As Brexit nears – Britain steals classified EU passport database

10th September 2019 / United Kingdom

A report published in EUObserver states that the European Commission has indirectly confirmed the UK made illegal copies of classified personal information from a database reserved for members of the passport-free Schengen travel zone. Amongst the information, photo and fingerprint data was stolen and then passed to US companies.

Asked to comment on the classified report, early last year, the European commissioner for security, on Wednesday (24 July) said: “those are meant to be confidential discussions that we have with the individual member states.”

Without citing the UK by name, he then said the country had since taken a series of what he described as “practical steps” to address the issues identified in the report.

The 29-page report had listed years of violations by British authorities, following restricted access to the Schengen Information System (SIS).

SIS is an EU-run database used by police to track down undocumented migrants, missing people, stolen property, or suspected criminals. Although the UK is not in the Schengen area, which includes 26 other European countries, it has been given limited access to SIS since 2015.

The document, drafted by Schengen experts from EU states and by the European Commission, had said the UK violations “constitute serious and immediate risks to the integrity and security of SIS data as well as for the data subjects.”

Among other things, the UK had made numerous full and partial copies of SIS, increasing the risk of further data breaches. The report detailed the UK’s sloppy disregard of the rules which included making unlawful copies of data, which it then stored on laptops at airports and government offices. Private contractors like IBM hired by the UK government were also given access.

Entrusting private contractors to handle such sensitive information, which included photographs and fingerprints, only increased risks in terms of physical and logical data security, noted the report.

SafeSubcribe/Instant Unsubscribe - One Email, Every Sunday Morning - So You Miss Nothing - That's It

US firms are also obliged to hand over the data to the US government if so requested under the Patriot Act.

Furthermore, given the SIS database is constantly updated, it means partial or full copies placed on laptops remains static – posing serious issues for anyone whose name or identity is supposed to have been removed.

“SIS data is not deleted when the issuing member states delete it but kept in this database,” warned the report. It had also noted that the UK had failed to implement numerous recommendations to address “very serious deficiencies” already made in 2015.

The Commissioner said the probe carried out in the lead up to the report is part of a rolling process to make sure that all EU states respect SIS and other EU-wide information systems.

“It is crucial if we are going to have faith in those systems,” he said.

The issue comes amid heightened anxiety over the UK’s end of October deadline to leave the European Union. The UK wants to keep security access to EU databases like SIS.

The Commissioner, himself British, said that in the event of a no-deal Brexit, security cooperation would have to be based on other international and non-EU frameworks.

Stealing a classified EU passport database from EU partners at a time of heightened tensions in the midst of the Brexit debacle will only further damage relations and even negotiations for a future relationship.