Dutch watchdog has doubts about centralizing passport biometrics data

Proposals for central biometric databases, especially government databases, are popular with anyone fed up with maddeningly fragmented identity system standard in much of the world.

At times glossed over in those discussions, however, is the security issue. The best-protected single pot of invaluable biometric information is still a single target for bad actors to concentrate on.

In the Netherlands, where debate regarding passport data is current, the government’s Data Protection Authority is concerned about a “goudmijn voor cybercriminelen” – a goldmine for cybercriminals.

Agency officials raised the matter in a memo urging State Secretary Alexandra van Huffelen of the Interior Ministry and Kingdom Relation to “thoroughly” modify or entirely rework plans for a central passport database.

Decentralized data stores have worked well to date, and while there might be alternatives to securing biometric information, centralization is not the best one, say skeptics.

The database being discussed would hold fingerprints and photos of everyone applying for a passport. Today, that information is stored by the local government issuing a person’s passport. Changing that would mean changing the Netherlands’ Passport Act, according to the agency.

Fingerprints would only be kept until the passport is given to a resident; face biometrics would be held for longer, agency officials say.

Agency Chair Aleid Wolfson adds, darkly, that if not hacked, biometrics could be used by governments with less-benign intentions.

The government has not made the case that something so “ingrijpends,” or radical, is needed.

Article Topics

biometric data  |  biometrics  |  cybersecurity  |  data protection  |  data storage  |  Dutch Data Protection Authority  |  Netherlands