Tag Archives: Europe

Is a 0.0001% EES Border Threat Level Meaningless?

I just reshared Tom Topol’s latest LinkedIn article to my Bredemarket Identity Firm Services readers on LinkedIn and Facebook, focusing on this quote:

“Between October 2025 and April 2026, the EES registered over 52 million border crossings. Entry was refused more than 27,000 times, including to almost 700 people who were identified as posing a security threat to the EU. Several thousand additional travelers were flagged for overstaying the Schengen 90/180-day rule…”

Is Europe over-emphasizing the threat?

But that isn’t how he begins the article.

“Europe’s Biometric Border and the Price of 700 Threats in 52 Million Crossings”

I did the math, and if you only count ACTUAL security threats, rather than visa overstays that COULD become security threats, you’re talking about a very small percentage: 0.0013461538%.

Topol asks:

“The question is not whether the EES caught anything. It is whether what it caught justifies what it costs: in financial terms, in operational disruption, and in the permanent erosion of informational privacy for hundreds of millions of innocent travelers.”

Let’s look at operational disruption. Topol cites GDPR Article 35’s requirement that “a Data Protection Impact Assessment must justify the necessity, suitability, and proportionality of any system processing biometric data at scale.” Topol cites a Spanish case that failed to obtain the required assessment (covered by Biometric Update), then extrapolates that EES is a net burden.

Topol acknowledges the deterrent effect—if fraudsters know their biometrics will be captured, they won’t attempt the fraud—but then notes that the argument “is also entirely unverifiable, and it has historically been used to justify the expansion of every surveillance system ever built.”

Bringing it all back home

Take the experience in my own country.

This isn’t a border issue, but when I joined the biometric industry in 1994, Los Angeles County was beginning to use fingerprint biometrics to ensure that the right people received government benefits—and the wrong people didn’t. Back in those pre-iPhone days only criminals gave their fingerprints, so this and other programs had an unsavory taint in the public’s eye. Yes the county saved money, but was this because fraudsters stayed away, or because legitimate users feared their fingerprints would go to the LAPD? The use of fingerprints for welfare benefits has disappeared today.

Returning to border crossings, our own entry-exit system has been justified by statements such as Senator Lindsey Graham’s 2015 claim about the 9/11 terrorists:

“All the hijackers who attacked — attacked us on 9/11 were visa overstays. So it’s more than just the border. You have got to control your visa program.”

According to FactCheck, Graham was off by 89%. Only two of the 19 terrorists were visa overstays. While the terrorists took advantage of flaws in the visa system, they had the visas.

Emotionally, I’m not convinced

Having spent over 30 years in this industry, I’m not about to chuck security out the window.

Emotionally I can’t do it.

And not because of the OVERLY emotional arguments, the “Jane never celebrated her seventh birthday because a cold-blooded smelly killer took her life.”

I’m talking about run-of-the-mill emotion.

And I have a challenge for you.

Tonight, when you go to bed, leave the front door of your house unlocked. After all, the chances of harm from an unlocked front door are minuscule.

I bet Topol locks HIS door at night.

The EU Common Charger, Laptops…and the Future

I have an old iPhone with a Lightning charger port. I can’t buy this today in the European Union. (Or anywhere, but we’ll get to that.) Why? Because of the EU’s Common Charger Directive.

“Because the EU has standardised charging ports for mobile phones and other portable electronic devices, all new devices sold in the EU must now support USB-C charging.”

Which devices?

“From 28 December 2024, the rules apply to mobile phones, tablets, digital cameras, headphones, headsets, videogame consoles, portable speakers, e-readers, keyboards, mice, portable navigation systemsand earbuds sold in the EU.”

So all of this went into effect in 2024?

Um, no.

Laptops

Because there is one additional requirement.

“From 28 April 2026, they will also apply to laptops.”

(Sorry, desktop computer users. You may still have old style power connections.)

Google Gemini.

For the record, Bredemarket’s U.S. purchased laptop already has a USB-C charging port. Because when the manufacturers were forced to implement this for Europe, it was easier to do it for the rest of the world.

So everyone is happy and enjoying the EU’s listed benefits of consumer convenience, e-waste reduction, and cost savings.

Yes, everyone is happy…for now.

The future

But what happens when wireless charging supports up to 240W? Then you get some REAL cost savings, because manufacturers—especially of small devices—can reduce cost by eliminating charging ports altogether.

Well, except in the EU, where charging mechanisms other than USB-C are illegal. Not just illegal to market: illegal to even sell in the first place.

It’s not that big a deal to throw a USB-C port on to a laptop, which has several ports already.

But a phone?

Even my older iPhone has reduced the number of ports down to one. (Separate headphone jacks disappeared years ago.)

Imagine if Apple, Samsung, and everyone else could sell smartphones with ZERO ports. Not only does this reduce cost, but it helps to preserve the integrity of the device.

And the phone manufacturers will take advantage of this in Asia, the Americas, and Africa.

Google Gemini.

While still maintaining the government-mandated (and more expensive) USB-C versions in Europe.

Because once a government mandates something, it’s nearly impossible to change.

Europe is Looking At More Than Just Biometric Testing

A little more detail, courtesy EU Brussels, regarding the policy brief published by the EU Innovation Hub for Internal Security, coordinated by eu-LISA together with the European Commission, Europol and Frontex.

As I noted earlier today, one proposal is for Europe to perform its own independent biometric testing, reducing Europe’s dependence on the American National Institute of Standards and Technology (NIST).

“The second is a centralised evaluation and testing platform connected to that repository, allowing standardised, independent and continuous assessment of biometric technologies, including benchmarking across vendors.”

But if there is a second proposal (European testing) in the cited European biometric policy brief, there must also be a first proposal—one I failed to discuss this morning.

“The first is a common EU biometric data repository containing datasets that comply with European rules, reflect the demographics and use-cases relevant to EU authorities and are stored in a secure environment.”

Makes sense. If you are going to test you need test data. And NIST has no obligation to ensure its test data complies with the General Data Protection Regulation (GDPR). The subjects in NIST test databases rarely provided the “explicit consent” mentioned in GDPR, and the “right to erasure” from a NIST database is…laughable.

Yes, it’s extremely challenging to construct a testing database that complies with GDPR.

And NIST certainly ain’t gonna do it.

Will a European entity construct it?

And if the right to erasure is maintained, how will you maintain historical consistency of test results?

Why Would Europe Perform Its Own Biometric Testing?

I’ve seen two articles about a possible move by Europe to set up a Europe-wide biometric testing agency, bypassing the need for National Institute of Standards and Technology (NIST) biometric testing.

One reason is that a European-controlled testing methodology can incorporate European regulations, such as the General Data Protection Regulation (GDPR).

A second related reason for Europe to bypass NIST biometric testing is that U.S. government agencies, including NIST and the Federal Bureau of Investigation (FBI), naturally place prime importance on American interests.

Remember when the U.S. House of Representatives Select Committee on the Chinese Communist Party complained that the FBI Certified Products List contained Chinese biometric vendors (the Certified Communist Products List)?

  • Wait until they discover all the Chinese companies that participate in NIST testing.
  • And wait until someone in the legislative or executive branches decides that the FBI or NIST shouldn’t list products from other countries deemed unfriendly to the United States. Denmark? Germany? France?

For these reasons, Europe may be compelled to set up its own biometric testing organization.

And so may China.