Biometric travel controls at Heathrow T5

BAA is trialling the biometric identification systems that will be used throughout the new Terminal 5, but is this an appropriate solution, and what exactly is the problem?

Late last year I had the opportunity to tour Heathrow’s new Terminal 5. It’s one of the less thrilling airport terminals I’ve visited – my favourite is Chep Lap Kok in Hong Kong (the original Kai Tak was without doubt the most exciting airport to land at, but the terminal experience was, well, pretty terminal). BAA is installing biometric authentication at the customs desks and boarding gates, and is now trialling the system in Terminal 1.

The purpose of the Heathrow solution is not to prove that the traveller is definitely who they say they are; it uses traditional controls to spot dodgy passports. The system is instead intended to bind the traveller to their travel documents between the first security check and the boarding gate (the check-in itself is fully automated, passengers only have human contact at the point they drop their bags off). At the point the passenger presents their passport and ticket, a small camera photographs their face, and they have to provide fingerprints to a scanner. Then, at the boarding gate, the process is repeated to verify that this is the same person that went through security, and that the documents haven’t been swapped.

BAA’s problem is that of transit passengers on dodgy documents exchanging them with accomplices who have legitimate papers. The transit passenger arrives in the UK with no checks, since they don’t clear customs. The accomplice checks in and swaps documents. The transit passenger then goes on to the new destination with a ‘clean’ identity (we never find out what happens to the accomplice – maybe they get left to fester in the airport?) BAA then deletes the biometric images at the end of the day.

To my mind, this seems like a reasonably appropriate solution, so long as the problem is as bad as claimed. After all, biometrics are pretty much the only proven mechanism to bind the document holder to the documents. The real privacy risks arise from function creep (for example, BAA retaining the data to identify repeat passengers) or unauthorised data sharing (for example, the biometric images and document details being harvested by security agencies). The problem is that no matter how well-intended BAA’s reassurances are, they’ll be meaningless if the government demands access to the data. The UK’s track record in this area suggests that it’s probably only a matter of time before that happens. I wonder if we’ll be asked for our consent when it does – and what our travel options will be if we don’t give that consent?