Privacy vs. Security: Biometric E-Passports 227
ftblguy writes "Countries such as the UK, Belgium, Netherlands, Canada, US, Australia, and New Zealand are currently looking into adding RFID chips to citizens' passports. The chips would contain data such as a digital image of the person's face. A real-time facial scan of the carrier of the passport would then be matched to the data encoded in the chip. But privacy advocates such as CASPIAN are concerned that this data could get into the hands of the wrong people or that governments could use the data to track their citizens as they go about their personal business. But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."
Just wait (Score:5, Insightful)
Re:Just wait (Score:5, Insightful)
America hasn't put itself on a threatlevel lower then orange and probably never will.
A quote from 1984 might be the best justification for this; I only hope the US-citizens will see this for what it is and not re-elect another 4 years of warmongering.
Re:Just wait (Score:2, Insightful)
If we had a choice, we probably wouldn't. Unfortunately that issue, along with every other issue the government faces, has already been decided by the Party. The public has the oh-so-heavy choice of which face reads their speeches for the next few years.
Re:Just wait (Score:4, Insightful)
Re:Just wait (Score:3, Interesting)
Re:Just wait (Score:4, Funny)
dupe (Score:5, Funny)
Ho hum. (Score:2, Funny)
You can 'turn it off' (Score:3, Insightful)
However, the RFID feature has no use when you just walk around with the passport in your wallet. In fact, this could be a privacy concern, since you could be 'tracked' without your consent. If you worry about this, loose the tinfoil hat and buy the tinfoil wallet.
Or you could carry your passport and other RFID-enabled d
Not effective (Score:5, Informative)
Biometric systems are not secure as a means of authentication, they are too easy to fake.
The three ways you can authenticate a person are:
-
What they are
-
What they have
-
What they know
A good security system combines at least two of these. This one does, but since it only authenticates against what you have, it is not very good. If each passport had a key encrypted with a passphrase (like in PGP), and you needed the passphrase to use it, you would have good protection against stolen passports.But these don't do that.
Re:Not effective (Score:3, Funny)
If each passport had a key encrypted with a passphrase (like in PGP), and you needed the passphrase to use it,
then every Joe User would write his passphrase ON the passport.
Re:Not effective (Score:2)
Re:Not effective (Score:2)
"What you want" is what the really want (Score:3, Interesting)
> What they are, What they have, What they know
The trouble is that the government really wants to know "what you want", rather than any of those things. Using "what you are" to determine "what you want" works only by extrapolating from previous behaviour, and is necessarily restricted to past offenders. What we need is a passport that requires you to state your intentions every time you use it. It could go something like this:
"It looks like you are
Re:Not effective (Score:2)
Re:Not effective (Score:2)
And biometric IS too easy to fake. Just look at how reliable fingerprint readers are. Also, if someone makes a replica which they use to fake your ID, you have to have that replica destroyed. And tracking down some guy with a picture/mask will be alot harder than changing your passphrase, I can tell you that.
that only your government can decode/encode
Re:Not effective (Score:2)
They would have to use a challenge-response system like banks use at ATMs. This would allow deployment of offsite machines that could test passports and make stealing one almost pointless.
Re:Not effective (Score:2, Interesting)
Re:Not effective (Score:2)
Re:Not effective (Score:5, Insightful)
That's one problem. Another is that you can never change that authentication token, the way you can change passwords or keys. Imagine a scenario where you work at the airport and the Evil Terrorists (tm) manage to get a copy of your fingerprint (can be done with latex gel and an eraser) or retinal scan and can use it to access something important. The only secure response is to deny access to anyone with a fingerprint that looks like yours, forever. So either you never work again, or you get to have a special password system just for you (and all the other ID-theft victims). But of course, at that point primary security rests with the password system; which you miight as well just use in the first place.
Biometric security systems strike me as being very similar in spirit to the various copy-protection schemes out there that the RIAA loves; they sound intimidating and high-tech, but are really poorly thought-out and only good to keep out amateurs, while serving to make all our lives more difficult. I wonder if our security guys really do think that al-Qaida really is a bunch of amateurs? Are they?
As for biometric passports - why in Ashcrofts name would you keep the biometric information on the passport as opposed to in a central database? If your ATM card didn't rely on a central server the banks would have been cleaned out long ago. I have no doubt that professional forgers, being the third oldest profession (bureaucrat being the second, and we all know what the first is), could sooner or later figure out how to encode the biometric information. In other words, the passport has to be considered insecure and information on it shouldn't be trusted.
Now, if you don't keep the fingerprint scan on the passport, why make a big fuss about "biometric" passports? Deliberate misinformation? Or is it a two-step scheme where the retinal scan is too big to transmit, so a copy is stored on the passport and e.g. a hash on the central server to verify the integrity of the passport?
Of course, you can still hump it across the Rio Grande, biometric passport or no biometric passport. So now we have to start checking people inside the country as well as at the border. Sooner or later this road leads only one place: frequent random searches of all citizens and demands for "Your paperz, bitte" anywhere, anytime.
quickly, think of a reason, (Score:3, Insightful)
they'll be needed in the years to come...
digital != greater security (Score:5, Interesting)
Surely noone believes that do they? Why?
Digital is inherently easier to copy then analogue - I think this would decrease security.
Bingo - and RFID is the wrong technology (Score:2, Insightful)
This data should not be transmitted contactless. Are you going to tell an immigration official, "Just scan the passport in my pocket"? No, you will still present the actual passport, so they can simple touch a smart card style chip on the
An example of bad digital enhancement ... (Score:2, Interesting)
digital ~= greater security (Score:2)
I admit that accessing the information using RFID is an unnecessary complication: It makes the chip easier to destroy at-a-distance and doesn't add much in the way of functiona
The price you pay... (Score:2, Interesting)
Security doesn't come for free. You have to invest something for getting it. No sane person would run a Windows or a Linux box on teh internet without elaborate security setup.
And in anti-terrorism this translates to getting better passports with more detailed information.
For all the people who start to whine about privacy: if there is really a problem with this then your problem is not the passport. Your pro
Re:The price you pay... (Score:5, Insightful)
You are a retard.
The 11/9/2001 terrorists had valid passports. This system would have done nothing to prevent that attack.
Re:The price you pay... (Score:5, Insightful)
Re:The price you pay... (Score:2)
James
Re:The price you pay... (Score:2)
Soon you'll be hearing the words "your papers, please?" on a regular basis.
Max
Re:The price you pay... (Score:2)
don't underestimate the bait and switch. If the current administration stays in power, do you really think it is beyond them to convince the induhviduals that this would have stopped them? The did the bait and switch very successfully w/ Iraq.
two bricks shy of a load (Score:2)
why rfid? (Score:3, Interesting)
Re:why rfid? (Score:2)
Re:why rfid? (Score:2)
Re:why rfid? (Score:2)
This is not an excuse to use a less reliable method of digital ID when a more reliable one is available.
And do you WANT to have to get a new passport in the middle of a foreign country?
Re:why rfid? (Score:2)
ROTFLOL!!! Mod parent up. :P
Re:why rfid? (Score:2)
Also, a smart card used for shopping doesn't need the reliability that a passport that you want if it's required to enter the country. Also, The cost of RFID readers is approximately zero compared with the other things that you find at an airport (i.e. planes).
Re:why rfid? (Score:2)
In Hong Kong we've been using contactless tickets for several years on the subways. The readers can't be very expensive, as they've spread not only to buses and trams, but can also bne used at point of sale at 7-eleven shops. The magstripe ones
Re:why rfid? (Score:2)
people are too dumb to stick a card in a hole
Passports over here last for ten years. If you actually GO overseas a lot, then you don't want the guy at customs in whatever country to accidently break the card when it get pushed into the slot.
And if you're so smart, what do you think happens if the card gets bent?
Re:why rfid? (Score:2)
I cant believe im hearing this crap on
"Passports over here last for ten years.
Kidding, right? (Score:5, Insightful)
Think about the TSA (Thousands Standing Around|Take Scissors Away) - does taking knitting needles make anyone safer? The biggest change in airline safety because of 9/11 was 9/11. Before folks figured that they could just quietly land in Cuba and live on peanuts for a few days before they would be brought home. All that has changed, but it didn't require billions of dollars, air marshals, or any of the other visible crap the government did to create the illusion of security.
While biometric passports might make identification more certain, you need to fully look at who/where/how passports are used, and see if these measures will actually be useful in the real world. Urg.
Re:Kidding, right? (Score:3, Interesting)
Might not ... Any reasonably competent forger will be able to download the required information into a fake passport with no more effort than making a Costco membership card.
The UK scheme is nothing to do with security, its a scam to take $100 off every man, woman and child in the country to pay for the war in Iraq.
Re:Kidding, right? (Score:3, Interesting)
Why?
Currently a screener has to LOOK at the passport. They actually might have to use a few brain cells. They might find something isn't quite right and investigate further.
If the screener thinks the new passport is "secure" or the computer is always correct, they might (probably will) just let the computer think for them. The computer says the passport is valid, well, go right on through.
Biometric passports may speed up processing. Increase security, nope.
"with all of the terrorist threats lately" (Score:5, Insightful)
For example, I'm sure no-one would notice if a farmer bought a load of fertilizer and diesel fuel, and no one would notice if he drove a van into the centre of some large city, but that's all he'd need to do to blow up a lot of people.
The only way we can truly protect ourselves is to quite literally monitor everyone's actions 24-7, but if that were the case I'd rather live in North Korea.
Re:"with all of the terrorist threats lately" (Score:2)
Re:"with all of the terrorist threats lately" (Score:4, Insightful)
A typical farmer would by TONS more than McVeigh used in Oklohoma. That's the point.
Building a bomb, especially if size isn't too much of a consideration, is EASY. There are many, many ways to do it.
Further, it doesn't take a large bomb to make terrorism work.. someone tossing sticks of dynamite (easily available all over the world) into nightclubs would get people worked up just about as well. The whole point of terrorism is that it's cheap... a single event and a few deaths is so spectacular that everyone forgets to put it in scale. More people died in car accidents in the US last year than did on Sept. 11th, but the US isn't throwing billions into auto safety or cars that self-drive. More people died from smoking-related disease, but you don't see the government outlawing tobacco.
Re:"with all of the terrorist threats lately" (Score:2)
Hey, it sounded airtight and insightful in my head. Until now.
Re:"with all of the terrorist threats lately" (Score:2)
Make that last month.
Re:"with all of the terrorist threats lately" (Score:2)
1. The government does have a lot of cops out on the road giving a lot of tickets, vehicle citations, etc. They've invested in road signs and all kinds of ads against drunk driving, speeding, liscensing, etc. I'm not sure that self-driving cars would really reduce accidents, especially given our current technology and the public resistance to public transit is too great. They haven't created airplanes that 'self-fly' yet either.
2. Deat
Not flaming, not trolling: simply another argument (Score:3, Interesting)
Sure, but people don't just go and do that kind of thing without any prior planning. The intent has to be there first, manifesting itself in deviations from regular patterns of activity and other abnormalities in the lead-up to the act. Abnormalities which the government relies upon noti
Re:Not flaming, not trolling: simply another argum (Score:2)
Not only that, it's unconstitutional. But that hardly seems to be a concern for anyone these days.
Max
Re:"with all of the terrorist threats lately" (Score:2)
A very important fact that seems to be overlooked all the time is that most of the terrorists have *legit* passports. So what good is it if they have RFID tags in them?
I just am waiting for the day that you will be able to disable RFID using only EM based tools, so there is no apparent physical tampering, but the RFID device stops working... kinda like when they swipe merchandise on that powerful magnet so y
This may decrease security... (Score:5, Informative)
Why should that increase security? Perhaps there will be even more opportunities for forgeries. From Bruce Schneier' Crypto-Gram [schneier.com]
There's one other problem with identity documents: the ease of getting legitimate documents in fraudulent names. Several of the 9/11 terrorists obtained fraudulent IDs from the Virginia Department of Motor Vehicles by paying a corrupt employee $1000 each. These weren't fake IDs. These were real IDs in fake names, with all the holograms and micro printing and whatever else the driver's licenses have to make them hard to forge.
Re:This may decrease security... (Score:3, Insightful)
Most of the cr@p instituted falls under the "keeping honest people honest" area of security.
False dilemma (Score:5, Insightful)
Re:False dilemma (Score:2)
A very good distinction. The way this is done, however, is they make a case that these things might increase security and then they spend taxpayer dollars implementing it. If there is no increase in security in five years the claim is made that the system hasn't been adequately refined. If there is no increase in security in ten years the results are used to justify spending more taxpayer money o
Re:False dilemma (Score:2)
Today all passport have pictures in them, and most are machine readable. At most borders, the passports will be read by a scanner anyway. If the scanner scans the picture or reads the encoded picture from another place makes no difference for privacy and there's no need to panic.
The big privacy concern is what data is associated in the databases with your passport number - which is easy to scan even today.
The whole RFID-craze seems just to be scam by the chip vendo
I disagree (Score:5, Insightful)
First of all, and as 300 other comments would be pointing out by now, all those bastards on 9/11 planes had valid passports too. Whether passport is valid or not doesn't prove nothing.
Plus, IMHO, its harder to forge a non-digital passport. Thats a real skill. You can't walk into Radioshack, buy $70 worth of equipment, come back home and start playing with the RFIDs on the passport if its digital and all.
If its a non-digital passport, sure as hell if you indeed plan on forging/tampering it, you will have to find someone highly skilled that can accomplish that. And, if its a bad forgery job, its very easy for a human being to spot that.
My 0.02
Re:I disagree (Score:2)
This is the Microsoft Windows of passport systems: easy to use for both users and crackers.
Re:I disagree (Score:2)
This is a typical techie answer, but i know some people who work in printing that will have opposite views on this. Every technology can be hacked.
The difference is that when a digital technology is cracked, it takes no time at all before the method is known by all the black hats,
Unspecified threats (Score:3)
Has the lack of digital passports ever facilitated a breach of security? You know that the 9/11 hijackers had valid US passports. If they had digital RFID passports on them instead would they somehow have thought twice about hijacking the plane?
It's dorks like you who will eventually get CCTV into people's houses with the apologist "hey if you've got nothing to hide
Linux (Score:3, Funny)
Err, not exactly (Score:2)
Thanks for the wishful thinking, but "bringing passport documents into the digital world" (whatever that mean) is not exactly a silver bullet for security.
What terrorist threats? (Score:3, Interesting)
There hasn't been a terrorist attack in any of those countries for some time now - certainly not an attack of any form. Can somebody please tell me what evidence of threats we have despite that which is given to us by the same people who lied about WMD in Iraq?
The terrorism is happening in countries that will not be aided by the countries listed in the article putting RFID tags into passports. It's just another excuse to have another civil liberty stripped from you. Don't accept it.
make sure EVERYONE can read the chips (Score:3, Insightful)
Preserve the balance of power: require all surveillance systems to be public-access.
It's too late now (Score:3, Insightful)
You can't *increase* security (Score:5, Insightful)
Only reduce insecurity
This is insane (Score:5, Interesting)
the people in charge of this are:
a) totally stupid
b) totally ignorant
c) getting a buy 1bn get 1bn free deal on RFID
d) designing this so they can scan people without their knowledge
take your pick.
Only one thing you need to know (Score:5, Informative)
This isn't about the war on terrorism or even "regular" crime. It is about the war on illegal papers as used in illegal immigration.
Another point is that many european countries are getting closer and closer to introducing mandatory ID to be carried at all times. Add RFID tags and the next easy step will be to add RFID receivers everywhere to track every person.
What, current law would prohibit it? So? This is europe, home of the holocaust. It is not what use tracking everyone will have now. It is what it will be used for 20 yrs from now.
Why is this either/or ? (Score:3, Insightful)
It seems to me that we (anyone who is the subject of either privacy or security) should be expecting BOTH, not accepting the proposition that the privacy-security issue (or the liberty-security issue) is a zero-sum equation.
Yes, in the U.S. the current politics seem to indicate that 'They' don't care, but what I'm really saying is, even if the government doesn't care, shouldn't the governed?
At the risk of sounding like a zealot, semantics matter and when we speak of privacy and liberty being 'traded' for security, we are tacitly conceding that we can do without either if we are scared enough. I personally want more liberty and privacy when I'm scared, not less.
Just a thought to the writers of headlines and story titles.
Re:Why is this either/or ? (Score:3, Insightful)
It is indeed a false dichotomy. The things that are really opposed are phony security and justice. Here's why: all these security schemes can be thought of as statistical testing protocols (systems that yield 1=Al Qaeda, 0=John Q Public). To make matters worse, the ones proposed by the Bush junta are incompetently d
What "terrorist" threats? (Score:4, Insightful)
The "war on terrr" has only three purposes:
1. To make key members of the US govt. richer
2. To control citizens every move
3. To realise biblical prophecy by igniting a "clash of civilisations" between east and west, ultimately resulting in the Zionists dream of "greater israel", leading the way for armageddon. The palestinians and a billion and a half arabs are standing in the way of this.
That last bit might sound a bit far-fetched, but ask any fundamentalist christian zionist - for example one of the ones that have successflly brought about a coup in the U.S government.
Now - you're not going to like any of these reasons - which is just why the govt want your biometric information on a national database so dissenters may be traced whereever they are.
In order to do this, they have to scare you witless. This is what the endless "war on terror" is here for. The "terrorists" don't wear robes or turbans. They wear stars and stripes tie pins and appear on FOX news.
Re:What "terrorist" threats? (Score:3, Insightful)
Spare us the drama. In the order of world events these happen on a yearly basis. We're not doing any better, nor any worse, for having spent $80 billion to launch a war against this sort of thing. The only thing that $80 billion has done was increase the debt to the Federal Reserve, ensuring that we taxpayers are eternally screwed, and lined the pockets of those who are closest to the federal trough.
Re:What "terrorist" threats? (Score:3, Funny)
I would write a long reply, but I'm too busy wiping the Arab occupation in my neighborhood.
I also have the weekly meeting in the judeo-mason cell in the morning, during which we are going to plan how to torture Palestinian children during the Rosh-haShanah holiday, so that proper entertainment will be available to us zionists.
But thanks for the information, I will pass it to my leaders.
"Sure to increase security" (Score:3, Insightful)
Or wait, was this -1, Sarcastic?
Re:"Sure to increase security" (Score:2, Insightful)
Re:"Sure to increase security" (Score:2)
Encryption and visibility (Score:2, Interesting)
Moderate Article? (Score:5, Insightful)
facial recognition tech isn't very good (Score:3, Interesting)
Once this is rolled out on passports, how many false negatives are they going to be getting? To my eyes, my own passport photograph doesn't look all that much like me. God knows what a computer would make of it.
Essentially this is a way for Gov't to waste lots and lots of money without adding to security. If that's all they want to do, they should give the money to me - I'll waste it for them, no problem.
No problem for me (Score:2)
Well, my grandfather carried a silver cigarette case everywhere for decades. For me it's stylish and geeky to put some CF cards in it, but putting all RFID money/id stuff in it will be more appropriate in darker times.
I have two questions for the submitter (Score:3, Insightful)
2) What do you mean, "lately"? Some of us have been living with the possibility of a terrorist attack all our lives.
One word solution... (Score:2)
I have a better idea. (Score:4, Insightful)
Or is this virtually impossible? Are there any good reasons for we the west is hated so much, that are absolutely necessary to our survival, and to others' survival? How differently could we do these things?
Unexamined assumtions AGAIN (Score:3, Insightful)
WHY? What does a passport have to do with terrorist threats? Is everyone bloody unhinged?
Why does it have to be RFID? (Score:2)
Why not something that is just as simple but requires simplest of actions from the owner. iButton [ibutton.com]. Just touch the small metal can (immune to mostly all "environmental challenges") to a reader, and the contents are being read. Or a Java program (embedded in the chip non-virtual java machine,) is being executed. Or the data will be acc
Why is Canada doing it? We have to. (Score:2)
Canada is looking to do this because it is a requirement imposed on us by the United States.
nice trick (Score:2)
How much would you like to bet that US and UK lawmakers will later point to Canadian deployment as proof?
Don't worry, I won't blame Canada.
Keep the dialog calm (Score:3, Interesting)
- - That being said, the issue is cut-and-dry. These passports won't stop terrorism. The only thing RFID passport will do is make it easier for people with good forgeries to get on planes. As people become more dependent on high technology, the number of people who can abuse the system becomes smaller but the level of abuse they can perform grows. This does not make anyone safer, it makes the elite criminals who can crack the system richer. You don't have to be an expert hacker to give someone a fake criminal record, you just have to have the money and resources to hire one.
- - You work in an airport. You're told the new security system is much better than the old one. It certainly seems more complicated to fake the system out. Therefore you are naturally less suspicious of anyone the machine approves. There only has to be one criminal out there who can make forgeries to fool your system. As soon as someone out there figures it out, this system is obsolete. Terrorists have money to burn, between selling opium and (the even more lucritive and addictive) crude oil.
- - Undetected forgeries are the first failure of all security; human beings are the second. Has everyone forgotten how it was the terrorists got into the cockpits of those planes? They took hostages, and the pilots broke procedure by opening the door. Since in politics you can't effectively shoot down an idea without suggesting an alternative, I have a solution that takes into account forging documents and faulty PeopleSoft.
Problems with the current solution:
Solution: Make stronger doors that can't open while the plane is in flight, and require all planes use them.
- - It's cheaper than adding all of this RFID crap, less offensive than racial profiling, and less intrusive than a body cavity search. Terrorists trying to force the door open would be stopped by Air Marshalls. When it comes down to it, stopping crimes before they happen is incredibly difficult, expensive, and ultimately impossible. Preventing crimes from completing successfully is far easier and less expensive.
Well... (Score:3, Funny)
what threats? (Score:3, Interesting)
You mean the vague 'sky is falling!' warnings the government issues whenever it's numbers start to dip? Those threats?
The only way to end those threats is to shoot every politician in the country. That'll also end the threat to our privacy too.
Max
Just an update on Canada's position... (Score:3, Interesting)
Wearning an invisible "bomb me" sign! (Score:3, Insightful)
If passports have RFIDs that can be read from more than a few cm away, terrorists will be able to build bombs triggered by the presence of citizens of specific countries. Politicians, thanks for looking after us!
Huh? (Score:5, Interesting)
Surely this is a troll. Surely.
The question is not whether this will increase security. It won't, of course, since America is a goldfish bowl with too many ways in and no way to control them all. Terrorists are perfectly willing to spend years and millions of dollars (pounds, rubles, whatever) planning each operation and they will find a way in. And I wouldn't be surprised to find this kind of embedded RFID system get hacked and be readily available on the underground market. At some point the things will need to be programmed, and if nothing else a supply of blank cards and a programmer will be obtained from whoever makes them. I mean, come on, black-market Social Security cards can be found and some of them are apparently indistinguishable from the real thing because they are the real thing. It's called an "inside job."
The real question is: from whom must we be secured? And why? I've yet to see any rational discourse on the subject from the OHS or any of the other government organs involved that really makes the case that these devices (or any other form of technologically advanced tracking of the citizenry) will help in the (ahem) "War on Terrorism." The net effect will be to inconvenience and incarcerate some number of ordinary citizens who haven't a terrorist bone in their bodies while the real nut jobs use their hacked RFID's to walk right through airport security.
England has spent an incredible amount of money in wiring their country with video cameras. The justification for this "investment" (and I use the term loosely) was to catch terrorists. Well, the camera network has certainly helped in apprehending purse snatchers and other petty thieves but things are still getting blown up over there, so one wonders just how effective it really is. Were heading down the same road, and when all is said and done
Re:Sure? (Score:2)
another little piece of America's dwindling freedom and privacy is chipped away.
chip...chip...chip
Re:Oh, yeah, right... (Score:2)
The federal election committee, designed to help states with elections supposedly to prevent another florida debacle, asked the justice department whether or not they can delay an election during a terrorist attack. On 9/11 there was some sort of an election in NYC, a mayoral primary or something, not sure, but after the attacks they were cancelled. OF course this is unconstitutional because elections have always been state matters. I'm not sure how well intentioned the question wa
Re:paranoia (Score:2, Insightful)
Although if you have a cellphone...
Re:paranoia (Score:2)
Just because you can't see it doesn't mean it's not there.
Re:Why not ... (Score:5, Insightful)
For small losses of freedom, a simple raising of the terror alert level to red (or violet, or puce, or whatever the top is) will suffice. But to start chipping people, it'll probably require another attack (and that attack will come). It may also take the form of "convienience" - if you get chipped, you can walk right onto the plane. Then it will be come an "inconvienience" - if you're one fo the few not chipped its, "please step aside for a body cavity search."
The oceans fill up one raindrop at a time.