EU to announce fingerprinting for all visitors

News & Analysis
EU to announce fingerprinting for all visitors

The European Commission is about to announce the compulsory fingerprinting of all visitors to the EU, both visa holders and non-visa holders, along with automated border checks of EU nationals through the analysis of fingerprints and facial scans.

The Communication from December 2007, available here on the PI site, outlines the plans. Below we summarise the plans. Also see PI's commentary in the Guardian CommentisFree section from February 11, 2008.

Critical Analysis

  • The Communication does not mention terrorism at all (or at least not until explanatory notes), and rather is seen as a border management initiative
  • The Commission later admits that terrorism gains are minimal
  • want to monitor those people who have never done anything wrong and who do not require visas
  • they already note that this could 'potentially complicate' management of passenger flows, particularly at land borders
  • going to create chaos at 'automated border checking facilities' using technologies that vary across countries and with near millions of people being processed every day
  • those who can't use biometrics will be left behind
  • redesign of borders and airports to cater for these new systems based on technologies that hardly exist yet
  • lack courage to insist that new databases and central stores are not a good idea even though they seem to acknowledge this: they keep on referring to separate 'databases or cards'
  • they are designing this specifically so that North Americans can't apply as Registered Travellers because their passports don't have fingerprints
  • relatively successful implementations of Iris-scanning technology will have to be dismantled
  • Electronic Travel Authorisation is merely kite-flying at the moment as they have no idea how to implement it
  • How does this affect EU nationals? They will be monitored by the entry-exit system like everyone else, they will be forced to register their biometrics in national databases, like everyone else
  • how can fingerprinting all visitors and EU nationals be considered proportionate? How can a system designed for the broad purpose of border management be limited in purpose? How can the European Commission ensure the quality of data when fingerprint and facial recognition processing is so unreliable? With no clear goal other than to use new technology how can this be seen as necessary?
  • retention period discussion is reminiscent of Google's argument on cookies: yes retention is for 5 years, but if you visit again, retention extends by another five years. For the average traveller, this means that your data will be retained for five years after your last trip to the EU, or after death.
  • Commission has previously been attacked by its own internal board asking why alternative options have not been considered adequately, and poorly arguing the magnitude of the current problems; poor assessment of costs

Our Summary of the EU's plans for an Entry-Exist System

Description of Plans

  • this communication was enabled through work by external contractors
  • over 300 million travellers cross the EU's external borders every year, with 160 million made by EU citizens, 60 million by third country nationals not requiring a visa, and 80 million by third country nationals requiring visas
  • 'key challenge' lies in how the Union will be able to embrace new technologies in an extensive, consistent and proportionate way
  • wish to facilitate 'bona fide' visitors while enhancing security, proposes automated border crossing facilities for EU citizens and 'certain categories of third country nationals'
  • propose an Entry-Exit system allowing the electronic recording of dates of entry and exit of third nationals
  • considering implementing an Electronic Travel Authorisation System, where individuals must seek approval from the EU prior to purchasing plane tickets
  • foresee 'marginal increase' in costs to implement these systems

Current state of affairs

  • all people passing through Schengen borders must submit to a 'minimum check' to verify identity of individuals
  • third country nationals are subject to a "thorough check" which determines their purpose of stay, subsistence, and searches through the Schengen Information System and national databases to verify that "they are not a threat to public policy, internal security, public health, and (...) international relations"
  • currently there is no obligation to keep a record of such entries or exits on a register or database, making it difficult to identify over-stayers and difficult to identify when an individual leaves from another Schengen country
  • too few bona fide travellers at the moment
  • Visa Information System, once operational, will verify the authenticity of short stay visas; but biometric checks occur only upon entry (but currently this is not the rule)
  • argue that there is human trafficking and people smuggling, identity fraud, and terrorism
  • "it is likely that over half of illegal immigrants entered the EU legally but become illegal due to overstaying"
  • estimated up to 8 million illegal immigrants
  • stamping of passports may be unreadable or subject to counterfeiting
  • main problems are: illegal immigration, terrorism and serious crime, 'data gap', growing pressure of passenger flows, challenges of economic migration

Biometrics

  • biometrics are being introduced "as an additional layer of security for travel documents and for accurate identity checks"
  • limited to face and fingerprints
  • fingerprint passports will be issued from June 2009 across the Schengen area, though full implementation not like to take place until 2016 (for facial biometric) and 2019 (for fingerprints)
  • implementation for visa holders will be relatively easy as they are already biometrically enrolled (though this will not be true until 2012 at the earliest)
  • biometric collected from those who are not required to have visas will use the same biometric equipment as visa holders but will be necessary to capture and store their biometric data at each entry so that an exit check can take place

Entry-Exit system

  • hope to be operational by 2015
  • applies to all third country nationals admitted for short stay (as they are at risk of overstaying), and therefore excludes holders of national long stay visas, holders of residence permits, etc.
  • system will record information on time and place of entry, length of stay, automated alerts transmitted to relevant immigration authorities in the case of overstay
  • data on third country nationals not requiring a visa would enable for identification of undocumented persons who are not on VIS or Eurodac, i.e. who don't have to be on databases or have never done anything wrong
  • a separate database will be required for those who do not require visas, though they will ensure it is compatible with SIS II, VIS, and the Biometric Matching System
  • longer queues are expected but they believe that this will be offset by better management of the flow of passengers due to automated border crossings

Bona Fide, Registered Travellers

  • EC is asking the EU to 'seriously consider' creating legal framework for registered travellers
  • low risk travellers issued with multiple entry visas should be granted Registered Traveller status, though this would require continuous review
  • low risk travellers who don't need a visa should be offered a pre-screening process (voluntary) which will require the enrolment of their biometric and biographic data
  • these travellers can then use automated border checking facilities
  • criteria at a minimum will include: reliable travel history, proof of subsistence, holding a biometric passport containing fingerprints; possibly also a number of successful Electronic Travel Authorisations
  • see major benefits in time savings on crossing the external border
  • foresee a situation where registered travellers may not require an Electronic Travel Authorisation
  • a new database would be required for this task

Automated Border Control

  • machine reads the biometric data on travel documents or stored in a system or database and compares them against the biometrics of travellers
  • for EU citizens they will be subjected to random checks of the SIS and national databases

Electronic Travel Authorisation

  • applies to all third country nationals, even for visa-free travel
  • no fixed definition of how the ETA can be designed
  • aim to replicate either Australian regime or possibly the planned U.S. regime
  • technical, financial and practical implications have yet to be examined, including integration with APIS and PNR systems
  • uncertainty as to how it will apply at land-borders and spontaneous travel
  • Commission will launch a study in 2008

Privacy?

  • Mention of data protection rules including necessity, proportionality, purpose limitation and quality of data
  • five year retention period for data
  • use of data for immigration purposes, and access will be provided for law enforcement agencies (subject to appropriate legal framework)
  • individuals will have right of access to data held on them, and will be able to challenge and correct data
  • appeal mechanisms will be designed
  • Registered Traveller Programme will also pose challenges, and will permit right of access to personal information used to justify refusals, and create an appeals process