I have been a lifelong data protection advocate, specifically in regards to ID cards, passports and biometric systems. My work covers both North America and the European Union.
In 2018 I testified in front of the Ohio Senate on the so-called Enhanced Driver’s License. (Video available only in the US or via VPN)
In 2016 I submitted a document to the (then) European Data Protection Supervisor regarding security problems with EU passports and problems with the European Union’s biometric security policy.
In 2024 and 2025 I wrote both the European Commission and the Council on the same topic, as well as on fraud committed against an EU/EEA state by its own passport contractor.
I am particularly interested in fraud on the part of ID card/passport and biometric companies. Based on my lifelong advocacy on these issues, I’ve come to understand that these companies don’t genuinely care about the security of people’s personal identities. Instead, they sell an illusion of security which policymakers fall for and force on everyone else through laws “standardizing” identity documents. They get away with these scams because people invest “trust” in the ID card industry which is not deserved.
The perfect example of this is EC 2252/2004, a law passed by the European Union in 2004 requiring the encoding of the passport fingerprint in Schengen zone passports. The technology is pointless and has never been used. If EU and EEA states stopped encoding the fingerprint biometrics it would change nothing. The only reason why people from the coast of Portugal to the lakes of Finland down to the islands of Greece will give a fingerprint today for their passport is because it would be embarrassing to the ID card/passport industry to stop.
In 2004 I wrote the Security Document Theory whitepaper which explains how the “trust value” of a security document creates an economic incentive for it to be counterfeited.
Documents: Remarks for Bundestag regarding proposed legislation 20/6519 (in German)