France called for the EU to adopt measures in the "Smart Borders" legislative package that would require everyone who travels through the EU (including EU nationals) to give their fingerprints, and potentially other biometric data such as facial or iris data, to authorities to be used for identification.
When the EU Commission first proposed this measure in the Smart Borders package in 2013, it was referring only to those who come into the EU, but now the French authorities want the package to cover everyone in the EU who wants to travel cross-borders, inside and out of the EU.
The measure is pushed as being necessary to see who is overstaying their welcome (which shouldn't be a problem for EU citizens anyway, as they can usually stay as much as they like within another EU country), but also as protection against terrorist threats, migratory pressure, and greater passenger numbers. For that last item, the system is meant to make border checking quicker so more travelers can pass through faster.
The lawmakers behind this measure say they have builtin safeguards to protect the data, but right now we don't know what that means exactly. Plus, the data would likely not be stored in a single EU-controlled place, but in multiple countries, exponentially expanding the danger of having those fingerprints stolen with every new place in which that database would be stored or from where it could be accessed.
As we recently saw with the OPM hack in the U.S., governments are often the easiest targets, and keeping fingerprints and other biometric data in centralized databases that governments can then also share with each other just makes that database even more appealing to cybercriminals.
Fingerprints or other types of biometric authentication certainly makes everyone's lives much easier, and for the time being, everyone's data is much better protected as well, compared to using a weak password or none at all on their devices.
However, if governments keep asking for this relatively unique data (only 10 fingerprints, only two irises, etc.), then we'll ultimately have to accept the fact that biometric data is more like a username than a password. At that point, we'll need to only use fingerprints as a username in combination with a passphrase or some other "second factor" that's easier to use than passwords.
It would be bad enough if fingerprints are leaked in a government data breach, when people would use them as usernames, but if they are used as passwords, that would be much worse, because then the hackers could be able to log into everything you've authenticated with your fingerprint as a password replacement, from devices to web services.
Therefore, if governments keep asking for biometric data to identify its citizens, then platform owners such as Google, Apple and Microsoft, as well as other security experts, will need to start coming up with easy-to-use alternative solutions to the fingerprint-as-password problem.
Follow us @tomshardware, on Facebook and on Google+.
If recording biometrics gets institutionalized by governments, I would consider them inherently flawed for anything beyond complementary ID.
So yeah, sooner or later that data will be available. These things just get hacked/leaked/whatever.
Username, I can see that.