Will Biometric Passports Lead
to a State of Constant Surveillance?
by Vera von Kreutzbruck, The Women's
www.alternet.org/, August 28,
The protection of privacy and personal
data is vital for any democratic society, and should be respected
as much as freedom of expression or movement.
One of life's sweet pleasures is to travel.
Thanks to the increasing number of low-cost flights, traveling
abroad is no longer a luxury reserved for the privileged few.
At the same time, however, there is an alarming increase in the
demand of personal data from tourists and no clear transatlantic
legal framework on personal data exchange. Though third parties
such as airlines and airport operators have the right to read
this data, we don't know what happens with it afterwards.
Under legislation introduced after the
September 11th attacks, the United States has tightened security
measures for foreign tourists entering its country. The latest
measure requires that by 2012, every traveler entering the United
States who is part of the visa-waiver program must have a biometric
passport or be forced to apply for a visa.
The biometric passport - which contains
an embedded chip with personal data, facial images and fingerprints
- is on its way to becoming a global travel prerequisite. Current
passports will remain valid for travel to most countries until
then. Germany, France and the Netherlands have already started
issuing the new documents. EU parliamentarians approved the US'
demand and passed a ruling at the end of 2005 saying that its
goal is to combat illegal immigration, terrorism and organized
crime. But the excuse that the new passports will help prevent
international terrorism is questionable since security agents
will need to know whose face or fingerprints they are looking
for in the first place.
Initially, Washington gave a 2006 deadline
for the 27 countries in the EU and other visa-waiver countries
such as Norway, Iceland and Switzerland, but then pushed the date
back to June of this year to give these countries more time to
prepare the technology needed to issue the biometric passports.
The US State Department started introducing e-passports in 2006
and every passport holder in the US is projected to have one by
In the meantime, there is little enthusiasm
for these new requirements. Data watchdogs and human rights activists
argue that this regulation treats everyone as a potential criminal,
thus violating the protection of citizens' personal data and imposing
a state of constant surveillance.
Peter Hustinx, the European Data Protection
Supervisor, said in a press conference on the implementation of
biometric passports in 2007 that security measures aimed at preventing
terrorism are often stepped up at the expense of privacy. Hustinx
is in charge of giving governments and EU bodies advice on data
security standards and acts independently of EU institutions.
He warned that the EU was "rushing in a new era" of
using biometric identifiers for security checks while standards
for data protection were still not clear.
"It is very important that the biometric
data is only saved in the passport and not in external databanks.
Until now there are no international regulations which guarantee
this," said Peter Schaar, German Federal Commissioner for
Data Protection, at a conference on data protection held in March
of this year in Berlin.
In 2005 when this ruling was issued, no
intense political debate occurred in Germany but there were some
voices of dissent. The left-wing daily newspaper Die Tageszeitung
published a column saying that since 9/11 domestic security had
gained more importance than the protection of fundamental citizen
rights. In addition, security experts have warned of the danger
and ease with which hackers and state agencies could abuse the
data registers and the sensitive personal information they track.
In fact, the e-pass, which is supposed
to protect states against terrorist attacks, is not so safe at
all. In 2006 at the Black Hat security conference held in Las
Vegas, Lukas Grunwald, a German computer security consultant,
proved that the data in the chips is easy to copy. He demonstrated
that a terrorist could carry a passport with his/her real name
and photo printed on the pages, but with a chip that contains
different information cloned from someone else's passport. However,
this could be easily avoided if the security official examines
the pass to make sure the name and the picture printed on it match
the data read from the chip.
Further troubling to activists and watchdogs,
the European Union is about to enter talks with the US on giving
it access to banking data. The plan could go beyond an existing
deal with the EU that allows trans-Atlantic airlines to transfer
credit card, email addresses, passport, travel itineraries and
other data belonging to European passengers to US officials. The
US has already been examining transactions handled by the Society
for Worldwide Interbank Financial Transactions (SWIFT) since 9/11.
SWIFT, which is headquartered in Belgium, is planning to move
its servers and database from the US to Europe. With data privacy
laws far stricter in Europe, the US would then need permission
from the EU before it could gain access to this sensitive information.
The protection of a citizen's privacy
and personal data is vital for any democratic society, and should
be respected as much as freedom of expression or movement. Some
officials in the US and the EU would do well to re-read Article
8 of the European Union's Charter of Fundamental Rights which
states the following:
"Everyone has the right to the protection
of personal data concerning him or her. Such data must be processed
fairly for specified purposes and on the basis of the consent
of the person concerned or some other legitimate basis laid down
by law.  Compliance with these rules shall be subject to control
by an independent authority."
In the paranoid quest for more security,
freedom and privacy are often sacrificed. We are all being watched
by "Big Brother," but who is watching "Big Brother"