Fingerprints in passports can't be used by the police - yet
The Dutch government is going to store the fingerprints citizens are required to submit when applying for a new passport in a single database. This goes beyond the requirements of the EU.
Gerrit Jan Riedstra quickly renewed his passport on Friday although the old one has not yet expired - he only received it in March. Nonetheless Riedstra is applying for a new passport, in protest. Today was the last day on which people in the Netherlands could apply for a new passport without submitting their fingerprints.
“This way I know for certain my fingerprints are not stored anywhere in the
next five years.” Riedstra is glad the government is taking action against
identity fraud. “But taking fingerprints from ordinary people is going too
far. A signature, citizen number and passport photo seems enough to me.”
Starting Monday, every citizen who applies for a new passport must let the municipality take four fingerprints. Two of them will be saved on a microchip on the passport. All four will be stored by the government - initially locally, but ultimately all fingerprints will be included in a central ‘travel document administration.’
Fight identity fraud
With this storage of biometric data the Netherlands is going beyond the requirements of European regulations. The EU only stipulates that biometric data be included on the passport in order to better fight identity fraud in Europe. The Netherlands is the only European member state where a central database of fingerprints has been legally approved – although there are similar plans in Belgium, Finland, France and Greece.
For now the fingerprint will be stored locally with the rest of the passport data. “We still have to build the central database,” said deputy minister for home affairs, Ank Bijleveld. “I cannot really say when the central storage will be ready, though it won't take years."
Annemarie Sprokkereef thinks this temporary solution is “the worst conceivable situation.” She works for the Institute for Law, Technology and Society at Tilburg University and conducts research into the privacy sensitivity and reliability of fingerprints, iris scans and other biometric applications. Since it is an intermediary phase, a number of crucial matters, such as who will have access to the data, have not yet been properly provided for, she said.
There is also the fear that fingerprints could be linked to the wrong person or that the security of the databases will be watertight.
Criminal offences and national security
The ministry of home affairs wants to use the central database as an extra check for identity fraud: anyone who applies for a second passport under a different identity can be unmasked since his fingerprints are already in the system. The database could also come in handy when someone's passport is lost or stolen.
Combatting identity fraud is not the only reason for the central register. “Tracking down and prosecuting criminal offences" is also cited as an objective in the new Passport Act. As is “conducting investigations into actions that pose a threat to national security.” This means the fight against terrorism. In 2004, when the legislative proposal was submitted, there was a great deal of fear for a terrorist attack in the Netherlands. So the national intelligence and security service AIVD will also have access to the fingerprints.
These additional purposes have resulted in objections. The Dutch Data Protection Authority (CBP) was already very critical of the plans in 2007. It took issue with the fact that the public prosecutor could use the data in tracking down and identifying possible offenders. The system constitutes a “serious violation of personal privacy since even the data of citizens who are not suspects are included in the register,” the CPB argued.
Infallible means of identification
Another objection is that there is too much confidence in biometric data as an infallible means of identifying someone, said researcher Sprokkereef. This is why the proposal concerning storage was adopted relatively easily by both houses of parliament, she said. “Identification using fingerprints is not a foolproof system.”
The margin of error is about 3 percent, according to the CBP. It sounds low, but if millions of fingerprints are stored in future, it suddenly becomes a large number, Sprokkereef explained. “Then innocent people are falsely accused. Or the actual offender slips through the cracks in the system. Many people think: I have nothing to hide. That changes when you are an innocent person who is suddenly put in the position of having to prove you did not do something because of errors with biometric identification."
Deputy minister Bijleveld stressed that the justice department may only use the central database of fingerprints for identifying suspects. “Finding a fingerprint at the scene of a crime and then searching for a matching suspect in the database is absolutely not allowed," said Bijleveld. The Passport Act gives a different impression however. Section 4 states that the provision of "data concerning the fingerprints" is also allowed in serious crime cases.
Bijleveld promised that restrictions on identification by the justice department are still to be enshrined in the legislation. “This is convenient for the justice department because in order to acquire this power to use the data for investigative purposes at a later date, only that one clause needs amending and not the whole Passport Act,” said Quirine Eijkman, a researcher on terrorism and counter-terrorism at Leiden University.
If access for the justice department should indeed be limited, as Bijleveld promises, it does not mean the next government will maintain those limits. “It would be an exception to the rule if the regulations for this database were not ultimately relaxed,” said Sprokkereef. “These powers always shift.”
Bijleveld has not denied this in the debate. “In the long term, of course there could be a need for wider provision of the data. But that is up to our successors to evaluate."