Open letter

Sir David Normington KCB

Permanent Secretary

Home Office

2 Marsham Street

London SW1P 4DF
16 April 2009
Dear Sir David

Interpol and bottled water – are UKBA fit for purpose?

My open letter to you dated 4 February 2009 [1], [2] concerned misleading press releases issued by the Home Office and the under-achievement of the Identity & Passport Service. This letter concerns another one of your agencies, the UK Border Agency (UKBA).

Last week's events in Liverpool and Manchester [3] raise once again the question how good our border controls are [4]. To use Rt Hon John Reid MP's phrase [5], is UKBA "fit for purpose"?

On 19 August 2008 UKBA announced that [6]:

From this month the UK Border Agency is trialling new technology at Manchester Airport which balances high security with quicker times at immigration control.

New facial recognition gates will use scanning equipment to compare the faces of UK and EEA passengers to their biometric passports. If successful these gates could be rolled-out across the country.

This exercise in Manchester is a trial. The history of facial recognition technology is a story of uninterrupted failure, as noted in my letter to the Deputy Director of the Home Office Scientific Development Branch [7]. Perhaps the technology has improved. Perhaps not. You can't tell in advance of the trial.

It would be irresponsible, unbusinesslike, unscientific and illogical to prejudge the matter. But that is exactly what UKBA are doing. One of the "pledges" made in their 10-point delivery plan [8] is, by August 2009, to have:

... completed delivery of new facial recognition technology in 10 terminals, giving British passengers a faster, secure route through the border.

There is no reason in advance of the trial results being evaluated to believe that facial recognition technology will allow us to cross the border more quickly and no reason to believe that the technology will improve our security.

But that is UKBA's job. To make our borders secure. As they say on their website:

The UK Border Agency is responsible for securing the United Kingdom borders and controlling migration in the United Kingdom. We manage border control for the United Kingdom, enforcing immigration and customs regulations. We also consider applications for permission to enter or stay in the United Kingdom, citizenship and asylum.

There have been three sets of leaks about the Manchester trial in the Telegraph newspaper [9], [10], [11]. The last one suggests that this technology cannot distinguish between Osama bin Laden and Winona Ryder. Taken together with the history of failure of facial recognition technology, the public will be sceptical of any claims that it now works.

I suggest that the way to overcome that scepticism is to place the matter in the hands of the Office of National Statistics. The use of mass consumer biometrics in public services, I suggest, should be based on official statistics. If rigorous academic evaluation suggests that mass consumer biometrics have a part to play, well and good. If not, then don't let's waste our time and money on them.

Last week's events in Liverpool and Manchester revealed the case of one immigrant who was allowed into the country even though his visa documentation was "all over the place" according to UKBA, and another who is known by UKBA to be working as a security guard despite the fact that he is only allowed here to study (shades of the SIA debacle [12]). Apart from the obvious question what is the point of having procedures if they aren't followed, this case has provoked a flurry of articles in the Times newspaper [13], [14], [15], [16], [17], [18], [19] about "bogus colleges" in the UK.

These "bogus colleges" obviously pose a problem to UKBA's enforcement staff. At the same time, in another part of UKBA, UKvisas are busy all over the world promoting UK education. At least they were, according to their 2006-07 Annual Report [20]:

Foreign students contribute an estimated £5 billion per year to the UK economy and so in the last year we have expanded our influence in key student markets. We have created Student Co-ordinators in China, India and Pakistan, and a Student Team in Nigeria.

There is an obvious tension here. Has that tension now been resolved or are two parts of the same organisation still pulling in different directions?

In addition to biometrics trials, some effort over the past few years has gone into creating a database of all our travel plans [21] – a database that is apparently shared with any US or EU agency that wants it. The advance passenger information and passenger name record data collected (API/PNR) can be checked against watchlists. Whether that improves our security remains to be seen.

But has any effort gone into meeting the criticisms of Interpol?

It is over four years since Interpol complained that the UK doesn't check passport numbers against the Interpol database of five million stolen passports, nor against the EU's database of 10 million lost and stolen passports [22]. Do UKBA make use of those resources now? If not, in what way are they "securing the United Kingdom borders", to quote from their website?

And what about the Schengen Information System (SIS)? The UK were offered access to this EU database of known and suspected criminals and terrorists in the year 2000. Nine years later, we are apparently still not making use of it because of technical difficulties and "acts of God", such as a fire that destroyed vital IT equipment [23]. Nine years is a long time to ignore a valuable resource which could help UKBA to do its job [24].

Why is it [asks Interpol] that some countries make sure passengers do not carry a bottle of spring water on to a plane, yet aren't careful to ensure convicted felons aren't entering their borders with stolen passports?

The creation of the API/PNR database is obviously an intrusion into people's privacy. That is occasionally justified by the claim that the state needs this personal data in order to protect us [25]. That claim is credulous – if they don't use the databases which already exist, like the lost and stolen passport databases and SIS, what reason is there to believe that UKBA will use the new ones they are creating?

I wasn't going to send this letter. I've said it all before. Why repeat it?

Then I saw Phil Woolas MP's mendacious article in tomorrow's Times [26], 'Hi-tech controls will trap these bogus students'. The same people who have, by his own admission, allowed 460 bogus colleges to operate in the UK, will now suddenly become "tough". The same people who have failed to access SIS for nine years will now suddenly learn to use watchlists. The high-tech controls he appeals to – fingerprints – use a technology too unreliable to be admissible in court. The week before last, these people allowed a suspected terrorist into the country even though his documentation was all over the place. They will do the same the week after next. eBorders has already failed. Otherwise 12 suspected terrorists wouldn't have been here to arrest in the first place. No, Mr Woolas.

Sir David, you have your work cut out.

Yours sincerely

David Moss