Canada Moves to Biometric Passports

ancarett writes "The Toronto Star reports that Canada's Passport Office is preparing to roll out a biometric passport in 2005. The new e-Passport will include a digital chip that can store the holder's photograph and other personal information. Nothing but vague assurances on privacy and security of data: who's surprised?"

Poorly thought out.

[Hamster Of Death]

This looks like a good idea poorly implemented.
From the article it sounds like they are just trying to store a copy of what's already on the passport, just in an electronic form.

While redundant copies are fine, as soon as it moves to a digital format it's no longer secure and can be freely copied. The say in the article that they haven't thought out the ramificatons of moving to a digital format. Well I'd think identity theft would be a biggie there!

They should think about this a bit more before they just throw technology at the percieved problem and hope it goes away.

This could be done safely, but won't be.

[e9th]

Store digitized photo, DOB, fingerprints, etc. onboard the passport. The gov't stores only a hash of that information. That way, the passport could be verified, but not recreated, from the database.

But it'll never happen that way. To have all that nifty data in one place is just too tempting.

This is pressure from Washington

[Alt-kun]

The article only hints at this, but the reason Ottawa is so keen to get this going is that the U.S. government is making noise about phasing in requirements for ALL travellers from other countries to have biometric passports.

Quite possibly this is the condition of a deal with Washington to exempt Canadians from stricter biometric identification when crossing the border.

Otherwise Ottawa is probably just desperate to stay in the good books, so they're extending this as an olive branch to Washington.

Re:How would a hash work?

[BranMan]

I think it would work like this: Use the hash to determine that the data stored on the card is the data recorded when the passport was created. Then, use that verified data to validate the current facial / fingerprint scans that uses some algorithm to compare them. If all matches, all is well.

This is acually a pretty good system - the actual biometric data is NOT stored anywhere it can be stolen and reused. If the passport is lost, report it stolen, and that line in the DB (just the hash) is marked so that anyone using it is apprehended.

Then, create a new passport for the user. It will have a new hash, and due to the microscopic differences between any two face / fingerprint scans the new hash will be different.

I think they've just solved the biometric data problem. Now, just try to get the government to agree to it - note this way it can ONLY be used for verification, and only against the passport they are carrying. AND, it prevents anyone from being able to create forged passports unless they are able to insert hashes into the government database. It cannot be used in criminal investigations or general spying because the government doesn't HAVE any data (fingerprints or facial scans) to work with.

Ingenious. Perfect. Secure. Will never be adopted.