Lin Homer

Chief Executive

UK Border Agency

2 Marsham Street

London SW1P 4DF

Open letter

 

8 August 2009

  
 

 

  
 

Dear Ms Homer

The danger exists with eBorders that UKBA misleads the public, brings the international passenger transport systems in the UK to a near-standstill and spends a fortune deploying biometric technology at home and overseas, while the borders remain less safe than they could be because front-line staff don't have the right equipment and/or the biometrics chosen for eBorders don't work reliably enough and/or they aren't admissible as evidence in court, while visa conditions are not enforced at home, while an internal passport system is perniciously introduced into the UK and while the personal data of UK citizens and others is disseminated out of control to agencies all over the world, when all the time border security could actually have been increased by using Interpol and EU databases that have been available to but ignored by the UK for nearly a decade.

That was the burden of my letter to Sir David Normington [1], Permanent Secretary at the Home Office, dated 16 April 2009. Mr Brodie Clark [2], Head of the Border Force, kindly replied on behalf of Sir David on 26 June 2009. A lot of questions remain unanswered nevertheless, and some new questions have arisen. These are tackled in nine sections below.

1                UKBA 10-point delivery plan

UKBA's 10-point delivery plan [3] was announced in a press release dated 24 February 2009. Point #7 is:

August 2009 - Have completed delivery of new facial recognition technology in 10 terminals, giving British passengers a faster, secure route through the border.

 

It is now August 2009. May I enquire if facial recognition technology has now been delivered to 10 terminals? If the plan has been followed, where are these 10 terminals? If not, may I enquire why not?

2               Facial recognition technology – smart gates

UKBA announced a six-month trial [4] of facial recognition technology at Manchester airport in a press release dated 19 August 2008:

From this month the UK Border Agency is trialling new technology at Manchester Airport which balances high security with quicker times at immigration control.

New facial recognition gates will use scanning equipment to compare the faces of UK and EEA passengers to their biometric passports. If successful these gates could be rolled-out across the country.

 

The history of biometrics based on facial geometry is an uninterrupted line of failure [5]. Consistent with that, union leaders and UKBA staff have been reported by the BBC [6], the Sunday Times [7] and the Daily Telegraph [8] [9] as saying that the biometric technology being tested is not up to the job. UKBA deny these reports. But they do not publish the results of the Manchester trial. May I enquire why not?

Presumably the Manchester trial was deemed by UKBA to be a success. That would explain the 24 February 2009 announcement that installing smart gates at 10 terminals will make crossing the border faster and more secure. May I enquire what are the results of the Manchester trial? That is, for each tested matching threshold [10] set on the facial recognition equipment, what are the corresponding false match and false non-match rates? And how do these rates vary with the age of the photograph in the passport [11]?

3               Status of the smart gates initiative

In his letter dated 26 June 2009, Mr Clark states that:

UKBA commenced testing our Automated Clearance System (ACS) at Manchester and Stansted in August and December last year, to assess the accuracy and reliability of the technology. The Home Secretary’s pledge to introduce gates at a total of 10 UK airport terminals by August, includes the two current sites at Manchester and Stansted. It will provide a further opportunity to test the technology on larger numbers of passengers, across a broader range of locations. It also means that the gates will be available to British and EEA citizens throughout the busy summer holiday period.

 

Is the technology still being tested, as Mr Clark suggests, in which case the 24 February 2009 press release is surely misleading? Or are UKBA confident that it works, as the press release suggests? Which is it, please?

4               Visas – biometric registration centres

eBorders requires that non-EEA citizens record their fingerprints as part of the application process for UK visas. According to publicservice.co.uk [12]:

The Home Affairs Committee has found there are not enough biometric recording facilities in foreign countries, which is causing "disproportionate delays and expense" to applicants.

In a report on the UK Border Agency's (UKBA) points based immigration system, the committee said that by insisting on biometrics being recorded before entry into the UK, the government is setting itself a big challenge in some undeveloped countries. It said in some countries biometric collection centres are "few and far between" but added that there seems to be insufficient biometric collection centres in most countries.

 

The decision to admit non-EEA citizens, or to refuse admission, is based partly on the use of flat print fingerprinting technology. May I enquire what is the performance of the equipment being used? That is, for each tested matching threshold set on the flat print fingerprinting equipment, what are the corresponding false match and false non-match rates? How do these rates vary with the age of the applicants [13]? And with their race and their sex? What alternatives are there for people who are missing fingers?

According to the Home Office's July 2002 consultation document on entitlement cards [14] (paras.5.14, 33 and 51), evidence based on flat print fingerprinting is not admissible in court. Is this still the case? And if so, what happens if someone brings a case against UKBA, whether for granting a visa to a non-EEA citizen or for refusing one?

If the false match or false non-match rates are unacceptably high, and/or if visa decisions are based on inadmissible evidence, then the Home Affairs Committee are of course wrong to recommend more biometric registration centres. In that case, they will have missed the point – the technology is a waste of time and money, and should be dropped altogether.

These UKBA visas are related to the Identity & Passport Service's (IPS) proposed ID cards. They use the same biometrics, they rely on the same technology and they are open to the same problems.

The House of Commons Science and Technology Committee were distinctly unimpressed with IPS's plans for ID cards. In their July 2006 report [15], the Committee declared themselves to be "concerned", "surprised", "regretful", "sceptical" and "incredulous" at the "confusion", "inconsistency" and "lack of clarity" of those plans. In particular, the Committee asked IPS to conduct large-scale field trials of biometrics before choosing which ones to rely on. Instead, IPS have chosen first and may or may not conduct trials second. It's back to front and UKBA may suffer the consequences.

5               Visas – card readers

On 24 November 2008, a Home Office press release [16] announced that:

ID cards for foreign nationals will help secure the UK’s borders by improving immigration control and reduce identity abuses. They will also enable those here legally to prove it and prevent those here illegally from benefiting from the privileges of life in the UK

 

On 30 November 2008, the Observer [17] reported that:

Britain's first ID cards, issued last week with fingerprint and facial details, cannot be read by any official body because the government has not issued a single scanner.

 

Do any universities, colleges, schools, hospitals, GPs, job centres, police forces, front-line UKBA staff, etc ..., have appropriate ID card readers yet? If not, how can ID cards secure the UK's borders, improve immigration control, reduce identity abuses, help legal immigrants to prove their right to be here or identify illegal immigrants?

Is it the case that the 24 November 2008 press release is no more than wishful thinking or fantasy on the part of the Home Office? If so, do you agree that the press release is misleading?

6               Interpol and Schengen – border-crossing

In December 2004, Ron Noble, Secretary General of Interpol [18], expressed his surprise at not having his passport checked as he came into the UK:

Ron Noble, an American, said he was not asked for his passport serial number when he entered the UK.

"It's been proven in every single terrorist incident that a fraudulent passport has been used," Mr Noble told a House of Lords committee.

He said officials should record and check the numbers against Interpol's list of five million stolen passports ...

As well as the Interpol list, the EU has a database of 10 million lost or stolen passport serial numbers, the EU Home Affairs sub-committee was told.

 

Mr Clark kindly refers to this point in his 26 June 2009 letter:

... the Prime Minister announced on 25 July 2007 our intention to connect the UK’s watchlist to Interpol’s database of lost and stolen travel documents at the border. This capability was successfully delivered at border crossing points [and for visa and in-country applications] in December 2008. Front-line officers are now able to instantly check whether a travel document has been reported lost or stolen and act accordingly.

 

Could you please clarify, front-line officers are now able to check instantly, but do they? In all cases? Or would Mr Noble be just as surprised today as he was in 2004? And is UKBA now making use of the EU database of 10 million lost or stolen passports? If not, why not?

In July 2007, after the London and Glasgow bombs which followed the accession of Gordon Brown, Mr Noble again criticised UK border policy [19]:

"We have the passport numbers, fingerprints and photos of more than 11,000 suspected terrorists on our database. But the UK does not check it against immigrants coming into the country or foreign nationals it has arrested," he said. "The guys detained last week could be wanted, arrested or convicted anywhere in the world and the UK would not know" ...

Interpol said last night that the UK makes just 50 checks a month of the database; France by comparison makes 700,000 checks and Switzerland makes 300,000 ...

"Why is it that some countries make sure passengers do not carry a bottle of spring water on to a plane, yet aren't careful to ensure convicted felons aren't entering their borders with stolen passports?"

 

It is not clear whether this is covered by Mr Clark's answer. Does UKBA now check everyone against this Interpol list of 11,000 suspected terrorists? If not, why not?

And then there is the Schengen Information System (SIS). From the Observer [20], 1 February 2009:

Britain's police forces are still unable to use a pan-European database of criminals, prompting warnings that this could hinder their ability to track terror suspects entering Europe ahead of the Olympics.

The UK was given access to sensitive information on criminal and policing matters held on the Schengen Information System, an EU-wide directory, in 2000, but there have been repeated technical problems ...

Experts say the database could form a powerful weapon in the fight against crime and terrorism. In the past, Home Office officials have said that connecting British forces to the system had proved impossible due to technical difficulties and "acts of God", such as a fire that destroyed vital IT equipment.

 

Nine years after it became possible, is the UK now using SIS (or SIS II)? If not, why is this resource for protecting the borders not being used?

7               eBorders – 53 questions

It has been reported since November 2007 that, under eBorders, travellers will have to answer 53 questions [21] before being allowed to leave the UK. Is that true? If not, how many questions will there be? How long before travelling, do the answers have to be available? And who do they have to be available to?

It was reported then, and it still is, that eBorders will lead to travel chaos [22]. Has this problem been resolved? If so, how?

It was reported then, and it still is, that the collection and sharing of all this personal data may be illegal [23]. Has this problem been resolved? If so, how?

According to the March 2007 joint Home Office-FCO paper describing the eBorders scheme [24], personal data may be distributed from the UKBA computer centre at Wythenshawe [25] to all or any of the following organisations. Is that still the case? How will UKBA keep control of that data? And how can passengers keep control of what is, after all, their data?

·      ALON, the Airline Liaison Officer Network, operated by UKBA, Airline Liaison Officers' "main tasks include the provision of comprehensive training for airline staff on the United Kingdom's passport and visa requirements as well as basic techniques of passenger profiling and forgery awareness"

·      ATC, the Authority To Carry scheme operated by UKBA, based on API/PNR and watchlists, airlines and other carriers can have their authority to carry refused

·      BERR, the Department of Business, Enterprise and Regulatory Reform, previously the DTI, Department of Trade and Industry

·      BIODEV, an EU project to study the use of biometrics in visa applications

·      Business Express, a registered traveller scheme like IRIS and miSense Plus

·      CTA, the Common Travel Area = the UK + the Channel Islands + the Isle of Man + the Republic of Ireland

·      DCMS, the Department of Culture, Media and Sport

·      DCSF, the Department of Children, Schools and Families

·      DfT, the Department for Transport

·      DIUS, the Department of Innovation, Universities and Skills

·      Eurodac, the "European fingerprint database designed solely to identify asylum seekers"

·      FCO, the Foreign and Commonwealth Office

·      Frontex, an intelligence driven "EU agency [which] complements and provides particular added value to the national border management systems of the Member States"

·      HMRC, Her Majesty's Revenue and Customs

·      IATA, the International Air Transport Association = 265 airlines

·      Interpol, "the world’s largest international police organization, with 187 member countries"

·      IPS, the Identity and Passport Service, an executive agency of the Home Office

·      IRIS, the Iris Recognition Immigration System, a registered traveller scheme like Business Express and miSense Plus

·      J-BOC, the Joint e-Borders Operations Centre, part of UKBA

·      members of the travel, tourism and hospitality sectors

·      miSense Plus, a registered traveller scheme like Business Express and IRIS

·      NDFU, the National Document Fraud Unit, part of UKBA

·      other organisations, professional, educational and NGOs with an interest in migration and border and visa issues

·      overseas law enforcement and security agencies

·      Project Semaphore, the database system operated under contract by IBM to collect and disseminate advance passenger information and passenger name records (API/PNR), this is presumably the database that will now be sited in Wythenshawe, as Jacqui Smith inadvertently told everyone, and used by J-BOC

·      Registered Traveller Schemes, including Business Express, miSense Plus and IRIS, any accelerated entry scheme, often biometrics-based

·      Sea Carrier Liaison, an equivalent to ALON, being considered, may never exist

·      SISII, the Schengen Information System II, "a database containing alerts on stolen objects and persons who are wanted for extradition, who are missing or who are subject to an entry ban for a particular country", the UK failed to connect to SIS for several years and may similarly fail with SISII

·      SOCA, the Serious Organised Crime Agency

·      SPT, Simplifying Passenger Travel, "a joint initiative amongst a number of key parties involved in the passenger's journey: passengers, airlines, airports, control authorities, and technological suppliers"

·      the EU

·      the Four Countries Group = UK + US + Canada + Australia

·      the Islamabad Consular Immigration Link Team

·      the police

·      the Risk Assessment Unit (RAU) in Accra, RAUs process 90% of visa applications at FCO overseas posts on behalf of UKVisas

·      the Sponsored Family Visitor scheme, one of four categories of visa, the other three being tourist, business and student

·      the Welcome to Britain Group, brings together "representatives from transport, travel, hospitality, border processes and public diplomacy organisations" under the aegis of VisitBritain

·      UKBA, the UK Border Agency, previously the Immigration and Nationality Directorate (IND), = Home Office + FCO + HMRC

·      UKTI, UK Trade and Investment, part of BERR, "can help you rise to the exciting opportunities and challenges that globalisation offers"

·      UKvisas, previously a joint venture between the Home Office and the Foreign and Commonwealth Office, now part of UKBA

·      VisitBritain, "Britain's national tourism agency"

 

8               eBorders – where are they?

According to Liam Byrne and Lord Triesman's Foreword of the paper on eBorders:

Border control can no longer just be a fixed line on a map. Using new technology, particularly biometrics, and new approaches to managing risk and intelligence, we must create a new offshore line of defence, checking individuals as far from the UK as possible and through each stage of their journey. Our aim is to make legitimate travel easier, yet prevent those who might cause us harm from travelling here. We want the UK to be attractive and welcoming to business, tourist, student and family visitors, skilled migrants and returning nationals and residents, but halt those with no right to come to this country well away from our shores.

 

eBorders are not the same as national borders. That is clear from the quotation above.

The difference is also suggested when we hear that the provisions of eBorders will apply to travel between England and Northern Ireland [26], two parts of one nation. They may apply to travel on ferries in the Western Isles of Scotland [27]. Our PNR (passenger name record = travel details + personal data) may be shared with all and sundry, even in the case of domestic travel [28].

The Prime Minister talked of random searches at 250 of our busiest railway stations [29] in a speech on counter-terrorism, as though those searches are also a part of eBorders.

The term is not defined by UKBA but it seems to an outsider as though an eBorder is crossed anywhere where people have to use a passport or a visa or an ID card to prove their right to cross it. That's conventional enough in the case of a flight from Gatwick to Chicago, say, but unbounded, without a definition, it could just as easily apply in the case of a train journey from Euston to Manchester. And that would be novel. Random searches and internal passports [30] impeding the freedom of movement are associated with the Eastern Bloc, not the UK.

 As things stand, an eBorder could be anywhere Phil Woolas (or Joanna Lumley) says it is.

Can UKBA provide a better definition of "eBorder"?

9               Visas – enforcement

In April 2009, Assistant Commissioner Bob Quick had to resign after inadvertently revealing the details of an investigation into 12 suspected terrorists [31]:

At least two of the men suspected of being members of an alleged al-Qaeda cell had been allowed to stay in Britain despite allegedly breaching the conditions of their student visas ...

One man was stopped by immigration officials at Manchester Airport last week as he arrived from Pakistan, but was allowed to enter the country despite his visa documents being "all over the place", according to one source.

Another suspect was threatened with deportation after immigration officials discovered he was working as a security guard instead of studying, but he was nonetheless allowed to stay.

 

Do UKBA officers still allow people to enter the country despite their visa documents being all over the place? Are people who are breaking the terms of their visa by working instead of studying still allowed to stay? If eBorders is working, how did these 12 suspected terrorists manage to be in the country in the first place? Or is eBorders not working?

----------

While she was Home Secretary, Jacqui Smith [32] embraced safeguards, openness, proportionality and common sense. She wanted to put them "at the heart of everything we do". So did Sir David Normington [33].

It is with some trepidation that I approach the Public Servant of the Year [34], but I look forward to your answers to the questions above and to discovering – what I seem to have missed – the safeguards, proportionality and common sense in eBorders.

Yours sincerely

David Moss

 

cc         Rt Hon Keith Vaz MP, Chairman, Home Affairs Committee

            Phil Willis MP, Chairman, Science and Technology Committee (from 1 October 2009)

            Sir David Normington KCB, Permanent Secretary, Home Office

            Brodie Clark, Head of the Border Force, UK Border Agency

            John Vine CBE QPM, Chief Inspector, UK Border Agency

            Ron Noble, Secretary General, Interpol

            James Hall, Chief Executive, Identity & Passport Service

           

 


 

[1] http://dematerialisedid.com/BCSL/Normington2.html

[2] http://dematerialisedid.com/BCSL/Brodie%20Clark.html

[3] http://www.bia.homeoffice.gov.uk/sitecontent/newsfragments/10pointdeliveryplan

[4] http://www.ukba.homeoffice.gov.uk/sitecontent/newsarticles/hitechelectricborders

[6] http://news.bbc.co.uk/1/hi/uk/7568686.stm

[7] http://business.timesonline.co.uk/tol/business/industry_sectors/transport/article6036353.ece

[8] http://www.telegraph.co.uk/news/uknews/3136395/Security-fear-over-airport-face-scanners.html

[9] http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/5110402/Airport-face-scanners-cannot-tell-the-difference-between-Osama-bin-Laden-and-Winona-Ryder.html

[10] http://dematerialisedid.com/Register/regBiometricsNote5.html#threshold

[11] http://dematerialisedid.com/Register/regBiometricsNote14.html

[12] http://www.publicservice.co.uk/news_story.asp?id=10293

[13] http://dematerialisedid.com/Register/regBiometricsNote10.html

[14] http://dematerialisedid.com/PDFs/complete_hi_r.pdf

[16] http://press.homeoffice.gov.uk/press-releases/first-id-cards-issued

[17] http://www.guardian.co.uk/politics/2008/nov/30/idcards-civilliberties

[18] http://news.bbc.co.uk/1/hi/uk_politics/4058427.stm

[19] http://www.guardian.co.uk/society/2007/jul/09/asylum.terrorism/print

[20] http://www.guardian.co.uk/uk/2009/feb/01/european-criminal-database

[21] http://www.dailymail.co.uk/news/article-493912/Terror-crackdown-Passengers-forced-answer-53-questions-BEFORE-travel.html

[22] http://news.bbc.co.uk/1/hi/uk_politics/8126161.stm

[23] http://www.timesonline.co.uk/tol/news/uk/article6610209.ece

[24] http://dematerialisedid.com/PDFs/Securing_the_UK_Border_final.pdf

[25] http://www.timesonline.co.uk/tol/travel/news/article5683677.ece

[26] http://travel.timesonline.co.uk/tol/life_and_style/travel/news/article2733487.ece

[27] http://www.pressandjournal.co.uk/Article.aspx/1194865?UserKey=

[29] http://news.bbc.co.uk/1/hi/uk_politics/7094620.stm

[30] http://dematerialisedid.com/Propiska.html

[31] http://www.telegraph.co.uk/news/worldnews/asia/pakistan/5137673/Terror-plotters-allowed-to-stay-despite-visa-breaches.html

[32] http://press.homeoffice.gov.uk/Speeches/home-sec-protecting-rights

[33] http://www.civilservicenetwork.com/features/features-article/newsarticle/sir-david-normington/

[34] http://www.civilservicenetwork.com/people/profile-article/newsarticle/homer-scoops-award/?no_cache=1