Biometrics at the borders—the challenges of a political technology
Transcript of Biometrics at the borders—the challenges of a political technology
![Page 1: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/1.jpg)
This article was downloaded by: [UQ Library]On: 06 November 2014, At: 19:48Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK
International Review of Law,Computers & TechnologyPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/cirl20
Biometrics at the borders—thechallenges of a political technologyThomas Petermann , Arnold Sauter & Constanze ScherzPublished online: 22 Jan 2007.
To cite this article: Thomas Petermann , Arnold Sauter & Constanze Scherz (2006) Biometrics atthe borders—the challenges of a political technology, International Review of Law, Computers &Technology, 20:1-2, 149-166, DOI: 10.1080/13600860600705077
To link to this article: http://dx.doi.org/10.1080/13600860600705077
PLEASE SCROLL DOWN FOR ARTICLE
Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.
This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions
![Page 2: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/2.jpg)
Biometrics at the Borders—the Challenges ofa Political Technology
THOMAS PETERMANN, ARNOLD SAUTER and CONSTANZE SCHERZ
ABSTRACT Biometric systems have become the technological centrepieces of the
respective policies of both national and supranational policy actors with the aim
of constructing a technical security infrastructure on a global scale. The rapid
diffusion of biometric recognition technologies in the public sector is a result
of the interaction of policy actors, mainly the USA and the European Union,
in an international network of post 9/11 activities. The discourse that has
accompanied the diffusion process of biometrics was for long dominated by
technical experts. The discourse on citizens’ rights and data protection hasonly recently gained in importance. In the political discourse, central issues,
such as the far-reaching consequences and a transparent and comprehensible
substantiation of the goals being followed by politics were at best marginal.
Although the triumphant procession of biometric technologies seems to be
irreversible, there is a need for politics in a democratic constitutional state for
further information, for a public debate and for responsible and well-informed
decisions.
Introduction
All over the world intensive efforts are being undertaken to improve the reliability of iden-
tity documents and entry procedures as well as the effectiveness of border controls. As a
result of this biometric systems have become the technological centrepieces of the respect-
ive policies of both national and supranational policy actors. The politically desired and
already partially realized goal of establishing ‘smart borders’ can largely be seen as a reac-
tion to the changed security situation following 11 September 2001.1 Biometric
INTERNATIONAL REVIEW OF LAW COMPUTERS
& TECHNOLOGY, VOLUME 20, NOS 1&2, PAGES 149–166, MARCH–JULY 2006
Correspondence: Thomas Petermann, Buro fur Technikfolgen-Abschatzung beim Deutschen
Bundestag (TAB), Neue Schonhauser Straße 10, 10178 Berlin, Germany. Tel:þ 49 (0)
30/28491-0; Fax:þ 49 (0) 30/28491-119; E-mail: [email protected]
ISSN 1360-0869 print/ISSN 1364-6885 online/06/01–2149-166 # 2006 Taylor & Francis
DOI: 10.1080/13600860600705077
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 3: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/3.jpg)
technologies have since attracted ‘a great deal of interest as a possible solution to crime,
terrorism and as a foolproof-method of identification’.2
As developments in the USA and in the EU demonstrate, great importance is attached
by politicians to the strategy of biometric modernization. It is not to be used exclusively
for making travel documentation more reliable, limiting abuse in asylum procedures and
making border controls more effective, but also for managing international travel more
efficiently as well as offering political stimuli for further innovative applications. At the
same time assurance is given that citizens’ rights are not unduly encroached upon and
that the security and integrity of their data is ensured. The acceptability of this strategy
and the validity of the legitimatory rhetoric are however disputed: The schedules are
tight, the technology has not yet been perfected, the costs are vague. A publicly
announced clear and justified objective is also lacking.
The purpose of this article is first of all to trace the conflict and collaboration of policy
actors in an international network of post 9/11 activities with the aim of constructing a
technical security infrastructure on a global scale. The next step will be an exemplary look
at the discourse that has accompanied the accelerated diffusion process of biometrics.
This will include in particular the technology-centred discourse of experts and commit-
tees, which has dominated the debate and public perception for a long period, but also
the discourse on citizens’ rights and data protection, which has only recently gained in
importance and public resonance. This is less the case with the political discourse,
which is understood as a public discussion of goals and ethical stances, as well as of
the opportunities and risks of implementing biometric systems in the public sector. Not
only were central issues, such as those relating to the costs or more far-reaching
medium and long term consequences at best marginal. What was much more conspicuous
was the wide-ranging lack of a transparent and comprehensible substantiation of the
goals being followed, a weighing-up against other goals and assets worthy of protection,
as well as the commensurability of the measures necessary to do this. Although the trium-
phant procession of biometric technologies seems to be irreversible, there is a need for
politics in a democratic constitutional state to act—despite the fait accompli—in a
number of respects. Some of the elements of an agenda for further political control and
organization will be discussed in conclusion.
Politics as the Driver
The diffusion of biometric systems as security technology in the public sector is most sig-
nificantly a result of political goals and strategies—both national and international. Legal
foundations were created through laws and regulations. Through the promotion of
research and development, intensification of activities to further international standard-
ization, and the financing of laboratory and field tests the technical feasibility was to
be improved and further potential applications investigated. A first signal bringing conse-
quences for other policy actors in the international state system was the UN Resolution of
28 September 2001 as a response to the terrorist attacks in New York. In order to combat
terrorism measures were demanded to prevent the counterfeiting, forgery and fraudulent
use of identity papers and travel documents.3
What follows is a rough sketch of how the decisive drivers and actors, the USA, the EU
and the International Civil Aviation Organization (ICAO) have shaped the political
setting of biometric technology.
150 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 4: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/4.jpg)
USA
Following the terrorist attacks of 11 September 2001, two laws were passed in the USA
in which the political objective of improved security when foreign nationals enter and
leave the USA was set down: the US Patriot Act and the Enhanced Border Security
and Visa Entry Reform Act of 2002. The last-mentioned law requires all states to
issue unforgeable travel documents including biometric characteristics for entry into
the USA from 26 October 2004. This regulation is also applicable to those states parti-
cipating in the so-called Visa Waiver Program. The competent Embassies and Consulates
abroad were obliged, by the same date, only to issue machine-readable, unforgeable visa
and other travel documents incorporating biometric characteristics in accordance with
the ICAO standard. Appropriate systems were to be installed at all entry points by 26
October 2004. The US administration postponed this deadline by one year in August
2004.
As a consequence of the legislative guidelines, the US Department of Homeland
Security (DHS) has developed a concept for the monitoring of entry and exit as well as
the residence of international visitors—the US-‘Visitor and Immigrant Status Indication
Technology System’ (US VISIT). Within the framework of this, a comprehensive entry-
exit system is to be implemented—initially at international air and sea ports of entry.
This involves the collection of biographical data and biometric characteristics of visitors
and travellers entering the USA. Two index fingers of a visa applicant are electronically
scanned and a digital photo is taken in the consulates issuing visas. Additional characteri-
stics (such as iris scans) and processes may be added later. The data collected is then
accessible (although not biometrically processed) when visitors actually enter the USA
at the border crossing points.
In the meantime a digital photo is taken and two fingerprints are scanned of all visitors
to the USA at the border control points under the US-VISIT program. This data is gath-
ered and is compared to watchlists of persons registered as not permitted to enter the
USA. The date of departure and address of residence while in the USA is recorded at
the same time, so that persons who may enter legally, but through the deferment of
their departure are illegally resident in the USA, can be expelled on time. Visa waiver tra-
vellers have to present either a machine-readable passport or a US Visa at the US port of
entry to enter the USA.
Although the question of biometric registration of their own population for a long time
seemed to be considered a taboo, there is now a plan, in compliance with the ICAO stan-
dards, to start issuing machine-readable passports for US citizens, which include a digital
facial image stored on a 64 kb contactless chip.4 Technically however, this regulation
implies that biometric characteristics are not being registered, as a ‘facial image’ is
simply a ‘photo in a digitised format’.
In nearly all official government documents the creation of ‘secure borders, open
doors’5 is justified by two goals: the facilitation of legitimate travel to the USA by inter-
national visitors while maintaining the integrity and security of the US borders. Biometric
travel documents should help to reduce the use of stolen and counterfeit visas, and
protect against possible use by terrorists or others who might threaten the national secur-
ity of the USA. As a consequence of the setting a statutory framework for biometrics as
well as their successive implementation in the procedures for the issuing of visas and in
controlling borders, other nations had to decide under pressure how to react on this fait
accompli.
Biometrics at the Borders 151
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 5: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/5.jpg)
European Union
A first step towards the use of biometric identification technologies was taken in the EU in
2000 with the establishment of Eurodac, a transnational system in which the fingerprints
of asylum seekers are stored.6 Since January 2003 every asylum seeker over the age of 14
throughout Europe—but also apprehended illegal immigrants to the EU Member States—
is recorded in the Automated Fingerprint Identification System AFIS. Their fingerprints
are registered and compared in Eurodac. This should prevent applicants making multiple
asylum applications in different EU States as well as identifying persons who have entered
the Union territory without permission. If it is ascertained that an asylum seeker has
already made an application in another Member State, he will be sent back to that
country.7
Rhetorically for the most part with reference to the attacks of 11 September 2001, the
EU has subsequently begun to develop elements of a coherent and consistent strategy for
the improvement of the security of identity documents using biometric identifiers. Thus
on 28/29 March 2003 the Union’s Justice and Home Affairs Ministers reinforced their
target of increasing security standards and the standardization of visa and travel docu-
ments, as well introducing biometric identifiers in visa and residence titles for nationals
of third countries. The European Council emphasized thereafter on 19/20 June 2003
in Thessaloniki that the strategic approach relating to biometric identifiers or biometric
data would result in harmonized solutions for documents for third country nationals,
EU citizens’ passports and information systems (VIS and SIS II).8 The essential elements,
which were developed and their implementation set about in a surprisingly short period of
time, can be outlined as follows:9
. On 6 December 2001 the European Council had proposed the development of a SIS
II,10 to adapt the previous Schengen Information System (SIS) to the broader scale of
operation following enlargement in 2004. The Commission adopted a regulation on
18 December 2001 for the ‘Development of the Schengen Information System II’,11
in order to be able to collect additional identification data. Apart from the categories
of data in SIS I, biometric data such as fingerprints and photographs may also be
stored in SIS II. The Visa Information System (VIS)—a system for the exchange of
visas—is decoupled. It was decided by the European Council in Laeken (December
2001) and Seville (June 2002) that it shall include biometric identifiers and is
intended to prevent ‘visa shopping’, improve the administration of the common
visa policy, contribute to internal security and fighting terrorism. In November
2004 an expert committee confirmed technical problems as a result of interference
between chips with biometric data inserted in passports by different countries. The
Council invites the Commission ‘to make every effort, including with respect to bud-
getary programming, to bring the activation of biometric identifiers in the develop-
ment of the central part of the VIS forward to 2006’.12
. The European Commission presented proposals in September 2003 to introduce bio-
metrics in visas and residence permits for third country nationals. The Commission
wanted to require Member States to integrate biometric identifiers in visa and resi-
dence permits for third country nationals as well as to ensure interoperability. The
European Commission was thereby deliberately driving the development further
forward. In the explanatory memorandum reference was made to the efforts to
improve document security on a European level in the aftermath of the attacks
of 11 September 2001. The comprehensive goal was to detect persons who wish
152 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 6: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/6.jpg)
to enter the EU with forged official documents. The Commission emphasized that the
inclusion of biometric identifiers—as desired by the Member States—is a suitable
instrument. The biometric data of face and fingers would be stored in a storage
medium with sufficient capacity. The deadline for the integration of the photograph
was fixed for the visa on 3 June 2005 and for the residence permit for third country
nationals on 14 August 2005. Thereafter the digital photograph and storage of the
facial image should take place within two years and the fingerprint images within
three years of the adoption of the respective technical specifications.13
. The next step was logically aimed at the passports of EU citizens—on the basis of the
executive competence of the EU in Art. 62 No. 2a ECT. On 18 February 2004 the
European Commission submitted a draft Regulation on standards for security fea-
tures and biometrics in EU citizens’ passports.14 In this draft the European Commis-
sion proposed that passports and other travel documents should include a storage
medium with a facial image in a mandatory manner. The Member States were
allowed to implement fingerprints into the passports by national law. As a result
of the JHA (Justice and Home Affairs) Council on 25–26 October 2004 the text
of the proposal was changed to envisage both biometric features in a mandatory
way.15 Amendments by the European Parliament’s legislative resolution16 on the
Council’s proposal were not taken into account. The Council adopted the Regulation
on ‘standards for security features and biometrics in passports and travel documents
issued by Member States’ on 13 December 2004.17 The Council Regulation envi-
sages the digital facial image as a first biometric feature and fingerprints as a
second biometric feature, both in a mandatory way. It entered into force on 18
January 2005. The Regulation rules that Member States shall apply the Regulation
as regards the facial image by 18 months at the latest and as regards fingerprints by
36 months at the latest, following the adoption of the measures referred to in
Article 2. On 28 February 2005 the European Commission passed the ‘Decision
establishing the technical specifications on the standards for security features and
biometrics in passports and travel documents issued by Member States’.18
. In the meantime the processing and integration of the provisional final building block
in the European security architecture has also been started. As a declared response to
the London bombings, the European Council presented the Draft Conclusions of the
Representatives of the Government of the Member States on common minimum
security standards for Member States’ national identity cards on 11 November
2005.19 These should give an impetus to the development of common standards
for security features and secure issuing procedures for national ID cards. With
regard to the biometric identifiers it was proposed to use the face and two finger-
prints taken flat, which are to be incorporated into an RFID chip. The necessary tech-
nical specifications should—without modification—apply to the integration of
biometrics in the European passport.
The EU biometric policy was not and is not only a reflex of the action of the USA. Thus it
had already developed its own perspectives at an earlier stage with regard to its strategies
concerning Eurodac. A similar approach can be seen with the use of biometric systems in
visas. It is true that it adapted its passports for Europeans to the USA guidelines and accord-
ingly speeded up its measures and schedules. At the same time the option of biometric pass-
ports also represents a consistent and logical complement to its policies on entry and
asylum procedures. The Council in Thessaloniki had set the goal for all travel documents
Biometrics at the Borders 153
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 7: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/7.jpg)
issued by EU member states to have the same standards. With its vote on national ID cards
its spectrum of activities concerning information systems and documents—from visas to
passports to ID cards—is finally provisionally complete and consistent.
International Civil Aviation Organization (ICAO)
Within the scope of its task of standardization of machine readable travel documents, the
International Civil Aviation Organization (ICAO), as a UN special agency, has been co-
ordinating the preparations for the implementation of biometric characteristics in
machine readable travel documents since the mid 1990s. The ICAO sets technical stan-
dards in close co-operation with the International Organization for Standardization
(ISO), which are binding for all 189 member states. In doing this it uses its mandate as
a parastatal international actor, conferred upon it by national governments. It is true
that the ICAO itself has no sovereign power and therefore its standards and recommen-
dations are also not directly applicable. They have rather to be transformed into appro-
priate national legal provisions by the respective signatory countries. The standards and
recommendations issued by this parastatal actor, however, play a significant role, as they
display real binding effects: Not to follow standards that have been agreed would result in
economic and political disadvantages in the global cross-border exchange of persons and
goods. This is why no country can afford to remain outside the set of technical rules and
follow a national special path.
On the other hand the ICAO is not an autonomous actor, as its committees also (have
to) react to external developments. It can be seen that not only the Visa Waiver Program
countries were under pressure from the political objectives and schedules set by the USA.
Through the explicit reference of the Enhanced Border Security and Visa Entry Reform
Act to the recommendations and standards of the ICAO, a ‘momentum’ was also gener-
ated for it to further develop its standards for machine-readable passports including
biometrics.20
In May 2003 the ICAO adopted a blueprint for the standardization of biometric infor-
mation in passports and other machine-readable travel documents. According to the blue-
print, facial recognition is to be selected as the ‘globally interoperable biometric for
machine-assisted identity confirmation’. In addition one identifier—a digital photo
embedded on a chip within the passport—would also be sufficient.21 The ICAO still con-
sidered centralized databases to be unnecessary. Normatively the ICAO linked its
decision for biometrics with economic and security target values such as a speedier
passage of travellers through airport controls, heightened aviation security and added
protection against identity theft.
The original position of the ICAO, to designate only one biometric identifier for
reasons of interoperability, was undermined by the grander plans of various Member
States—additional biometric identifiers, central databases for policing purposes—and
led to a change of position: ‘ICAO TAG-MRTD/NTWG further recognizes that in
addition to the use of a digitally stored facial image, Member States can use standardized
digitally-stored fingerprint and/or iris images as additional globally interoperable bio-
metrics in support of machine assisted verification and/or identification’.22 The earlier,
high-ranking goal of achieving global interoperability through the selection of only one
biometric feature was thus made considerably more difficult.
As the preceding brief presentation of the most important actors shows, the extent to
which society is pervaded with biometric technologies is thus far not an autodynamic
154 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 8: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/8.jpg)
process of technological progress. On the contrary we are confronted with the results of
actions and reactions, a conflict and co-operation between two political key actors. Both
were following different strategies and schedules, the consequence of which, however, is
ultimately the fact that two—potentially—compatible security architectures were
implemented. Whereas the USA does not however plan the biometric registration of its
citizens and is happy to leave it with the introduction of digitized facial images of passport
photos on a chip in passports, the EU is taking a considerable step beyond that, as the
fingerprints of passport holders (and possibly future ID card holders) will in future be
registered and stored. The compatibility—also in relation to the ‘Rest of the World’—
was mediated from a technical point of view by the ICAO. As a kind of ‘linking agent’
it transformed the partially diverging political (and certainly also economic) goals of its
Member States with regard to technical norms and standards, ultimately making compro-
mises possible. The strategy the ICAO had initially been following however (to keep
things simple) fell by the wayside. Its expert committees had to take note of the fact
that individual states had been swayed by the charms of the technological potentials of
biometric systems for security policy goals. The expansion of the original concept—
only one biometric feature, verification as the defined function, the assessment of
central databases as ‘useful’, but not necessary—was consequently the result of bargain-
ing processes within the framework of the ICAO.
Accompanying Discourses
The history of technology, the sociology of technology and social studies of science have
illustrated (by case studies) how discourses by different actors accompany the develop-
ment and implementation of a new technology. Whereas social and political discourses
are often concerned with goals, visions and models, which are linked to a technology
by different actors and around which organization and political control are also
oriented,23 the discourses of technical experts tend to focus as a rule on the functionalities
of the technology, on data regarding the measurement of performance, on energy con-
sumption, on emissions, etc. The innovation history of biometrics and the general discus-
sion have been primarily characterized by this kind of expert discourse. Only after a
considerable delay did the public discourse open up to other topics and actors24 and
increasing doubt was cast on the viability of the strategy that has been followed and
the soundness of the desired goals. The ‘myth’ of biometrics, the ‘impossibility of
error’ attributed to it has been questioned.25
Reliability and Accuracy—the Experts’ ‘Technical Discourse
Biometric recognition, often also referred to as biometrics, refers to the automatic
recognition of a person based on his/her physiological (such as face, fingers, iris) and/
or behavioural characteristics (such as keystroke, gait). The ‘enrolment’ of these
characteristics is the basis of any biometric process. In the enrolment phase the biometric
sample is collected through one or more acquisition cycles, the biometric data is processed
in order to obtain the reference template and finally stored (e.g. on a chip incorporated in
a passport) for subsequent usage (e.g. for access control).
When using the recorded biometric data (production phase) two functionalities are dif-
ferentiated: The biometric verification (1:1 matching) is a test to ensure whether person X
Biometrics at the Borders 155
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 9: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/9.jpg)
is really who he or she claims to be. The biometric identification (1: n matching) is used to
discover the identity of an individual by distinguishing him/her from other persons whose
biometric data are also stored. 1:1 matching answers the question ‘Am I whom I claim to
be?’ 1:n matching answers the question ‘Who am I?’ 1:1 matching does not require a
central database to be built, if the comparison is made against a template stored in a per-
sonal device retained by the individual whose identity is to be verified. Contrary to ver-
ification, for the process of identification a central database is necessary that holds
records for all people known to the system. Because of its specific technological profile
biometric recognition can ‘be used as a means of proving that you are who you claim
to be, or as a means of proving without revealing your identity that you have a certain
right (e.g. access)’.26 Therefore, biometrics allows a system to confirm an individual’s
identity based on who s/he is, rather than what s/he remembers (such as a PIN code),
or what s/he possesses (for example a passport). This is where biometrics can link up
with the requirements and goals of police and security agencies. It ‘offers advantages
over traditional authentication systems, which cannot discriminate between an impostor
who fraudulently obtains the access identifier, for example, a password or swipe card, and
a bona fide user’.27
In order to make full use of this potential for the purpose of control, biometric recog-
nition technologies will have to guarantee the optimal implementation of two prerequi-
sites: a high registration rate of biometric features during the enrolment of potential ID
card holders and a high recognition rate when inspecting identity documents and ID
card holders.
Because of the obvious importance of the ‘enrolment phase’ and the ‘production phase’,
the accuracy and efficiency achievable there have played a pivotal role in many tests and
pilot projects as well as in societal communication over the strengths and weaknesses of
the possible technologies to be deployed. The rates28 were and are used by both advocates
and critics to support their respective positions.
In the experts’ discussion on the suitability of processes for recording the biometric fea-
tures of facial images, fingerprints and iris scans, the following picture has emerged:29
. The recordability of fingerprints can be temporarily limited by injuries to fingertips
or broken fingers and through dirty fingertips. A permanent loss of a fingerprint tem-
plate could occur as a result of fingertips being burned or scarred. Intensive manual
work or working with toxic agents can also destroy the fingerprint template.
. The recordability of the face can be temporarily lost, e.g. through the wearing of ban-
dages after major facial surgery. Permanent losses, e.g. through illnesses resulting in a
significant deformation of the face, are extremely rare. Even in the case of localized
damage the face remains recordable as a complete feature. No meaningful infor-
mation is available regarding the effects of facial changes following plastic surgery.
. The recordability of the iris template can be temporarily impaired due to the dilation
of the iris as a consequence of the taking of certain medicines (atropine). Permanent
losses of recordability may occur as a consequence of eye diseases, e.g. blindness, cat-
aracts or glaucoma. In addition, enrolment is often made more difficult by drooping
or narrow eyelids, which partially cover the iris.
The requirement, which must be met in the case of the biometric equipping of national
identity documents that the feature selected excludes if possible only a very few citizens
from the application, is to date only conditionally fulfilled by fingerprint processes. The
US American Standardization Institute (NIST) concluded from its tests and the experience
156 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 10: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/10.jpg)
of other organizations and authorities that problems occur during enrolment for about
2% of the total population.30 The International Biometric Group (IBG) indicated that
up to 2% of the population do not have sufficiently suitable fingerprints—for certain
sensors.31 The consequence of this deficit would be the necessity of enrolling other
fingers or alternatively of recording other features, which would of course require
additional financial, administrative and technical investment. The enrolment failure
rate for iris recognition processes is lower than with fingerprint processes, however
certain user groups still have problems due to their age or ethnic background. There is
also a not insubstantial group of people who are blind or have eye damage.32 Compared
to these rates, the failure rate for facial recognition is seen by the majority of experts as
marginal.
In spite of the considerable problems which will probably occur in recording the bio-
metric features of iris and fingerprint of large numbers of people, the advocates of this
technology have—at least publicly—tended to ignore this. The biometrics industry for
example ‘appears reluctant to publicly discuss the prevalence of the outlier problem’.33
This problem has also been seen by politicians, however it has not been considered as a
disqualifying criterion. The organizational, personnel and financial consequences of
this symptom of a ‘biometric divide’ have been, where at all, only touched upon in
discussion.
The growing interest of politics in biometric technologies, as well as the attractive pro-
spects of a market worth billions for the industry, have led to a steadily increasing number
of studies, tests and pilot projects. A lot of them focus on the recognition performance of
biometric technologies. The most comprehensive studies and tests of the accuracy of
systems are available for fingerprint and facial recognition processes.34
Taking the above-mentioned aspects into consideration, TAB—in its report for the
German Parliament—tentatively carried out an appraisal of the newer tests (until
2003). It was established that iris recognition processes provide a high degree of recog-
nition performance, but this needed to be verified in large-scale applications, as the avail-
able tests are of limited scope and thus only conditionally valid for identification
purposes.35 It was further established that fingerprint and facial recognition processes
in more recent and independent studies on performance measurement had also demon-
strated high recognition performance on 1:1 matching with large amounts of data. The
performance of both processes can be graded here as roughly equal.36 For identification
purposes the fingerprint process is rated as more efficient. In particular for the facial rec-
ognition systems it must be noted that the tests under controlled light conditions did
provide relatively good values, but that applications outside closed buildings resulted
in drastic drops in quality.37
The values for recognition performance reflect the current state of the technology. It
can be assumed that the fingerprint and facial recognition processes will further
improve. Both processes—as the TAB report concludes—are sufficiently mature and effi-
cient today that their use in verification mode (1:1), with personnel present and (for facial
recognition) under controlled light conditions in comparison to the previous manual
border controls promises an increase in the effectiveness of the controls.
Other current studies and reports offer a more sceptical assessment at first sight.
However, it should be noted here that the assessing judgement also included the efficiency
of the technologies in identification mode (1: n) and under other accompanying con-
ditions. Accordingly, and also plausibly, conclusions have been drawn elsewhere that cur-
rently achievable error rates are ‘simply not acceptable in security critical applications’.38
Biometrics at the Borders 157
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 11: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/11.jpg)
An OECD report formulates its conclusion as follows: ‘A review of the publicly available
biometric performance data and the media reports of biometric-based technology trials
leave the reader with one conclusion: biometrics are not quite ready for prime time
yet’. That is to say, while they appear to function adequately in small, limited 1:n identi-
fication implementations (and indeed in some larger 1:1 verification implementations),
their accuracy, reliability and convenience are not yet sufficiently refined for very large
population identification systems.39
Regardless, however, of what results one attains according to what test regulations for
the purpose of achieving what goals, one of the crucial questions, namely, whether the
expected recognition performance in verification can be rated as sufficient and whether
the hoped-for improvements in border controls can justify the costs required to achieve
them, cannot be answered on the basis of apparently ‘objective’ rates alone. Not until per-
formance statistics are linked to their (organizational, social) ‘context’40 can the technol-
ogy be made accessible for social, political or legal evaluation. At this point one of the
central weaknesses of the technical experts’ discussion becomes clear, namely, the com-
munication of ‘expert opinions’ through the media. It is rare for test results to be
placed in connection with the respective application/purpose. For example a high FAR
generally poses a bigger problem in security-related areas than in convenience appli-
cations (e.g. logical access control on a PC). Resistance to circumvention is also a more
significant criterion in automated access controls than in biometrically supported controls
with supplementary live human or video supervision. Or, to take a further example, the
deficits of a process in the 1:n application—as has often been the case with facial recog-
nition—are unimportant, if the system is only designed for the function of verification.
The importance of ‘contextualizing’ test results before making judgements, becomes
even more apparent when enquiring about the specific conditions of a mass application
on site. If you take into consideration that in a major international airport, some 50
million travellers are to be controlled per year, even a false acceptance rate of only 1%
would trigger hundreds of false alarms per day.41 For this reason TAB demanded in its
report that ‘it should be openly debated, that—in spite of impressively low error rates,
mass application in practice will result in a relatively large number of false identifi-
cations’.42 One of the deficits of the discussion to date is that the limits of the technical
application, such as in the example mentioned, have only been made a subject on the
edge of the discussion and even then not by the promoters of the technology.
As is the case with other technical components and systems, it is also true with bio-
metric technologies that their use and their acceptability are derived from their technical
performance. Their specific social contexts may well be more decisive with regard to
achievable benefits and avoidable costs. Their importance should be made clear here
through two aspects, which have so far seldom played a significant role in the technically
centred debate. The first of these is the registration process prior to the enrolment, the
quality of which is ‘absolutely crucial to the overall effectiveness of any such system par-
ticularly when orchestrated upon a wide scale’.43 If the process of application, screening
and issuing shows weaknesses, ‘then there is a very real possibility of providing authentic
new generation travel documents under false identities. Because the biometric data will
match, assumptions will be made around the accuracy of the identity involved. In
addition, and contrary to popular belief, it will be quite possible for multiple documents
to be issued to the same individual. If the document has been issued through legitimate
channels, but to the wrong person, then we have a situation whereby government is effec-
tively aiding and abetting fraud.’44
158 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 12: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/12.jpg)
A second example, showing that biometric-based technologies should only be evaluated
as one component of an overall security system, are backup measures of a technical and
organizational nature for the—as shown—frequent cases of false rejection to be expected
during the controls. ‘It is important to ensure that the security consequences of being impro-
perly rejected by the system for accidental reasons (voice problem, scar on a finger,
bandage, etc.) or just simply because of system errors are appropriately considered. . . .
There may be an expectation and temptation that the implementation of biometric
systems may permit a reduction of manual and fallback processing and procedures. This
is not the case; fallback and backup processing are even more important in the context
of biometric systems and should be specifically accounted for in the system design.’45
It was long a characteristic of the technical discourse that it was only to a limited extent
based on ‘reliable, comparable and recent data’.46 A major cause of this data problem is
that generally acknowledged criteria for evaluation do not yet exist. The reliability of
published data was for this reason often questioned because few independent and
unbiased studies on performance measurement were available. This problem has
become less important in the meantime. Problems arise now more from the fact that ‘bio-
metrics’ is viewed and judged independently of other sociotechnical factors, although the
overall quality of the system is first determined by the coaction of technical process,
human action and organizational contexts.47 Therefore, a look at the overall picture
will be of decisive significance. Otherwise, the future effectiveness of the biometrically
supported management of the external borders must be doubted, and—for example—
the issuing level could become the Achilles’ heel of the biometric control project and
the controlling level a daily demonstration of a technology perceived by the citizens as
unfinished.
Cui Bono—the Politicization of the Discourse
As Ashbourn noted, we have the ‘bizarre situation’ that the same governments which
were long ‘disinterested in adopting biometrics for logical, ethical and well considered
applications’, have in the past three years ‘rushed headlong into . . . a frenzy of biometric
related initiatives accompanied by clouds of emotionally misleading and technically
incorrect rhetoric’.48 Preliminary decisions on political, legal and technical–
organizational subjects have been taken without the targets and instruments or costs
and benefits of the future use of biometrics in the public sector having been comprehen-
sively conveyed through active political communication.
In Europe, a political discourse, to be understood as open communication with the
general public and representatives of social groups, has only slowly developed. As
Liberatore has shown, ‘a certain degree of pluralism’ has only gradually come into the
debate. This has led to an opening up of the discourse for non-technical topics and
other policy and civil society actors resulting in a degree of ‘politicisation of biometrics
in terms of its contribution to security needs and goals and of its implications for funda-
mental rights and democratic values’.49 Nevertheless this has remained a debate, which is
being shaped by a ‘pluralistic elite’.50 It is not (yet) a ‘public discourse’. The pluralization
of the discourse as well as its politicization are also only apparent practical constraints, as
they began in a phase after the decisive course had been set and the irreversibility of the
sociotechnical development had long been clear.
The first publicly acknowledged reaction from the European Parliament came in
autumn 2004. In its report51 on the Commission’s proposal52 it was critical of the draft
Biometrics at the Borders 159
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 13: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/13.jpg)
law and the political understanding expressed therein. Supporting most of the positions of
the Article 29 Working Party Data Protection and Privacy,53 the report above all criticized
the lack of a specific purpose as well as the explicit identification of the competent auth-
orities. For the purposes of clarification a supplement was proposed to make clear that
biometric features in passports may only be used for the purpose of establishing the auth-
enticity of the document and the identity of the holder and only in situations when the
production of a passport is required by law (verification). These (and further) proposals
were not followed. The final Council regulation now directly applicable in all Member
States thus continues to leave numerous options for use open and lists no accountable
authorities. The opportunity to definitively reject the establishment of a central European
register for passports (as proposed by the European Parliament) was also passed over.
That this disrespect of fundamental data protection maxims is the result of carelessness
in the wording of a law, hardly suffices as explanation. It is much more likely that the
reason for this is that the Executive wishes to keep future far-reaching uses open. The
clarity of purpose demanded by Parliament would prove an obstacle to this.
In the publicly accessible political documents (e.g. in the European Union the EU
Commission and EU Council, as well as several EU Member States’ ministries) the legit-
imating rhetoric of their biometric politics almost always culminates in the central,
although vague topics of security. Security is usually understood to mean improved pro-
tection from illegal immigration and the misuse of state services as well as improved
security from unlawful entry using forged or stolen travel documents (identity theft).
At best reactively—and often trailing after decisions which have been made—the
attempt was made to balance the legitimate goal of improved security against the protec-
tion of privacy or of personal sensitive data. The discussion of these legal assets or data-
protection requirements was carried out by other actors. These were primarily civil rights
groups, technology assessment units in national parliaments (e.g. in the UK, France and
Germany), national parliaments and the EU Parliament, as well as ultimately the national
data protection officers and the European Article 29 Data Protection Working Party.54
The data protection actors in particular have called attention to the necessity of finding
a better balance between the paradigms of security and freedom/privacy, as the collection
and digital storage of biometric features—on the basis of legal obligations—results in
huge amounts of data of the body of a person being ‘made available to a lot of not pre-
dictable purposes’.55 As this refers to ‘personal data’, which has a value worth protecting,
many deliberations and proposals for the protection of this data and of the privacy of citi-
zens have been submitted. The—in the meantime very sophisticated—discussion cannot
be reproduced and appreciated here. For our purposes, reference will only be made to
certain central characteristics.56 To put it extremely simply, the important demands
with regard to data protection—here in terms of the ePassport—on the legal foundation
as well as on the practical implementation, are above all that the purpose for which a
technology is to be introduced, should be explicitly, appropriately, proportionately and
clearly defined. Further, from a technical viewpoint the integrity, the authenticity and
the confidentiality of the data must be guaranteed, the use of biometrics in passports
and identity cards should be technically limited to verification purposes, comparing the
data in the document with the data provided by the holder when presenting the docu-
ment. Finally, it must be made clear who may have access to the storage medium and
for which purposes. Thus it follows, consistent with the clearly defined purpose of verifi-
cation that central databases for European citizens must remain out of the question, in
order to avoid ‘excessive identification techniques’.57
160 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 14: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/14.jpg)
The misunderstandings, ambiguities and uncertainties in the discourse relating to the
purposes and goals of an increased use of biometric identification technologies in the cer-
tainly different contexts of visas, passports and recently national ID cards have many
causes. In particular, however, the—certainly not accidental—reference made to the
fight against international terrorism played a major role. The goal towards which the
ePassport is leading for instance is defined by the European legislature: Entry should be
made more difficult for persons, who try to legitimise themselves by using forged docu-
ments or documents belonging to other people. Within the framework of this objective
however, no paramount contribution to combating terrorism can be made—as it is
often made to sound, when reference is made to the attacks on New York, Madrid or
even London in official government statements. ‘The terrorists of the future will no
doubt have valid biometrics; the only actual change will be in the mode of establishing
identity. But terrorists who are willing to die do not care less about that; most will
never reach the point where their identity will be checked against a stored template
and, in any case, they would be happy to go through the process (especially if it is to
become faster and more, reliable).’58 Technology based controls and the prevention of
abuse and criminality by technical means will lead to certain successes, but biometric
technologies will also create new problems and evoke changed criminal strategies.
‘Apart from all security related issues, identity theft and the like, all their implementation
might achieve is merely to intensify illegal entry to a country by alternative means.’59
More clarity and greater differentiation would in future have merited the consideration
of the question of which contribution could and should be provided for which goal
with which biometric document.
To the deficits in content and goals, with the circumstantial evidence of a lack of will-
ingness of most policy actors to participate in a substantial dialogue, should also be added
the fact that the question of costs has only played a marginal role both in the decision-
making processes as well as in the public debate.
The US General Accounting Office (GAO) was arguably the first important institution
to bring more comprehensive considerations and also specific numbers into the debate,
calling attention to the significant initial and recurring costs. In a technology assessment
report on ‘Using Biometrics for Border Security’60 cost estimates were made for different
scenarios of use, including ‘passports with biometrics’, differentiated according to differ-
ent biometric technologies (facial, fingerprint and iris recognition, or combinations of
them) and projected over a period of 10 years. The range was US$4.4–8.8 billion
for the initial costs and US$1.6–3.4 billion for the annual recurring costs, on the assump-
tion that seven million passports would be issued per year. Apart from the procurement of
the biometric hardware the cost estimates also took additional hardware, software,
network infrastructure, maintenance, personnel, training and communications into
account at/in the 4500 acceptance offices as well as at/in the 400 ports of entry.61
Numbers for the UK were presented in a ‘Biometric Feasibility Study’ by the National
Physical Laboratory for the introduction of a biometric identity card for all citizens.62 It
was assumed that 50 million ID cards would be issued over a 10-year period. The costs
were estimated for the biometric hardware at the front office and for remote enrolment,
other hardware at the back office, networks, etc, licence fees for biometric components,
software etc, marketing and publicity, and for the staff needed for enrolment. The total
costs of £500 million over the 10-year period seem very low, a more recent source
refers to information released by the British government, which in 2002 assumed expen-
diture of the order of £3.1 billion and by 2004 of £5.5 billion over 10 years.63
Biometrics at the Borders 161
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 15: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/15.jpg)
The first cost estimates for Germany were conducted as part of the TAB study.64
Similar parameters were taken into account as in the US and the UK studies, with an esti-
mated total of 400 control points and 6500 identity card issuing offices. The introduction
of a biometrically equipped, mandatory identity card in Germany resulted in initial costs
of approx. E670 million, the annual recurring costs only slightly below this at approx.
E610 million.
It goes without saying that numbers such as those mentioned can be no more than
‘plausible estimates’ or an ‘initial workable approximation’.65 This does not however
diminish the purpose of model calculations, even if they do only ‘represent rough order
of magnitude costs’,66 to illustrate the financial dimensions and consequences of political
decisions for decision makers. In the light of frequently diagnosed ‘political failures’ in the
development and implementation of large technical systems in the past, a forecast of
future financial burdens is of particular importance for public budgets and for citizens.
This is exactly what the European Parliament alleged and criticized about the policy of
the Executive—that no cost estimates were submitted at all.67
The politics of biometric control has so far been primarily formed on an EU level and
here by the executives—the Justice and Home Affairs ministries, the European Commis-
sion and the European Council. The lack of a public, substantive discussion can to a large
extent be traced back to a more ‘publicity shy’ policy on the part of the competent EU
bodies and the most national ministries, in connection with the absence of a European
public sphere. Another direct significant contribution to ambiguity concerning essential
normative choices moreover, lies in the fact that design options of particular relevance
to data protection and privacy are delegated to (technical) expert committees, with
hardly any democratic legitimacy, whose work is largely obscure. However, the fact
that the European Parliament is only consulted in this political field, according to the
decision-making procedures of the EU, but does not have a say in the actual decision,
has also contributed to the underdevelopment of the political discourse. It was only
able to fulfil its legislative role within narrow limits and failed in being a forum for
public policy debates on decisions with severe consequences for society.
Final Remarks
The path of the development of biometric identification systems has become increasingly
narrow as a result of the decisions made by the big players in favour of face and fingers for
identification purposes—the number of available technical options for different scenarios
of use has decreased. The scope for creating national policies in Europe has also been nar-
rowed because of the full use of executive competence on the part of the EU and the
decision on the introduction of the so-called ePassport. Nevertheless there is still a
need for information, discussion and decisions with regard to the further development
of biometric security architectures. Political action and a public debate is needed not
only relating to documents already in circulation and their accompanying infrastructures,
but also with respect to the option of a national identity card with biometric components.
Furthermore, we have to expect an increasing use of biometric technology not only in the
public but also in the private sector. The contours and contents of a corresponding pol-
itical agenda on a European level and within the EU Member States have recently been
more clearly defined by numerous authors and reports.68 An adequate appreciation is
not possible here—simply a brief mention.
162 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 16: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/16.jpg)
A political agenda should include considering prospective contexts for applications of
biometric identity documents, above all the further development of a suitable ‘privacy
architecture’. There are already proposals on the table from a data protection viewpoint,
in particular. There are several remarkable activities in progress on an EU level concern-
ing this. They relate to fundamental normative principals as well as to specific technologi-
cal options.69
It is apparent that political debate and action are required that comprehensive
implementation steps must be planned at all levels and their consequences thought
through, from issuing to production to control.70 Further co-ordination processes on
an EU level and ultimately globally are necessary, if the additional security promised is
to be achieved while neither unduly restricting global tourist traffic nor violating data pro-
tection concerns and the right of informational self-determination. In the light of the dis-
cernible complexity and infrastructural interconnectedness71 further comprehensive
follow-up analyses of the political, financial and organizational consequences of the intro-
duction and use of biometric identification systems on all levels and on a global scale
would be advisable, providing an improved information base for the organization of
policy and data protection for the development dynamic, which has already set in.
‘Privacy impact assessments’ could also be a part of this—analyses both ‘of the system
as how is dealt with the risks of the biometric data, taking the applicable legislation, rec-
ommendations and good practices into account’.72
Ultimately the task that has until now been politically neglected needs to be tackled—
that of initiating and actively helping to shape a public discourse. It would, in particu-
lar, be important to make it clear that biometrics can provide an important albeit
limited contribution to the goal of more security. Biometrics is a technical approach
to the prevention of risks and hazards, but not a ‘substitute for responsibility’.73 The
problems of terrorism, immigration, abuse of asylum procedures and identity theft
cannot be solved by symptom-oriented technical approaches, but as to what the
elements of comprehensive political strategy should be—this question remains as yet
unanswered.
When faced with such a comprehensive and complex project as the biometric survey of
the population in 25 EU states as well as of millions of foreign citizens who travel to
Europe or seek asylum, it seems time that the efforts that have thus far been made relating
to technical practicability are supplemented by efforts relating to social acceptance.74
A contribution to an informed acceptance among the population could be provided by
attempts to enter into a discussion with the population about the project of biometric
modernization thus far negotiated mainly by pluralist elites. There is in the meantime a
broad base of experience globally with different kinds of participative procedures,
through which the citizens of a country can be integrated into political decision-
making processes.75 Forums and procedures, such as consultation exercises, consensus
conferences or citizens’ conferences, are by all means appropriate for improving the
general level of knowledge in the society, and for creating an awareness of the importance
of the dynamic of social–technical development, which will be driven by the intensive use
of biometrics in future. The maxim of consultation of civil society in central political
questions proclaimed already 2001 by the EU itself in its ‘White Paper on Governance’
offers a framework for this. Some recent activities in this direction on the subject of bio-
metrics76 could be an indication that the awareness has grown such that greater transpar-
ency in decision-making processes and greater openness for the opinions and evaluations
of the citizens are necessary.
Biometrics at the Borders 163
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 17: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/17.jpg)
Notes and References
1 Buro fur Technikfolgen-Abschatzung beim Deutschen Bundestag (TAB) Biometrie und
Ausweisdokumente. Leistungsfahigkeit, politische Rahmenbedingungen, rechtliche
Ausgestaltung, Zweiter Sachstandbericht, Arbeitsbericht Nr 93, Berlin, 2003; J Ashbourn
The Social Implications of the Wide Scale Implementation of Biometric and Related Technol-
ogies, Background paper for the Institute of Prospective Technological Studies, DG JRC—
Sevilla, European Commission, 2005.
2 Organisation for Economic Co-operation and Development (OECD) Biometric-Based
Technologies, Committee for Information, Computer and Communications Policy, Working
Party on Information Security and Privacy, 2004, p 9.
3 UN Security Council Resolution 1373 (2001), adopted unanimously by the Security Council at
its 4385th meeting on 28 September 2001.
4 The London School of Economics and Political Science (LSE) The Identity Project. An
assessment of the U.K. Identity Cards Bill and its implication, Interim Report, London,
2005, p 26.
5 M Harty ‘U.S. visa policy: securing borders and opening doors’, The Washington Quarterly
Vol 28, No 2, 2005, pp 23–34.
6 Council of the European Union Council Regulation, No 2725/2000 of 11 December 2000
concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective
application of the Dublin Convention.
7 European Communities Council Regulation (EC) No 407/2002 of February 2002 laying down
certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of
‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Conven-
tion Official Journal of the European Communities, L62/1, 5 March 2002. For Eurodac as a
means of a ‘politics of control’ see J P Aus Supranational Governance in an “Area of Freedom,
Security and Justice”: Eurodac and the Politics of Biometric Control, SEI Working Paper No
72, University of Oslo, 2003.
8 Council of the European Union Thessaloniki European Council 19 and 20 June 2003.
Presidency Conclusions, 11638/03, Brussels, 1 October 2003, p 3.
9 A Liberatore Balancing Security and Democracy: The Politics of Biometric Identification in the
European Union, EUI Working Papers, RSCAS No. 2005/30, European University Institute,
Badia Fiesolana, 2005; TAB, op cit, note 1.
10 Council of the European Union Council Regulation, No 2424/2001 of 6 December 2001 on
the development of the second generation Schengen Information System (SIS II).
11 Commission of the European Communities Communication from the Commission to the
Council and the European Parliament, Development of the Schengen Information System II,
Brussels 18 December 2001, COM(2001)720 final.
12 Council of the European Union Press Release 6228/05, 2624nd Council Meeting, Justice and
Home Affairs, Brussels, 24 February 2005, p 14.
13 Commission of the European Communities Council Regulation amending Regulation (EC)
1683/95 laying down a uniform format for visas and Council Regulation amending Regulation
(EC) 1030/2002 laying down a uniform format for residence permits for third-country
nationals, Brussels, 24 September 2003, COM(2003)558 final.
14 Commission of the European Communities Proposal for a Council Regulation on Standards
for Security Features and Biometrics in EU Citizens’ Passports, Brussels 18 February 2004,
COM(2004)116 final.
15 Council of the European Union Press Release, 2613rd Council Meeting, Justice and Home
Affairs, Luxembourg, 25 and 26 October 2004, p 11.
16 European Parliament Legislative Resolution on the Proposal for a Council regulation on
standards for security features and biometrics in EU citizens’ passports (COM(2004)0116—
C5-0101/2004—2004/0039(CNS)), 02/12/2004.
164 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 18: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/18.jpg)
17 European Communities Council Regulation (EC) No 2252/2004 of 13 December 2004
on standards for security features and biometrics in passports and travel documents issued
by Member States Official Journal of the European Communities, L 385, 29 December 2004.
18 Commission of the European Communities Commission Decision of 28 February 2005 Estab-
lishing the Technical Specifications on the Standards for Security Features and Biometrics in
Passports and Travel Documents Issued by Member States, Brussels, 5 September 2005,
COM(2005)409 final.
19 Council of the European Union Draft Conclusions of the Representatives of the Governments
of the Member States on common minimum security standards for Member States’ national
identity cards, 14351/2005, Brussels, 11 November 2005.
20 The London School of Economics and Political Science (LSE), op cit, note 4, p 22.
21 International Civil Aviation Organization (ICAO) Biometric Identification to Provide
Enhanced Security and Speedier Border Clearance for Travelling, Public News Release PIO
09/2003, 2003.
22 International Civil Aviation Organization (ICAO) Report of the Technical Advisory Group on
Machine Readable Travel Documents, 14th Meeting, Montreal, 6–9 May 2003.
23 M Dierkes, U Hoffmann and L Marz Visions of Technology. Social and Institutional Factors
Shaping the Development of New Technologies Campus, Frankfurt-am-Main, 1996.
24 Liberatore, op cit, note 9.
25 European Parliament Report on the Commission proposal for a Council regulation on stan-
dards for security features and biometrics in EU citizens’ passports (COM(2004)0116—
C5-0101/2004—2004/0039(CNS)), 28/10/2004, Committee on Civil Liberties, Justice and
Home Affairs, Rapporteur: Carlos Coelho, p 17. The Committee adopted this report on 25
October 2004: European Parliament Decision of the Committee responsible, 1st reading/
single reading, CNS/2003/0217.
26 Institute for Prospective Technological Studies (IPTS) Biometrics at the Frontiers: Assessing the
Impact on Society. For the European Parliament Committee on Citizens’ Freedoms and Rights,
Justice and Home Affairs (LIBE), 2005, p 31.
27 Future of Identity in the Information Society (FIDIS) D3.2: A study on PKI and biometrics,
FIDIS Consortium—EC Contract No 507512, 4 July 2005, p 61.
28 During the enrolment phase, the Failure to Enrol Rate (FTR) is the measure of the performance
of the biometric system; during the production phase this is the False Acceptance Rate (FAR) or
the False Rejection Rate (FRR). The FTR refers to the ability of the system to enrol a biometric
characteristic, the FAR to incorrect identification/verification of an unauthorized individual,
the FRR to failure of the system to identify/verify an authorized individual.
29 TAB, op cit, note 1, pp 62–63.
30 National Institute of Standards and Technology (NIST) Summary of NIST Standards for
Biometric Accuracy, Tamper Resistance, and Interoperability, 2002, p 21.
31 International Biometric Group (IBG) White House OSTP Biometric Report Brief. A Visa
Issuance/Border Crossing Case Study, 2003, p 8.
32 In the case of UK this would mean that for up to one million citizens an enrolment is difficult or
impossible. The London School of Economics and Political Science (LSE), op cit, note 4, p 53.
33 Ibid.
34 The US National Institute of Standards and Technology (NIST) for example has tested the recog-
nition performance of face recognition and fingerprint recognition processes on the basis of up to
120,000 facial images and 620,000 fingerprints in original data pools. NIST, op cit, note 30, p 5.
35 The lack of such large-scale tests may also be a reason why the policy actors and expert com-
mittees tend to place iris recognition in ‘third place’.
36 TAB, op cit, note 1, p 30; see also US General Accounting Office (GAO) Technology Assess-
ment. Using Biometrics for Border Security, 2002, p 20.
37 NIST, op cit, note 31. The ITPS report concludes: ‘face recognition is not yet ready for outdoor
use’. IPTS, op cit, note 26, p 48,
Biometrics at the Borders 165
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014
![Page 19: Biometrics at the borders—the challenges of a political technology](https://reader031.fdocuments.in/reader031/viewer/2022020213/5750a6141a28abcf0cb6d4fd/html5/thumbnails/19.jpg)
38 FIDIS, op cit, note 27, p 92.
39 OECD, op cit, note 2, p 36.
40 Ibid, p 4.
41 G Hornung Die digitale Identitat. Rechtsprobleme von Chipkartenausweisen: Digitaler Perso-
nalausweis, elektronische Gesundheitskarte, JobCard-Verfahren, Nomos, Baden-Baden, 2005.
42 TAB, op cit, note 1, p 72.
43 Ashbourn, op cit, note 1, p 10.
44 Ibid, p 16.
45 OECD, op cit, note 2, p 13.
46 IPTS, op cit, note 26, p 47.
47 Ashbourn, op cit, note 1, p 9; FIDIS, op cit, note 27, p 115.
48 Ashbourn, op cit, note 1, p 20.
49 Liberatore, op cit, note 9, p 17.
50 Ibid, p 17.
51 European Parliament Report on the Commission, op cit, note 25.
52 Commission of the European Communities, op cit, note 14.
53 Article 29—Data Protection Working Party (WP 29) Working document on biometrics,
12168/02/EN, WP 80, adopted on 1 August 2003. The Working Party has been established
by Article 29 of Directive 95/46/EC. It is the independent EU Advisory Body on Data Protec-
tion and Privacy. Its tasks are laid down in Article 30 of Directive 95/46/EC and in Article 14
of Directive 97/66/EC.
54 Liberatore, op cit, note 9, pp 13 et seqq.
55 Article 29—Data Protection Working Party (WP 29), op cit, note 53, p 7.
56 See, for example, FIDIS, op cit, note 27, pp 101 et seqq.
57 Ibid, p 103.
58 Ibid, p 114.
59 Ibid.
60 GAO, op cit, note 36.
61 Ibid, pp 108 et seqq.
62 T Mansfield (National Physical Laboratory) and M Rejman-Greene (BTexact Technologies)
Feasibility Study on the Use of Biometrics in an Entitlement Scheme, Middlesex, 2003, p 29.
63 LSE, op cit, note 4, p 15.
64 TAB, op cit, note 1.
65 Ibid, p 81.
66 GAO, op cit, note 36, p 108.
67 European Parliament Report on the Commission, op cit, note 25.
68 TAB, op cit, note 1; Ashbourn, op cit, note 1; IPTS, op cit, note 26; OECD, op cit, note 2,
FIDIS, op cit, note 27; P de Hert Biometrics: legal issues and implications, Background
paper for the Institute of Prospective Technological Studies, DG JRC—Sevilla, European
Commission, European Communities, 2005.
69 FIDIS, op cit, note 27, pp 106 et seqq.
70 TAB, op cit, note 1, p 118.
71 FIDIS, op cit, note 27, pp 100, 112, 115, 116.
72 Ibid, p 105.
73 Ashbourn, op cit, note 1, p 19.
74 TAB, op cit, note 1, p 119; see also FIDIS, op cit, note 27, p 115.
75 S Joss and S Bellucci (eds) Participatory Technology Assessment. European Perspectives,
Centre for the Study of Democracy, London, 2002.
76 Liberatore, op cit, note 9, p 22. The author refers among others to public consultations and
extended impact assessments in which citizens and stakeholders play a crucial role. See also
WP 29, op cit, note 53, p 7.
166 Thomas Petermann et al.
Dow
nloa
ded
by [
UQ
Lib
rary
] at
19:
48 0
6 N
ovem
ber
2014