Follow Slashdot stories on Twitter


Forgot your password?
Privacy Security Your Rights Online

Canada Moves to Biometric Passports 21

ancarett writes "The Toronto Star reports that Canada's Passport Office is preparing to roll out a biometric passport in 2005. The new e-Passport will include a digital chip that can store the holder's photograph and other personal information. Nothing but vague assurances on privacy and security of data: who's surprised?"
This discussion has been archived. No new comments can be posted.

Canada Moves to Biometric Passports

Comments Filter:
  • Poorly thought out. (Score:3, Interesting)

    by Hamster Of Death ( 413544 ) on Sunday July 18, 2004 @08:25PM (#9734337)
    This looks like a good idea poorly implemented.
    From the article it sounds like they are just trying to store a copy of what's already on the passport, just in an electronic form.

    While redundant copies are fine, as soon as it moves to a digital format it's no longer secure and can be freely copied. The say in the article that they haven't thought out the ramificatons of moving to a digital format. Well I'd think identity theft would be a biggie there!

    They should think about this a bit more before they just throw technology at the percieved problem and hope it goes away.

  • Not impressed! (Score:2, Insightful)

    by bogaboga ( 793279 )
    Yes, not impressed and very very concerned about its deployment, especially after the poorly implemented gun-registry []. There is a related story here [] . Sometimes, "developed" nations get it wrong too!
  • I had to replace an expired passport last year, so now I get to wait until 2008 before I have to worry about this.

    I'm sure they'll have the bugs worked out by then....

    ... Right?

    • I got my first passport a couple of weeks ago (three days after filing on basic (amazing)), and I'm really glad I don't have to file for this beast of a passport in the future. I sincerely hope this gets out and people will get pissed, I barely missed this article because it was neatly tucked away in YRO.

      In respects to this project, I wish it would fail. A digital copy has me extremely worried. Best thing we can do is get other people onside to block this crapola.
  • to take it with you eveytime you're leaving the country isn't it??
    So in order for someone to use a digital passport, all the countries with which your country have diplomatic relations, should have the right equipment (hardware and software) to take advantage of it!
    In other words, it sounds really neat but i dont think it has practical use
    This is like having a Gigabit network card when you are connected to a 10 mbit hub! (sorry i couldnt resist the geeky comparison)
  • by e9th ( 652576 ) <e9th@tupodex.EULERcom minus math_god> on Monday July 19, 2004 @12:00AM (#9735329)
    Store digitized photo, DOB, fingerprints, etc. onboard the passport. The gov't stores only a hash of that information. That way, the passport could be verified, but not recreated, from the database.

    But it'll never happen that way. To have all that nifty data in one place is just too tempting.

    • by phorm ( 591458 )
      Ummm. Pretty hard to store a hash of a digital photo, fingerprints, etc. When they scan the actual, there are bound to be enough discrepencies (alignment, scanner, etc) that the hash wouldn't align with the electronic copy.
      • The digital photo & fingerprints stored on the passport can be rendered on the spot and visually compared with those of the ostensible passport holder. The gov't controlled hash simply prevents forging them.
      • by BranMan ( 29917 ) on Monday July 19, 2004 @02:37PM (#9739949)
        I think it would work like this: Use the hash to determine that the data stored on the card is the data recorded when the passport was created. Then, use that verified data to validate the current facial / fingerprint scans that uses some algorithm to compare them. If all matches, all is well.

        This is acually a pretty good system - the actual biometric data is NOT stored anywhere it can be stolen and reused. If the passport is lost, report it stolen, and that line in the DB (just the hash) is marked so that anyone using it is apprehended.

        Then, create a new passport for the user. It will have a new hash, and due to the microscopic differences between any two face / fingerprint scans the new hash will be different.

        I think they've just solved the biometric data problem. Now, just try to get the government to agree to it - note this way it can ONLY be used for verification, and only against the passport they are carrying. AND, it prevents anyone from being able to create forged passports unless they are able to insert hashes into the government database. It cannot be used in criminal investigations or general spying because the government doesn't HAVE any data (fingerprints or facial scans) to work with.

        Ingenious. Perfect. Secure. Will never be adopted.
      • umm the DIGITAL photo can be hashed just like any other file on a computer. Presumably if they are storing a copy of the fingerprint on a digital device in some format they can hash that too..

        storing the hash itself is as simple as getting any old database and putting the string in there.. dead easy (even i could do this)

        So process is:
        1. Give passport to airport person for checking
        2. They download your data from the chip to the computer.
        3.Verify that the chip and the photo whatever on the passport match
  • PPT Sucks (Score:3, Insightful)

    by billcopc ( 196330 ) <> on Monday July 19, 2004 @03:24AM (#9736060) Homepage
    Having worked there, I can honestly assure you that any technical endeavor is half-assed licensed crap from some clever contractor who knows how to milk a cow.

    So what if we have this whizbang electronic passport ? Who else has the hardware to verify its integrity except the canadian authorities ? The purpose of a passport is to authenticate your identity ABROAD. Do you think border guards in Mexico will have the e-reader ? Hell no. Anything that relies on local verification is doomed to fail, just like it does on our beloved Internet. Someone out there is going to get their hands on a chip programmer and a holographic printer because there is sufficient monetary and criminal incentive to do so. No way around it unless the whole world gets together and implements a central DB, and even then, sysadmins can be bought.

    It's always a race against crime, except the bad guys have all the trump cards.
  • Maybe all the Stateainians who cross the border to canada should be made to submit biometric data to canadian companies/governments.

    How long do yu think that would last eh?
  • The article only hints at this, but the reason Ottawa is so keen to get this going is that the U.S. government is making noise about phasing in requirements for ALL travellers from other countries to have biometric passports.

    Quite possibly this is the condition of a deal with Washington to exempt Canadians from stricter biometric identification when crossing the border.

    Otherwise Ottawa is probably just desperate to stay in the good books, so they're extending this as an olive branch to Washington.
    • Perhaps true.
      However, canadian/US citizens don't require passports to travel between USA/Canada.

      This is just the first step to justifying biometric measurements on drivers licenses, and other forms of government ID.

      afterall, what is the point of having biometrics on the Canadian passport, if an enemy combatant can simply use a fake drivers license and a fake birth certificate to enter the "homeland".

      Or, use the age old ploy of simply using legal documentation obtained properly or even fraudulently. Not
  • Because we (the U.S.) said so.

    The US Visitor and Immigrant Status Indicator Technology (US-VISIT) programme, introduced by the Department of Homeland Security, had originally required the citizens of all "visa waiver countries" to have biometric information contained on their passports by October 2004. (Visa waiver countries are those whose citizens do not need a visa to enter the US for a period of up to 90 days; they include the EU member states.) The deadline was recentlyl extended to October 2005.

  • I'm surprised (Score:3, Insightful)

    by chia_monkey ( 593501 ) on Monday July 19, 2004 @07:56PM (#9743142) Journal
    First, I'm surprised that there's only 18 comments on this so far. I would think there would be a whirlwind of discussion. Hmmm...

    Next, I really wonder about counterfitting. I didn't see anything really that really stood out as being a supremely secure and safe solution to this. I dunno, maybe I'm just paranoid. Sometimes I think going digital would be safer and harder to counterfeit, other times I think such archaic ways (like the funky paper US money is printed on now) is safe too. Maybe a combination of a smart card and funky paper is the way to go.
  • Do all passports have fingerprints in them? I thought you didn't need to have your fingerprints taken until a) first criminal offense or b) working for a policing/intelligence agency.

    Anyway, I doubt you'll be able to copy the data and use it without the actual passport/picture/fingerprints, so the electronic data itself would be a bit useless without the hardcopy.

As of next Tuesday, C will be flushed in favor of COBOL. Please update your programs.