Hong Kong Gets Smart ID Cards 388
darnellmc writes: "This AP article is about Hong Kong's new smart ID cards (mandatory) with "embedded computer chips that hold names, pictures and birthdates -- as well as a digital template of both thumbprints". The picture in the article shows a man holding them and smiling. The article also mentions "Hong Kong's government backed down on proposals to have the cards carry health and bank records". The Hong Kong government hopes to add optional features like using them as driving licenses and library cards. This government learned nothing from the USA's abuse of the Social Security number, this is much worse. Hoping one card will do it all. These cards are also in the works in other countries like Finland, Malaysia and Japan where they are to be optional. Thailand
is working on a mandatory card."
Optional? (Score:2, Interesting)
Sort of like trying to live in the USA without a credit card. It can be done but it complicates your life enormously when you try to do things like rent a car, book hotel rooms, etc.
Sort of like disclosing your SSN (in the USA) is supposed to be 'optional' but you'll find it's not really optional when you try to get a loan, activate certain utilities, and so on.
Point being, 'optional' may be a way to get it in the door but it soon becomes mandantory for all practical purposes.
Re:ID Card Threat? (Score:2, Interesting)
We have always been at war with Eurasia.
Re:ID Card Threat? (Score:2, Interesting)
Re:ID Card Threat? (Score:5, Interesting)
1) Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state[1].
2) Badly implemented smart cards will make it easy for the theft of other peoples identities.
[1] Of course, Hong Kong has been perilously close (if only in geographic terms) to a police state ever since the Chinese revolution!
USA's abuse of SSN not a problem in Hong Kong (Score:2, Interesting)
ID cards are have been mandatory in Hong Kong for a very long time - they were just not "smart" yet.
Identidy theft/number abuse is NOT a problem.
Security Issues... (Score:2, Interesting)
Re:ID Card Threat? (Score:2, Interesting)
An ID card could carry your full name, date of birth. Fine, no problem with this. Less hassle getting served at the bar 8).
Now add photo and the state has a current image of almost every citizen which could then be plugged into cctv systems at political demonstrations and immediately identify people opposed to the current government. Bye Bye Freedom of Speach and hello the ability to track someone where ever they go.
Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.
Genetic finger print. Think of Gattaca and the eye lash being found by the police. Immediate identification with very small probability of error. Now tie this in to :
Banking - going for a loan? Any genetic defects and they'll increase the interest rate you're paying and demand cover in case you die before its repaid.
Insurance - any genetic abnormalities and then try getting insurance. Even worse if diseases such as HIV/AIDs were included in your information.
Finally the worst part Identity theft. Government ID card is supposed to prove beyond all reasonable doubt that you are who you say you are. If you have a card with your photo on it, with your fingerprints and genetic fingerprint all matching then obviously you must be the person named on it with access to all your bank accounts, property deeds etc. Anything I've missed?
Re:ID Card Threat? (Score:2, Interesting)
However, it's the collection and the dissemination of the data that worries me most...China can do it because it has a very weak representative body and a very strong executive body...you can almost say the same for 'most' democratic states today...
Austria for example is proposing the same thing to counter it's immigration problems, complete with Thumbprints. Austria is also 'forcing' it's citizens to use a smart card for insurance...In a pseudo socialist state this is understandable. The 'state' is paying for the insurance (via citizens' taxes) so controlling entry/exit for hospitals is important.
The question though is how long before these kinds of cards will be used for work permits (as in the case of immigrants in HK and Austria (not yet complete)) all over the world...
Futurama ref: scan the career chip and viola, you have a job...or permission to live in such and such community.
We're used to badges for entrance into companies. How long before we're using a badge (smartcard) to do anything that involves the state or it's infrastructure?
Dennis
Already cracked. (Score:4, Interesting)
These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.
All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?
If such a card was introduced in, say, the European Union, citizens would probably have the right to:
I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.
Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...
So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.
Re:What kind of crack are they on (Score:3, Interesting)
I really doubt this would be an issue. The smart cards have no power supply nor do they have a radio transmitter. It would be extremely difficult to remotely power a device and remotely sense extract data from the device. You could possibly extract information from a reader when the device is in use, but it would be much easier to set up a fake reader to do this rather than doing it remotely from a real card reader.
This is similar to problems faced with ATM machines. A few years ago people started setting up fake ATM which would capture your ATM card info and PIN and then return an error. The crooks would forge new cards and clean out your account. No need to sniff data from working real ATMs when people would use your bogus ATM.
Re:What kind of crack are they on (Score:2, Interesting)
Techniques specific to cracking a smartcard have undone this work. If one knows the encryption algorithm used by the card and the hardware used to implement it, then because the card reader provides the card with power to do its computations, the power-demand-vs-time information gained by the reader can be used to reconstruct the key stored in the card.
All 15 of the AES submissions are vunlerable to this attack. Moral: never stick your smartcard in an untrusted slot.
Re:What kind of crack are they on (Score:4, Interesting)
Re:Really? (Score:4, Interesting)
Check out Singapore's "rank" -- low corruption + low levels of personal freedoms + huge tech infrastructure = the most "economically globalized" country in the world.
Re:Hmmm... in a communist country (Score:2, Interesting)
An identity card is basically an internal passport, proves who you are and gives you access to certain areas/services or prevents police harrassment.
And from living in a post-communist country I can tell you how much of a bother they are. You can't get anything 'official' (tax, etc.) or 'semi-official' (bank) done without one even though fraud is just as easy to commit.
Re:ID Card Threat? (Score:3, Interesting)
I beg to differ.
Compulsory only means that every citizen has to have one, so that he can identify himself when needed (either if required by law or if he chooses). It doesn't necessarily mean that it's compulsory to carry the card at all times, neither does it mean that police must be allowed to stop and ask to see it without good reason.
There are dozens of situations where it makes perfect sense to have a reliable standardized ID, to be able to identify yourself.
As an example: the US authorities do not even have the slightest clue about the status of people living in their country. I used to live in the US for a year when I was 17 years old. I had a SSN and I got a drivers license there. When I turned 18, I got a letter from the draft office asking me to register with them. I don't exactly know how they got my name and birthdate, but I assume via the drivers license or SSN registration. Fact is, I never was a US citizen. At the time I got the letter I had already left the US (it was forwarded). The US draft office knew nothing about this. It required several letters to convince them that their registration process didn't even apply to me (as a non-US citizen). The only thing that did was my (non-US) ID.