Vrij Nederland, 4 June 2011: 'How a bad passport got there anyway'
“Expert criticism of the biometric passport has been consistently stifled by officials for years. 'The House has been misled.'
Somewhere in the democratic decision-making process that helped the nation get an ultra-sophisticated, fraud-proof new passport, something went horribly wrong. After municipal officials spent the last eighteen months taking from nearly a million [sic] recipients of a new passport faithfully registered four fingerprints per person (two of which [sic] intended for the yet-to-be-established judicial database), Minister Donner (Home Affairs) announced last month that the digital storage of these personal characteristics would be stopped immediately. Because the system does not work from any angle. The fingerprint appears to be a less solid vehicle to achieve reliable identification. The advantages do not outweigh the risks.
Never before in patriotic history were so many millions pumped into the introduction of a technical invention touted as revolutionary and sensational that did so little to serve its purpose. A waste of money and effort. The association Vrijbit, the digital civil rights movement Bits of Freedom and the Privacy First foundation had unanimously warned of the dangers. The official privacy watchdog, the Personal Data Protection Board, barked six years ago that by collecting fingerprints for investigation purposes, "the central travel document organisation is effectively taking on the function of an investigation register.
'Yes, those privacy clubs keep us on our toes. They were more right than we realised at the time,' acknowledges PvdA MP Pierre Heijnen. 'It is now clear that critics of the new passport were not taken seriously enough by the civil service and at board level.'
'Everything indicates that the Chamber was misled by the ministry and experts for years,' D66 MP Gerard Schouw believes. 'It was said that storing fingerprints in a national database was really necessary. The technology to do that properly would be available; moreover, it was an indispensable means of identification. That story is highly questionable, we now know.' The debate was reopened after two reports commissioned by the Scientific Council for Government Policy (WRR) shed new light on the privacy and technical aspects of storing biometric passport data.
In late April, at the insistence of the Lower House, there was a hearing where several experts voiced their doubts about the way the amended Passport Act was shaping up. Those invited from the Interior Ministry's Basic Records and Travel Documents Agency (BPR) were conspicuous by their absence. It seemed 'inopportune' to Donner that officials of the agency came before this forum to account for a policy that several delegates said showed 'tunnel vision'.
'It seems that the House was misled,' says GroenLinks MP Mariko Peters. 'While the risks were known, the parliament agreed to a dangerous experiment based on rosy information. This incident is illustrative of the closed government culture in our country. The apparatus is not keen on passing on relevant information to the democratic decision-making bodies, but to keep ministers out of the wind.'
The CDA was already in favour of a database of every citizen's fingerprints to track down terrorists and other thugs in 2001, but Justice Minister Korthals Altes (VVD) did not see the point at the time: 'This means is disproportionate, considering, for example, the number of trace cases on an annual basis: around ten thousand in the whole of the Netherlands. Furthermore, it is practically impracticable, because all ten fingers and possibly the palms of the hands have to be removed for it to be useful for investigation. That would require too great a strain on police capacity, not to mention administrative processing and control.'
Later, the VVD, through crime fighter Fred Teeven, still warmed to a central database of fingerprints of 16 million citizens. Now, led by newcomer Jeanine Hennis-Plasschaert, the VVD party again shares concerns about the soundness of biometric storage. 'Credit where credit is due,' says social democrat Pierre Heijnen. 'That the discussion on fingerprint storage was reopened is to Hennis-Plasschaert's credit. (...) When she was still a Liberal MEP, privacy was already a hobbyhorse of Hennis-Plasschaert. Having immersed herself in the matter, she knew the risks of biometric storage when she joined the Hague group. 'The House was always told that biometric technology would be reliable and would lend itself to large-scale storage and its associated tracking function. In retrospect, those elected may have been too trusting,' says Hennis-Plasschaert. She has respect for Donner's performance: 'He dares to go back on a decision. I find that brave. With the current state of the art, storage poses many risks. I hope there will be a European investigation into the quality and integrity of a fingerprint database.'
To begin with, the functioning of the BPR Agency will be critically evaluated at the behest of Minister Donner. The institute, part of the Interior Ministry but operating as a closed stronghold from an imposing building on Lange Vijverberg in The Hague, regarded critics of the biometric passport chip and the digital database as nuisances that could ugly thwart flawless implementation of the political line. Lies de Leeuw has few fond memories of her four years as senior project manager of innovation projects at the agency. 'There was a culture there of not thinking but doing,' she explained during the hearing on the biometric passport. The atmosphere reminded her most of a 'cult'.
Actually, within the civil service, the unfortunate project leader only found a listening ear with Jan Grijpink - as a counselor at the Ministry of Justice by no means a lower echelon privacy expert. 'But he too had to walk on eggshells, he couldn't do much.' Grijpink, recently retired, confirms that his relationship with the BPR Agency was 'at times' far from optimal. 'I have always opposed a central database for storing fingerprints. Anyone who brings up something different from what policymakers like to hear often pays a price. They are no longer allowed to sing in the choir of decision-makers and advisers.'
Consultant Ruud van Renesse specialises in document security and fraud-proofing. From 1966 to 2002, he worked at TNO, where he was commissioned by Agency BPR to produce the report Quick Scan Biometrics (1999) wrote. His inventory of all the problems that could arise if a fingerprint was incorporated into passports fell badly on The Hague. 'I was surprised,' recalls Van Renesse. 'I had expected that my critical comments would be eagerly seized upon to adjust policy, but the report disappeared in a drawer. Never heard anything more about it.'
In 2002, the consultant was told that BPR would henceforth call on TNO's expertise only if it was established that the critical Van Renesse was not part of the project team. 'I understood that, like Jan Grijpink and Lies de Leeuw, I was among the personae non gratae of BPR had come to belong. 'The fact that in the Netherlands leading scientists are gagged because their views do not align with political policy I found shocking.'
Despite his clashes with the BPR Agency, the ministry called on Van Renesse again in February last year. 'But before I started the project, programme manager Travel Documents Maria Gonzalez informed me that my work was not meant to be disrupted by advancing insight. A government coming up with such an instruction; it's too crazy for words.'
During the first working meeting on the project, Van Renesse was told that he was not supposed to report in writing. He was to report verbally on the progress of his activities. Van Renesse: 'I am sure this instruction was intended to circumvent the Open Government Act. If there is nothing on paper, you don't have any hassle afterwards with troublesome journalists requesting the documents. My written objection to the course of events led to my being kicked out by the Interior Ministry within two weeks of starting work.'
Max Snijder, director of the European Biometrics Group and responsible for the WRR-commissioned report The biometric passport in the Netherlands: crash or soft landing, traces the official panic surrounding the new passport to the misunderstanding that technical acumen was subordinated to a political decision already taken. (...) Our country took the initiative to create the European Forum for Travel Documents, whose chairmanship, later the secretariat, were at the BPR Agency.'
When the US government announced that travellers without biometric passports would in future have to secure a visa to be admitted to the country, Dutch passport makers once again saw a pioneering role for themselves. The biometric fingerprint would be stored in the judicial database in addition to the travel document. Snijder: 'That was emphatically a political decision. Because we thought it had to be done, the practical feasibility was no longer critically examined. Advice was ignored, reports disappeared under the carpet because the content was not to the political liking.
The feasibility and risks of central storage of fingerprints have not been the subject of any more serious research. As recently as March 2010, BPR came out with a gleeful evaluation report on the success of the newly introduced fingerprint registration. It was concealed that the Roermond municipality wrote to state secretary Ank Bijleveld in October 2009 that 21 per cent of the fingerprints scans in passports were of such lousy quality that they were impossible to work with. When the SP inquired last year to what extent the quality of the fingerprint in the passport was guaranteed, Bijleveld replied that the standard was determined using the ISO standard 19794-4. That made no sense whatsoever.'
Simultaneously with Max Snijder's report on the technical imperfections in the biometric passport, the WRR launched the study Happy Landings?, in which lawyer Vincent Böhre lists the privacy risks of the controversial travel document. A group of concerned citizens have collectively sued the State of the Netherlands for violation of their privacy. According to the report, "the biometric passport has not only already changed the relationship between citizens and the Dutch government, but also put it on edge, at least in a legal sense".
Böhre is now employed by the Privacy First foundation, which challenges the legality of the chip in passports and the archiving of digital fingerprints. That Donner recently capitulated and stopped biometric storage fills the activist with joy. 'But in his letter, Donner does not mention privacy at all,' Böhre sighs. 'He puts it entirely on technology. That means that as soon as it is technically sound, we will still be saddled with a central database of fingerprints. So by then we will be back to square one.'"