Privacy First demands immediate introduction of fingerprint-free identity card

Today afternoon, Privacy First sent the following letter to Minister Donner:

Dear Mr Donner, 

In your letter dated 26 April last to the House of Representatives you made a commitment to amend the legal status of the Dutch identity card (NIK) so that the European Passport Regulation would no longer apply to this document. This would eliminate the need to include fingerprints in the NIK. During the general consultation with the Standing Committee on Home Affairs dated 27 April. you were asked by several MPs on what timeframe this would be realised. You replied as follows:

"If I can solve it practically and quickly through a [Order in Council] or other regulation, that takes priority over regulating by law. The national ID card I want to tackle quickly (...)."

Your commitment to make the NIK 'fingerprint-free' appeared last week widely covered in the national media. Since then, many Dutch citizens have been under the impression that they can already apply for a 'NIK without fingerprints'. Great is therefore their disappointment when in the town hall it turns out that this is not yet the case, witness also the emails from citizens that Privacy First receives daily about this. This current situation of legal uncertainty is fuelling new social unrest. Pending the necessary legislative change, Privacy First therefore urges you to stop the inclusion of fingerprints in the NIK with immediate effect. This can be done either through an AMvB or ministerial regulation or by (temporary) technical means. A third interim solution could be to issue a NIK without fingerprints with a 12-month validity period upon request, as is already possible for persons whose fingerprints cannot be taken temporarily.

Also, in addition to ending the storage of fingerprints in municipal databases, Privacy First strongly recommends that you also stop the storage of fingerprints in passports altogether. Hereby, Privacy First likes to quote the letter received by your predecessor (State Secretary Bijleveld-Schouten) back in November 2009 From the mayor of Roermond:

"During the period 12 October to 7 November 2009, 448 travel documents were issued in Roermond. Verification of the finger scans at issue showed only one finger verifiable from 55 persons and no fingers verifiable from 42 persons. This means that of 21% of the persons who came to collect their travel document, the finger scan taken when applying for the document was of such poor quality that it was not verifiable.

Pursuant to Article 50A of the Netherlands Passport Implementation Regulations (PUN), verification of finger scans should be done if there is doubt about the identity of the collector. Therefore, should the situation arise where the identity of a collector is actually doubted, it could be the case that a bona fide collector whose appearance has been altered to such an extent that doubts about identity arise, 21% runs the risk of having to return home without a travel document or, in the worst case, being arrested as a fraudster."

Besides the risks that citizens face (also in the future, at home and abroad) due to the huge error rates in the biometric technology used, the question also arises as to whether the Netherlands has the European Passport Regulation in a legal sense can still continue to perform. After all, Article 1(2) of this regulation requires that the storage medium in the document be 'sufficiently suitable to guarantee the integrity and authenticity of the data'. With 1 in 5 Dutch citizens failing to meet this requirement, this constitutes grounds to immediately withdraw further implementation of the Passport Regulation.

Privacy First would like to know what steps you are taking to stop the inclusion of fingerprints in the NIK immediately. Privacy First also welcomes your response to the above-mentioned objections to further implementation of the European Passport Regulation.

Sincerely,

 
Privacy First Foundation