The cost of privacy: biometrics at London Heathrow T5

London Heathrow’s new Terminal 5 is back in the news: the Information Commissioner is investigating BAA’s use of biometric security controls. But this fight isn’t about security, it’s about economics.

Last year I had the chance to tour London Heathrow’s new Terminal 5. At £4.3bn, it’s a remarkable piece of project management, even if it’s not the most attractive terminal building I’ve been to. I wrote about what seemed like reasonable use of biometric security controls (with a big caveat about my fear of function creep and data retention), but the Information Commisisoner’s Office sees it differently.

BAA‘s stated use of biometrics is to enhance security. Specifically, they say that the systems will prevent exchange of travel documents by airside passengers:

“The idea behind the fingerprinting is to make it impossible for a terrorist to arrive at Heathrow on a transit flight, then exchange boarding passes with a colleague in the departure lounge and join a domestic flight to enter the UK without being checked by immigration authorities.”

The system works as follows: passengers are photographed and fingerprinted at passport control as they head airside, at which time passports and boarding cards are manually inspected. The process is repeated at the boarding gate, where the fingerprint scanner confirms that the traveller is the same person that went through passport control on that document. Airside document exchange has been effectively eradicated. BAA claim that the biometric data is destroyed after 24 hours, which seems reasonable, since by that time any traveller will have completed their flight – and if there’s been a problem in the flight such as hijacking or accident, then the authorities could claim access to the records.

The new scheme is also being rolled out to Terminal 1 as part of the refit as BA moves to Terminal 5.

However, the Information Commissioner’s Office sees this as a disproportionate response to a relatively minor problem. In response to a complaint by Privacy International, they believe that mandatory fingerprinting may be illegal, disproportionate to the need, and that the need has not in fact been proven. Furthermore, apparentlyBAA has not consulted the Information Commissioner’s Office about the new scheme, which seems bizarre when they have staked so much upon it. The Commissioner is now investigating the scheme, and BAA has stated that whatever the outcome, the system will go live when the terminal commences operations this week.

What’s the real issue here?

Our real problem is that BAA has yet to discuss the true motive for the new system. If airside document exchange were such a problem, then we would see biometric scanning planned for every airport in the UK. The Home Office would be making a political issue of it and championing the cause. But they’re not, and this tells us that the motivation for the system is not security.

Take a look at the picture below:


(c) Philip Ide/Daily Mail

What you can see here is a row of bag drop counters with the check-in stations in the background. Gone are the traditional check-in desks, which have been replaced with self-service counters. Passengers arrive, check themselves in at an ATM-like machine, then drop their bags. The first time they face a formal check of their passport and ticket is the security desk. What BAA and BA have managed to do here is to effectively remove an entire level of human interaction from the check-in process, and hence dispense with all the associated employees who would be involved in that. The new biometric security controls provide the check that would otherwise be done by the check-in staff.

What next?

So, in my opinion we have a new system that is claimed to enhance security at the cost of privacy, but in fact is there to save cost for the airport operator. And looking at it from that perspective, I’m inclined to agree with Privacy International and the Information Commissioner: this biometric system needs an urgent review. We need a public debate about whether it is acceptable to permit use of biometric checking to save costs for private companies. BAA should provide greater transparency about the system’s design and operation, and engage with stakeholders to agree an appropriate governance regime to ensure that function creep and unnecessary retention of biometric data becomes impossible without user consent.BAA claims that the Home Office made them do it. The Home Office claims that it’s a design decision for BAA and doesn’t involve them.

Privacy International is recommending some pretty draconian countermeasures for travellers:

  • photograph anyone who takes biometrics and report them to the police;
  • prepare a Subject Access Request and submit it as soon as the fingerprinting takes place;
  • cover your fingers with a two-part adhesive so that the fingerprinting fails.

Until this gets sorted out, I think I’ll fly from Southampton instead.