Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Government Security Technology Your Rights Online

Germany To Roll Out ID Cards With Embedded RFID 235

An anonymous reader writes "The production of RFID chips, an integral element of the new generation of German identity cards, has started after the government gave a 10-year contract to the chipmaker NXP in the Netherlands. Citizens will receive the mandatory new ID cards starting from the first of November. The new card allows German authorities to identify people with speed and accuracy, the government said. These authorities include the police, customs and tax authorities and of course the local registration and passport granting authorities. There are some concerns that the use of RFID chips will pose a security or privacy risk, however. Early versions of the electronic passports, using RFID chips with a protocol called 'basic access control' (BAC), were successfully hacked by university researchers and security experts."
This discussion has been archived. No new comments can be posted.

Germany To Roll Out ID Cards With Embedded RFID

Comments Filter:
  • EU passports (Score:2, Insightful)

    by Anonymous Coward

    New EU passports have RFID already. This is just a replacement for the barcode, right? The ID shouldn't have any information on it. If the implementers were smart ...

    • by Anonymous Coward

      The passports already have RFID. This is about the identity cards. (which is only a card, compared to the passports that are too big to carry them around with you all the time).

      • Re: (Score:3, Informative)

        by Khyber ( 864651 )

        The full-sized US passport fits in my back pocket without any problem, my wallet sits comfortably in front of it.

        Too big, what? It's just over 3"x5" in size.

      • Mythbusters - RFID (Score:5, Interesting)

        by object404 ( 1883774 ) on Sunday August 22, 2010 @07:13AM (#33330954) Homepage
        Adam Savage's talk [youtube.com] on the 2008 Hackers on Planet Earth (HOPE) conference on why Mythbusters was forced to not do the "how easy it is to hack RFID tags" episode is very, very interesting.
    • Re: (Score:3, Informative)

      by Anonymous Coward

      On the contrary. Since the new EU passports contain fingerprint data and a digital version of the picture, much of the contention about the new passports revolved around the creation of a central database of biometric information. If the passports were just an index into the database, then that database would be inevitable.

      It is important that technology-minded users learn not to apply the usual centralist approach to everything. We are not cattle.

      • Re: (Score:2, Interesting)

        by RAMMS+EIN ( 578166 )

        ``It is important that technology-minded users learn not to apply the usual centralist approach to everything. We are not cattle.''

        We are not? Then why do we let ourselves be herded and look to the herders for our every need, including a sense of safety and comfort?

        Note that by "we" I mean the general population. It doesn't necessarily apply to you, or even to me. But new tracking measures are being rolled out, and I don't see a lot of people making a fuss about it - rather, I see a lot of people being in f

      • by udippel ( 562132 ) on Sunday August 22, 2010 @05:31AM (#33330636)

        The first three posts in this discussion are - as of now - ACs. Though different from the normal 'First Piss Post'-category. They are spot on the topic. Still ACs. Why?
        Already fearful of being tracked? Yes, you are. Through your IP-addresses.
        Next year you can be tracked by having your Personalausweis in your pocket. Or in your bag. You need it, because you want to enter an official building; the Rathaus.
        Or doing banking business:
        "Guten Morgen, Frau Müller."
        "Uh, Sie kennen mich?"
        "Nein, aber Sie haben Ihren Ausweis dabei! Ich denke Sie wollen Ihren Urlaub bezahlen!?"
        "Woher wissen Sie das?"
        "Nun, als Sie hier hereinkamen, hat unsere Sicherheitssoftware gemeldet, dass Sie gerade auch im Reisebüro waren."

        Oh, what a brave new world we weave ... .

        • The first three posts in this discussion are - as of now - ACs. Though different from the normal 'First Piss Post'-category. They are spot on the topic. Still ACs. Why?
          Already fearful of being tracked? Yes, you are. Through your IP-addresses.

          Users of slashdot can not track me. Only the website admins can. The thing I am afraid of is slashdot comments taken out of context in 10-30 years time.

    • This is just a replacement for the barcode, right?

      Even if it were, it would be dangerous. Giving someone remote access to your passport/ID card number is a security risk by itself.

      They already have your face, anyone can take a picture of your face without you knowing it. If they can create a fake document matching that face to the right document number that's a big step towards stealing your identity.

      • Re: (Score:3, Interesting)

        by LingNoi ( 1066278 )

        Not really. You could have a card with RFID which embeds a key that unlocks data in the database. Since governments have control over the database one wouldn't have to worry much their data being looked at by unauthorised staff and if the database was ever stolen only your physical card could unlock it.

        Also there are benefits to having an ID card rather then a passport. One being you never run out of space for stamps and then have to spend lots of money on extending the pages or a new passport.

        ID theft is p

        • by TheRaven64 ( 641858 ) on Sunday August 22, 2010 @07:12AM (#33330946) Journal

          You could have a card with RFID which embeds a key that unlocks data in the database. Since governments have control over the database one wouldn't have to worry much their data being looked at by unauthorised staff and if the database was ever stolen only your physical card could unlock it.

          You obviously have a very different government to mine. If it's in a government database in the UK, the odds are that copies of it will be posted to the wrong address on unencrypted DVD-Rs, left on hard drives on trains or in taxies, leaked to the press, or used by council employees for private purposes.

          A better solution is not to store the information in either place. Store it on the passport in encrypted form and store the encryption key in the central database (or vice versa). You then need to both do a database query and scan the passport to have access to the data. If someone gets a copy of the database, it's no use to them without the passports. If someone steals a passport, they can't access the information on it.

  • by vinsci ( 537958 ) on Sunday August 22, 2010 @04:35AM (#33330410) Journal

    The new card allows German authorities to identify people with speed and accuracy, the government said.

    Unfortunately, they will also make perfect bomb triggers, when the target walks by.

    • Walk past an e-paper advert board. It scans your ID, looks up your preferences and buying history and throws up a 20 foot high shot of a naked guy and directions to the local rubber fetish store.
       

    • by Ihmhi ( 1206036 )

      If only there were some way to block the RFID signal from being readable when you don't want it to be read.

    • by Anonymous Coward on Sunday August 22, 2010 @05:55AM (#33330736)

      Won't happen.

      The chip is based on the ISO14443-A standard and you can only communicate with it over at most 15 cm distance (about 6 inch). Under normal conditions the range goes down to roughly one inch. You have to walk very close to the bomb to set it off.

      A bomb will also have a hard time to identify you. The chip has an ID that is public readable, but for privacy reasons this ID is a random number that is only valid for a single transaction session.

      Also the article is wrong. The pass will not use the BAC protocol but the much improved PACE protocol. That's state of the art crypto. It's still broken by design because you can do a simple man in the middle attack over the air, but it is a lot better..

      • Re: (Score:3, Interesting)

        by vlm ( 69642 )

        A bomb will also have a hard time to identify you.

        Disagree. No response means no one is there and/or they're not German. Any response means there is a German, now do something (probably bad). You're arguing you don't know the state of Schrodingers cat. I'm arguing that knowing Schrodingers cat is present, is in itself a valuable datapoint.

      • by rcamans ( 252182 )

        So you are saying if I sit on the bomb it goes off?
        Didn't I see something like that with a toilet in a movie?

    • Re: (Score:3, Insightful)

      by couchslug ( 175151 )

      "Unfortunately, they will also make perfect bomb triggers, when the target walks by."

      Plinking Alfred Herrhausen (to use a German example) was quite the coup. RFID-triggered ordnance could be smaller and even more precise.

  • time to buy (Score:4, Informative)

    by zerothink ( 1682450 ) on Sunday August 22, 2010 @04:36AM (#33330412)
    It's time to buy RFID-blocking cover/wallet/bag/whatever. Or feel free to have some fun with aluminum foil - http://www.rpi-polymath.com/ducttape/RFIDWallet.php [rpi-polymath.com]
    • Re:time to buy (Score:5, Informative)

      by MikeyVB ( 787338 ) on Sunday August 22, 2010 @05:26AM (#33330616)

      For the curious, it takes approximately 4 layers of aluminum foil to block a scanner from activating the RFID signal when your Al lined wallet is point blank from a standard scanner.

      (After receiving an RFID enabled ID card here in the Netherlands last year, I tested it on our office copy/scanner RFID reader, and then simply lined my wallet with double the number of layers it took to block the signal. Works like a charm!)

      • Re: (Score:3, Interesting)

        I think I'd just microwave mine till it stopped working. Make the bastards have to type it in every time someone asked to see it and claim I had no idea why their shitty card never worked,
      • by rcamans ( 252182 )

        um, you only tested it on standard public rfid receivers. Hackers / governments / criminals can make much better antennas for their rfid scanners, getting far greater range, even on foil sealed devices.
        You would be far better off building and wearing an rfid jammer.

    • Re:time to buy (Score:4, Interesting)

      by drewhk ( 1744562 ) on Sunday August 22, 2010 @05:28AM (#33330628)

      All of my IDs and cards fit nicely in a metallic business card case. It's cheap, small, looks nice and blocks radio.

    • I tried your aluminium foil suggestion, but I don't think it works very well.... http://en.wikipedia.org/wiki/Tin_foil_hat [wikipedia.org]

  • by Anonymous Coward

    Germans must be able to identify themselves with either a passport or an ID card. There is no obligation to have either of those with you at any time.

    The new cards do not use classic RFID chips but near field communication, which is much harder to attack from a distance (if at all).

    Anyone who wants to sit this out can get a new ID card before November. The old ID cards cost 8 EUR and are valid for 10 years.

    • Re: (Score:2, Informative)

      by think_nix ( 1467471 )

      Germans must be able to identify themselves with either a passport or an ID card. There is no obligation to have either of those with you at any time.

      The new cards do not use classic RFID chips but near field communication, which is much harder to attack from a distance (if at all).

      Anyone who wants to sit this out can get a new ID card before November. The old ID cards cost 8 EUR and are valid for 10 years.

      I guess you have never lived in Germany and heard of Ausweispflicht ? Which by law requires any citizen to be able to identify his or her self. Even only being there on holiday as a visitor you must still be able to identify yourself , been there done that. The authorities do not take it lightly if you "forgot" your ID either, depending on the situation. Although I will credit you the sitting out part, if they get the new ID now then they can wait it out. Although didn't the Germans already implement biomet

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        "Ausweispflicht" means you have to have a passport or an ID card (You can have both, but you don't have to). You do not have to have either of them on you. Pissed off authorities are a fact of life, but they're not the law (yet). Public transport often requires a picture ID to be presented with a month pass. That is a contract thing and not related to the "Ausweispflicht".

      • ``Sounds more controlling/keep track than anything else.''

        I don't know what id would be for, _other_ than for tracking people.

        The problem I have with the RFID chips is that, now, you can be tracked not only when you show your passport (or other id) to someone, but also without your consent or knowledge. Regardless of the official statements, these chips can be and have been read from meters away.

      • Re: (Score:2, Interesting)

        by mwissel ( 869864 )

        The authorities do not take it lightly if you "forgot" your ID either, depending on the situation.

        Wrong, there is no actual problem with forgetting your ID, as there is no obligation to carry one with you - exception is the driving license when operating a vehicle. Actually the police may demand you to fetch your ID at home or whereever it may be, and they might demand to bring you there themselves when they think you might flee. But I think that only happens when you're in suspicion for something.

  • >Early versions of the electronic passports, using RFID chips with a protocol called 'basic access control' (BAC), were successfully hacked by university researchers and security experts."

    That's horrible! What are you going to do about this???

  • Awesome... (Score:5, Funny)

    by Anonymous Coward on Sunday August 22, 2010 @04:54AM (#33330486)

    I've always wanted to be a german.

    And now i can be a bunch of them!

    • Re:Awesome... (Score:5, Informative)

      by think_nix ( 1467471 ) on Sunday August 22, 2010 @05:12AM (#33330580)

      True to that check this out:

      http://www.personalausweisportal.de/cln_164/DE/Neue-Moeglichkeiten/Online-Ausweisfunktion/online-ausweisfunktion_node.html [personalausweisportal.de]

      The new online functions! If you dont understand german try google translate, here a quick translation

      Identification on the Internet and on machines can in the future be done with the new identity card. This is simple and safe as the presentation of your previous card today.
      Even without being personally present you can use the online identity function (also: eID function) authenticate everywhere (where personalized services - are consequently offered and directly tailored to the individual user). With your new personal ID and your 6-digit PIN you can prove your identity in the electronic world simple, safe and reliable.

      That is just the first paragraph , better than the Sunday comics !

      • by Khyber ( 864651 )

        ONLY six?

        My bank PIN is 12 digits.

        Six is going to be too easy to handle.

        • No, the PIN is for the authentication to the card. The card can have counter measures when you try to log in too many times. If you have 3 attempts, for instance, you have a chance of 3 out of a million to use the card. That is probably enough to make sure that the card was not used by somebody not knowing the PIN.

          You only need those kind of large PIN if you have an unlimited (or at least very high) number of attempts.

      • Re: (Score:2, Interesting)

        by Jedi Alec ( 258881 )

        So what's the big deal? The Netherlands has had a digital ID card for doing business with the government for years already. Now perhaps you enjoy standing in a line somewhere, but I prefer handling my business from the comfort of my chair, at any time of the day that is convenient for me and at a total lower cost to the taxpayer.

        Now I don't quite see the point of RFID either, but being able to handle one's affairs over a distance sounds...convenient.

  • The German ID card is using the BAC protocol as well, but only for the basic data which is printed on the front of the card, the picture and the name. Other fields are protected by a stronger proprietary protocol.

    That's what they think. It'll be cracked within days or weeks.

  • by Anonymous Coward

    Danke !!

    Ihre R F I D Bitte

    D anke !!

    Aolso, Ihre RFID Bitte

    Dank e !!

    Ihre RFID Bitte

    Danke !!

    Ihre RFID Bitte

    Danke !!

    Ihre RFID Bitte

    HALT !!

  • you'd think history would have taught them to maximize personal liberties, not to diminish them in any way? Oh well, there is still zeit fur packen zee bagen.

    • Re: (Score:3, Interesting)

      by rolfwind ( 528248 )

      you'd think history would have taught them to maximize personal liberties, not to diminish them in any way? Oh well, there is still zeit fur packen zee bagen.

      No, they look to the government for guidance still. It's in the character. They still don't have real freedom of speech there.

      OTOH, if you look at what set of circumstances us Americans revolted against the King Of England for and how it is today, all you see is more government and taxes than they ever accepted in every aspect of our lives. And peop

      • by Tom ( 822 ) on Sunday August 22, 2010 @06:36AM (#33330842) Homepage Journal

        No, they look to the government for guidance still. It's in the character. They still don't have real freedom of speech there.

        So it is only "freedom" if it is identical to your version of freedom ?

        Please, cut down the arrogance a few notches, you'll notice the rest of the world likes you a lot better if you don't go around all the time assuming that your way is the one and only true path to whatever.

        Our freedom of speech (I'm german) is as real as yours. We just have some priorities differently. For example, we don't allow people to threaten abortion doctors with murder under the cover of "free speech". Our version of your "free speech" is called "freie Meinungsäußerung". That has three parts: Free, speech and opinion. What it means is you can freely express your opinion. If you leave the area of expressing your opinion - and "we'll kill you" isn't an opinion anymore - you may run into trouble.

        And no, we don't look for the government for guidance. In fact, our current government is such a joke, anyone who does look to them for anything except satire is retarded. However, what we do is not share the ridiculous paranoia about the government that is visible in the US. We don't think anything done by the government is automatically evil and to be mistrusted. We view the government as an entity much like many others - capable of both good and evil.

        • by roman_mir ( 125474 ) on Sunday August 22, 2010 @07:20AM (#33330982) Homepage Journal

          You are mistaken as to what is freedom of speech in USA, nobody is allowed to make direct threats of murder for example, but one can have an opinion that abortion doctors must be killed, it's an opinion.

          Of-course one person's opinion may lead to another person's action, but the correct thing to do is to hold the one who takes action as the responsible party, not the one who says he has an opinion.

          I am not American, in fact at this very moment I am in Germany, though I am Canadian, born in the former USSR.

          I hold every single thing that government says or does as suspicious, I don't trust government at all, in any single one thing ever, and I am not an American.

        • by yyxx ( 1812612 )

          Our freedom of speech (I'm german) is as real as yours.

          Germany objectively has stronger restrictions on civil liberties than the US.

          We just have some priorities differently.

          German priorities were set by the allies after WWII. The primary goals were de-Nazificiation and prevention of a recurrence of WWII. Democratization and freedom were secondary concerns, merely means to an end. If Germany could have been pacified after WWII by turning it into a military dictatorship or splitting it up between its neigh

        • by rcamans ( 252182 ) on Sunday August 22, 2010 @02:14PM (#33333566)

          It is illegal to threaten anyone in America with murder or any other form of harm. You have been reading and believing too many anti-American rags. (all rags published in Europe, for example).
          Cut down your own arrogance a few notches.

          Your government (Germany) has been maximum evil overlords more than once. Why do you have the idea that they have changed? Maybe they have learned to be less obvious about it, and not get caught?

          The American gov sucks big time, and will abuse any power that they can get their hands on, legally or illegally.
          Your gov is the same.

          The only difference is the morals and ethics of the people currently in the gov with access to these powers.
          American gov employees are low on the morals scale.
          I am sure Germans are similar. I think there is something about working for the gov, and military, that reduces morals, and attracts people with low morals, like our Bill Clinton, and a recent top gov official in Germany?

          Comparing bad to bad just wastes time and energy. They are all bad. Get over it. Stop crowing that your bad gov is not as bad as ours.

      • by DoninIN ( 115418 )
        Gee stereotype an entire nationality, all the wile differentiating them from "us" which I'm assuming here means you're a fellow American. That's usually a sign of a coherent or terribly positive argument. Also in this case your "us" is largely composed of relatives of your "them" http://en.wikipedia.org/wiki/File:Census-2000-Data-Top-US-Ancestries-by-County.svg [wikipedia.org]
        • I'm both German and American and have lived in both countries roughly equally.

        • What matters for the us/them distinction in this case is the history and culture of democracy and liberty. The US has more than two centuries of uninterrupted democratic governance. In the same period, Germany has had two failed democracies, a monarchy, a fascist state, a military dictatorship, and a communist state. In fact, the reason there are so many Americans of German ancestry is that so many Germans wanted to escape the chaos and repression they were experiencing in Germany.

          Pointing out that Germa

    • by ultranova ( 717540 ) on Sunday August 22, 2010 @06:52AM (#33330884)

      you'd think history would have taught them to maximize personal liberties, not to diminish them in any way?

      Second World War was generations ago. The lessons have been forgotten, so authoritarianism and militarism are once again on the rise in Europe, and will once again lead to the world burning. That will be followed by the survivors being horrified of what they have seen and done, and swearing "never again", but a few generations later things will deteriorate again. That is the cycle of human history, and it cannot be broken, since no matter what lessons you might learn, your children won't, and their children certainly won't care.

      • Re: (Score:3, Interesting)

        by yyxx ( 1812612 )

        The lessons have been forgotten, so authoritarianism and militarism are once again on the rise in Europe, and will once again lead to the world burning.

        Having lived in Europe on and off, sadly, I can confirm this. Part of the problem is European arrogance: for more than two centuries, Americans have had to listen to Europeans about how superior their culture and political systems are, only to watch them self-destruct like clockwork. Europeans simply can't imagine that their supposedly superior culture lea

        • Re: (Score:3, Insightful)

          by owlstead ( 636356 )

          I don't know, we live in a vastly different world than the ones before us. We are continuously confronted with what war achieves. Together with that, the introduction of the Euro means that we Europeans are very much in trouble together when we start a war with our neighbor. The history of the world is changing very rapidly, if there was any cycle it might well and truly be broken by now.

          The most aggressive country by far is the US. It makes war with countries that never even threatened the US. It takes the

  • On the BAC thing... (Score:4, Interesting)

    by Wdi ( 142463 ) on Sunday August 22, 2010 @05:50AM (#33330704)

    This is the standard required by US immigration for foreign biometric passports.

    And only with these you can take advantage of visa-waiver (minus ESTA, minus new tourism support fee) entry into the US.

    So either your passport supports this, or you can make an appointment weeks in advance at a select US consulate in a city only a few hundred kilometers away if you want to travel.

  • by k.a.f. ( 168896 ) on Sunday August 22, 2010 @05:55AM (#33330738)
    The federal ID card is not "mandatory" in any sense except that you may have to show it for certain very fundamental occasions, notably voting. (May have to show, I should add - the last two federal elections I wasn't even asked for the ID card, just for my voter's notification.) You have to actively go out, apply for an ID card and pay the fee to get one. You can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot... Also, the new chip ID will be issued starting in September - it will be a long time until even a majority has one. I got an old-style ID in July, so I'm good until 2020, and even then I won't give my fingerprint for it, that's an optional feature (it's only required for international passports).

    So, overall - yeah, this is a deal, but it's a lot less big a deal than the summary makes it sound like.

    • Re: (Score:2, Informative)

      by agw ( 6387 )

      You have to actively go out, apply for an ID card and pay the fee to get one. You can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot...

      Not quite. You will have to use it if you want to get a bank account (and I assuem you want one). If you're younger, you will have to use it to get a driver's license, probably to sign contracts, to get into music clubs late night, to get alcohol, even to play the lottery and of course everytime you fly within the EU.

      So I say you can live a long and productive live alone in the mountains and never use your ID at all.

    • ou can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot...

      Interesting. In Britain, you can't get a new job without showing a passport, because the employer has to check that you have the right to work there and are not an illegal immigrant, asylum seeker etc.

    • by rcamans ( 252182 )

      um, you won't INTENTIONALLY give your fingerprint for it, but if they want your fingerprint, or DNA, there is nothing you can do to stop them from getting it, except die. Even then, they can get it, but won't need it.

  • by shikaisi ( 1816846 ) on Sunday August 22, 2010 @06:08AM (#33330770)
    I find the most intriguing part of this whole thing is the decision to outsource the chips to a Dutch company. I wonder how long it will be before all the RFIDs fail and send only a message saying "Give us our bikes back".
  • Fry it (Score:5, Informative)

    by mwissel ( 869864 ) on Sunday August 22, 2010 @07:39AM (#33331044) Homepage
    What TFA forgets to mention is, that the ID card remains valid when you kill the RFID chip, as it still allows a person to be identified. Also, the fingerprint is a voluntary information to be stored. Most people won't know or bother and just let them store it anyway, though. For my fellow citizens: get yourself a new ID card w/o RFID just now (it is only a few Euros more expensive when you "loose" your current ID). If you have to get, for some reasons, an ID card with RFID on it, just put it in the microwave oven for a minute or so. Chaos Computer Club has proven this to kill the chip reliably.

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!

Working...