From this year, many visitors to the US will be taking part in one of the world’s biggest biometric technology projects. Foreign visitors travelling to the US on a visa – that is, for work or a stay longer than 90 days – must have their fingers scanned and a photograph taken, all digitally. This information will later be used to verify their identity at the port of entry. The programme, with its Mission Impossible overtones, bears the unwieldy title of US Visitor and Immigrant Status Indicator Technology (US-VISIT).
Currently the data is captured at Dublin and Shannon Airports for direct flights from Ireland to the US. Starting this month, visa applicants will first have their right and left index fingers scanned by an electronic reader and digital photos taken at the US embassy. When Irish visitors check in at the airport for a direct flight to the US, these same biometrics are used to verify that the person who has arrived is the same as the one to whom the visa was originally issued.
If you take a flight from Dublin to London and then to Los Angeles or New York, the biometric data will be checked when the person arrives at the US border.
“Biometrics is going to eliminate a lot of fraudulent documents,” says Arnold Ellis, area port director with the US immigration service, based in Shannon. “This is going to make it virtually impossible to use a fraudulent passport.”
The US Department of Homeland Security (DHS) claims that the new procedures are not time-consuming and on average are said to add just 15 seconds to the typical entry process and passport control checks. The new system has been piloted since last November at Atlanta International Airport. DHS figures showed that more than 20,000 passengers from a range of destinations voluntarily submitted to these checks.
Although security concerns worldwide have been heightened since 11 September 2001, this programme actually has its origins in an Act of Congress that was passed in 1995, a law designed to verify the entry and departure of every foreign national that enters the US.
The biometric and biographical data will be held at the US Customs Service data centre in Newington, Virginia. According to Ellis, the information will be accessible only to law enforcement agencies on a need-to-know basis. In preparation for the new system, the communications links between Dublin and Shannon Airports and the Virginia data centre have been upgraded. When US officials query the database from Ireland, the search has a response time of 10-15 seconds.
What is less clear, however, is how long the data is to be kept and what happens to it once it has stopped being useful. According to the DHS website, all personal information must be protected and disposed of “in accordance with applicable laws, regulations and the US-VISIT programme and DHS’s policies and procedures”, but it does not go into specifics.
The Office of the Data Protection Commissioner in Ireland cannot get involved because this doesn’t entail the access to or transfer of data between the EU and the US; instead, the information is gathered from individuals themselves when they travel to the US. The only possible area for concern, according to a spokesman for the office, is that the data can be held for 75 years, long after a person’s likely departure from the US.
The project has not been without its opposition on the home front either; in September of last year, the US General Accounting Office issued a notice that the US-VISIT scheme was a risky undertaking. Its report cited 10 factors to support its conclusion, such as known problems with existing systems and the lack of a governance structure.
Then in December, Tom Davis, the Republican House Government Reform Committee chairman, spoke of his concerns about agency co-ordination of the programme. He added that the task of collecting, storing and accurately accessing biometric records in such large quantities was unprecedented. Nevertheless the project managed to meet its deadline and was launched on 5 January.
It’s likely to be the first in a series of measures that spell the end for the traditional passport as we know it. Under the post-11 September legislation, the US Enhanced Border Security Act, countries that participate in the visa waiver programme, of which Ireland is one, must have in place a programme to introduce biometric passports by 26 October of this year. Applicants who don’t own such a passport after that time must obtain a visa from an American embassy in order to travel to the US.
Use of fingerprints also goes a step further than that recommended by the International Civil Aviation Organisation, which announced that facial recognition would be the accepted biometric. In May last year the agency announced its blueprint for integrating biometric identification information into passports and machine-readable travel documents.
In Ireland, the Department of Foreign Affairs (DFA) hasn’t taken a decision yet on including biometric information on Irish passports, but the latest soundings from the Government suggest this will be a matter of when, not if. A project to upgrade the existing passport system is already well under way and this will involve new passports being issued with a polycarbonate (stiff plastic) page. This page will be able to be fitted with a microchip containing biometric data if a decision is later taken to incorporate these into passports. This extra process can be added relatively quickly if a decision is reached, the department said earlier this month.
In the short term at least, the new security procedures will have implications for the move to issuing passports online. Due to the lack of sufficient authentication technology, it won’t be possible to apply for a passport over the internet. The DFA may look at putting some elements of the process online such as downloading forms, but until the Public Services Broker is established — and with it, a way to recognise every citizen in the State electronically — the new passport issuing system will stay in the world of paper and forms for the time being at least.
By Gordon Smith