The EU wants to store fingerprints and facial images of over 400 million people from third countries in a single silo. US authorities already have such a system for around 275 million people. Both sides now want to cooperate more closely on this matter.
The European Union is currently merging all databases containing biometric data into a new system. Under the heading of “Interoperability”, this involves the Schengen Information System, the visa database, the fingerprint system for asylum seekers and a file on foreign convicts in terrorism proceedings.
In this way, a new super-database is being created, which will be supplemented next year by an Entry/Exit System (EES). After refugees and those requiring visas, all other travellers from third countries will then also have to hand over their biometric data when crossing the border into the EU. The entire new system could then contain fingerprints and facial images of over 400 million people from third countries, writes Sopra Steria, one of the contractors for the interoperability project.
€300 million for facial recognition
The EU project is likely to be the most difficult and most expensive European information system ever. The construction of the EES alone is expected to cost €1 billion, of which about €300 million alone will be spent on biometric recognition of faces and fingerprints. Many of the capabilities of such a system have long since been introduced in the United States. This is probably why the EU Commission and two agencies recently travelled to Washington to exchange experiences with border authorities there.
The EU databases in question are managed by the Agency for the Operational Management of Large-Scale IT Systems (eu-LISA) in Estonia. This EU agency has now responded to Freedom of Information requests, which reveal details of the trip it led on 6 and 7 June 2022. According to the documents, the agencies were accompanied to the US by Greek, Polish and Romanian “border guards and law enforcement agencies”. These three EU states have the largest extent of external land borders in Europe.
Frontex was also involved, as the border agency is responsible for profiling travellers in the new Travel Information and Authorisation System (ETIAS). ETIAS does not contain biometric data, but people from third countries have to provide information about themselves and their travel itinerary a few days before entering the EU. These data are also processed in the interoperability project.
Capturing facial images of vehicle passengers
According to a summary drafted by eu-LISA, the first meeting was held with senior members of Customs and Border Protection (CBP), which is responsible for border control in the United States. Discussions were “mainly around biometric solutions in the enhancement of travel security”. The US Border Patrol also presented the results of its pilot programme at the land borders with Mexico. This involved possibilities to scan the faces of passengers of a vehicle after a pre-announcement without them having to get out of the car.
Frontex had recently completed a similar test run. However, the accuracy of this biometric data proved unreliable. In the USA, such a system is said to have worked better. The success rate was initially around 40%, but with a second camera it increased to around 76%.
Frontex, eu-LISA and the Commission also asked their US hosts about the possibility of biometric screening of rail passengers. However, at the US level, passengers still have to leave the train to go through the procedure. Such procedures could be facilitated, however, by capturing fingerprints via mobile phone, according to the border agency CPB.
Facial images in commercial cloud
Unlike EU systems, US authorities wanted to “escape from operational costs and the associated maintenance and licences” of immigration control, the paper says. The processes of biometric entry and exit checks will be outsourced to a commercial cloud infrastructure. Data centres, such as those operated by eu-LISA in the EU, are thus not needed by CBP. More than 3 million fingerprint records are processed in this way every day.
Increasingly, US authorities are also using facial recognition. Pilot projects were carried out at airports in Atlanta and Boston, and photos with masks on were also verified. Based on PNR passenger data, a data set on the expected travellers is created beforehand to speed up the following biometric procedure.
The EU delegation subsequently observed the implementation of such automated checks at Washington Dulles International Airport. To check departing travellers, the facial images are compared in real time with data sets stored in the “CBP cloud”, again using PNR data provided by the airline. In the event of non-recognition, passengers were “kindly invited aside” so that officers could continue the exit check.
EU-US cooperation on biometrics to continue
In the US, the Department of Homeland Security is responsible for facial recognition and the underlying databases. A meeting of the EU delegation therefore also took place with the office responsible for “biometric identity management” (OBIM). The discussions had been “far-rangin” and had covered, among other things, public tenders and performance characteristics of biometric systems.
The EU delegation and its US hosts agreed to continue their cooperation. The aim is to discuss “aspects of common interest […] amongst others”. In fact, it is only supposed to be about sharing experiences on “identifying and address risks and threats”. On another level, however, the US government is preparing extremely far-reaching access to European biometric systems.
Visa-free entry into the United States is to be linked to a new provision for all countries benefiting from it. In return, authorities of the US Department of Homeland Security want permission to search for fingerprints and facial images in the national databases of the countries concerned. The demand is of utmost political importance because in Germany alone this would affect several million facial images and fingerprints.
Database with one billion faces
Through the freedom of information requests, eu-LISA is now revealing details of the US database that will be queried with European biometric data as part of this Enhanced Biometric Security Partnership (EBSP). This is the IDENT system with around 275 million foreign nationals as well as US citizens if they have committed a criminal offence. In a presentation given to the EU delegation, it is said that one billion faces and seven million pairs of iris images are stored there. The system processes about 400,000 daily requests. This benefited “more than 45 U.S. and international organizations and mission areas”.
Similar to the EU, US authorities are also pursuing an “interoperability” project. This involves transferring the IDENT database to a system called “Homeland Advanced Recognition Technology” (HART) in a commercial cloud and then resolving it. This cloud data would then be used to match the facial images and fingerprints that US authorities want to access from EU countries as part of the Enhanced Biometric Security Partnership.
“Continuously improved algorithms” are supposed to ensure high matching accuracy in HART. If HART were actually fed with European biometric data soon, this would only be possible in bilateral agreements with the US government. This is because the use of such a self-learning system would probably not be permitted at EU level according to a recent ruling by the European Court of Justice for the control of travellers. Thus, the use of “predictive selectors or algorithms” must be excluded in the warrantless screening of passengers.
Image: A Canadian and a US official watch a passenger use an automated passport control system (Customs and Border Protection).