This article was downloaded by: [UQ Library]On: 06 November 2014, At: 19:48Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

International Review of Law,Computers & TechnologyPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/cirl20

Biometrics at the borders—thechallenges of a political technologyThomas Petermann , Arnold Sauter & Constanze ScherzPublished online: 22 Jan 2007.

To cite this article: Thomas Petermann , Arnold Sauter & Constanze Scherz (2006) Biometrics atthe borders—the challenges of a political technology, International Review of Law, Computers &Technology, 20:1-2, 149-166, DOI: 10.1080/13600860600705077

To link to this article: http://dx.doi.org/10.1080/13600860600705077

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

Biometrics at the Borders—the Challenges ofa Political Technology

THOMAS PETERMANN, ARNOLD SAUTER and CONSTANZE SCHERZ

ABSTRACT Biometric systems have become the technological centrepieces of the

respective policies of both national and supranational policy actors with the aim

of constructing a technical security infrastructure on a global scale. The rapid

diffusion of biometric recognition technologies in the public sector is a result

of the interaction of policy actors, mainly the USA and the European Union,

in an international network of post 9/11 activities. The discourse that has

accompanied the diffusion process of biometrics was for long dominated by

technical experts. The discourse on citizens’ rights and data protection hasonly recently gained in importance. In the political discourse, central issues,

such as the far-reaching consequences and a transparent and comprehensible

substantiation of the goals being followed by politics were at best marginal.

Although the triumphant procession of biometric technologies seems to be

irreversible, there is a need for politics in a democratic constitutional state for

further information, for a public debate and for responsible and well-informed

decisions.

Introduction

All over the world intensive efforts are being undertaken to improve the reliability of iden-

tity documents and entry procedures as well as the effectiveness of border controls. As a

result of this biometric systems have become the technological centrepieces of the respect-

ive policies of both national and supranational policy actors. The politically desired and

already partially realized goal of establishing ‘smart borders’ can largely be seen as a reac-

tion to the changed security situation following 11 September 2001.1 Biometric

INTERNATIONAL REVIEW OF LAW COMPUTERS

& TECHNOLOGY, VOLUME 20, NOS 1&2, PAGES 149–166, MARCH–JULY 2006

Correspondence: Thomas Petermann, Buro fur Technikfolgen-Abschatzung beim Deutschen

Bundestag (TAB), Neue Schonhauser Straße 10, 10178 Berlin, Germany. Tel:þ 49 (0)

30/28491-0; Fax:þ 49 (0) 30/28491-119; E-mail: buero@tab.fzk.de

ISSN 1360-0869 print/ISSN 1364-6885 online/06/01–2149-166 # 2006 Taylor & Francis

DOI: 10.1080/13600860600705077

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

technologies have since attracted ‘a great deal of interest as a possible solution to crime,

terrorism and as a foolproof-method of identification’.2

As developments in the USA and in the EU demonstrate, great importance is attached

by politicians to the strategy of biometric modernization. It is not to be used exclusively

for making travel documentation more reliable, limiting abuse in asylum procedures and

making border controls more effective, but also for managing international travel more

efficiently as well as offering political stimuli for further innovative applications. At the

same time assurance is given that citizens’ rights are not unduly encroached upon and

that the security and integrity of their data is ensured. The acceptability of this strategy

and the validity of the legitimatory rhetoric are however disputed: The schedules are

tight, the technology has not yet been perfected, the costs are vague. A publicly

announced clear and justified objective is also lacking.

The purpose of this article is first of all to trace the conflict and collaboration of policy

actors in an international network of post 9/11 activities with the aim of constructing a

technical security infrastructure on a global scale. The next step will be an exemplary look

at the discourse that has accompanied the accelerated diffusion process of biometrics.

This will include in particular the technology-centred discourse of experts and commit-

tees, which has dominated the debate and public perception for a long period, but also

the discourse on citizens’ rights and data protection, which has only recently gained in

importance and public resonance. This is less the case with the political discourse,

which is understood as a public discussion of goals and ethical stances, as well as of

the opportunities and risks of implementing biometric systems in the public sector. Not

only were central issues, such as those relating to the costs or more far-reaching

medium and long term consequences at best marginal. What was much more conspicuous

was the wide-ranging lack of a transparent and comprehensible substantiation of the

goals being followed, a weighing-up against other goals and assets worthy of protection,

as well as the commensurability of the measures necessary to do this. Although the trium-

phant procession of biometric technologies seems to be irreversible, there is a need for

politics in a democratic constitutional state to act—despite the fait accompli—in a

number of respects. Some of the elements of an agenda for further political control and

organization will be discussed in conclusion.

Politics as the Driver

The diffusion of biometric systems as security technology in the public sector is most sig-

nificantly a result of political goals and strategies—both national and international. Legal

foundations were created through laws and regulations. Through the promotion of

research and development, intensification of activities to further international standard-

ization, and the financing of laboratory and field tests the technical feasibility was to

be improved and further potential applications investigated. A first signal bringing conse-

quences for other policy actors in the international state system was the UN Resolution of

28 September 2001 as a response to the terrorist attacks in New York. In order to combat

terrorism measures were demanded to prevent the counterfeiting, forgery and fraudulent

use of identity papers and travel documents.3

What follows is a rough sketch of how the decisive drivers and actors, the USA, the EU

and the International Civil Aviation Organization (ICAO) have shaped the political

setting of biometric technology.

150 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

USA

Following the terrorist attacks of 11 September 2001, two laws were passed in the USA

in which the political objective of improved security when foreign nationals enter and

leave the USA was set down: the US Patriot Act and the Enhanced Border Security

and Visa Entry Reform Act of 2002. The last-mentioned law requires all states to

issue unforgeable travel documents including biometric characteristics for entry into

the USA from 26 October 2004. This regulation is also applicable to those states parti-

cipating in the so-called Visa Waiver Program. The competent Embassies and Consulates

abroad were obliged, by the same date, only to issue machine-readable, unforgeable visa

and other travel documents incorporating biometric characteristics in accordance with

the ICAO standard. Appropriate systems were to be installed at all entry points by 26

October 2004. The US administration postponed this deadline by one year in August

2004.

As a consequence of the legislative guidelines, the US Department of Homeland

Security (DHS) has developed a concept for the monitoring of entry and exit as well as

the residence of international visitors—the US-‘Visitor and Immigrant Status Indication

Technology System’ (US VISIT). Within the framework of this, a comprehensive entry-

exit system is to be implemented—initially at international air and sea ports of entry.

This involves the collection of biographical data and biometric characteristics of visitors

and travellers entering the USA. Two index fingers of a visa applicant are electronically

scanned and a digital photo is taken in the consulates issuing visas. Additional characteri-

stics (such as iris scans) and processes may be added later. The data collected is then

accessible (although not biometrically processed) when visitors actually enter the USA

at the border crossing points.

In the meantime a digital photo is taken and two fingerprints are scanned of all visitors

to the USA at the border control points under the US-VISIT program. This data is gath-

ered and is compared to watchlists of persons registered as not permitted to enter the

USA. The date of departure and address of residence while in the USA is recorded at

the same time, so that persons who may enter legally, but through the deferment of

their departure are illegally resident in the USA, can be expelled on time. Visa waiver tra-

vellers have to present either a machine-readable passport or a US Visa at the US port of

entry to enter the USA.

Although the question of biometric registration of their own population for a long time

seemed to be considered a taboo, there is now a plan, in compliance with the ICAO stan-

dards, to start issuing machine-readable passports for US citizens, which include a digital

facial image stored on a 64 kb contactless chip.4 Technically however, this regulation

implies that biometric characteristics are not being registered, as a ‘facial image’ is

simply a ‘photo in a digitised format’.

In nearly all official government documents the creation of ‘secure borders, open

doors’5 is justified by two goals: the facilitation of legitimate travel to the USA by inter-

national visitors while maintaining the integrity and security of the US borders. Biometric

travel documents should help to reduce the use of stolen and counterfeit visas, and

protect against possible use by terrorists or others who might threaten the national secur-

ity of the USA. As a consequence of the setting a statutory framework for biometrics as

well as their successive implementation in the procedures for the issuing of visas and in

controlling borders, other nations had to decide under pressure how to react on this fait

accompli.

Biometrics at the Borders 151

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

European Union

A first step towards the use of biometric identification technologies was taken in the EU in

2000 with the establishment of Eurodac, a transnational system in which the fingerprints

of asylum seekers are stored.6 Since January 2003 every asylum seeker over the age of 14

throughout Europe—but also apprehended illegal immigrants to the EU Member States—

is recorded in the Automated Fingerprint Identification System AFIS. Their fingerprints

are registered and compared in Eurodac. This should prevent applicants making multiple

asylum applications in different EU States as well as identifying persons who have entered

the Union territory without permission. If it is ascertained that an asylum seeker has

already made an application in another Member State, he will be sent back to that

country.7

Rhetorically for the most part with reference to the attacks of 11 September 2001, the

EU has subsequently begun to develop elements of a coherent and consistent strategy for

the improvement of the security of identity documents using biometric identifiers. Thus

on 28/29 March 2003 the Union’s Justice and Home Affairs Ministers reinforced their

target of increasing security standards and the standardization of visa and travel docu-

ments, as well introducing biometric identifiers in visa and residence titles for nationals

of third countries. The European Council emphasized thereafter on 19/20 June 2003

in Thessaloniki that the strategic approach relating to biometric identifiers or biometric

data would result in harmonized solutions for documents for third country nationals,

EU citizens’ passports and information systems (VIS and SIS II).8 The essential elements,

which were developed and their implementation set about in a surprisingly short period of

time, can be outlined as follows:9

. On 6 December 2001 the European Council had proposed the development of a SIS

II,10 to adapt the previous Schengen Information System (SIS) to the broader scale of

operation following enlargement in 2004. The Commission adopted a regulation on

18 December 2001 for the ‘Development of the Schengen Information System II’,11

in order to be able to collect additional identification data. Apart from the categories

of data in SIS I, biometric data such as fingerprints and photographs may also be

stored in SIS II. The Visa Information System (VIS)—a system for the exchange of

visas—is decoupled. It was decided by the European Council in Laeken (December

2001) and Seville (June 2002) that it shall include biometric identifiers and is

intended to prevent ‘visa shopping’, improve the administration of the common

visa policy, contribute to internal security and fighting terrorism. In November

2004 an expert committee confirmed technical problems as a result of interference

between chips with biometric data inserted in passports by different countries. The

Council invites the Commission ‘to make every effort, including with respect to bud-

getary programming, to bring the activation of biometric identifiers in the develop-

ment of the central part of the VIS forward to 2006’.12

. The European Commission presented proposals in September 2003 to introduce bio-

metrics in visas and residence permits for third country nationals. The Commission

wanted to require Member States to integrate biometric identifiers in visa and resi-

dence permits for third country nationals as well as to ensure interoperability. The

European Commission was thereby deliberately driving the development further

forward. In the explanatory memorandum reference was made to the efforts to

improve document security on a European level in the aftermath of the attacks

of 11 September 2001. The comprehensive goal was to detect persons who wish

152 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

to enter the EU with forged official documents. The Commission emphasized that the

inclusion of biometric identifiers—as desired by the Member States—is a suitable

instrument. The biometric data of face and fingers would be stored in a storage

medium with sufficient capacity. The deadline for the integration of the photograph

was fixed for the visa on 3 June 2005 and for the residence permit for third country

nationals on 14 August 2005. Thereafter the digital photograph and storage of the

facial image should take place within two years and the fingerprint images within

three years of the adoption of the respective technical specifications.13

. The next step was logically aimed at the passports of EU citizens—on the basis of the

executive competence of the EU in Art. 62 No. 2a ECT. On 18 February 2004 the

European Commission submitted a draft Regulation on standards for security fea-

tures and biometrics in EU citizens’ passports.14 In this draft the European Commis-

sion proposed that passports and other travel documents should include a storage

medium with a facial image in a mandatory manner. The Member States were

allowed to implement fingerprints into the passports by national law. As a result

of the JHA (Justice and Home Affairs) Council on 25–26 October 2004 the text

of the proposal was changed to envisage both biometric features in a mandatory

way.15 Amendments by the European Parliament’s legislative resolution16 on the

Council’s proposal were not taken into account. The Council adopted the Regulation

on ‘standards for security features and biometrics in passports and travel documents

issued by Member States’ on 13 December 2004.17 The Council Regulation envi-

sages the digital facial image as a first biometric feature and fingerprints as a

second biometric feature, both in a mandatory way. It entered into force on 18

January 2005. The Regulation rules that Member States shall apply the Regulation

as regards the facial image by 18 months at the latest and as regards fingerprints by

36 months at the latest, following the adoption of the measures referred to in

Article 2. On 28 February 2005 the European Commission passed the ‘Decision

establishing the technical specifications on the standards for security features and

biometrics in passports and travel documents issued by Member States’.18

. In the meantime the processing and integration of the provisional final building block

in the European security architecture has also been started. As a declared response to

the London bombings, the European Council presented the Draft Conclusions of the

Representatives of the Government of the Member States on common minimum

security standards for Member States’ national identity cards on 11 November

2005.19 These should give an impetus to the development of common standards

for security features and secure issuing procedures for national ID cards. With

regard to the biometric identifiers it was proposed to use the face and two finger-

prints taken flat, which are to be incorporated into an RFID chip. The necessary tech-

nical specifications should—without modification—apply to the integration of

biometrics in the European passport.

The EU biometric policy was not and is not only a reflex of the action of the USA. Thus it

had already developed its own perspectives at an earlier stage with regard to its strategies

concerning Eurodac. A similar approach can be seen with the use of biometric systems in

visas. It is true that it adapted its passports for Europeans to the USA guidelines and accord-

ingly speeded up its measures and schedules. At the same time the option of biometric pass-

ports also represents a consistent and logical complement to its policies on entry and

asylum procedures. The Council in Thessaloniki had set the goal for all travel documents

Biometrics at the Borders 153

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

issued by EU member states to have the same standards. With its vote on national ID cards

its spectrum of activities concerning information systems and documents—from visas to

passports to ID cards—is finally provisionally complete and consistent.

International Civil Aviation Organization (ICAO)

Within the scope of its task of standardization of machine readable travel documents, the

International Civil Aviation Organization (ICAO), as a UN special agency, has been co-

ordinating the preparations for the implementation of biometric characteristics in

machine readable travel documents since the mid 1990s. The ICAO sets technical stan-

dards in close co-operation with the International Organization for Standardization

(ISO), which are binding for all 189 member states. In doing this it uses its mandate as

a parastatal international actor, conferred upon it by national governments. It is true

that the ICAO itself has no sovereign power and therefore its standards and recommen-

dations are also not directly applicable. They have rather to be transformed into appro-

priate national legal provisions by the respective signatory countries. The standards and

recommendations issued by this parastatal actor, however, play a significant role, as they

display real binding effects: Not to follow standards that have been agreed would result in

economic and political disadvantages in the global cross-border exchange of persons and

goods. This is why no country can afford to remain outside the set of technical rules and

follow a national special path.

On the other hand the ICAO is not an autonomous actor, as its committees also (have

to) react to external developments. It can be seen that not only the Visa Waiver Program

countries were under pressure from the political objectives and schedules set by the USA.

Through the explicit reference of the Enhanced Border Security and Visa Entry Reform

Act to the recommendations and standards of the ICAO, a ‘momentum’ was also gener-

ated for it to further develop its standards for machine-readable passports including

biometrics.20

In May 2003 the ICAO adopted a blueprint for the standardization of biometric infor-

mation in passports and other machine-readable travel documents. According to the blue-

print, facial recognition is to be selected as the ‘globally interoperable biometric for

machine-assisted identity confirmation’. In addition one identifier—a digital photo

embedded on a chip within the passport—would also be sufficient.21 The ICAO still con-

sidered centralized databases to be unnecessary. Normatively the ICAO linked its

decision for biometrics with economic and security target values such as a speedier

passage of travellers through airport controls, heightened aviation security and added

protection against identity theft.

The original position of the ICAO, to designate only one biometric identifier for

reasons of interoperability, was undermined by the grander plans of various Member

States—additional biometric identifiers, central databases for policing purposes—and

led to a change of position: ‘ICAO TAG-MRTD/NTWG further recognizes that in

addition to the use of a digitally stored facial image, Member States can use standardized

digitally-stored fingerprint and/or iris images as additional globally interoperable bio-

metrics in support of machine assisted verification and/or identification’.22 The earlier,

high-ranking goal of achieving global interoperability through the selection of only one

biometric feature was thus made considerably more difficult.

As the preceding brief presentation of the most important actors shows, the extent to

which society is pervaded with biometric technologies is thus far not an autodynamic

154 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

process of technological progress. On the contrary we are confronted with the results of

actions and reactions, a conflict and co-operation between two political key actors. Both

were following different strategies and schedules, the consequence of which, however, is

ultimately the fact that two—potentially—compatible security architectures were

implemented. Whereas the USA does not however plan the biometric registration of its

citizens and is happy to leave it with the introduction of digitized facial images of passport

photos on a chip in passports, the EU is taking a considerable step beyond that, as the

fingerprints of passport holders (and possibly future ID card holders) will in future be

registered and stored. The compatibility—also in relation to the ‘Rest of the World’—

was mediated from a technical point of view by the ICAO. As a kind of ‘linking agent’

it transformed the partially diverging political (and certainly also economic) goals of its

Member States with regard to technical norms and standards, ultimately making compro-

mises possible. The strategy the ICAO had initially been following however (to keep

things simple) fell by the wayside. Its expert committees had to take note of the fact

that individual states had been swayed by the charms of the technological potentials of

biometric systems for security policy goals. The expansion of the original concept—

only one biometric feature, verification as the defined function, the assessment of

central databases as ‘useful’, but not necessary—was consequently the result of bargain-

ing processes within the framework of the ICAO.

Accompanying Discourses

The history of technology, the sociology of technology and social studies of science have

illustrated (by case studies) how discourses by different actors accompany the develop-

ment and implementation of a new technology. Whereas social and political discourses

are often concerned with goals, visions and models, which are linked to a technology

by different actors and around which organization and political control are also

oriented,23 the discourses of technical experts tend to focus as a rule on the functionalities

of the technology, on data regarding the measurement of performance, on energy con-

sumption, on emissions, etc. The innovation history of biometrics and the general discus-

sion have been primarily characterized by this kind of expert discourse. Only after a

considerable delay did the public discourse open up to other topics and actors24 and

increasing doubt was cast on the viability of the strategy that has been followed and

the soundness of the desired goals. The ‘myth’ of biometrics, the ‘impossibility of

error’ attributed to it has been questioned.25

Reliability and Accuracy—the Experts’ ‘Technical Discourse

Biometric recognition, often also referred to as biometrics, refers to the automatic

recognition of a person based on his/her physiological (such as face, fingers, iris) and/

or behavioural characteristics (such as keystroke, gait). The ‘enrolment’ of these

characteristics is the basis of any biometric process. In the enrolment phase the biometric

sample is collected through one or more acquisition cycles, the biometric data is processed

in order to obtain the reference template and finally stored (e.g. on a chip incorporated in

a passport) for subsequent usage (e.g. for access control).

When using the recorded biometric data (production phase) two functionalities are dif-

ferentiated: The biometric verification (1:1 matching) is a test to ensure whether person X

Biometrics at the Borders 155

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

is really who he or she claims to be. The biometric identification (1: n matching) is used to

discover the identity of an individual by distinguishing him/her from other persons whose

biometric data are also stored. 1:1 matching answers the question ‘Am I whom I claim to

be?’ 1:n matching answers the question ‘Who am I?’ 1:1 matching does not require a

central database to be built, if the comparison is made against a template stored in a per-

sonal device retained by the individual whose identity is to be verified. Contrary to ver-

ification, for the process of identification a central database is necessary that holds

records for all people known to the system. Because of its specific technological profile

biometric recognition can ‘be used as a means of proving that you are who you claim

to be, or as a means of proving without revealing your identity that you have a certain

right (e.g. access)’.26 Therefore, biometrics allows a system to confirm an individual’s

identity based on who s/he is, rather than what s/he remembers (such as a PIN code),

or what s/he possesses (for example a passport). This is where biometrics can link up

with the requirements and goals of police and security agencies. It ‘offers advantages

over traditional authentication systems, which cannot discriminate between an impostor

who fraudulently obtains the access identifier, for example, a password or swipe card, and

a bona fide user’.27

In order to make full use of this potential for the purpose of control, biometric recog-

nition technologies will have to guarantee the optimal implementation of two prerequi-

sites: a high registration rate of biometric features during the enrolment of potential ID

card holders and a high recognition rate when inspecting identity documents and ID

card holders.

Because of the obvious importance of the ‘enrolment phase’ and the ‘production phase’,

the accuracy and efficiency achievable there have played a pivotal role in many tests and

pilot projects as well as in societal communication over the strengths and weaknesses of

the possible technologies to be deployed. The rates28 were and are used by both advocates

and critics to support their respective positions.

In the experts’ discussion on the suitability of processes for recording the biometric fea-

tures of facial images, fingerprints and iris scans, the following picture has emerged:29

. The recordability of fingerprints can be temporarily limited by injuries to fingertips

or broken fingers and through dirty fingertips. A permanent loss of a fingerprint tem-

plate could occur as a result of fingertips being burned or scarred. Intensive manual

work or working with toxic agents can also destroy the fingerprint template.

. The recordability of the face can be temporarily lost, e.g. through the wearing of ban-

dages after major facial surgery. Permanent losses, e.g. through illnesses resulting in a

significant deformation of the face, are extremely rare. Even in the case of localized

damage the face remains recordable as a complete feature. No meaningful infor-

mation is available regarding the effects of facial changes following plastic surgery.

. The recordability of the iris template can be temporarily impaired due to the dilation

of the iris as a consequence of the taking of certain medicines (atropine). Permanent

losses of recordability may occur as a consequence of eye diseases, e.g. blindness, cat-

aracts or glaucoma. In addition, enrolment is often made more difficult by drooping

or narrow eyelids, which partially cover the iris.

The requirement, which must be met in the case of the biometric equipping of national

identity documents that the feature selected excludes if possible only a very few citizens

from the application, is to date only conditionally fulfilled by fingerprint processes. The

US American Standardization Institute (NIST) concluded from its tests and the experience

156 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

of other organizations and authorities that problems occur during enrolment for about

2% of the total population.30 The International Biometric Group (IBG) indicated that

up to 2% of the population do not have sufficiently suitable fingerprints—for certain

sensors.31 The consequence of this deficit would be the necessity of enrolling other

fingers or alternatively of recording other features, which would of course require

additional financial, administrative and technical investment. The enrolment failure

rate for iris recognition processes is lower than with fingerprint processes, however

certain user groups still have problems due to their age or ethnic background. There is

also a not insubstantial group of people who are blind or have eye damage.32 Compared

to these rates, the failure rate for facial recognition is seen by the majority of experts as

marginal.

In spite of the considerable problems which will probably occur in recording the bio-

metric features of iris and fingerprint of large numbers of people, the advocates of this

technology have—at least publicly—tended to ignore this. The biometrics industry for

example ‘appears reluctant to publicly discuss the prevalence of the outlier problem’.33

This problem has also been seen by politicians, however it has not been considered as a

disqualifying criterion. The organizational, personnel and financial consequences of

this symptom of a ‘biometric divide’ have been, where at all, only touched upon in

discussion.

The growing interest of politics in biometric technologies, as well as the attractive pro-

spects of a market worth billions for the industry, have led to a steadily increasing number

of studies, tests and pilot projects. A lot of them focus on the recognition performance of

biometric technologies. The most comprehensive studies and tests of the accuracy of

systems are available for fingerprint and facial recognition processes.34

Taking the above-mentioned aspects into consideration, TAB—in its report for the

German Parliament—tentatively carried out an appraisal of the newer tests (until

2003). It was established that iris recognition processes provide a high degree of recog-

nition performance, but this needed to be verified in large-scale applications, as the avail-

able tests are of limited scope and thus only conditionally valid for identification

purposes.35 It was further established that fingerprint and facial recognition processes

in more recent and independent studies on performance measurement had also demon-

strated high recognition performance on 1:1 matching with large amounts of data. The

performance of both processes can be graded here as roughly equal.36 For identification

purposes the fingerprint process is rated as more efficient. In particular for the facial rec-

ognition systems it must be noted that the tests under controlled light conditions did

provide relatively good values, but that applications outside closed buildings resulted

in drastic drops in quality.37

The values for recognition performance reflect the current state of the technology. It

can be assumed that the fingerprint and facial recognition processes will further

improve. Both processes—as the TAB report concludes—are sufficiently mature and effi-

cient today that their use in verification mode (1:1), with personnel present and (for facial

recognition) under controlled light conditions in comparison to the previous manual

border controls promises an increase in the effectiveness of the controls.

Other current studies and reports offer a more sceptical assessment at first sight.

However, it should be noted here that the assessing judgement also included the efficiency

of the technologies in identification mode (1: n) and under other accompanying con-

ditions. Accordingly, and also plausibly, conclusions have been drawn elsewhere that cur-

rently achievable error rates are ‘simply not acceptable in security critical applications’.38

Biometrics at the Borders 157

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

An OECD report formulates its conclusion as follows: ‘A review of the publicly available

biometric performance data and the media reports of biometric-based technology trials

leave the reader with one conclusion: biometrics are not quite ready for prime time

yet’. That is to say, while they appear to function adequately in small, limited 1:n identi-

fication implementations (and indeed in some larger 1:1 verification implementations),

their accuracy, reliability and convenience are not yet sufficiently refined for very large

population identification systems.39

Regardless, however, of what results one attains according to what test regulations for

the purpose of achieving what goals, one of the crucial questions, namely, whether the

expected recognition performance in verification can be rated as sufficient and whether

the hoped-for improvements in border controls can justify the costs required to achieve

them, cannot be answered on the basis of apparently ‘objective’ rates alone. Not until per-

formance statistics are linked to their (organizational, social) ‘context’40 can the technol-

ogy be made accessible for social, political or legal evaluation. At this point one of the

central weaknesses of the technical experts’ discussion becomes clear, namely, the com-

munication of ‘expert opinions’ through the media. It is rare for test results to be

placed in connection with the respective application/purpose. For example a high FAR

generally poses a bigger problem in security-related areas than in convenience appli-

cations (e.g. logical access control on a PC). Resistance to circumvention is also a more

significant criterion in automated access controls than in biometrically supported controls

with supplementary live human or video supervision. Or, to take a further example, the

deficits of a process in the 1:n application—as has often been the case with facial recog-

nition—are unimportant, if the system is only designed for the function of verification.

The importance of ‘contextualizing’ test results before making judgements, becomes

even more apparent when enquiring about the specific conditions of a mass application

on site. If you take into consideration that in a major international airport, some 50

million travellers are to be controlled per year, even a false acceptance rate of only 1%

would trigger hundreds of false alarms per day.41 For this reason TAB demanded in its

report that ‘it should be openly debated, that—in spite of impressively low error rates,

mass application in practice will result in a relatively large number of false identifi-

cations’.42 One of the deficits of the discussion to date is that the limits of the technical

application, such as in the example mentioned, have only been made a subject on the

edge of the discussion and even then not by the promoters of the technology.

As is the case with other technical components and systems, it is also true with bio-

metric technologies that their use and their acceptability are derived from their technical

performance. Their specific social contexts may well be more decisive with regard to

achievable benefits and avoidable costs. Their importance should be made clear here

through two aspects, which have so far seldom played a significant role in the technically

centred debate. The first of these is the registration process prior to the enrolment, the

quality of which is ‘absolutely crucial to the overall effectiveness of any such system par-

ticularly when orchestrated upon a wide scale’.43 If the process of application, screening

and issuing shows weaknesses, ‘then there is a very real possibility of providing authentic

new generation travel documents under false identities. Because the biometric data will

match, assumptions will be made around the accuracy of the identity involved. In

addition, and contrary to popular belief, it will be quite possible for multiple documents

to be issued to the same individual. If the document has been issued through legitimate

channels, but to the wrong person, then we have a situation whereby government is effec-

tively aiding and abetting fraud.’44

158 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

A second example, showing that biometric-based technologies should only be evaluated

as one component of an overall security system, are backup measures of a technical and

organizational nature for the—as shown—frequent cases of false rejection to be expected

during the controls. ‘It is important to ensure that the security consequences of being impro-

perly rejected by the system for accidental reasons (voice problem, scar on a finger,

bandage, etc.) or just simply because of system errors are appropriately considered. . . .

There may be an expectation and temptation that the implementation of biometric

systems may permit a reduction of manual and fallback processing and procedures. This

is not the case; fallback and backup processing are even more important in the context

of biometric systems and should be specifically accounted for in the system design.’45

It was long a characteristic of the technical discourse that it was only to a limited extent

based on ‘reliable, comparable and recent data’.46 A major cause of this data problem is

that generally acknowledged criteria for evaluation do not yet exist. The reliability of

published data was for this reason often questioned because few independent and

unbiased studies on performance measurement were available. This problem has

become less important in the meantime. Problems arise now more from the fact that ‘bio-

metrics’ is viewed and judged independently of other sociotechnical factors, although the

overall quality of the system is first determined by the coaction of technical process,

human action and organizational contexts.47 Therefore, a look at the overall picture

will be of decisive significance. Otherwise, the future effectiveness of the biometrically

supported management of the external borders must be doubted, and—for example—

the issuing level could become the Achilles’ heel of the biometric control project and

the controlling level a daily demonstration of a technology perceived by the citizens as

unfinished.

Cui Bono—the Politicization of the Discourse

As Ashbourn noted, we have the ‘bizarre situation’ that the same governments which

were long ‘disinterested in adopting biometrics for logical, ethical and well considered

applications’, have in the past three years ‘rushed headlong into . . . a frenzy of biometric

related initiatives accompanied by clouds of emotionally misleading and technically

incorrect rhetoric’.48 Preliminary decisions on political, legal and technical–

organizational subjects have been taken without the targets and instruments or costs

and benefits of the future use of biometrics in the public sector having been comprehen-

sively conveyed through active political communication.

In Europe, a political discourse, to be understood as open communication with the

general public and representatives of social groups, has only slowly developed. As

Liberatore has shown, ‘a certain degree of pluralism’ has only gradually come into the

debate. This has led to an opening up of the discourse for non-technical topics and

other policy and civil society actors resulting in a degree of ‘politicisation of biometrics

in terms of its contribution to security needs and goals and of its implications for funda-

mental rights and democratic values’.49 Nevertheless this has remained a debate, which is

being shaped by a ‘pluralistic elite’.50 It is not (yet) a ‘public discourse’. The pluralization

of the discourse as well as its politicization are also only apparent practical constraints, as

they began in a phase after the decisive course had been set and the irreversibility of the

sociotechnical development had long been clear.

The first publicly acknowledged reaction from the European Parliament came in

autumn 2004. In its report51 on the Commission’s proposal52 it was critical of the draft

Biometrics at the Borders 159

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

law and the political understanding expressed therein. Supporting most of the positions of

the Article 29 Working Party Data Protection and Privacy,53 the report above all criticized

the lack of a specific purpose as well as the explicit identification of the competent auth-

orities. For the purposes of clarification a supplement was proposed to make clear that

biometric features in passports may only be used for the purpose of establishing the auth-

enticity of the document and the identity of the holder and only in situations when the

production of a passport is required by law (verification). These (and further) proposals

were not followed. The final Council regulation now directly applicable in all Member

States thus continues to leave numerous options for use open and lists no accountable

authorities. The opportunity to definitively reject the establishment of a central European

register for passports (as proposed by the European Parliament) was also passed over.

That this disrespect of fundamental data protection maxims is the result of carelessness

in the wording of a law, hardly suffices as explanation. It is much more likely that the

reason for this is that the Executive wishes to keep future far-reaching uses open. The

clarity of purpose demanded by Parliament would prove an obstacle to this.

In the publicly accessible political documents (e.g. in the European Union the EU

Commission and EU Council, as well as several EU Member States’ ministries) the legit-

imating rhetoric of their biometric politics almost always culminates in the central,

although vague topics of security. Security is usually understood to mean improved pro-

tection from illegal immigration and the misuse of state services as well as improved

security from unlawful entry using forged or stolen travel documents (identity theft).

At best reactively—and often trailing after decisions which have been made—the

attempt was made to balance the legitimate goal of improved security against the protec-

tion of privacy or of personal sensitive data. The discussion of these legal assets or data-

protection requirements was carried out by other actors. These were primarily civil rights

groups, technology assessment units in national parliaments (e.g. in the UK, France and

Germany), national parliaments and the EU Parliament, as well as ultimately the national

data protection officers and the European Article 29 Data Protection Working Party.54

The data protection actors in particular have called attention to the necessity of finding

a better balance between the paradigms of security and freedom/privacy, as the collection

and digital storage of biometric features—on the basis of legal obligations—results in

huge amounts of data of the body of a person being ‘made available to a lot of not pre-

dictable purposes’.55 As this refers to ‘personal data’, which has a value worth protecting,

many deliberations and proposals for the protection of this data and of the privacy of citi-

zens have been submitted. The—in the meantime very sophisticated—discussion cannot

be reproduced and appreciated here. For our purposes, reference will only be made to

certain central characteristics.56 To put it extremely simply, the important demands

with regard to data protection—here in terms of the ePassport—on the legal foundation

as well as on the practical implementation, are above all that the purpose for which a

technology is to be introduced, should be explicitly, appropriately, proportionately and

clearly defined. Further, from a technical viewpoint the integrity, the authenticity and

the confidentiality of the data must be guaranteed, the use of biometrics in passports

and identity cards should be technically limited to verification purposes, comparing the

data in the document with the data provided by the holder when presenting the docu-

ment. Finally, it must be made clear who may have access to the storage medium and

for which purposes. Thus it follows, consistent with the clearly defined purpose of verifi-

cation that central databases for European citizens must remain out of the question, in

order to avoid ‘excessive identification techniques’.57

160 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

The misunderstandings, ambiguities and uncertainties in the discourse relating to the

purposes and goals of an increased use of biometric identification technologies in the cer-

tainly different contexts of visas, passports and recently national ID cards have many

causes. In particular, however, the—certainly not accidental—reference made to the

fight against international terrorism played a major role. The goal towards which the

ePassport is leading for instance is defined by the European legislature: Entry should be

made more difficult for persons, who try to legitimise themselves by using forged docu-

ments or documents belonging to other people. Within the framework of this objective

however, no paramount contribution to combating terrorism can be made—as it is

often made to sound, when reference is made to the attacks on New York, Madrid or

even London in official government statements. ‘The terrorists of the future will no

doubt have valid biometrics; the only actual change will be in the mode of establishing

identity. But terrorists who are willing to die do not care less about that; most will

never reach the point where their identity will be checked against a stored template

and, in any case, they would be happy to go through the process (especially if it is to

become faster and more, reliable).’58 Technology based controls and the prevention of

abuse and criminality by technical means will lead to certain successes, but biometric

technologies will also create new problems and evoke changed criminal strategies.

‘Apart from all security related issues, identity theft and the like, all their implementation

might achieve is merely to intensify illegal entry to a country by alternative means.’59

More clarity and greater differentiation would in future have merited the consideration

of the question of which contribution could and should be provided for which goal

with which biometric document.

To the deficits in content and goals, with the circumstantial evidence of a lack of will-

ingness of most policy actors to participate in a substantial dialogue, should also be added

the fact that the question of costs has only played a marginal role both in the decision-

making processes as well as in the public debate.

The US General Accounting Office (GAO) was arguably the first important institution

to bring more comprehensive considerations and also specific numbers into the debate,

calling attention to the significant initial and recurring costs. In a technology assessment

report on ‘Using Biometrics for Border Security’60 cost estimates were made for different

scenarios of use, including ‘passports with biometrics’, differentiated according to differ-

ent biometric technologies (facial, fingerprint and iris recognition, or combinations of

them) and projected over a period of 10 years. The range was US$4.4–8.8 billion

for the initial costs and US$1.6–3.4 billion for the annual recurring costs, on the assump-

tion that seven million passports would be issued per year. Apart from the procurement of

the biometric hardware the cost estimates also took additional hardware, software,

network infrastructure, maintenance, personnel, training and communications into

account at/in the 4500 acceptance offices as well as at/in the 400 ports of entry.61

Numbers for the UK were presented in a ‘Biometric Feasibility Study’ by the National

Physical Laboratory for the introduction of a biometric identity card for all citizens.62 It

was assumed that 50 million ID cards would be issued over a 10-year period. The costs

were estimated for the biometric hardware at the front office and for remote enrolment,

other hardware at the back office, networks, etc, licence fees for biometric components,

software etc, marketing and publicity, and for the staff needed for enrolment. The total

costs of £500 million over the 10-year period seem very low, a more recent source

refers to information released by the British government, which in 2002 assumed expen-

diture of the order of £3.1 billion and by 2004 of £5.5 billion over 10 years.63

Biometrics at the Borders 161

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

The first cost estimates for Germany were conducted as part of the TAB study.64

Similar parameters were taken into account as in the US and the UK studies, with an esti-

mated total of 400 control points and 6500 identity card issuing offices. The introduction

of a biometrically equipped, mandatory identity card in Germany resulted in initial costs

of approx. E670 million, the annual recurring costs only slightly below this at approx.

E610 million.

It goes without saying that numbers such as those mentioned can be no more than

‘plausible estimates’ or an ‘initial workable approximation’.65 This does not however

diminish the purpose of model calculations, even if they do only ‘represent rough order

of magnitude costs’,66 to illustrate the financial dimensions and consequences of political

decisions for decision makers. In the light of frequently diagnosed ‘political failures’ in the

development and implementation of large technical systems in the past, a forecast of

future financial burdens is of particular importance for public budgets and for citizens.

This is exactly what the European Parliament alleged and criticized about the policy of

the Executive—that no cost estimates were submitted at all.67

The politics of biometric control has so far been primarily formed on an EU level and

here by the executives—the Justice and Home Affairs ministries, the European Commis-

sion and the European Council. The lack of a public, substantive discussion can to a large

extent be traced back to a more ‘publicity shy’ policy on the part of the competent EU

bodies and the most national ministries, in connection with the absence of a European

public sphere. Another direct significant contribution to ambiguity concerning essential

normative choices moreover, lies in the fact that design options of particular relevance

to data protection and privacy are delegated to (technical) expert committees, with

hardly any democratic legitimacy, whose work is largely obscure. However, the fact

that the European Parliament is only consulted in this political field, according to the

decision-making procedures of the EU, but does not have a say in the actual decision,

has also contributed to the underdevelopment of the political discourse. It was only

able to fulfil its legislative role within narrow limits and failed in being a forum for

public policy debates on decisions with severe consequences for society.

Final Remarks

The path of the development of biometric identification systems has become increasingly

narrow as a result of the decisions made by the big players in favour of face and fingers for

identification purposes—the number of available technical options for different scenarios

of use has decreased. The scope for creating national policies in Europe has also been nar-

rowed because of the full use of executive competence on the part of the EU and the

decision on the introduction of the so-called ePassport. Nevertheless there is still a

need for information, discussion and decisions with regard to the further development

of biometric security architectures. Political action and a public debate is needed not

only relating to documents already in circulation and their accompanying infrastructures,

but also with respect to the option of a national identity card with biometric components.

Furthermore, we have to expect an increasing use of biometric technology not only in the

public but also in the private sector. The contours and contents of a corresponding pol-

itical agenda on a European level and within the EU Member States have recently been

more clearly defined by numerous authors and reports.68 An adequate appreciation is

not possible here—simply a brief mention.

162 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

A political agenda should include considering prospective contexts for applications of

biometric identity documents, above all the further development of a suitable ‘privacy

architecture’. There are already proposals on the table from a data protection viewpoint,

in particular. There are several remarkable activities in progress on an EU level concern-

ing this. They relate to fundamental normative principals as well as to specific technologi-

cal options.69

It is apparent that political debate and action are required that comprehensive

implementation steps must be planned at all levels and their consequences thought

through, from issuing to production to control.70 Further co-ordination processes on

an EU level and ultimately globally are necessary, if the additional security promised is

to be achieved while neither unduly restricting global tourist traffic nor violating data pro-

tection concerns and the right of informational self-determination. In the light of the dis-

cernible complexity and infrastructural interconnectedness71 further comprehensive

follow-up analyses of the political, financial and organizational consequences of the intro-

duction and use of biometric identification systems on all levels and on a global scale

would be advisable, providing an improved information base for the organization of

policy and data protection for the development dynamic, which has already set in.

‘Privacy impact assessments’ could also be a part of this—analyses both ‘of the system

as how is dealt with the risks of the biometric data, taking the applicable legislation, rec-

ommendations and good practices into account’.72

Ultimately the task that has until now been politically neglected needs to be tackled—

that of initiating and actively helping to shape a public discourse. It would, in particu-

lar, be important to make it clear that biometrics can provide an important albeit

limited contribution to the goal of more security. Biometrics is a technical approach

to the prevention of risks and hazards, but not a ‘substitute for responsibility’.73 The

problems of terrorism, immigration, abuse of asylum procedures and identity theft

cannot be solved by symptom-oriented technical approaches, but as to what the

elements of comprehensive political strategy should be—this question remains as yet

unanswered.

When faced with such a comprehensive and complex project as the biometric survey of

the population in 25 EU states as well as of millions of foreign citizens who travel to

Europe or seek asylum, it seems time that the efforts that have thus far been made relating

to technical practicability are supplemented by efforts relating to social acceptance.74

A contribution to an informed acceptance among the population could be provided by

attempts to enter into a discussion with the population about the project of biometric

modernization thus far negotiated mainly by pluralist elites. There is in the meantime a

broad base of experience globally with different kinds of participative procedures,

through which the citizens of a country can be integrated into political decision-

making processes.75 Forums and procedures, such as consultation exercises, consensus

conferences or citizens’ conferences, are by all means appropriate for improving the

general level of knowledge in the society, and for creating an awareness of the importance

of the dynamic of social–technical development, which will be driven by the intensive use

of biometrics in future. The maxim of consultation of civil society in central political

questions proclaimed already 2001 by the EU itself in its ‘White Paper on Governance’

offers a framework for this. Some recent activities in this direction on the subject of bio-

metrics76 could be an indication that the awareness has grown such that greater transpar-

ency in decision-making processes and greater openness for the opinions and evaluations

of the citizens are necessary.

Biometrics at the Borders 163

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

Notes and References

1 Buro fur Technikfolgen-Abschatzung beim Deutschen Bundestag (TAB) Biometrie und

Ausweisdokumente. Leistungsfahigkeit, politische Rahmenbedingungen, rechtliche

Ausgestaltung, Zweiter Sachstandbericht, Arbeitsbericht Nr 93, Berlin, 2003; J Ashbourn

The Social Implications of the Wide Scale Implementation of Biometric and Related Technol-

ogies, Background paper for the Institute of Prospective Technological Studies, DG JRC—

Sevilla, European Commission, 2005.

2 Organisation for Economic Co-operation and Development (OECD) Biometric-Based

Technologies, Committee for Information, Computer and Communications Policy, Working

Party on Information Security and Privacy, 2004, p 9.

3 UN Security Council Resolution 1373 (2001), adopted unanimously by the Security Council at

its 4385th meeting on 28 September 2001.

4 The London School of Economics and Political Science (LSE) The Identity Project. An

assessment of the U.K. Identity Cards Bill and its implication, Interim Report, London,

2005, p 26.

5 M Harty ‘U.S. visa policy: securing borders and opening doors’, The Washington Quarterly

Vol 28, No 2, 2005, pp 23–34.

6 Council of the European Union Council Regulation, No 2725/2000 of 11 December 2000

concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective

application of the Dublin Convention.

7 European Communities Council Regulation (EC) No 407/2002 of February 2002 laying down

certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of

‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Conven-

tion Official Journal of the European Communities, L62/1, 5 March 2002. For Eurodac as a

means of a ‘politics of control’ see J P Aus Supranational Governance in an “Area of Freedom,

Security and Justice”: Eurodac and the Politics of Biometric Control, SEI Working Paper No

72, University of Oslo, 2003.

8 Council of the European Union Thessaloniki European Council 19 and 20 June 2003.

Presidency Conclusions, 11638/03, Brussels, 1 October 2003, p 3.

9 A Liberatore Balancing Security and Democracy: The Politics of Biometric Identification in the

European Union, EUI Working Papers, RSCAS No. 2005/30, European University Institute,

Badia Fiesolana, 2005; TAB, op cit, note 1.

10 Council of the European Union Council Regulation, No 2424/2001 of 6 December 2001 on

the development of the second generation Schengen Information System (SIS II).

11 Commission of the European Communities Communication from the Commission to the

Council and the European Parliament, Development of the Schengen Information System II,

Brussels 18 December 2001, COM(2001)720 final.

12 Council of the European Union Press Release 6228/05, 2624nd Council Meeting, Justice and

Home Affairs, Brussels, 24 February 2005, p 14.

13 Commission of the European Communities Council Regulation amending Regulation (EC)

1683/95 laying down a uniform format for visas and Council Regulation amending Regulation

(EC) 1030/2002 laying down a uniform format for residence permits for third-country

nationals, Brussels, 24 September 2003, COM(2003)558 final.

14 Commission of the European Communities Proposal for a Council Regulation on Standards

for Security Features and Biometrics in EU Citizens’ Passports, Brussels 18 February 2004,

COM(2004)116 final.

15 Council of the European Union Press Release, 2613rd Council Meeting, Justice and Home

Affairs, Luxembourg, 25 and 26 October 2004, p 11.

16 European Parliament Legislative Resolution on the Proposal for a Council regulation on

standards for security features and biometrics in EU citizens’ passports (COM(2004)0116—

C5-0101/2004—2004/0039(CNS)), 02/12/2004.

164 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

17 European Communities Council Regulation (EC) No 2252/2004 of 13 December 2004

on standards for security features and biometrics in passports and travel documents issued

by Member States Official Journal of the European Communities, L 385, 29 December 2004.

18 Commission of the European Communities Commission Decision of 28 February 2005 Estab-

lishing the Technical Specifications on the Standards for Security Features and Biometrics in

Passports and Travel Documents Issued by Member States, Brussels, 5 September 2005,

COM(2005)409 final.

19 Council of the European Union Draft Conclusions of the Representatives of the Governments

of the Member States on common minimum security standards for Member States’ national

identity cards, 14351/2005, Brussels, 11 November 2005.

20 The London School of Economics and Political Science (LSE), op cit, note 4, p 22.

21 International Civil Aviation Organization (ICAO) Biometric Identification to Provide

Enhanced Security and Speedier Border Clearance for Travelling, Public News Release PIO

09/2003, 2003.

22 International Civil Aviation Organization (ICAO) Report of the Technical Advisory Group on

Machine Readable Travel Documents, 14th Meeting, Montreal, 6–9 May 2003.

23 M Dierkes, U Hoffmann and L Marz Visions of Technology. Social and Institutional Factors

Shaping the Development of New Technologies Campus, Frankfurt-am-Main, 1996.

24 Liberatore, op cit, note 9.

25 European Parliament Report on the Commission proposal for a Council regulation on stan-

dards for security features and biometrics in EU citizens’ passports (COM(2004)0116—

C5-0101/2004—2004/0039(CNS)), 28/10/2004, Committee on Civil Liberties, Justice and

Home Affairs, Rapporteur: Carlos Coelho, p 17. The Committee adopted this report on 25

October 2004: European Parliament Decision of the Committee responsible, 1st reading/

single reading, CNS/2003/0217.

26 Institute for Prospective Technological Studies (IPTS) Biometrics at the Frontiers: Assessing the

Impact on Society. For the European Parliament Committee on Citizens’ Freedoms and Rights,

Justice and Home Affairs (LIBE), 2005, p 31.

27 Future of Identity in the Information Society (FIDIS) D3.2: A study on PKI and biometrics,

FIDIS Consortium—EC Contract No 507512, 4 July 2005, p 61.

28 During the enrolment phase, the Failure to Enrol Rate (FTR) is the measure of the performance

of the biometric system; during the production phase this is the False Acceptance Rate (FAR) or

the False Rejection Rate (FRR). The FTR refers to the ability of the system to enrol a biometric

characteristic, the FAR to incorrect identification/verification of an unauthorized individual,

the FRR to failure of the system to identify/verify an authorized individual.

29 TAB, op cit, note 1, pp 62–63.

30 National Institute of Standards and Technology (NIST) Summary of NIST Standards for

Biometric Accuracy, Tamper Resistance, and Interoperability, 2002, p 21.

31 International Biometric Group (IBG) White House OSTP Biometric Report Brief. A Visa

Issuance/Border Crossing Case Study, 2003, p 8.

32 In the case of UK this would mean that for up to one million citizens an enrolment is difficult or

impossible. The London School of Economics and Political Science (LSE), op cit, note 4, p 53.

33 Ibid.

34 The US National Institute of Standards and Technology (NIST) for example has tested the recog-

nition performance of face recognition and fingerprint recognition processes on the basis of up to

120,000 facial images and 620,000 fingerprints in original data pools. NIST, op cit, note 30, p 5.

35 The lack of such large-scale tests may also be a reason why the policy actors and expert com-

mittees tend to place iris recognition in ‘third place’.

36 TAB, op cit, note 1, p 30; see also US General Accounting Office (GAO) Technology Assess-

ment. Using Biometrics for Border Security, 2002, p 20.

37 NIST, op cit, note 31. The ITPS report concludes: ‘face recognition is not yet ready for outdoor

use’. IPTS, op cit, note 26, p 48,

Biometrics at the Borders 165

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014

38 FIDIS, op cit, note 27, p 92.

39 OECD, op cit, note 2, p 36.

40 Ibid, p 4.

41 G Hornung Die digitale Identitat. Rechtsprobleme von Chipkartenausweisen: Digitaler Perso-

nalausweis, elektronische Gesundheitskarte, JobCard-Verfahren, Nomos, Baden-Baden, 2005.

42 TAB, op cit, note 1, p 72.

43 Ashbourn, op cit, note 1, p 10.

44 Ibid, p 16.

45 OECD, op cit, note 2, p 13.

46 IPTS, op cit, note 26, p 47.

47 Ashbourn, op cit, note 1, p 9; FIDIS, op cit, note 27, p 115.

48 Ashbourn, op cit, note 1, p 20.

49 Liberatore, op cit, note 9, p 17.

50 Ibid, p 17.

51 European Parliament Report on the Commission, op cit, note 25.

52 Commission of the European Communities, op cit, note 14.

53 Article 29—Data Protection Working Party (WP 29) Working document on biometrics,

12168/02/EN, WP 80, adopted on 1 August 2003. The Working Party has been established

by Article 29 of Directive 95/46/EC. It is the independent EU Advisory Body on Data Protec-

tion and Privacy. Its tasks are laid down in Article 30 of Directive 95/46/EC and in Article 14

of Directive 97/66/EC.

54 Liberatore, op cit, note 9, pp 13 et seqq.

55 Article 29—Data Protection Working Party (WP 29), op cit, note 53, p 7.

56 See, for example, FIDIS, op cit, note 27, pp 101 et seqq.

57 Ibid, p 103.

58 Ibid, p 114.

59 Ibid.

60 GAO, op cit, note 36.

61 Ibid, pp 108 et seqq.

62 T Mansfield (National Physical Laboratory) and M Rejman-Greene (BTexact Technologies)

Feasibility Study on the Use of Biometrics in an Entitlement Scheme, Middlesex, 2003, p 29.

63 LSE, op cit, note 4, p 15.

64 TAB, op cit, note 1.

65 Ibid, p 81.

66 GAO, op cit, note 36, p 108.

67 European Parliament Report on the Commission, op cit, note 25.

68 TAB, op cit, note 1; Ashbourn, op cit, note 1; IPTS, op cit, note 26; OECD, op cit, note 2,

FIDIS, op cit, note 27; P de Hert Biometrics: legal issues and implications, Background

paper for the Institute of Prospective Technological Studies, DG JRC—Sevilla, European

Commission, European Communities, 2005.

69 FIDIS, op cit, note 27, pp 106 et seqq.

70 TAB, op cit, note 1, p 118.

71 FIDIS, op cit, note 27, pp 100, 112, 115, 116.

72 Ibid, p 105.

73 Ashbourn, op cit, note 1, p 19.

74 TAB, op cit, note 1, p 119; see also FIDIS, op cit, note 27, p 115.

75 S Joss and S Bellucci (eds) Participatory Technology Assessment. European Perspectives,

Centre for the Study of Democracy, London, 2002.

76 Liberatore, op cit, note 9, p 22. The author refers among others to public consultations and

extended impact assessments in which citizens and stakeholders play a crucial role. See also

WP 29, op cit, note 53, p 7.

166 Thomas Petermann et al.

Dow

nloa

ded

by [

UQ

Lib

rary

] at

19:

48 0

6 N

ovem

ber

2014