The following article by Privacy First employee Vincent Böhre was published this month in the periodical De Filosoof (‘The Philosopher’, University of Utrecht). Tomorrow the Dutch Passport Act will be high on the Dutch political agenda: in a debate with the Minister of the Interior Liesbeth Spies the compulsory taking of fingerprints for Dutch passports and ID cards will be discussed. Privacy First has recently (again) emphasized to all political parties in the Dutch House of Representatives to have passports without fingerprints introduced as soon as possible and to make a request to the government to have the Passport Regulation revised at the European level. This in order for the compulsory taking of fingerprints to be done away with also for passports, or at least to become of a voluntarily nature. The text below offers a quick recap with a positive twist. A pdf version of the original article in Dutch can be found HERE (pp. 6-7).

The biometric passport as an unintended privacy gift

‘‘Late 2001, the Christian-democratic political party CDA proposed storing the fingerprints of every Dutch citizen through passports for criminal investigation purposes. However, this proposal was immediately scrapped by other political parties because it would lead to a Big Brother society. Nonetheless, an even more far-reaching proposal became law seven years later almost inconspicuously. Under the new Dutch Passport Act, apart from criminal investigation and prosecution, everyone’s fingerprints and facial scan (biometric data) could also be used for counter-terrorism, domestic and foreign State security, disaster control and personal identification. However, none of these legal purposes had been discussed in Parliament.[1] In fact, the new Passport Act was accepted by the Senate even without a vote. The media merely stood by and watched how it happened. How could things have gotten this far?

‘Bystander syndrome’

In a certain way the Passport Act was (and is) emblematic for the Dutch era after '9/11'. An era in which (presupposed) anti-terrorism measures could be steered through Parliament with the greatest of ease. After all, such measures would enhance our security, we were continuously told. By nature people are inclined to believe the authorities and to accept the status quo. From a human rights point of view, one could consider the post-9/11 era as a huge Milgram experiment: without too much resistance many human rights have for years been put to the rack of society. The realization of the new Passport Act is no exception. Every Member of the Senate could at least have made a request for a parliamentary vote. Journalists and scientists could have blown the whistle on time. Instead, they all stood there and watched since, of course, the law would make the Netherlands a ‘more secure’ place. But what was this assumption based on? Wasn’t the Netherlands actually going to be less secure by the massive storage of fingerprints in travel documents and affiliated databases? This question has never been asked in public, let alone discussed and answered.

Disproportionate

The prime argument by the Dutch government for the introduction of fingerprints in passports and ID cards has, since the late 90s, been the following: it would prevent look-alike fraud with travel documents. Look-alike fraud is a form of abuse whereby someone uses an authentic travel document of someone else to whom his or her appearance resembles. Questions about the scale of this type of fraud have hardly ever been asked in Parliament. From a recent FOIA-request filed by Privacy First, it appeared that we’re dealing with only a few dozen cases each year (with Dutch travel documents on Dutch territory).[2] In light thereof the introduction of fingerprints in travel documents of 17 million Dutch citizens is completely disproportionate. Not to mention the dozens, if not hundreds of millions of Euros that the government has spent on this project.

Risks

With the introduction of a ‘biometric identity infrastructure’ a new form of fraud comes to life that is extremely difficult to trace and combat: biometric identity fraud, for instance through hacking. Not just with guileless citizens and companies, but also in the public sphere (espionage). Moreover, it has been pointed out that in 21-25% of cases the biometric data in the chip of Dutch travel documents cannot be read (verified). So in the event of passport control, there is a high risk that citizens become unjustly suspected of fraud. The biometric passport is no good for combating terrorism either: terrorists generally use their own, authentic travel documents. Unfortunately, little is publicly known about the way security and intelligence agencies use biometrics, even though some purposes are easy to predict: identification of suspects unwilling to speak and ‘interesting’ persons in public space, the recognition of emotions, lie detection and the recognition or use of doubles. The same applies to the domain of criminal investigation and prosecution, also in conjunction with camera surveillance and automatic facial recognition. In addition, the RFID (Radio Frequency Identification)-aspect of the chip in the document enables it to be read from a distance: citizens can be identified and tracked without it being noticed. With regard to personal identification, one could think of the possible introduction of fingerprints at banks, social services, the internet, etc. (Since the end of last year, a Dutch pilot project with mobile finger scanners for the police is ongoing.) Finally, there’s the domain of fighting disasters: biometrics used for the identification of casualties in the event of large-scale disasters or as a logistic means. All in all these possibilities for the use of biometrics go dozens, if not a hundred steps beyond the mere combating of look-alike fraud with travel documents. One ought to realize that all of these possibilities will sooner or later be put into practice. In jargon this is called ‘function creep’; historically seen it’s inevitable. Scientific research into future applications of biometrics continuously takes place. What’s more, even in our part of the world a democratic constitutional State is no invariable matter of fact. It is therefore very dubious whether our world will become ‘more secure’ by the large-scale use of biometrics.  

Positive change

It is exactly this concern which brought about a small Dutch revolution in the summer of 2009: at the time, the enactment of the new Passport Act led to a torrent of criticism and to the coming into being of the current Dutch privacy movement. New privacy organizations such as Privacy First proliferated, social coalitions were forged and lawsuits against the new Passport Act were filed.[3] This boomerang effect within society continues to this day. Since that time the right to privacy is ever higher on the societal and political agenda. In that sense the biometric passport has so far proved to be an unintended gift from heaven.''



[1]
See Vincent Böhre, Happy Landings? Het biometrische paspoort als zwarte doos (Happy landings? The biometric passport as a black box), Wetenschappelijke Raad voor het Regeringsbeleid, WRR (Scientific Council for Government Policy) October 2010, http://www.wrr.nl/publicaties/publicatie/article/happy-landings-het-biometrische-paspoort-als-zwarte-doos-46/.
[2]
See Privacy First, Revealing figures about look-alike fraud with Dutch travel documents (20 March 2012).
[3]
See Böhre supra footnote 1, p. 111 ff.
Published in Meta-Privacy

Thanks to a FOIA-request by the Privacy First Foundation, the official figures about look-alike fraud with Dutch passports and ID-cards have today, for the first time, become public. From these figures it emerges that the Dutch biometric passport with fingerprints is an absolutely disproportionate measure, the introduction of which should never have been allowed.

The primary argument from the Dutch government for introducing fingerprints in passports and ID-cards has for years been the same: fighting look-alike fraud. Look-alike fraud is a form of abuse whereby someone uses an authentic travel document of someone else to whom his appearance resembles. This kind of swindler is also called an impostor. Questions about the scale of this type of fraud have hardly ever been asked, not by members of Dutch Parliament, nor by scientists or journalists. Those who raised a question about it in the last ten years were usually provided with an answer that left them none the wiser: figures about look-alike fraud would be ‘unknown’, ‘not publicly available’, ‘confidential’, or ‘secret’. The answer to the most recent parliamentary question in this respect dates back to October 2010:

- Question: ‘‘Is it true that the figures of look-alike fraud with ID documents are known, but that you are unwilling to provide them to the House of Representatives? Are you actually prepared to provide these figures to the House of Representatives?’’
- Answer by Dutch State Secretary Ank Bijleveld (Ministry of the Interior): ‘‘No, this is not true. Since such figures are unknown to me, it’s obvious I cannot send them to you.’’ (Dutch source)

Those who have been asking supplementary questions in recent years were often told we would be facing a massive phenomenon. In this way the idea of a 'dark figure' of crime of almost mythical proportions came into existence. That is to say, without any trace of evidence. So recently the Privacy First Foundation filed a FOIA-request to the department of the Dutch government that has been keeping track of the figures on look-alike fraud for years: the Dutch Expertise Centre on Identity fraud and Documents (Expertisecentrum Identiteitsfraude & Documenten, ECID) based at Schiphol Airport. The ECID falls under the Royal Netherlands Marechaussee (KMar) and is thus part of the Dutch Ministry of Defence. Privacy First knew from a reliable source that those figures could be found in the clear annual reports of the ECID from 2008 onwards. So recently we have simply made a request for those reports by email. Subsequently Privacy First received the Statistic Annual Overviews on Document Fraud (Statistische Jaaroverzichten Documentfraude) from 2008 to 2010 from the Ministry of Defence. (Update: the statistics from 2011 followed on 29 May 2012.) The following figures result from these annual reports relating to look-alike fraud with Dutch passports and ID-cards on Dutch soil:   

2008: 46 cases (source: Statistisch Jaaroverzicht Documentfraude 2008, p. 45)

2009: 33 cases (source: Statistisch Jaaroverzicht Documentfraude 2009, pp. 42-43)

2010: 21 cases (source: Statistisch Jaaroverzicht Documentfraude 2010, pp. 52-53)

2011: 19 cases (source: Statistisch Jaaroverzicht Documentfraude 2011, pp. 52-53).

The Netherlands has 17 million inhabitants. By now almost 7.5 million of those had their fingerprints taken to combat a handful of cases of look-alike fraud. By any standard this is a completely disproportionate situation and thereby forms a collective violation of the right to privacy of all Dutch citizens. Privacy First regards these figures as a strong backing in its lawsuit against the Dutch government regarding the new Dutch Passport Act and hereby makes a call to the government to immediately stop the compulsory taking of fingerprints for passports and ID-cards. Regardless of whether or not that’s against European policy.

Update 22 March 2012: At first Privacy First showed the numbers 63 (2009) and 52 (2010). However, those figures were based on a calculating error (they were counted twice), for which we apologise.  

Update 30 March 2012: internal documents from the Dutch Ministry of the Interior from 2004 also imply a relatively low figure for fraud and, moreover, high costs for introducing biometric technology in travel documents. Privacy First recently obtained these documents through a large-scale FOIA investigation that has been ongoing since April 2011.

Update 29 May 2012: Today Privacy First finally received the long-awaited Statistisch Jaaroverzicht Documentfraude 2011 from the Dutch Ministry of Defence. The number of cases of look-alike fraud with Dutch passports and ID-cards on Dutch soil (as far as the KMar is aware) according to this report were respectively... 11 and 8, so just 19 in total. We have updated the list of cases from 2008 to 2010 above with the figures from 2011. So the idea of look-alike fraud as a very small-scale phenomenon is once more confirmed. To burden the entire Dutch population with biometric passports and ID-cards as a countermeasure is and will be completely disproportionate and therefore unlawful.

Published in FOIA Requests
Wednesday, 01 February 2012 13:36

Your fingerprints in the Twilight Zone

In almost all of the lawsuits that are pending against the new Dutch Passport Act, there is one important subject that has so far been little exposed: the use of sensitive personal data by secret services. In this case it’s about biometrics: digital facial scans and fingerprints that end up in all sorts of databases through people's passports and ID cards. At the moment those databases are still only in the hands of municipalities and the passport manufacturer in Haarlem (Morpho, previously called Sagem), in the future they will undoubtedly end up elsewhere too, eventually worldwide. In that sense every Dutchman is a potential globetrotter: in the long term your fingerprints and facial scan may be available even in the farthest corners of the world. Not only in the databases of ‘allies’, but also in the databases of countries with which those ‘allies’ have in turn concluded (possibly secret) exchange agreements. And this is all but transparent. Neither is it publicly known what secret services are willing to use our biometrics for. A Privacy First employee who was eager to examine this for the Dutch Scientific Council for Government Policy (Wetenschappelijke Raad voor het Regeringsbeleid, WRR) soon encountered a wall of research restrictions. So for the time being all we can do is guess... Possible intelligence purposes of biometrics are: 1) identification of suspects unwilling to talk and ‘interesting’ persons in public space, 2) recognition of emotions and lie detection, 3) the use or recognition of doubles, 4) espionage, etc. The first purpose (identification) is being facilitated by the Radio-frequency identification (RFID)-aspect of the biometric chip in your passport or ID card. It’s precisely because of this that the chip can be read from a distance.  

Back to the main subject: the use of sensitive personal data by secret services. Today this is as easy as pie: many people unashamedly put half of their private lives on the internet, for instance on Facebook. And if the information can’t be found on the internet, it can be traced in databases of companies and the government. In the way you in your student days perhaps once turned on the TV with a pool cue without leaving your lazy armchair, secret services can nowadays conjure up your whole life including your fingerprints merely at the press of a button. But is this actually allowed? And in this respect, does it make any difference if your fingerprints are stored are stored 1) by the municipality, 2) in a central database or 3) by a passport manufacturer? ‘‘Yes, that’s allowed’’ and ‘‘no, it doesn’t matter where they’re stored’’, the Dutch State consistently implied until mid-2011 through the State attorney:    

‘‘Fingerprints will also have to be supplied to the General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, AIVD) and the Military Intelligence and Security Service (Militaire Inlichtingen- en Veiligheidsdienst, MIVD). The provision of information to these services is regulated in Article 17 of the Intelligence and Security Services Act (Wet op de Inlichtingen- en Veiligheidsdiensten, WIVD). This already applied prior to the coming into force of parts of the modified Passport Act and it will be no different now that it’s been modified. The mention in Article 4b, paragraph 2(d) Passport Act (‘state security’) was merely motivated by transparency reasons.’’
(Source: Statement of Defence in the Passport lawsuit by Privacy First dated 28 July 2010, para. 2.17; repeated word for word in, among other things, the statements of defence of the State in the Passport lawsuits by Van Luijk dated 29 October 2010 & 10 June 2011 (paras.
3.17 & 5.8 respectively) and Deutekom dated 23 November 2010, para. 4.17.)

So there the State claims that basically nothing would change with the introduction of the Passport Act since the AIVD would already have had the opportunity to make a request for your fingerprints. Meanwhile however, the development of a central biometric database has been put on hold which means your fingerprints are stored ‘only’ relatively shortly by the municipality and the manufacturer. From a legal point of view this is what the discussion now revolves around. For instance on 27 October 2011 before a single judge at the district court of Amsterdam:

Judge: ‘‘Yes, I just wondered, madam [State attorney], you’re saying that Mr’s fear that intelligence and security agencies have access to his personal data - his fingerprints and facial scan -, is taken actually away by Article 65 [Passport Act].’’
State attorney: ‘‘Article 65 only applies to fingerprints.’’
Judge: ‘‘Mr [X] has pointed at Articles 17 to 34 of the Intelligence and Security Services Act. How do you see that?’’
State attorney: ‘‘I can very briefly say something about how you should see this in relation to each other. (...) The point is, quite a few things have of course been said about this in the legal history of this case. So when does the possibility of access arise: once you have a central administration with a biometric search function. There are all sorts of regulations but it’s not as if the AIVD could come up with a fingerprint and say to the municipality ‘show us who this fingerprint belongs to’. But that possibility, it isn’t there. There is simply no biometric search function. In that area the only possibility of what municipalities can do in providing fingerprints, is making a print of it, which comes down to: a sheet of paper with dots. That is the rendering on paper of those fingerprints. Provided the AIVD has complied to the regulations under which they can make a request for information on the basis of the WIVD, it could provide a name to the municipality where the person concerned is registered and could then make a request for personal data. For as far as such a request would concern fingerprints, it wouldn’t thus be any more than a printed page with those dots. So it can never happen, and this is the important point, that the AIVD would come up with fingerprints and say: ‘who are these fingerprints from?’’’
Attorney: ‘‘This is not what my client fears. My clients fears that the AIVD says: ‘we want to see the fingerprints of Mr [X]’.’’
State attorney: ‘‘If the AIVD would like to have the fingerprints of Mr [X], then it wouldn’t need the travel documents registration. They’re on these items over here, so to speak, on this cup...’’
Attorney: ‘‘Well I don’t see anyone of the AIVD taking fingerprints of my client, and it’s not just about him, it’s about him saying: ‘I find it to be in conflict with my conscience to cooperate because in that way the fingerprints of all Dutch citizens could be requested for by the AIVD.’ Not just his, but everyone’s.’’
Judge: ‘‘With the legislation that is in place now, would it be practically possible for the AIVD to step up to the municipality of Amsterdam and say: ‘we would like to have the fingerprints of Mr [X]?’’’
State attorney: ‘‘Eeehm, well [inaudible], Article 65 second paragraph [Passport Act] dictates that fingerprints may only be requested for the application and issuance of a passport. As far as the AIVD would be allowed to make a request for those data on the basis of its own legislation, they wouldn’t be able to obtain anything more than those printed dots because the municipality can’t offer anything different than that.’’
Interruption from the audience: ‘‘They can through [passport manufacturer] Morpho.’’
Judge: ‘‘You are not a party in this lawsuit. I have to ask you not to take part in the litigation.’’

So merely a ‘print with dots’, according to the State attorney. Demanding fingerprints at the passport manufacturer unfortunately was not discussed during the court session. Subsequently the case was redirected within the district court of Amsterdam to a court session with three judges. On 25 January 2012 this point of discussion was again briefly discussed:

Judge 3: ‘‘And what if the information is in the hands of the manufacturer?’’
State attorney: ‘‘Eeeeeeeehm... On what basis would the manufacturer be allowed to provide those data?’’
Judge 3: ‘‘That’s what I’m asking you.’’
To this question no clear answer was given by the State attorney, just a vague reference to Article 65, paragraph 2 of the Passport Act. Then a painful silence followed... and the judges didn’t ask any further questions.
Judge 3: ‘‘And Mr [attorney of X], what’s your take on this point?’’
Attorney: ‘‘I have a different view! [laughter from the audience]
The attorney of X subsequently extensively refers to the relevant legal history of the Passport Act and the provisions of the WIVD 2002.
State attorney: ‘‘Even if the AIVD would be able to make a request for fingerprints on the basis of Article 17 WIVD, then they would never get anything more than a printed page with those dots.
(...) They would get a printed page with the fingerprints, which is a printed page with dots.’’ A little later, after having been verbally informed by a civil servant of the Dutch Ministry of the Interior: ‘‘I’ve said something wrong. I said you get a printed page with dots, but now I understand you get a printed page with an image.’’

Hence, after a dozen court sessions about the Dutch Passport Act, the official clarification by the Dutch State on the use of fingerprints by secret services goes as follows: ‘‘a print with an image, from the municipality’’. The question thus remains whether digital requests can also be made to 1) the municipality and 2) the passport manufacturer, and if so, what exactly happens with it. The same goes for facial scans. The upcoming court session in the Passport Act saga will be on Monday, 2 April 2012 (11.00 am) at the Dutch Council of State (Raad van State). It will then be up the Council to clarify this case after all and invite expert witnesses in case necessary.

Update 10 February 2012: As a result of the above article, written questions have been asked by Member of European Parliament Sophie in ‘t Veld to both passport manufacturer Morpho as well as to the European Commission. At the same time Member of the Dutch House of Representatives Gerard Schouw has asked similar Parliamentary questions to the Dutch Minister of the Interior Liesbeth Spies.

Published in Biometrics
Wednesday, 26 October 2011 16:15

Mobile finger scanners? Not in my backyard.

This summer it was already announced (and commented on by Privacy First) but yesterday it again popped up in the media: this fall four regional Dutch police forces will carry out a pilot experiment with mobile finger scanners to track down illegal immigrants. In official jargon this experimental project is called a ‘learning park’, according to a long-awaited response (after three months) to earlier Parliamentary questions. What will our friends at the police learn in the 'park' called the Netherlands? Privacy First sheds some light on a number of possible 'learning moments':

1) collectively intruding upon other people’s privacy and physical integrity by taking fingerprints of everyone who, in the eyes of the policeman, could perhaps be ‘illegal’,

2) this is very likely to go hand in hand with discriminatory enforcement, ethnic profiling and increasing stigmatization of certain societal groups,

3) initially the scanners will mostly be used for ‘illegal’ immigrants (undocumented migrants) but will then be used for other groups and eventually for every citizen, for instance for the collection of outstanding fines or tax debts (so-called 'function creep'),

4) this year it already appeared that the current state of biometric technology (with current error rates in passports and ID cards of at least 21%) is still in its infancy and isn’t suitable for use on a massive scale,

5) with all the consequences this entails, among which are unjustified suspicions, unjustified immigration detention placements, mutual feelings of insecurity and risks of irritation, confrontations and aggression on the streets,

6) all of this not even considering possible data leakages and hacking of the used equipment,

7) and all of this without public Privacy Impact Assessments and cost-benefit analysis of the matter in hand.

Hence, these mobile finger scanners are dangerous toys. Our advice: don’t start using them. This ‘learning park’ is nothing less than a privacy swamp.

Published in Biometrics

Step 1: E-Gates at Schiphol Airport

Today a seemingly innocent article in Computable caught Privacy First’s attention. The title of the article is ‘‘Passport photo system is fraud sensitive’’ and its subtitle reads ‘‘Digital passport photo inadequate’’. The gist of the article is that the quality of the facial scans in passports (and ID cards) will have to be improved in order for the chance of mismatches in automated facial recognition at Schiphol Airport to be reduced. An experiment with facial recognition is currently planned for the fall of 2011. At Schiphol 36 so-called E-Gates will then be installed: gates for automatic border passage.    

On your way to the gate you will simply walk through one of those gates: the System verifies whether your face corresponds with the face on the chip of your passport. In case the System works 100% a 100% of the time then it’s enormously useful. In case it doesn’t, the System causes delays and irritation, long queues and new opportunities for identity fraud. And even if it does work faultlessly, there’s still a hidden 'catch': automatic screening of your security profile. Before coming to Schiphol you have already been completely screened on the basis of all possible databases that have been linked to you. Once at Schiphol it’s 'party time': without you knowing it your name has been assigned to a green, yellow, orange or red flag. More colors are possible. All of this remains unknown to you, which makes it all the more exciting. If you are taken apart from the queue at the E-Gate then it won’t be for a cup of tea and a biscuit, but to admire the color of your virtual flag once more. After all, it’s party time and the Royal Netherlands Border Police would rather not be color-blind. With a bit of luck you can still go aboard your plane, hoping of course that at the arrival in country X there’s no other feast of flags awaiting you.

Step 2: passport photo booth in the city hall

A few years later (on your return to the Netherlands) you need to renew your passport. For new passport photos you go to your local professional photographer. However, he redirects you to the city hall. For some time passports photos are still only allowed to be made there. You vaguely recall an article in Computable that already referred to this: ‘‘Mistakes [with passport photos] could be prevented by making a digital photo of the passport applicants in the city hall, at the moment they make their passport application.’’ At the time (2011) this seemed enormously useful to the government. Henceforth no more hassle with professional photographers but high definition 3D photos taken straight away in a special Big Brother booth at the town hall, easy as that. Designed initially for E-Gates at Schiphol, then used for automatic facial recognition in shops and on the streets, eventually worldwide. A comparable Dutch plan was rejected in 2007 under pressure from the sector of professional photographers. Since that time our country was hit by one recession after the other. Meanwhile the Dutch privacy movement flourished. But that wasn't meant to spoil the 'fun'. Therefore it took the Dutch government a lot of effort to convince photographers that they could very well do without their passport photo revenues. Not to mention the privacy of Dutch citizens.

Will this be our future? Not if it’s up to Privacy First. We’ll keep you posted.

Published in Profiling

Last year the compulsory storage of fingerprints under the new Dutch Passport Act lead to turmoil on a national scale. This turmoil has been caused in particular by the enormous risks that accompany the storage. In order to contain the risks for citizens, the Privacy First Foundation brought into circulation a so-called Municipality Guarantee Letter (in Dutch: GemeenteGarantieBrief): by using this model letter citizens were able to obtain the guarantee from their municipality that their fingerprints would be dealt with carefully and that potential damage would be at the expense of the State. The Municipality Guarantee Letter turned out to be a great success. During a Dutch parliamentary debate the State Secretary for the Interior Ms. Ank Bijleveld described the letter as follows:

‘‘It’s a campaign by the Privacy First Foundation. This foundation submits a declaration about the storage of fingerprints to municipalities and asks council officials to sign it. They also have to indicate how they deal with the fingerprints and have to declare that they comply with certain guarantees.’’

The cause for this debate in the House of Representatives was the fact that the State Secretary had advised municipalities not to accept the letter, let alone sign it. Much to the annoyance of Dutch political parties as well as the National Ombudsman Alex Brenninkmeijer. Such letters should always be accepted by the government, according to the National Ombudsman. ‘‘There is a right to petition’’, Dutch newspaper Telegraaf quoted him as saying.

Recently the Dutch Interior Minister Piet Hein Donner announced that the storage of fingerprints by municipalities would be brought to an end at the end of July at the latest (after a modification to the municipal software). Moreover, plans for storage in a national database have been shelved because of privacy objections and the enormous percentage of errors in biometric technology. Yesterday (1 August) the Ministry of the Interior declared by telephone to Privacy First that the storage of fingerprints has now indeed been put to an end by all municipalities in the Netherlands, that is to say, it has been reduced to the duration in between the application and the provision of the passport or ID-card. With this the goal of the Municipality Guarantee Letter has for the most part been achieved.

Now another objective comes in sight: voluntary instead of compulsory storage of fingerprints in the document. To this end Privacy First has updated the Municipality Guarantee Letter to a new version: the Municipality Guarantee Letter 2.0. With this letter citizens can lodge an official protest to their municipality against the compulsory taking of fingerprints for a new passport or ID-card. Privacy First has already filled in a few possible objections in the model letter. Citizens can change or complete the letter to their own wishes. As of today, the letter is available for everyone on the website of Privacy First.

Privacy First expects that numerous citizens will make use of the new Municipality Guarantee Letter. This means the social resistance against the compulsory taking of fingerprints enters a new phase.

Download the Municipality Guarantee Letter 2.0 by Privacy First HERE.

Published in Actions

Shocking news today: the Dutch police wants to check fingerprints on the streets. An experiment with special finger-scan equipment is to start this fall.

Initially the aim of the experiment is to track down illegal immigrants and suspects of crimes. After that, attention will undoubtedly turn to all other citizens.

It was recently decided to halt the storage of fingerprints when applying for passports and ID cards on account of privacy objections and the enormous error rates (21-25%) in biometric technology. Such errors could lead to great numbers of innocent citizens ending up as suspects. Apparently the police is now accepting this risk. No doubt this is a six-figure deal: biometrics are big business. Similar, heavily criticized projects in Great Britain involved millions of ICT pounds.  

However, according to the Dutch Ministry of Security and Justice there’s no problem:

‘‘Instead of people having to go to the police station, fingerprints are taken on the spot. This reduces bureaucracy, makes sure there’s more police out on the streets and improves criminal investigation.’’ (Source)

Privacy First stands up against this type of criminalization of public space. Fingerprints have to be taken of suspects at the police station. Not of ordinary citizens on the streets. Apart from violating people's privacy, this paves the way for arbitrariness, discrimination and ethnic profiling.

In the view of Privacy First, the scheduled experiment violates current privacy legislation. During the recent hearing about passport biometrics at the Dutch House of Representatives this was even confirmed by the Chief Information Officer of the Dutch Police itself:

‘‘When the identity of someone has to be ascertained out on the street, or when a passport is handed over, it’s not like the police immediately has a look, wherever... It’s not even allowed, but technically it isn't available either.’’
(A. Meijboom (CIO Dutch Police),
Round table about biometric data in passports, permanent commission for the Ministry of the Interior, Dutch House of Representatives, 20 April 2011.)

Everyone can draw their own conclusions from this.

Published in Biometrics

Today the situation has finally been saved: the storage of fingerprints under the new Dutch Passport Act has been done away with! Both the development of a national database as well as the current storage by municipalities are being stopped. The fingerprints of 4.5 million innocent citizens that have already been stored will now have to be destroyed. Moreover, the legal status of the national ID card will have to be modified in such a way that fingerprints will no longer have to be a part of this document. This will create an ID document for use within national borders that is without biometrics which means that a long-cherished wish of those principally aggrieved is being fulfilled. Last week Privacy First made all these demands in a letter to the House of Representatives and is delighted that all demands will now be met.

From the moment the new Passport Act came into force in the Summer of 2009, Privacy First has been opposing against it by whatever means were available. Today is an historic day: this day proves that social resistance pays off. Partly because of the pressure of our civil lawsuit together with 21 co-plaintiffs the new Passport Act has today effectively succumbed. We already predicted it months ago: one way or another (politically or judicially) we were going to win this case. Privacy First is determined to continue this development and to turn the Netherlands into a society that Dutch citizens deserve: a society in which faith and freedom are basic values once more and in which everyone’s right to privacy is being respected. To that end this victory over the new Passport Act is a crucial first step.

Published in Biometrics

A broad international alliance of NGOs demands that there will be a European investigation into biometric data storage. Governments increasingly lay claim to people's biometric data (such as fingerprints), which are then stored on radio-frequency identification (RFID)-chips in passports and ID-cards. Some countries, such as the Netherlands, France and Lithuania go even further and store this information in databases which can be used for criminal investigation and prosecution.

The alliance of more than 60 organisations (including Privacy First) has urgently requested the Secretary-General of the Council of Europe, Mr. Thorbjørn Jagland, to request the countries concerned for an explanation about whether or not their legislation on these matters complies with the European Convention on Human Rights (ECHR) as speedily as possible. The alliance is of the opinion that a thorough investigation is to be conducted on whether the guarantees and criteria of human rights with respect to the necessity, proportionality, subsidiarity and security guarantees that the ECHR demands for the use of biometrics, are in actual fact being adhered to. This is very much put in doubt by a recent report of the Council of Europe.

It is actually worth pointing out that the idea for the current European enrolment and storage of biometric data has partly come into existence in the Council of Europe itself, that is to say, at the behest of a few working groups that devoted themselves to combating terrorism around 2004. One of these working groups was the Group of Specialists on Identity and Terrorism (CJ-S-IT) which operated under Dutch chairmanship. In April 2004, this working group made the following recommendation:

 "The creation or development of systems which allow identity checks with reference
to civil status records and  registers and population registers to be carried out rapidly
(in particular by means of a centralised system) and in a reliable manner. (…)

Give consideration to and promote research and ongoing cooperation between police
scientists and institutions (…) in order to make greater use of scientific identification
of individuals, especially through the use of biometrics and DNA analysis,
most notably in their use in identity documentation.
" (Source, pp. 17-18. Other
documentation from 2003 to the present day can be found online HERE.)

Meanwhile, it is up to that very Council of Europe to map European national laws that since that time have lost their balance in this area. Where national laws do not respect human rights, the Member States in question are to be called to order. Privacy First looks forward with confidence to the Secretary-General of the Council of Europe carrying out these duties.
 

Logo of the alliance

Published in Biometrics
Wednesday, 16 February 2011 19:38

Privacy First appeals in Passport Trial

On 2 February this year, the district court of The Hague gave its judgement in the civil lawsuit on the Dutch Passport Act which had been initiated by the Privacy First Foundation and 21 co-plaintiffs (citizens) against the Dutch government on 6 May 2010. The main request in this case is that the new Passport Act is to be declared unlawful on account of violating human rights, in particular the right to privacy. However, to the astonishment of many, the court declared both Privacy First as well as the 21 co-plaintiffs inadmissible. Hence the court didn’t proceed to the stage of dealing with the merits of the legal questions regarding the new Passport Act.

A striking aspect about the judgement is, first of all, how short it is. Privacy First cannot help thinking that the court wanted to be done with this case quickly. The court motivated its judgement by declaring that Privacy First would not have an own interest in this case and that for the co-plaintiffs (citizens) a legal avenue to an administrative judge would be all that remains. However, as a matter of fact, Privacy First as a relevant foundation has every interest in this case. What’s more, citizens are not in a position to (directly) object to the storage of fingerprints for their new passport or ID-card. Making such individual objections is only possible through time-consuming and cumbersome proceedings.

Privacy First has decided to appeal against the court’s judgement. On the basis of an analysis by our attorneys of SOLV we deem the judgement to be perfectly contestable, especially with regard to the inadmissibility of Privacy First as well as our co-plaintiffs. (This analysis is being shared by other legal experts.) The appeal will take place before the Court of Appeal in The Hague. Once the earlier judgement on inadmissibility has been overturned, the merits of the case can be dealt with there.

The press release by Privacy First announcing its appeal can be read HERE (Dutch pdf).

Update 17 February 2011: See also this article on Webwereld (in Dutch).

Published in Litigation
Page 2 of 3

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon