Thanks to Privacy International (@privacyint) again for pointing me to this article about UK ID Card costs in Computing.
The material on costs is interesting, of course, given that that aspect of the scheme has been beset with political wrangling from the start. However, there was another quotation further into the article which caught my eye. Shadow Home Secretary, Chris Grayling, is quoted thus:
“Furthermore, they are not opposed to collecting the information stored on the passports, according to shadow home secretary Chris Grayling. “If we had to have biometric passports, the data would clearly have to be stored.”
Am I being dense, or is this somewhat missing the point of biometric passports?
Let’s take two use-cases: one with a plain paper passport, and one with a chipped biometric one. In both cases, let’s assume we want to use, say, a facial biometric to establish that
[P]: the person presenting the passport is the same person to whom it was issued (which is still not a bad definition of “identity” in this context).
For the sake of simplicity, let’s also assume that we’re dealing, here, only with new-issue passports – in other words, we’re not trying to retro-fit a facial biometric check to existing holders of paper passports. It’s not a necessary constraint, it just simplifies the example.
In both use-cases, the passport-issuing process involves capturing the facial biometric in question.
1 – paper passport case: on capture, the facial biometric obviously can’t be stored in a chip in the passport, so we’ll store it in a database, indexed using the passport number. When the passport is presented at the border, we’ll capture the holder’s facial biometric there, and use the passport number to look up the record we have centrally. If the passport-holder’s facial biometric matches the one we have stored against that passport number, it’s a pretty good indication that we have established [P].
2 – chipped passport case: this time, when we capture the facial biometric, we’ll write it to the passport’s chip and issue the passport. When the passport is presented at the border, we’ll again capture the holder’s facial biometric, but this time we’ll compare it directly with the stored value in the passport’s chip. Again, if they match, we have reasonable proof of [P].
Anyone notice the missing element in that example? The primary function of the passport can quite satisfactorily be met with no central store of the holder’s biometrics. The fact that the user happens to carry their biometrics around with them means that, provided the passport offers a robust and reliable comparison, there’s no need to store them anywhere else.
Of course, if they are stored centrally as well as being written to the passport’s chip, it may make it easier for a lost passport to be replaced, but that would be a matter of policy choice, not policy necessity. I don’t think it is “clearly” the case that biometric passport data “would have to be stored” – certainly not in order to meet the primary functional requirement of the passport.
Fortunately, there is still time for Conservative policy here to evolve before there is any prospect of it getting a shot at implementation.