border control


Does turning off the Iris system at Manchester and Birmingham represent a failure of biometrics? 2

News that the Iris biometric gates at Manchester and Birmingham airports have been turned off has been widely reported. (BBC: Eye scanners at England airports turned off, Register: Two UK airports scrap IRIS eye-scanners)

The comments that this represents a failure of biometric systems started to fly almost immediately.air travel

  • “Multi-million pound eye scanners, billed as a key tool in securing Britain‚Äôs borders, have been scrapped.”
  • “…the technology has been beset by problems,…”

… are typical of the comments and headlines making their rounds.

I admit the gates were not perfect and did require some getting used to in order to navigate your way through quickly.

But I think the systems were far from a failure, and the reality is a little bit more subtle than the headlines may suggest.

Let’s not forget the system was originally introduced in 2004, initially as a pilot. ¬†At this time, such use of Iris technology was fairly¬†innovative. ¬†That the footprint of the pilot was gradually extended and became a permanent system is indicative that the system was fairly well received. The fact that over 380,000 people have voluntarily enrolled (myself included) makes it difficult to argue that the system is derided.

In my opinion, the turning off of the system at these two locations is more in line with a planned phasing out of this particular solution, for some rather more mundane reasons:

  1. The system  no longer fits border-automation strategy in the UK  moving forward. It has largely been replaced by the momentum to accommodate EU e-Passports holders,whose passports hold an electronic copy of their face photographic.
  2. As innovative as the technology was in 2004, it is now woefully out-of-date. Iris technology has moved on leaps-and-bounds in the 8 years since (as demonstrated by the Iris-at-a-distance  e-gate solutions for departing passengers at Gatwick airport). The initial investment undoubtedly has long since been written off, and the technology needs a refresh.
  3. The initial deployment was meant to be limited, and the contract has undoubtedly been extended numerous times. A complete and expensive technology refresh (as is required) without an open and competitive re-tender would undoubtedly not rest on firm legal ground.
  4. The business model was never well thought out. It is completely funded by the UK government and can be used by any nationality completely free of charge.

This Iris system is intended for pre-registered Trusted Travellers, who are pre-vetted before they can use the system. At point of use, it is a 1:n Iris check and no travel documents are required.

Since the system has been deployed, most European Union (EU) nations have deployed e-Passports and an ever-increasing percentage of the EU population is now carrying a chip passport. The Iris gates have been gradually been superseded by a new breed of e-Gates that:

  • are for EU passport holders only.
  • do not¬†require¬†pre-enrolment.
  • perform a 1:1 face check against the JPG on the passport chip.

These gates are now being widely deployed at UK ports of entry and seemingly form the backbone of the government’s strategy for automated passenger¬†clearance. This is only natural, as by far the bulk of passengers entering the UK are EU citizens.

If the remaining Iris gates are end-of-life’d, this will clearly leave a hole in the border automation strategy, mainly those passengers that:

  • are not EU citizens.
  • are EU citizens but do not yet have an e-passport.

Arguably, the second of the two will become less of a problem as time passes, as holders of older passports have their passports renewed.

The former, however, will form a minority of arriving passengers, and the business case for the government to provide a free-to-use Trusted Traveler system remains vague. More likely than not, any replacement system  will take the form of a paid subscription requiring a pre-enrollment with vetting.

Ideally, given the limited space available airports, the best scenario would involve these passengers using the same physical e-gates as EU passport holders.

In my view, allowing these systems to reach their end-of-life is not an argument for the failure of biometrics deployed at the border. The fact that a system that was only ever meant to have a limited deployment lasted this long and was only replaced by a government strategy that is more harmonised across EU nations, is a testament to the value this technology provides.

Thank you project IRIS, but I won’t miss you. I use the new e-Passport e-Gates now.


Is the Head of UK Border Force being made a Scapegoat?

Pressure mounts on Theresa May, and Brodie Clark steps down, citing constructive dismissal.

Clark states “Despite pressure to reduce queues, including from ministers, I can never be accused of compromising security for convenience.”

Did Brodie Clark exceed his authority?, or is he being made as a scapegoat?, or is this simply a breakdown of internal communication, with both sides believing they are right?

The story continues…


UK BA Suspensions

air travelThe news last week that Brodie Clarke and Graeme Kyle were suspended from the UK Borders Agency following claims that identity checks were relaxed during busy periods at Heathrow raises some interesting questions.

Without passing any judgement, I understand in part both why there may have been pressure to do so, ¬†and the government’s decision to undertake suspensions. ¬†The latter is easier to address. Whatever concerns may have existed, freedom to exercise authority cannot fly in the face of direct ministerial guidance.

 

Having said that, I’m sure the reasons for doing so were well intentioned, and may have resulted from trying to meet conflicting requirements, mainly ensuring:

  • High security and appropriate passenger screening.
  • Passenger throughput and avoidance of queues / delays.

While I’m not close to the environment in question, at initial glance it appears that the former requirement may have been sacrificed to an extent to ensure the latter during busy periods.

Delays and queues, in a very real and commercial sense, cost money, and it is easy to quantify exactly how much. So it appears the dilemma faced was the age old one, being : “What is an acceptable cost for increased security?”

It appears that some at least felt the benefit delivered did not warrant the disruption to existing processes. Unfortunately it also appears that the decision was taken without due process and consultation.

This situation  highlights the importance of understanding the overall cost of any new security system (which invariably is significantly higher than the cost of procuring it), and the benefits it delivers. Invariably, any system will have an impact on existing workflows, and if carefully designed, should deliver an improvement in workflow in addition to an increase in security.