Privacy First appeals to the Dutch House of Representatives to stop the storage of passport biometrics and to withdraw the new Passport Act.
Today the Privacy First Foundation has sent a letter to the Dutch House of Representatives with regard to the general meeting about the new Passport Act of 27 April 2011 with the Minister of the Interior and Kingdom Relations Piet Hein Donner. This is the content of our letter:
No more than two years after the coming into force of the new Passport Act, this law is again high on the agenda of the House of Representatives. After having gone through a relatively inconspicuous parliamentary trajectory, the new Passport Act was accepted on 9 June 2009 without a vote in the Senate. At the time this came like a bolt from the blue for many: after all, there had hardly been any democratic debate about this far-reaching Act. Confronted with this fait accompli, one and a half years of increasing resistance followed in the form of citizens protests, petitions, scientific and political criticism, objection proceedings, lawsuits and even motions of disapproval by local councils. In that sense the new Passport Act is heading back to the House of Representatives like a societal boomerang. Privacy First hereby reiterates its main objections against the current Act:
- Under the European Passport Regulation the taking of only two fingerprints and a facial scan in a travel document is obligatory. This is for the (supposed) fight against fraud with those same documents. With the new Passport Act the Netherlands takes things much further by also storing these data (plus two extra fingerprints) in databases for a broad range of other purposes, among which criminal investigation and prosecution, counter-terrorism, disaster control and intelligence work in the Netherlands and in third countries. Considering the entirely unjustified and disproportionate character of this measure, this constitutes a collective violation of the right to privacy and physical integrity of every Dutch citizen with a new travel document;
- Most citizens have never been told about the above mentioned purposes in the new Passport Act; this constitutes a violation of their right to informed consent in the processing of their biometric data;
- Citizens who are willing to object against the compulsory storage are forced to undertake legal proceedings that take years, a period during which they must make their way through life without a valid travel and ID document, with all the disadvantages and risks this entails;
- The storage of biometric data (both in the travel document and in a database) creates a new form of fraud: biometric identity fraud. This type of fraud can stay undetected for years and haunt someone for the rest of his or her life.
- The same goes for the Radio Frequency Identification (RFID)-chip in the document that can be read from a distance: this too creates news risks of identity fraud;
- The security of the storage in databases (be it a ‘centralized’ or a ‘de-centralized’ database) can impossibly be (entirely) guaranteed;
- Storage in databases is suitable for identification instead of verification and paves the way for function creep;
- During the issuance of the travel document generally no biometric verification takes place. Therefore it’s unknown to what extent the travel documents that have been brought into circulation under the new Passport Act function as far as the biometrics are concerned. In this respect it appeared, during the parliamentary Round Table about the new Passport Act on 20 April 2011, that there’s a percentage of error (when verifying fingerprints) of no less than 21%.
On account of these objections Privacy First makes an urgent appeal to the House of Representatives to immediately halt the storage of biometric data (in particular fingerprints) and to withdraw the new Passport Act of 2009 or to revise it along the following lines:
- Enrolment of biometric data is to become voluntary;
- Storage of these data in municipal or national databases is to be stopped;
- For domestic use an alternative ID document without biometrics is to be developed.