Part 2 of the Home Office paper to the EU Parliament - "Liberty and Security - Striking the Right Balance" -
Biometrics in identity cards and passports
* Biometrics provide an improved method of linking a document and person and of checking someone’s identity against a database. They are being increasingly used in the commercial sector.
* The EU is committed to making use of biometrics in passports and visas. This will improve the ability to identify multiple applications.
* ID cards are used for travel in the EU. Member States should look to greater use of biometrics in ID cards.
Moving between countries and travel across borders has always required people to prove their identity and their right to travel and to stay. This is the purpose of an identity card, passport or visa. In a globalised world in which people can move and travel more easily than ever before we need to devise more effective ways of confirming identity. In the 20th century this meant adding a photograph to passports, in the 21st century this means using biometrics, which are now acknowledged as being the most reliable way of establishing identity: far more effective than identifying a person by associated information such as his name, date of birth or through a person making a visual comparison with a photograph.
Biometrics confirm the identity of an individual by measuring the subject person's physiological features. They provide a way for a person to verify their identity by making a comparison of their biometric information with that stored in a chip on a document or on a database, thus preventing people using multiple different identities.
To turn our backs on proven biometric technology, to ignore the use made of fingerprints, iris and digital photos by both government and the private sector would be to reject the twenty-first century. Technical advances cannot be uninvented, nor should we wish to do it. We should bear in mind that the world of commerce, particularly the financial sector, has embraced biometric technology to regulate access to premises and facilities. If we are to offer our citizens a high degree of security we should do so too.
Types of biometrics
The biometrics chosen by the International Civil Aviation Organization are facial, fingerprint and iris pattern. Facial is the mandatory biometric and fingerprint and iris are optional secondary biometrics. The EU regulations relating to biometrics in travel document, visas and residence permits specify facial and fingerprints as the biometric identifiers.
Current plans are to use facial images for verifying identity by comparing the image stored on the document with the document holder in what is known as a one to one match. Fingerprints can also be used in this way i.e. they can be stored on a document (passport or visa) and electronically compared with the fingerprint of the document holder. Given the long experience in using fingerprints they are robust, reliable, accurate and quick. This means that they can also be used for identification by checking and individual against the biometric records of others in a database in what is know as one to many matching.
Lastly there is iris. There is no provision at present to make use of iris recognition as a technology but in early trials it has been demonstrated to be highly effective. For example this is being used at Schipol airport and by businesses.
On 28 March 2004 a visa was issued to a Tanzanian applicant who was a frequent traveller to the UK. His wife, an employee of Oman Air, was due to accompany him on the trip. A fingerprint match then revealed that he had claimed asylum as a Somali national during a previous visit to the UK. The applicant and his wife were called into the British High Commission and re-interviewed in light of the fingerprint information. Their visas were revoked.
Biometric data can either be recorded on a chip (for biometric passports and residence permits), or a database (for visas). For the purposes of a passport, the data will be stored in a chip on the passport and protected from unauthorized access by an access control. For residence permits, the data will be stored in a chip on a separate card. Again, this chip will be protected from unauthorized access.
It is however more secure to save biometric information to a database. This removes any possibility of false data being inserted on the chip by third parties. The delay in accessing data on a chip because of the security controls means comparison with a database is faster. However all parties wishing to verify identity need access to such a database and this solution is currently only viable at EU level with Visas through the Visa Information System.
The need for biometrics in Identity Cards
At EU level ID cards are often used to demonstrate a right to travel. For that reason Member States believe it is important that their national identity cards are secure, and have some common security features, ensuring a degree of consistency. Although, the EC does not have legislative competence in this field there would be advantages in setting minimum security and technical standards.
The inclusion of biometrics in identity cards will significantly improve the effectiveness and efficiency of proving identity when using an identity card. For example it will be possible to prevent people, particularly criminals, enrolling on a given system twice, because their biometrics can be checked against those already on the database: so it will not be possible to have multiple ID cards. It also means a person can better prove their established identity when using public services or in commercial transactions. The term “established identity” is used because, although the biometric is important in making a link to a person, it has to be combined with reliable checks on an individual’s actual identity.
For its planned identity cards the UK is considering biometrics which are compliant with ICAO (International Civil Aviation Organisation) standards on machine readable documents. This means images of ten fingerprints, both irises and a digital photograph. In this form biometrics provide a very powerful tool: a recent study found that in principle fingerprint or iris recognition can provide the performance required to uniquely identify the entire UK adult population. This means that it will make it harder for individuals to fraudulently claim rights e.g. to travel, to access services. This will help to prevent criminals or terrorist groups from impacting on society as a whole through their activities. It will also help reduce the growing incidence of identity theft by fraudsters which recent research in the UK has shown to be the public’s most significant anticipated benefit.
During a trial the majority of participants strongly agreed that biometrics do not infringe civil liberties and showed an overwhelmingly positive attitude towards the use of biometrics. The data collected will be subject to the UK’s Data Protection Act 1998 and the Human Rights Act 1998 both of which bring into UK law the Data Protection Directive and the ECHR respectively. A new post of National Identity Scheme Commissioner will be created and will provide independent oversight of the way in which the scheme is administered. The UK legislation will not give the police any new powers in asking for, or in checking, someone’s identity. It will also specifically rule out making the carrying of a card compulsory.
We believe that a card scheme open to everyone who is in the country over 3 months and which treats everyone on an equal basis will help to reduce discrimination, as everyone will have an equal means of proving their identity when using public services. The scheme will also help many people who now find it difficult to prove their identity in routine commercial transactions and in accessing services. A significant number of people in the UK do not have bank accounts, passports or driving licences and can feel excluded from much of mainstream society. They will be eligible for an identity card, which will give them all they need to demonstrate their identity.