense difficulties. However, if we start from the position that intelligence is information from which one can deduced or infer a possible action, then the position becomes clearer. For example, if “X has been in contact with Y” then it might be important to put “Y” on a watch list.
I also do not think that “X has been water-boarded” qualifies as intelligence – it is a description of what has happened to X. It might be confidential to qualify the intelligence by explaining that “intelligence from X has been gained under torture”, but there again, it is the information that is provided that is the “intelligence” and not the means by which it was extracted from the informant.
In other words, the Foreign Secretary’s claim that “The seven paragraphs contain summaries of American intelligence relating to Mr Mohamed’s case held in UK files” cannot possibly be substantiated by the facts. One cannot possibly undermine the principle of protecting intelligence sharing if the information itself does not qualify as intelligence (in this case, it relates to inhuman or degrading treatment).
Reference: In my evidence to the Joint Committee on Human Rights published in 2006, I explore national security in the context of Parliamentary scrutiny, data protection, human rights and terrorism. I explain why the UK system of scrutiny desperately needs an overhaul (https://www.amberhawk.com/policydoc.asp)