home of the madduck/ blog/
Switzerland opts for biometric passports

Switzerland voted today for the introduction of biometric passports, with 50.1% for and 49.9% against, one of the closest votes since 1848 (according to NZZ). While the news don't fill me with glee — there are too many unanswered questions around the digital passports — one aspect of the decision surprised and even shocked me.

I do not like biometric passports, because I like to know when my data are consumed, and by whom. The German government "assures" that only "authorised" parties can access those data, and published information about the security features of the German biometric passports, but I am unconvinced that those are adequate to protection for the 10 years of validity of the passport.

Furthermore, I could find absolutely no information on who the "authorised" parties are, or which regulations cover who will become authorised in the near future. If that was properly addressed, e.g. by leaving it up to me and only me to decide who gets access, then the digital passport could actually be a good step forward, streamlining border control and making travel easier.

But there is a completely different avenue of concern, no matter who gives permission to whom to consume whose data: how are they used, and where, and how long are they stored, and for what? Again, I cannot find any regulations. Instead, my question to the German Department of the Interior was answered (!) along the lines of it being up to each country to decide themselves over the use and storage of the data.

In this light, it makes little difference that the German procedure for the digital passport does not permit the issuing bureau to store the data, while Switzerland's strategy is to build a central database of all these personal details (this is what shocked me). It might make you wonder what use the Swiss government is hoping for, and you might feel uncomfortable with your government building up an even tighter database of its people.

But I'd much rather have my data stored in Switzerland than consumed and stored every time I enter another country, because when I compare the style of governance of Switzerland to pretty much anything else out there, I am glad I get to live here (even though I am not Swiss and cannot vote).

Yet, it's a worrying step in a direction of the "glass human", of a society in which personal privacy is unknown and everything is part of the system. These are totalitarian visions, and it's doubtful whether we'll ever actually get there (so far, I don't think any state has come up with the information management strategies required to properly store, make use, and read sense out of the massive amounts of information), but the trend is clearly visible.

In the end, however, what worries me the most is how relaxed people treat their personal information these days. Look at the infamous social networking sites, or other Web 2.0 gimmicks and you really start to wonder how headless people can be these days. I cannot immediately paint a scenario where it might be dangerous to push all kinds of information about yourself to the masses, but the mere idea of that is scary in and of itself.

I'd prefer to have the choice with whom to share what data. The biometric passports, despite the advantages they might bring, are one step away from that, because they empower the government to make that choice for you. I don't consider that progress at all.

Update: NZZ reports that the issue is not closed. In the cantons of Grishuna and Lucerne, people are challenging the vote and a recount or even re-vote seems possible. I will post an update as soon as I know more. Then, I would also like to address some replies I've received over the real problems behind the digital passports, because it cannot be just the central data storage — it's not like your government doesn't already have all that, and I can't imagine how your fingerprint could be used against you.