The European Commission's controversial new biometrics-based system
for combating illegal immigration and processing asylum requests,
Eurodac, was launched on 14 January amid security and data
protection concerns.
Eurodac is based on a central database in Brussels containing
fingerprints of asylum seekers, a central processing unit to enable
immigration authorities in 16 countries including the UK to compare
fingerprints against the database, and a system for sending
digitised fingerprints electronically.
Protecting this sensitive data and ensuring the secure transmission
of data electronically between the participating states and the
central database are key issues.
Frank Paul, head of the large-scale IT projects unit at the EC,
said security had been a major concern. "For reasons of credibility
of the system, security was one of our main concerns," he said. "We
think we have implemented the maximum security you can have."
Encryption is used at the application and network level and PKI is
used in all the transactions handled by the electronic fingerprint
image transmission system.
Paul said the great strength of the system was that if it was
hacked into (which he claimed could never happen) the hackers would
only have access to case numbers and fingerprints - no personal
details such as names are held on the system.
But hacking is not the main threat. David Birch, director at
Consult Hyperion, said the biggest danger would be from people
bribing EC staff to access the database or buy data. "The worry
about fingerprint databases is that someone can steal your
fingerprint and assume your identity. You wouldn't want your
fingerprints on an EC database where anyone can get hold of them."
Birch also cast doubt on Paul's assurance that bodies other than
immigration, such as law enforcement agencies, would not be able to
access the fingerprint database. "It is hard to see how they would
not have access to it," he said.
Considering the high volumes of transactions Eurodac will carry
out, an accuracy rate of 99.9% would still produce a significant
number of false positives, Birch added.
All asylum seekers entering the EU will be registered in the
country where they first asked for protection and have their
digitised fingerprints stored in the central database. The Eurodac
system has already processed "a couple of hundred" submissions from
asylum seekers, said Paul, and it is expected to hold details of
two million immigration applicants by 2004.
"Eurodac will bring about huge economies of scale," Paul said.
"There will be no more multiple asylum requests. In overall terms
you'll have a huge saving at member state level."
The project is based on technology from US firm Cogent, implemented
by IT services firm Steria. It cost €6.5m (£4m) and will cost about
€500,000 a year to run. The cost of a transaction will be €2.76.
ID card plan needs focus >>