ePassports and Biometrics

May 31, 2008 — 585

What are ePassports?

E-Passports look like traditional passports with the exception that they contain an RFID chip which contains data about the passport holder, including name, date of birth, address, etc .The chip can be read, at close range by scanners, which collects this information.

E-passports allow the records of who is going in and out of country to be handled more much quickly and efficiently. i.e the customs/immigration officers don’t need to write or type who is coming into the country, but rather just scan the passport. In addition to this chips can be used to contain more data – biometrics. Iris Scans, fingerprints, etc.

Despite the apparent benefits of the ePassports groups of people have complained about them. In 2005, a private individual developed a system to read, and clone the chips – therefore removing any argument of increased security of the passport. Reading and cloning the RFID chip is made possible by the lack of encryption on the data. The lack of security on the ePassport that the RFID chip also posed an issue for groups like the ” Future of Identity in the Information Society” – FIDIS – which is funded by the EU. This was reported by the BBC.

Even though the issues with the first generation security have not been resolved the UK government is pushing on with the 2nd generation epassports.

The “second generation” ePassports contain not only the the personal data that the first generation do, but also biometric information, e.g Iris scans, fingerprints, etc. The UK government gives a variety of reasons for introducing biometrics, most prominently “[To] ensure British Citizens can continue to benefit from visa-free travel to the USA”.

In short the UK’s passports design, security, and data collection, is being dictated by a foreign country.

Posted in Fingerprint Scanners, UK Law. Tags: , , . No Comments »

PRÜM: EFFECTIVE WEAPON AGAINST TERRORISM AND CRIME?

May 31, 2008 — 585

The House of Lords European Union Committee produced a report on 18th September 2007 into the Prum Convention with the title “Prum: Effective Weapon Against Terrorism and Crime?”.

The House of Lords raised several concerns including:

  • That police could enter any other state without permission
  • That the DNA exchange would be unfair

The first point has since been removed, so that police officers from foreign country’s can not simply enter the UK.

The second issue, raises several interesting points. The House of Lords believe that the DNA exchange would be “unfair”, because the reasons for collection in the UK are much lower, i.e innocent people, witnesses etc, have their DNA and Fingerprints taken and stored. Where as most countries require guilt to retain this data. This means two things 1) foreign goverments can access the DNA and fingerprint records of entirely innocent people 2) the House of Lords recognize the the UK is out of kilter with the rest of the world in its collection of a DNA database.

The House of Lords goes further, and is not just concerned about the exchange DNA data, but data in general:

The exchange of information, particularly by reciprocal access to national databases, must be subject to accountability. It needs appropriate guarantees as to the accuracy and security of the data, as well as procedures for recording data exchanges, and restrictions on the use of information exchanged.”

The House of Lords, raised many of these issues including with the German government who not only hold the European Presidency, but are also pushing for the Prum Convention more than any other country. The German government have been demonstrating the effectiveness of the exchange of data with their neighbors Austria. and as such have produced very successful arrest and clear up rates from this. Over 1,000 murders were solved the Germans reported. However, these figures are skewed for two reasons; firstly the goverments were clearing up old cases that they have a lot of, and so this is not comparable to day to day exchange of information. Secondly the countries are neighbors, and closely tied, therefore there is a greater probability of population exchange in this manner. Would the same statistics be true for Hungry and the UK, on a day to day basis? The fact that the German government is pushing the Prum Treaty, but not answering the difficult questions about it, concerned the House of Lords so much that they stated:

We put on record our regret that the German Presidency should have been unwilling to discuss with the Committee of a national Parliament an initiative to which we, like them, attach great importance.

The full report is available here – Prume – Effective Weapon against crime

Posted in UK Law. Tags: , , . No Comments »

Purpose of Fingerprinting Aslyum Seekers

May 31, 2008 — 585

Below is the reason given by the Home Office for fingerprinting Asylum seekers

The purpose of fingerprinting asylum claimants is to positively identify them and also to identify and deter multiple asylum claims at national and international level. Fingerprinting is also targeted at deterring asylum shopping’ within Europe by recording fingerprints on, and checking fingerprints against, the Eurodac tabase. The Eurodac system is a Europe wide fingerprint database which was established by community regulation supporting the Dublin II Regulation and therefore forms part of European Community Asylum law. The fingerprints of all applicants from the age of fourteen are recorded on, and checked against, the Eurodac database.

The full home office document in relation to this is available here – fingerprinting-asylum

Posted in Fingerprint Scanners. Tags: , . No Comments »

Fingerprints for Immingrants

May 31, 2008 — 585

14 January 2008
Ten point plan for border protection and immigration reform – first milestone met as fingerprint checks go global

The global rollout of fingerprint checks on all visa applicants is complete three months ahead of schedule, and millions under budget, the Government announced today.

In a wide ranging speech to Border and Immigration Agency (BIA) staff, the Immigration Minister Liam Byrne congratulated agency officials and set out a challenging ‘deal for delivery’ in 2008, to secure the largest shake up to Britain’s border security and immigration system for 40 years.

Anyone applying for a visa from 133 countries covering three quarters of the world’s population now have their fingerprints checked against UK databases. Nearly 500 cases of identity swapping have been spotted already.

Full story on the home office site here

Posted in Fingerprint Scanners. Tags: . No Comments »

Data Retention: Anti-Terrorism, Crime and Security Act

May 29, 2008 — 585

Currently the home office has put in place a voluntary code of practice for ISP and telecommunication service providers relating to the retention of data this is comes under the “Retention of communications data under part 11: Anti-Terrorism, Crime & Security Act 2001

The code provides for the following retention time periods:

  • SMS, EMS and MMS: Data retention period 6 months.
  • Email: Data retention period 6 months
  • ISP: Data retention period 6 months
  • Web Activity Logs: Data Retention period 4 days

The following data is required to be stored for the retention times mentioned above:

SMS, EMS and MMS: Calling number, IMEI – Called number, IMEI – Date and time of sending – Delivery receipt – if available – Location data when messages sent and received, in form of lat/long reference.

Email: Log-on (authentication user name, date and time of log-in/log-off, IP address logged-in from) – sent email (authentication user name, from/to/cc email addresses, date and time sent) – received email (authentication user name, from/to email addresses, date and time received)

ISP: Log-on (authentication user name, date and time of log-in/log-off, IP address assigned, Dial-up: CLI and number dialed, Always-on: ADSL end point/MAC address (If available)

Web Activity Logs: Proxy server logs (date/time, IP address used, URL’s visited, services)

The code is quite clear that information stored should on be “Communications Data” only and exclude content of communication.

The Web browsing information to be retained should only be to the extent that only the host machine or domain name is disclosed.

The example the Home Office gives is that if the URL visited was www.homeoffice.gov.uk/kbsearch?qt=ripa+traffic=data

then only the domain “www.homeoffice.gov.uk” is to be stored . The reason is that the:

within a communication, data identifying www.homeoffice.gov.uk would be traffic data, whereas data identifying would be content and not subject to retention.

Posted in ISP Data Retention, Terrorism, UK Law. Tags: , , . No Comments »

Communications Data – RIPA

May 28, 2008 — 585

Communications Data is defined by RIPA as any of the following:
(i) any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted;
(ii) any information which includes none of the contents of a communication [apart
from any information falling within paragraph (i)] and is about the use made by any
person-
(1) of any telecommunications service; or
(2) in connection with the provision to or use by any person of any
telecommunications service, of any part of a telecommunication system;

(iii) any information not falling within paragraph (i) or (ii) that is held or obtained, in
relation to persons to whom he provides the service, by a person providing a
telecommunications service.

Posted in ISP Data Retention, UK Law. Tags: , . No Comments »

Traffic Data – RIPA

May 28, 2008 — 585

Traffic data is defined by RIPA, in relation to any communication, meaning:
(i) any data identifying, or purporting to identify, any person, apparatus or location to or from which the communication is or may be transmitted.
(ii) any data identifying or selecting, or purporting to identify or select, apparatus through which, or by means of which, the communication is or may be transmitted.
(iii) any data comprising signals for the actuation of apparatus used for the purposes of a telecommunication system for effecting (in whole or in part) the transmission of any communication.
(iv) any data identifying the data or other data as data comprised in or attached to a
particular communication, but that expression includes data identifying a computer
file or computer program access to which is obtained, or which is run, by means of
the communication to the extent only that the file or program is identified by
reference to the apparatus in which it is stored.

Posted in ISP Data Retention, UK Law. Tags: , , . No Comments »

Prum Convention – Netherlands

May 28, 2008 — 585

The Dutch ,who are also signatories of the Prum convention , view the Convention (or Treaty) as method of controlling immigration. The Dutch Government clearly stated that exchange protocols will be not just be for exchanging DNA, fingerprints, and vehicle records, but also monitoring and controlliing illegal migration (and therefore presumably legal migration).

As the convention also allows for Air Marshals, presumably this will be a multinational approach and as such countries will police other countries aircraft. Does this mean exchange of passenger information within the EU, will be more comprehensive? What other details will be exchanged between EU countries?

The Dutch Press release from 2006 is below:

The other parties to the Convention are Austria, Belgium, France, Germany, Luxembourg, and Spain. The Convention is intended to get the parties working together and exchanging more information, for instance by allowing each other access to DNA databanks and vehicle registration records.

The parties will also have to pool information about illegal migration, for instance in relation to repatriation measures. And the Convention provides for the deployment of air marshals.

Dutch Press Release

Posted in UK Law. Tags: , . No Comments »

ECHR (2003) UK had several cases relating to privacy

May 28, 2008 — 585

In summary of cases heard at the European Court of Human Rights in 2003 the court found that

“Privacy in a more traditional sense was at issue in several cases concerning the United Kingdom, certain of which raised the absence at the relevant time of a legal basis for the use of covert listening devices, which had led to the finding of a violation of Article 8 in Khan v. the United Kingdom112. Of rather greater interest were two cases which introduced more novel issues arising out of different forms of surveillance.”

Both of those cases relate to CCTV.

One case related to CCTV useage in a public place. The CCTV operator had spotted the applicant with a knife and had alerted the police. The applicant had attempted suicide with the knife and the police gave medical assistance to the applicant.

Following this incident footage of the incident was subsequently disclosed to the public and to the media, without the applicant’s face being properly masked (blurred).  Because of this the applicant was identified by a number of people who knew him.

The Court considered that this disclosure could not be regarded as justified and concluded that there had been a violation of Article 8 (Right to Privacy). It was emphasised that it was not the monitoring of the people in a public place that was was at fault, and this did not infringe on the right to privacy, but rather the subsequent action and use “of recorded data”.

Full document is available here – 2003 ECHR Analysis of Case Law

Posted in CCTV, UK Law. Tags: , , . No Comments »

S. and Michael Marper v. The United Kingdom (DNA Retention)

May 28, 2008 — 585

A boy known as “S” and Michael Marper (born 1989 and 1963 and respectively) both had their DNA taken after being arrested in Sheffield in separate, unrelated, cases. In both cases the charges against the the individual were dropped, however the police will not destroy the DNA samples for these individuals. The law was changed in 2001 and 2004 to allow the retention of DNA and fingerprints, and therefore the Police have acted quite properly.

However, the S and Marper have questions the legality of the UK government to retain their data samples under Articles 8 (right to respect for private life) and Article 14 (prohibition of discrimination) of the European Convention on Human Rights.

In 2004 they brought a case (reference numbers 0562/04 and 30566/04 respectively) against the UK Government, via the European Court of Human Rights (ECHR). On 10th June 2007 the case was declared admissible, then in December 2007 the case was sent to the Grand Chambers and was heard on Wednesday 27th February 2008 at 2:30 pm, in front of 22 Judges, from a variety of countries, including a Swiss judge. Jean-Paul Costa (French), was presidingPresident of the ECHR.

Jean-Paul Costa, born in Tunis on on 3 November 1941. He has been a Judge at the European Court of Human Rights since 1 November 1998, then became was Vice-President of the ECHR on 1st November 2001 and President of the ECHR since 19 January 2007.

If the UK government lose this case it will radically effect how DNA samples are collected and stored. As of 2005 over 200,000 samples were retained that would have been destroyed if it was not for the UK legislation that allows the police to retain samples of people who are not convicted. As of 2005 those 200,00 samples have resulted in 4% “convictions”, for a variety of offences. It is not known if those 4% of criminals detected by the DNA database would have been solved without the DNA samples being there in the first place. The creation of a DNA or “Genetics” Database, has been questioned by many people and the ICO (Information Commissioners Office) has also called for debate on the subject. The House of Lords have also highlighted the fact that the UK collection is not the same as the rest of the EU, during their report in the Prum Convention which allows for sharing of DNA and Fingerprint information across the EU.

The Marper and S case could well result in either the Goverment ordering all of these samples destroyed or the police destroying them on a request by request basis.

The ruling is now not expected until September 2008.

Posted in DNA, UK Law. Tags: , , . 3 Comments »
« Older posts