CHALLENGE | Liberty & Security



A Research Project Funded by the Sixth Framework Research Programme of DG Research (European Commission)

This is an archive of the CHALLENGE website ..




Home page > Policy recommendations > Trends in Biometrics

Trends in Biometrics

Monday 4 December 2006, by Lodge Juliet

imprimer

Directorate-General Internal Policies

Policy Department C

Citizens Rights and Constitutional Affairs

TRENDS IN BIOMETRICS

BRIEFING PAPER

Summary:

Ad hocism, finance and industry drive trends in policies and emerging choices. The EU 25 diverge over the choice of biometrics, ID cards and passports, inter-operability, format, document durability, technical scope of the attendant technology (including document readers, staff training), quality codes of practice, ability and interest in measures to combat malevolent insider action. There are discrepancies between government rhetoric and practice. There are claims that data protection is primary but inadequate attention seems to be paid to combating opportunities for fraud, including out-sourcing to private sector concerns inside the state or to third states .Out-sourcing poses a serious threat. Proper risk assessment and the introduction of appropriate, strong democratic controls are essential to the success of the Hague. The claims of biometrics are poorly communicated, soft law abounds with weak controls and inadequate levels of knowledge about the respective technologies and the possibilities opened by them. National parliaments with a strong EP must ensure accountability and legitimacy. There is an urgent need for a framework directive on data protection for law enforcement purposes before realising the principle of availability and widespread inter-operability, and to set out an EU model on biometricised egovernance.

IP/C/LIBE/FWC/2005-xx

This note was requested by: The European Parliament’s committee on Civil Liberties, Justice and Home Affairs.

This paper is published in the following languages: EN, FR.

Authors: Juliet Lodge, Jean Monnet European Centre, Institute of Communication Studies, University of Leeds, UK

Manuscript completed in 28 September 2006

Copies can be obtained through: Tel: 32105

Fax: 2832365

E-mail: japap@europarl.europa.eu

Informations on DG Ipol publications: http://www.ipolnet.ep.parl.union.eu/ipolnet/cms

Brussels, European Parliament

The opinions expressed in this document are the sole responsibility of the author and do not necessarily represent the official position of the European Parliament.

TRENDS IN BIOMETRICS

Juliet Lodge [1]

Political claims made for biometric identifier documents relate not to their intrinsic characteristics but to the uses to which they are to be put. A mismatch between what governments claim, say and do results. A public trust deficit grows. The mesmerizing possibilities opened by inter-operability, information and data exchange by civil and law enforcement agencies so far escape effective parliamentary scrutiny and control. This is not just a problem of biometrics. It is one that biometrics highlight. Citizens are unlikely to have a choice as to whether or not they wish to supply their biometric details to government authorities or public policy agencies. Biometric eIDs are increasingly common.

Inter-operability, information exchange and cooperation make the division between civil and criminal law administration and jurisdictions increasingly archaic and problematic. Cooperation in the exchange of information between security and forensic agencies, as envisaged by the Commission Green Paper, illustrates this. Crudely, citizens, not even those suspected of a criminal offence, doubt that they genuinely have authority over the release of information about themselves. Checking data accuracy, amending it, and locating it is hard and costly, and underlines digi-exclusion. Suspicion grows that the introduction of biometric standards and requirements is driven by outside interests rather than domestic agencies.

At EU level the introduction of biometric documents (not an EU responsibility) have been semi-legitimised by soft law measures such as European Council conclusions. Their implementation is not subject to proper control or scrutiny by national parliaments or by the European Parliament. Similarly, in 2003, the potentially growing role of consular services e-cooperation in providing visa services was presaged in a document on uniform formats for visas and for residence permits. [2] Such precedents could have unfortunate consequences if the European and national parliaments do not counter this way of using technical requirements to extend the remit, scope and function notably of security related agencies (like VIS, SIS II, Europol, Eurodac, Frontex, Eurojust and Schengen - which includes third states) without public debate, justification, scrutiny or ongoing accountability to parliament.

Why biometrics? A biometric is a measurement. Biometric identifiers are supposed to uniquely identify and reliably confirm an individual’s identity. Their use raises similar concerns to those relating to the storage of DNA data [3]. The trend is for biometrics to be used as a password or key to authenticate an individual’s identity and with it his entitlement to access public and commercial services, exercise his rights (though e-voting in public political elections has encountered problems), and engage in processes connected to living in modern societies. The number of biometrics a document holds is prescribed by private commercial or public authorities according to their own criteria. e.g., whereas ICAO prescribes one facial image for passports, two biometrics are increasingly the norm in member states’ passports.

Public acceptance of biometrics is unclear. Biometrics as a blanket term for ICT storage of personal information is confused with data privacy issues, remote (not personally authorised) inter-departmental cooperation and exchange of information about individuals for rather general and often unclear purposes. The assumed distinction between public and private sector responsibilities is made unclear by public authorities outsourcing, for cost efficiency reasons, data to private agencies within and outside their territory. The question of who owns the data is equally unclear to citizens. Several states normally permit routinely or conditionally [4] the transfer of data beyond their territory providing the recipient has ratified the Council of Europe Convention 108. Safeguards on information exchange or cooperation short of inter-operability lag behind ICT possibilities. Beneficent intent on the part of governments needs to be demonstrated and not just claimed or assumed.

Public acceptance of the implementation of inter-operability or ICT enabled information exchange must not be inferred from their provision of biometrics or any acceptance of the biometric tool as part of egovernance. Public understanding of what happens to personal data is at best weak. Regardless of vague support for EU cooperation to combat crime, there is disquiet over the Hague programme principles of availability partly because of Big Brother concerns; partly because de-territorialised information exchange seems to elude control by parliament or by citizens themselves; and partly because more and more areas of domestic policy appear securitised and enmeshed in unfathomable, complex security grids where external and internal security and borders are increasingly permeable and insubstantial.

Political responses to the realities of egovernance lag far behind technological realities. The focus on biometrics provides an opportunity to rethink the purpose of government. Biometricised travel documents are the tip of an iceberg. Public political accountability in egovernance is generally weak, mis-configured as quality codes of good practice, and subject to voluntary accreditation, certificated security management compliance, peer or managerial review rather than open, public parliamentary accountability to the elected representatives of the people. This means that egovernance function creep progressively deprives parliaments of their responsibility and ability to act as a check on the executive, to combat the abuse of power, to be the voice of the people, and to play a role as the grand forum of contemporary political discourse about political priorities, choices and alternatives.

Biometrics are a tool. Governments across the EU increasingly advocate biometric enhanced identity documents. Biometric data to verify the authenticity of an individual’s claim to be the person named on a travel or any other document are not new. They and associated profiling have been used for ID cards and travel document purposes for over 70 years. What is new is (a) the speed with which biometric data can be collected, stored and exchanged by inter-operable data systems and data miners; (b) their conflation with information from which culture, behaviour and/or profiles may be inferred as illustrated in the PNR arguments before and after 30 September 2006; and (c) apparent EU willingness to allow biometric data transfer on a one way basis to a third state.

In all EU member states, the trend is for government agencies and corporate interests using biometricised documents to downplay the technical disadvantages (false positive and false negative matches of all biometric tools, costs, divergent or competing standards, problems with proper installation of systems, network security, formats, durability, quality of images, biometric [5], and biometric documents, dangers of inter-operability, susceptibility to capture by ambient technologies, fraud, ID theft, ownership of legal liability for systems etc) and advocate their widespread roll-out as a way to extend the application of ICTs to government and especially in relation to certain problematic policy areas - to monitor migration, combat identity theft and fraud, cut costs, produce efficiency gains for administration, and enhance convenient access to government services for citizens. Competing claims are made about:

the relative reliability of individual or grouped biometric measures (iris recognition, finger prints, thumb-prints, hand-prints, voice-prints, signatures, 3D facial images, face or vein heat pattern imaging),

their ease ‘enrolment’ for embedding on travel and residence documents

their ease of ‘capture’ or remote ‘matching’ as individuals go through border post checks, and

resistance to fraudulent copying and identity theft (even with OSW)

robustness of PKI and eMRTD; and the

Added-value they offer to combat fraudulent access to socio-economic welfare services by individuals not entitled to them, and to combat crime and terrorism. [6]

The sometimes unspoken agenda and claims made about the need for biometric IDs relates to border control, combating visa shopping, legal and illegal economic migration, people trafficking, piracy, smuggling. Migrant destination states within the EU and further afield in particular advocate and increasingly use biometric identifiers for minors (e.g. lowering the age for fingerprinting) and universalising them across the community. A common claim is that biometrics help trace people (e.g. in disasters) and cut the burden on socio-economic welfare services arising from fraudulent and/or multiple claims made by certain migrants and others. In states with little inward migration, there is less interest in biometrics as a tool to combat crime and more interest in the convenience of individuals being able to enrol their personal data on a one-stop shop basis to access public services and entitlements.

Generally, states play relatively little attention to the issues of digi-inclusion and digi-exclusion, mandatory versus voluntary enrolment in biometricised identity documents, the ability of users to pay for the initial and subsequent cards [7], and safeguards against of malevolent insider fraud. The ideal of exchanging personal data (including biometric data) subject to the principle of informed consent seems understood but not necessarily well-articulated in legislation or implementation. Governments and commercial interests rather than citizens seem to be the drivers behind and beneficiaries of egovernment delivery. This is partly because (a) communication over the purposes of biometric ID cards and accountability for their deployment is hazy, weak or non-existent, costs and use are poorly communicated in many states with implausible claims in some as to how they will combat crime, illegal immigration and terrorism (the culture of fear) and enable simple egovernment in civil and critical infrastructure applications; (b) parliaments seem out of the loop so politico-legal rules and legislation lag very far behind ICT progress; (c) many governments are reticent to admit publicly that ICT cooperation is essential to realising the principle of availability, and that egovernment convenience for citizens depends on realising inter-operability.

ICT advances + Political lag = growing public distrust

If biometric documents were no more than a tool to verify and authenticate individuals’ identity, public distrust would be low or unlikely. They are not. For them to be useful, data banks that are inter-operable are needed both within member states’ national administrations and across them on a functional basis, as implied by the needs of Frontex, Europol, Eurodac, VIS, SIS II, police, customs, migration and judicial cooperation on law enforcement, crime and immigration matters as well as in relation to cross-border civil law issues ranging from eprocurement of goods and services to family law, driving licences and insurance.

A biometricised ID card could become the only way of crossing quasi-borders in non-territorial spaces of egovernance, as well as at the virtual and drifting border of the EU. Biometricised travel documents, eIDs, e-purse, and transaction cards are common or in prospect in EU member states. They can be used for purposes other than the very limited ones of verifying a person’s identity. E.g. to check that he has paid road tax, has insurance and so on. Inter-operable data bases are very useful to both private and public sectors. It is risky to infer that the seeming readier uptake of RFID and biometric cards to expedite the consumption of goods and services, such as the bar cultures of digi-IDs in verichips or smartcards, necessarily means that the public trusts private authorities more than public ones. It is equally risky to assume that public-private services are separate [8]. Transport authorities may be linked to databases like SIS II. Civil/criminal issues are not in separate silos or able to be monitored, scrutinised or regulated accordingly by parliaments.

Out-sourcing data collation, processing and checking on civil and commercial matters is risky and eludes effective, territorial scrutiny by existing political or regulatory authorities. Out-sourcing aggravates the decline in parliaments’ ability to hold governments accountable. RFIDs and the prospect of remote reading of eIDs heightens the risk. The possibilities of ambient ICTs and nanotechnology applications in smart border control (and hence inter alia tracking goods and persons) means that there is a need not just regularly to review and update data privacy and human rights protection but swiftly distil an EU standard as a model complete with strong, effective public control through the European Parliament. At a minimum, co-decision should be universalised and all soft-law routes scrutinised by MEPs. The European Parliament, where it lacks constitutional power, should consider exploiting links with national parliaments to this end and on a carefully considered basis exercise its own voice and power to unveil issues or press governments into justifying their positions in the legitimate cause of the public good while observing due diligence regarding security.

2. TECHNICAL CHOICES

To minimise the opportunities for error and counterfeiting it is useful to have a uniform format with common set of biometric data (face and two finger-prints at least) based on a uniform technical standards for RFID chips (CENELEC) and ICAO compliant. Diversity heightens the opportunity for fraud. The choice of biometric used in the EU members’ passports and IDs diverges: iris, hand, finger, facial recognition or a combination of two or more (usually face and fingerprint) are common for passports. Pre-enrolment in iris recognition systems in some states permits automatic identity verification at border crossings and has been piloted in several both before and during the World Cup. There is wide variance in the ability of border posts to verify the authenticity of documents (including fraudulently used stolen or blank travel documents). Biometric IDs alone cannot compensate for the lack of a level playing field. Somewhat exaggerated claims are made for biometrics to mask general security-related policy goals. A disingenuous argument for their deployment is put whenever economic migrants target entry points where checks are weakest, lack robust technology. According to the Head of the UK Passport agency this year, biometric requirements would not deter forgers, and therefore the claims that such documents could combat terrorism was open to doubt. [9]

3.WHY? WHEN? HOW?

Public tolerance and acceptance of IDs and eIDs varies from state to state. Data protection legislation and implementation differ. The credibility of claims made on proportionality, fitness for purpose, subsidiarity, ideals of purpose limitation in public authorities’ access to, and use of, biometric or any ICT based data associated with an individual are challenged by out-sourcing, trust in ICTs and trust in political and judicial and law enforcement agencies. The question of how biometric data will be used, by whom and on whose authority is opaque. It is unlikely that a citizen is or will be able to remain in control of when, by whom and how his data is accessed. Ambient intelligence and nanotechnology are not used to enhance public control. Parliaments have not addressed this sufficiently.

4. BIOMETRICS: A TRIPLE DEFICIT

Paradoxically a piecemeal approach to the roll-out of biometric eIDs and transaction cards facilitates public use and acceptance on a limited functionally specific basis but increases the risk of diversity and fraud, and heightens distrust as public knowledge grows. There are at least three areas of weakness including:-

1. technical – inadequate and incompatible ICT infrastructures; problems of information processing and exchange; inter-operability and data transfer; big system failure; rapid obsolescence; resilience against fraud

2. political – there is a triple trust deficit. This extends from i) intra and inter-agency cooperation to ii) digi-exclusion and iii) public fears over Big Brother inter-operability, function creep, malevolent insiders, corruption, irresponsible or erroneous data entries, cost of and means to correct wrong information; declining credibility of government claims; and lack of public accountability and controls especially on questions of soft law implementing measures as well as pillar III and border controls

3. communication – who is driving the agenda? Private corporate interests or governments? There is concern and suspicion that the US has disproportionate influence in shaping the EU’s ICT agenda on police and judicial cooperation, biometrics and Hague programme implementation. This gives the impression that the agenda is not of the EU’s choosing or priorities and that an alien model creeps into the EU. Where is the EU model that reflects member states’ technical requirements, data privacy rules, and political accountability demands?

5. CONCLUSIONS: A EUROPEAN MODEL FOR CITIZENS

Biometrics are a tool, not the answer. Policy goals and strategies resting on inter-operability require democratic legitimation. Parliaments must challenge and check naïve claims by security and related agencies (eg customs, police, judicial bodies, migration, transport and critical infrastructure) that it will be operationally possible to abide by limited purpose uses. Operational success is likely to continue to require swift sharing of information. Mandatory codes of practice on standards, data use, storage, transmission, exchange or, crucially evaluation, analysis and re-use are insufficient to overcome or allay agency distrust, fears of corruption, and abuse of access to private or secret data. Local custom affects the content, implementation, application and interpretation of these as well as interpretation of the public interest, and exceptions to the rules that may be made in order to protect the public interest by subordinating the interests of an individual or group of individuals. There is a need for a clearer definition and understanding of ‘good faith’ to try and show how, when and under what conditions information exchanges can be operationally warranted. The European added-value of biometrics has to be demonstrated and legitimised.

The missing ICT argumentThere is a need to show that biometric eIDs can be part of a two-way flow of information to authenticate the individual seeking access to services or data and verifying that this eID authenticated individual has a legitimate right to do so. As yet, few governments seem persuaded that a match-on-card system that minimises tracing should be the norm. Yet that is likely to be preferred by citizens.

Missing political inputA political response is needed to shape how biometrics are selected, to legitimate their use for specified and limited purposes, to legislate for robust safeguards and control interoperability, and to prompt public debate on control over, as well as the purpose and means of, government in the digi-age. The EP and NPs should initiate this.

Insufficiency of parliamentary controlNational Parliaments are insufficiently consulted by governments for many reasons. The right to be consulted will only be meaningful if there is an attendant right to meaningful response from government (e.g. an explanatory note of government position together with indication of remedial follow-up action).

6. SUGGESTIONS FOR A WAY FORWARD

The EP should seek action to safeguard the needs and rights of the digi-excluded and digi-self-excluded (who may be handicapped and unable to understand or physically manage biometric enrolment processes)

The European Parliament should promote review of the meaning, location and safeguarding of borders – the EU has shifting virtual borders. Pillar I supervision arrangements should apply to and be consistent with pillar III regardless of which authorities are involved and especially because collaboration among them crosses the pillars (eg Data protection, VIS, Europol) and because non-EU actors such as Interpol, FBI and third states may have observer or other rights vis-à-vis them, thereby giving them greater insight than democratically elected parliaments.

Comitology under pillar III must be replaced by NP scrutiny and especially accountability to MEPs.

The Commission should simultaneously communicate its proposals and impact assessments to member governments, the EP and NP and publish in full the amended consolidated texts of any amendments.

NPs should on their own initiative annually or at request of EU institution, comment on Commission evaluations of immigration, customs, judicial and policing agencies like VIS, and send these to LIBE and Commission. They should notify EU institutions immediately of any concerns they have over such bodies’ access to, e-exchange or use of biometric data or other e-data, and over their operation or actions in the member states. Monitoring is not enough owing to divergent national practices. MEPs should take own initiative steps to secure input from national parliaments.

The EP should urgently seek a framework directive on data protection (including reliability, standards, quality, out-sourcing, inter-operability) for law enforcement purposes before the principle of availability is implemented. It should specify: what and with which agencies inter-operability may be realised, and under what conditions (including biometric authentication of data inputters), and subject to precise parliamentary accountability at member state and EU level. [10]

The EP should seek an EU framework directive to set out a European model urgently that any agency, whether located on EU territory or not, whether owned by an EU interest or not, is obliged to respect if it handles data about EU citizens. It should specify how this is to be given effect, and what responsibilities and liabilities such agencies have vis-à-vis citizens. NPs should urgently seek a review and revision on computer misuse.

The lag between legislative reality and ICT possibilities grows unchecked : parliaments and the people, and ultimately the European idea and practice of democracy risk being undermined by the unthinking roll-out and implementation of ICTs and nano-technology applications to tracking, whether biometricised or not.

ANNEX 1

A NOTE ON TERMINOLOGY

Several terms are often defined in such a way as to allow all wide variety of interpretations. It is important to note the differences as it can lead to very different policy outcomes, agendas, and goals.

Exception:

This term is usually used to exempt a procedure from usual constraints particularly when public safety and security are at risk and ‘exceptional circumstances’ may lead to the suspension of certain civil liberties, transparency obligations, etc. See www.libertysecurity.org

Biometrics:

EU member states tend to interpret this as meaning a statistical measure of a physical characteristic of an individual that is unique to the individual. This is not the same as DNA where there is a higher chance of closer matches of DNA between one or more individuals. Biometrics in the context of passports refer mainly to fingerprints, and facial images (taken in a particular way). They also refer to handprints, voice recognition, vein imaging, signatures etc. Iris recognition is a deployment of biometrics which allow for fast recognition of an individual providing his iris is stored in high quality resolution in a specified data bank. Schipol airport provided one of the major trials of iris recognition border crossing for frequent travellers.

US definition of biometrics is far broader. The National Science and Technology Council has defined this as the statistical analysis of biological observations and phenomena.

Caution:

Fraudulently enrolled biometrics have to potential to given the individual concerned a ‘legal’ identity.

BWG (2003) Report on Biometric Security Concerns

The UK Government Biometrics Working Group (BWG) operated by CESG, the UK Government Information Assurance Technical Authority - as part of the European Commission BIOVISION project to guide the Commission on future issues and research on biometrics in Europe to 2010 stated :-

Biometrics do not provide perfect (unique) identification. The matching process is probabilistic and is subject to statistical error. A mistaken identification or verification where the wrong person is matched against an enrolled user is termed a False Acceptanceand the rate at which these occur is the False Acceptance Rate (FAR). Conversely, an error that occurs where a legitimate user fails to be recognised is termed a False Rejectionand the corresponding rate is the False Rejection Rate (FRR).These errors are dependent not only on the technology but also on the application and the environment of use. FAR and FRR errors are influenced by numerous factors including: Uniqueness of biometric features; Capture device;Algorithm;Environmental interference (lighting, noise etc.);User population (demographics, employment, etc.) ;User behaviour (attitude, cooperation etc.) (p.5)

Inter-operability:

inter-operability is a term used to refer to the capacity of databases to be linked or interrogated to enable deeper searches for information on a given individual subject. It is possible that many different systems of varying quality will enable inter-operability but this is no use if accuracy is low. It is therefore imperative to specify and possibly require certified standards of accuracy. This is likely to mean that relatively few producers of the technology can meet the requirements needed for deploying inter-operable systems in JHA and related areas, and in egovernance more generally.

The requirements for the quality of the fingerprint images should be established by the Committee created by Article 6 of Regulation (EC) 1683/95.

EU position

Fingerprint images shall be taken from «flat» fingers and not be «rolled». The rolled fingerprint needs the intervention of a second person. In order to avoid physical contact between consular officials and the visa applicants, «rolled» fingerprints should be excluded. Source Brussels, 24.09.2003 COM(2003)558 final p.5

US

Rolled fingerprints are the norm in the US.

Fingerprint interoperability testing has been done by the President’s National Science and Technology Council. It is responsible for federal coordination of science and technology policy and preparing coordinated R&D.

****

Fingerprint taking is, in several EU states, associated in the public mind with the criminalisation of law-abiding citizens.

USEFUL WEBSITES

http://www.libertysecurity.org

http://www.biteproject.org/biometrics_migrants.asp

http://www.theregister.co.uk/2005/07/01/bio_passport_fraud/

http://www.bioethics.it/

http://europa.eu.int/idabc

http://europa.eu.int/information_society/topics/research/visionbook/index_en.htm

http://www.ejustice.eu.com

http://www.r4egov.info

http://www.bigproject.org

http://www.privacyexchange.org/tbdi/pdataflow.html

http://europa.eu.int/comm/internal_market/de/dataprot/index.htm

http://www.geocities.com/woodwardlaw/linksbiometrics.html

ANNEX 2

This contains some excerpts from reports, and references to relevant documents and websites of relevant research programmes.

DOCUMENT FORMAT

The format of documents needs tight specification to be useful for border control and other purposes. Policy goals, function expansion and technical considerations need to be taken into account. Technical issues relate both to the quality of data and other standards such as the type and imprint depth on card or paper are important matters, durability, degradation, accuracy and obsolescence.

BACKGROUND

18 February 2002, the modification of the uniform format for visas was

adopted by Council Regulation (EC) 334/20021 (amending Regulation (EC) No 1683/95 laying down a uniform format for visas)

13 June 2002 Regulation (EC) 1030/2002 laying down a uniform format for residence permits for third country nationals

3 June 2002 The Commission proceeded to adopt the additional technical specifications in relation to the visa and on 14 August 2002 in the case of the residence permit.

Member States are obliged to implement these new specifications before the final dates of 3 June 2007 and 14 August 2007 respectively.

NOTE: Affirmation of the obligation on EU institutions and on the Member States to abide by principle of LOYAL COOPERATION stressed in Coelho report

CIVIL AND POLICE COOPERATION

EXTRACT from Coelho report on SIS SIRENE links for transport purposes PROVISIONAL 2005/0104(COD) 31.3.2006

DRAFT REPORT

on the proposal for a regulation of the European Parliament and of the Council regarding access to the Second Generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates (COM(2005)0237 – C6-0175/2005 – 2005/0104(COD))

Committee on Civil Liberties, Justice and Home Affairs

Rapporteur: Carlos Coelho

The objective is to give vehicle registration authorities … access to the second generation Schengen Information System (SIS II). SIS II, while being one IT system, is created by two different legal acts in the first (proposal for a Regulation COM(2005)236) and third pillar (proposal for a Decision COM(2005)230). A separate legal instrument for vehicle registration authorities is necessary because of the legal basis (Article 71 TEC; transport policy).

The legal link between these texts is achieved by the recitals 2 to 5.3

The legal consequence (for example the case of a person trying to register a stolen car) is regulated is different texts: The present legal act would give the vehicle registration authority the possibility to check whether a vehicle presented to them has been stolen. If this is the case national law would apply (for example to inform the police of such a situation). This is laid

down in Article 1(4): The communication to the police or judicial authorities by services referred to in paragraph 1 of any information brought to light by access to the SIS II which gives rise to suspicion of a criminal offence shall be governed by national law.Once thepolice, by national law, learnt about the situation, Article 36 of the third pillar Decision (seerecital 10 of the present legal instrument) becomes applicable (the police will via the Sirene authority contact the authority which entered the stolen car.)

Note

Regulation (EC) No 1160/2005 of the European Parliament and of the Council of 6 July 2005 amending the Convention implementing the Schengen Agreement of 14 June 1985 on the gradual abolition of checks at common borders, as regards access to the Schengen Information System by the services in the Member States responsible for issuing registration certificates for vehicles

COMMISSION’S IMPACT ASSESSMENT Creation of rapid border intervention teams (amending regulation 2007/2004/EC)Document SEC(2006)0955 of 26/12/0024 - Document annexed to the procedure

Commission’s proposal for a Regulation of the European Parliament and of the Council establishing a mechanism for the creation of Rapid Border Intervention Teams and amending Council Regulation 2007/2004/EC as regards that mechanism– COM(2006)0401.This states:-

Third-pillar police cooperation instruments.If the conduct of control and surveillance operations on external borders complies with the rules laid down by Community law and in particular Regulation 562/2006/EC of the European Parliament and of the Council establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code), they would not be exclusively limited to combating illegal immigration. This option seeks to use the instruments available under Title VI of the TEU to create rapid border intervention teams and to define the framework in which the powers would be conferred on border guards.

DRAFT REPORT (Ludford)on the proposal for a Council decision concerning access for consultation of the Visa Information System (VIS) by the authorities of Member Statesresponsible for internal security and by Europol for the purposes of theprevention, detection and investigation of terrorist offences and of other serious criminal offences(COM(2005)0600 – C6-0053/2006 – 2005/0232(CNS)) 10.3.2006

Committee on Civil Liberties, Justice and Home Affairs, Rapporteur: Sarah Ludford.

Argued that it should be made clear that the main purpose of the VIS is the improvement of the common visa policy. Access by internal security authorities and by Europol should be an exception.

Draft proposal for a Regulation of the European Parliament and of the Council establishing a Community Code on VisasSEC(2006) 957 SEC(2006) 958 COM/2006/0403 final - COD 2006/0142 26 Sept 2006

Data protection legislation has to be carefully considered. E.g. in the UK,Section 29(3) of the Data Protection Act gives the permissive right for disclosure (e.g. to consular offices for visa purposes) under certain circumstances. Routine information exchange requires the data subject’s expressed permission. Exceptional exchange on an individual basis may be permitted where the circumstances are of sufficient ’merit’ to persuade the Data Controller that the information be revealed to a third party without the data subject’s consent being obtained.

IMPORTANCE OF NANOTECHNOLOGY

Nanotechnology is the manipulation or self-assembly of individual atoms, molecules, or molecular clusters into structures to create materials and devices with new or vastly different properties (Ransdorf report)

Commission CommunicationTowards a European Strategy for Nanotechnology (COM(2004)338). The Commission’s Action plan, adopted on 7 June 2005, is a concrete implementation of the strategy for nanotechnology that the Commission adopted in 2004.

Extract from PROVISIONAL 2006/2004(INI) 23.3.2006 DRAFT REPORT (Ransdorf)on Nanosciences and nanotechnologies: An action plan for Europe 2005-2009 (2006/2004(INI)) Committee on Industry, Research and Energy Rapporteur: Miloslav Ransdorf

The prefix ’nano’ comes from a Greek word for ’gnome’ or ’dwarf’. In more technical terms, nano equals a billionth and therefore a nanometre is one billionth of a meter. To illustrate this, 1 nanometre is about 1/80,000 of a human hair, a virus is approximately 100 nanometres in size, and one paper-sheet is 100.000 nm thick…. At that miniature scale, components and structures exhibit revolutionary new physical, chemical and biological characteristics. For example: materials from carbon nanotubes are 100 times stronger than steel, but 6 time lighter; ….

Nanotechnologists are also investigating … how new security techniques can help in crime prevention…. Nanotechnology … opens a new world of opportunities and solutions in all kinds of areas and industries. Nanosciences and nanotechnologies are expected to have an impact on nearly every industry and are therefore considered to be one of the key technologies for the 21st century.

OTHER RELEVANT DOCUMENTS INCLUDE

European Commission COM (2003)558 final Brussels, 24.09.2003, 2003/0217 (CNS), 2003/0218 (CNS)

Proposal for a COUNCIL REGULATION amending Regulation (EC) 1683/95laying down a uniform format for visas

Proposal for aCOUNCIL REGULATIONamending Regulation (EC) 1030/2002laying down a uniform format for residence permits for third-country nationals


Draft proposal for a Regulation of the European Parliament and of the Council establishing a Community Code on Visas SEC(2006) 957 SEC(2006) 958 COM/2006/0403 final - COD 2006/0142 19.7.06


Proposal for a COUNCIL DECISION on the transmission of information resulting from the activities of security and intelligence services with respect to terrorist offences COM (2005) 695 final Brussels, 22.12.2005 2005/0271 (CNS)

See http://www.europarl.europa.eu/oeil/file.jsp?id=5373432 for extract from COD/2006/0142Title Common visa policy: establishing a Community Code on visas

Dossier of the committee LIBE/6/39459 Subject(s) 7.10.04 external borders crossing and controls, visas

Extract (New dimensions of the visa issuance procedure:the establishment of the Visa Information System on the exchange of data between Member States on short-stay visas (VIS) will fundamentally change the processing of visa applications. On the one hand, Member States will automatically gain access to information on all persons having applied for a visa (within the 5-year period of retention of data) which will facilitate the examination of subsequent visa applications. On the other hand, the introduction of biometric identifiers as a requirement for applying for a visa will have a considerable impact on the practical aspects of receiving applications. As the VIS should become operational already 2007, the Commission has chosen to update the CCI in a separate legal proposal, which sets the standards for the biometric identifiers to be collected and provides for a series of options for the practical organisation of Member States’ diplomatic missions and consular posts for the enrolment of visa applicants as well as for a legal framework for Member States’ cooperation with external service providers. The contents of that proposal are inserted into and adapted to the structure of the present proposal, which will be amended once negotiations on the separate proposal have been finalised. The provisions for the cooperation with commercial intermediaries, such as travel agencies and tour operators, have been strengthened, in order to take account of this new situation.


Proposal for a Council Decision fixing the date of application of certain provisions of Council Decision 2005/211/JHA of 24 February 2005 concerning the introduction of some new functions for the Schengen Information System, including in the fight against terrorism; Council doc. 12576/05


Commission Green paper:

http://www.statewatch.org/news/2006/sep/eu-com-detection-techn-com-474.pdf


Commission Communication «A strategy for a Secure Information Society – Dialogue, partnership and empowerment»– COM(2006)0251. This proposes benchmarking and good practice monitoring only.


Proposal for a Council Regulation amending Regulation (EC) No 2201/2003 as regards jurisdiction and introducing rules concerning applicable law in matrimonial matters SEC(2006) 949 SEC(2006) 950 COM/2006/0399 final - CNS 2006/0135 26.9.06

30 May 2006

Judgment of the Court of Justice in Joined Cases C-317/04 and C-318/04

European Parliament v Council of the European Union

and European Parliament v Commission of the European Communities

THE COURT ANNULS THE COUNCIL DECISION CONCERNING THE CONCLUSION OF AN AGREEMENT BETWEEN THE EUROPEAN COMMUNITY AND THE UNITED STATES OF AMERICA ON THE PROCESSING AND TRANSFER OF PERSONAL DATA AND THE COMMISSION DECISION ON THE ADEQUATE PROTECTION OF THOSE DATA

Neither the Commission decision finding that the data are adequately protected by the United States nor the Council decision approving the conclusion of an agreement on their transfer to that country are founded on an appropriate legal basis

Word - 494.5 kb
Trends in Biometrics

Footnotes

[1] Jean Monnet European Centre, Institute of Communication Studies, University of Leeds, UK.

[2] Brussels, 24.09.2003 COM(2003)558 final

[3] Statewatch reported that the DNA of 5.24% of the UK population was stored by 2004. This compared to 0.98% in Austria, 0.83% in Switzerland, 0.50% in the USA and 0.41% in Germany. UK figures rose substantially when a change in the law permitted that DNA and fingerprints can be compulsorily be taken by police from anyone arrested for any offence - DNA and fingerprints can be kept on the National DNA Database (NDNAD) even if the person is not charged with any offence or has been acquitted of an alleged offence. See: Report on UK DNA database: http://www.statewatch.org/news/2006/jan/uk-DNA-database.pdf

[4] The CNIL in France makes transfers conditional under certain circumstances and if it is not convinced that standards match its own, a reservation has been applied to many EU states except Germany.

[5] Brussels, 24.09.2003 COM(2003)558 final

[6] On the tender of the US Army for a biometric data base on terrorist suspects. See http://www.prwatch.org/node/4409

[7] Belgium was the first EU states to roll out eIDs at a cost to the individual of €10. Typically biometric passports now cost a lot more (£66 per adult rising to £108 for same day renewals in the UK).

[8] A small illustration from the UK shows that the authority responsible for driving licence and annual road tax issues (DVLA) is linked to that responsible for vehicle safety (VOSA) and insurance companies, as well as to databases like SIS II.

[9] http://www.theregister.co.uk/2005/07/01/bio_passport_fraud/ For example, (East coast ports of the UK are believed to be softer entry points to the EU than south coast and London, for example, even for migrants for whom the UK is not the ultimate destination).

[10] This would include regional levels such as Land level where regional parliaments have authority.


Follow-up of the site's activity RSS 2.0 | Site Map | SPIP | CERI CERI | CEPS CEPS | Sixth Framework Programm Sixth Framework Programm