The United Nations' International Civil Aviation Organization (ICAO) finished a meeting last week where they worked to 'harmonize' passports issued all over the world into something rapidly approaching an standardized global biometric identification system.

And despite pleas from civil-liberties advocates from across the globe, the ICAO proceeded to do just that. As Wired News reported during the meetings' final days:

The ICAO has already settled on facial recognition as the standard biometric identifier, though countries may add fingerprints or iris scans if they wish. The standards body will vote on Friday whether to adopt radio-frequency ID chips, such as those used in Fast Pass toll systems, as the standard method of storing and transmitting the digitized information.

Countries "may add" those extra features because each passport will carry a standardized 32-bit chip that can hold more than just a digital photograph that can be fed into international biometric databases. The extra room on the chip can hold biographical information and further biometric data, like the aforementioned eye-scans and fingerprints.

Were a fingerprint the chosen biometric identifier, the biometric on the card could be compared to the passport holder's finger at border check, obviating the need for an international biometric database. But such a privacy-protecting commonsense arrangement is less feasible with facial recognition as the chosen biometric. And indeed, Privacy International reports that the ICAO scheme will indeed "result in a distributed international identification database on all passport holders."

The international track-and-trace scheme is of course justified by repeated invocation the terror bogeyman. But determined malefactors and/or "evildoers" can be expected to game the system. A recent General Accounting Office report provided a handful of the many examples of poor security practices the federal government uses in protecting SSNs. The federal government, foreign governments and international agencies cannot be expected to keep the digital data much more secure.

Congressman Ron Paul has emphasized the point that, "transformation of the Social Security number into a de facto uniform identifier . . . facilitates the crime of identity theft." And redundant digital databases spanning the globe will assuredly facilitate such identity theft on a grander scale, especially when taken in tandem with RFID chips implanted in the passports. All and identity thief needs is an RFID reader and the encryption algorithm (both of which will be distributed to machines all over the world) to capture someone's data (essentially, a really long number as an identifier) and begin to create a false 'secure' document.

Planning at the international level, furthest from the end-users of the documents, is prone to such missteps. Yet, as the letter from the civil liberties groups points out, "ICAO is setting a surveillance standard for the rest of the world to follow . . . setting domestic policy, implementing profiling and ID cards where previously none may have existed, or enhancing ID documentation through the use of biometrics, and increasing the data pouring into national databases, or creating them when none previously existed."

For its attempt to impose undeliberative, unprecedented surveillance on world travelers, the ICAO is the Privacy Villain this week.

By James Plummer

government surveillance

medical privacy

financial privacy

online privacy

News | Press Releases | Online Privacy Tools | Privacy Principles | Experts | Links
About NCC | About Consumer Alert | Contact Us | NCC Privacy Home