Five Eyes biometric data sharing increases by over 100X with little transparency

A network for sharing biometrics, demographics and other data about visitors, migrants and other travelers has ballooned in scope and amount of data shared, but mostly out of the watchful eye of the public, journalists, and even national regulatory authorities, according to an investigation reported by RNZ.

The “Migration 5” is an arrangement for sharing data of people crossing the border of any Five Eyes country: New Zealand, Australia, Canada, the United States, or the UK.

Independent research by a Fulbright scholar at Georgetown University in Washington, DC, shows that since New Zealand began sharing data with its partners in 2011, the volume of data exchanged has exploded. A Secure Real-Time Platform was already in development that year, and while it does not automatically exchange biographical data, manual searches appear to be rising rapidly.

The original agreement mainly dealt with fingerprint biometrics, and limited checks against other partners’ databases to 3,000 each per year. The number of checks allowed rose to 30,000, and now 400,000 for each combination of countries. That means the Migration 5 could be checking 8 million travelers per year, in total. The maximums can also rise, if approved by the partners.

The original deal included a ten-year time limit for data retention, but the U.S. now stores data for 75 years, and New Zealand holds migrants’ biometric data for 50 years. New Zealand also shares biometrics and other data with Japan, and biographic data with the Cook Islands.

A pair of strategy documents for Migration 5 were reportedly published by the partners in 2022, but not released to the public.

New Zealand Privacy Commissioner Michael Webster says his office has seen privacy impact assessments from the Migration 5 arrangement, but is otherwise not involved. If his office receives a complaint he could review the agreements, he tells RNZ.

The publication suggests that in the absence of transparency and robust oversight, risks related to false matches and data breaches are inadequate. A human rights lawyer recounts how a face biometrics match appears to have been the sole factor in determining that an individual had attempted to obtain a visa under an assumed identity.

An official for Immigration New Zealand says that Refugee Protection Officers have rules to follow when handling travelers’ information, and discretion about sharing it, while individuals have the option to refuse to provide biometrics. He did not suggest they could do so without affecting their visa application.

Article Topics

Australia  |  biometrics  |  border management  |  Canada  |  data sharing  |  Five Eyes  |  New Zealand  |  UK  |  United States