Slashdot Mirror
Hong Kong Gets Smart ID Cards
darnellmc writes: "This AP article is about Hong Kong's new smart ID cards (mandatory) with "embedded computer chips that hold names, pictures and birthdates -- as well as a digital template of both thumbprints". The picture in the article shows a man holding them and smiling. The article also mentions "Hong Kong's government backed down on proposals to have the cards carry health and bank records". The Hong Kong government hopes to add optional features like using them as driving licenses and library cards. This government learned nothing from the USA's abuse of the Social Security number, this is much worse. Hoping one card will do it all. These cards are also in the works in other countries like Finland, Malaysia and Japan where they are to be optional. Thailand
is working on a mandatory card."
The "threats" that I'm aware of are :-
1) Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state[1].
2) Badly implemented smart cards will make it easy for the theft of other peoples identities.
[1] Of course, Hong Kong has been perilously close (if only in geographic terms) to a police state ever since the Chinese revolution!
That's part of the issue. It starts out needing to be used there, and then the guy who cuts your hair wants to see it, then the magazine subscription company, and then people call your house at 3AM and try to sell you something based on your card. A agree with this poster you should have a long read. Then when you say "they would never do something like that", we can all say we told you so.
So this change is limited to putting a smart chip in a card people already carry.
Not that its not dangerous -- there are a whole load of risks associated with people not knowing what information they are giving up whenever they show it (though there are laws about who is allowed to request it), as opposed to a print-only card where its obvious what you are showing.
indecision
These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.
All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?
If such a card was introduced in, say, the European Union, citizens would probably have the right to:
I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.
Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...
So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
True - countries with ID cards are police state (all western Europe for example, including Holland) while countries without are free countries (USA for example, which has the highest percentage of jailed people in the world !).
Orwell message would be stronger if he wasn't used and abused all the time...
I really doubt this would be an issue. The smart cards have no power supply nor do they have a radio transmitter. It would be extremely difficult to remotely power a device and remotely sense extract data from the device. You could possibly extract information from a reader when the device is in use, but it would be much easier to set up a fake reader to do this rather than doing it remotely from a real card reader.
This is similar to problems faced with ATM machines. A few years ago people started setting up fake ATM which would capture your ATM card info and PIN and then return an error. The crooks would forge new cards and clean out your account. No need to sniff data from working real ATMs when people would use your bogus ATM.
The Economics of Website Security
Okay, I live in Hong Kong. Actually that's not the worse part, as serveral ppl has mentioned, we would not mind carry such card around, since this is required by law to carry one around(smart or non-smart one, just like the SS). The problem is the way that they choose the vendor, who ever get the lowest price got it. The problem is the vendor who bid the project, Pacific Cyberworks is not well known on such technology locally. They claim they can finish the whole thing within 18 months cycle, which if you think more about it, it's a ridiculous short time frame. Not to mention their bid is half of the second lowest bid. That makes me have a really bad feeling that the security on such system would not be throughly tested at all. sigh...
This is a communist heaven.
Until now, the problem was - how can you control people if you cannot identify them.
I was growing in a communist country. The state 'secret' police kept file on every citizen, containing his opinions, habbits, friends and sins againts communistic ideology. This was useful for tracing, coercing, arresting and convicting individuals. Or simply such file was used when you applied for a school or job.
For instance.
We bought cars, but somwehere in the law it said that the car remains state's property. But it was hard to trace, how are you using it, e.g. do you drive it to church (subversive use!).
Can you make a car that would authenticated and started by smart card? I think, that I could engineer one in about 7 months.
Petrus
Now add photo and the state has a current image of almost every citizen which could then be plugged into cctv systems at political demonstrations and immediately identify people opposed to the current government. Bye Bye Freedom of Speach and hello the ability to track someone where ever they go.
This is a nonsequitur/slippery slope fallacy. The US government already has reasonably easy access to pictures of most of its citizens, but hasn't performed the abuses you described. Just because a government theoretically can do a thing doesn't mean that it does.
Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.
If fingerprints were put in such a card, I'd want some safeguards put in place so that identities would be protected during police proceedings such as you mentioned. Still, the technology side isn't necessarily evil -- why is it so wrong if your fingerprint identifies you as being at the scene of a crime? An eye-witness could do that as well. Maybe we should eliminate eye-witnesses as a matter of course to protect privacy?
Genetic finger print. Think of Gattaca and the eye lash being found by the police. Immediate identification with very small probability of error. Now tie this in to : Banking - going for a loan? Any genetic defects and they'll increase the interest rate you're paying and demand cover in case you die before its repaid.
What if that genetic defect showed guaranteed sociopathic behavior that made it a 99.9% certainty that the loan would not be repaid? Why should a bank pay someone they know is a bad risk. They evaluate income, past repayment of loans, age, and other factors. Why not go to something closer to the source?
Btw: It should always raise a red flag in any discussion when someone starts citing a movie plot as a likely outcome of real life events.
Insurance - any genetic abnormalities and then try getting insurance. Even worse if diseases such as HIV/AIDs were included in your information.
Why should I, as a health non-AIDS getter be punished for living a healthy lifestyle? Smokers often have to pay higher insurance premiums because they're a greater risk. Why is AIDS any different?
As to the genetic identification, I have high hopes that by the time that we get sophisticated to easily sequence everyone's DNA, we'll also have good methods for fixing problems in our DNA.
Finally the worst part Identity theft. Government ID card is supposed to prove beyond all reasonable doubt that you are who you say you are. If you have a card with your photo on it, with your fingerprints and genetic fingerprint all matching then obviously you must be the person named on it with access to all your bank accounts, property deeds etc.
But right now, things are worse. Those bozos at my bank give people access to my bank accounts if they can recite my social security number and mother's maiden name! It's all about raising the bar, and putting my secret information encrypted with my PIN on a hard-to-compromise smart card would be a step in the right direction.
Why are you letting these clowns ruin our country?
I think this is a good point.
Why worry about ID cards when we are talking about deploying security cameras everywhere? And what happens when face recognition software becomes good enough to pick you out in a crowd?
If anything, ID cards are less problematic than things that are going to happen -- the only difference is that technological surveillance measures will be put in place without our permission, cooperation -- or even awareness. If the police are tracking you with your ID card, at least they can't do this without disclosing that they are doing so.
Technology is putting this capability into the hands of government and private industry whether we will or no.
I'd support a national ID card now for two reasons. First, the issue of government abuse is close to being mooted by new technology. Second, introduction of such a card will slow down the adoption of less obvious surveillance measures so that we can consider how to to make the operators of those measures accountable.
Getting to the issues of smart cards, I think the problem is in placing too much trust in them. First of all, they have proved more vulnerable to cracking than we first thought. Secondly, the cards themselves are useless without systems around them to do things with the information on the cards, and the card holder has to be careful about trusting those systems with access to his card.
I think it is wise to avoid putting sensitive records (bank records in particular) on these cards, at least at the outset. Concentrate on tamper proofing them, and let organized crime get a few years to crack them when they are relatively less critical. At some point in the future we can make a more informed decision about how much to trust the cards and the systems they interface with.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I beg to differ.
Compulsory only means that every citizen has to have one, so that he can identify himself when needed (either if required by law or if he chooses). It doesn't necessarily mean that it's compulsory to carry the card at all times, neither does it mean that police must be allowed to stop and ask to see it without good reason.
There are dozens of situations where it makes perfect sense to have a reliable standardized ID, to be able to identify yourself.
As an example: the US authorities do not even have the slightest clue about the status of people living in their country. I used to live in the US for a year when I was 17 years old. I had a SSN and I got a drivers license there. When I turned 18, I got a letter from the draft office asking me to register with them. I don't exactly know how they got my name and birthdate, but I assume via the drivers license or SSN registration. Fact is, I never was a US citizen. At the time I got the letter I had already left the US (it was forwarded). The US draft office knew nothing about this. It required several letters to convince them that their registration process didn't even apply to me (as a non-US citizen). The only thing that did was my (non-US) ID.
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
I don't know if this has actually been done in the Cyberworks solution for HK, but it's not rocket science and it's standard practice in the smart card industry.
Here's a suggestion: If you're clueless, don't post.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Have you ever worked with smart cards? Do you know what a smart card reader is? It is simply an interface between the smart card and another system. It has no, I repeat NO intelligence. There is NOTHING TO CRACK in the reader.
What do you mean by reverse engineering a chip? In a properly designed smart card system the bad guys can get ahold of all the cards (initialized or uninitialized) they want and they will not be able to "compromise the whole system".
Even if you somehow managed to extract the keys from one card, that is all you would have, one card. You would have go through the process again for another card. BTW, extracting the keys from a single card is estimate to cost $300,000 or more. It is not something that can be mass-produced.
A remote reader is only useful for contactless cards and only in certain situations.
I work with smart cards everyday. I work for one of the teams that bid on this project. Not the winning team :( . I am only flaming the parent post because it is spreading lies and for some reason has been modded it.
Lasers Controlled Games!
Techniques specific to cracking a smartcard have undone this work. If one knows the encryption algorithm used by the card and the hardware used to implement it, then because the card reader provides the card with power to do its computations, the power-demand-vs-time information gained by the reader can be used to reconstruct the key stored in the card.
All modern smart cards defeat simple power analysis and most of them defeat differential power analysis and a variety of other side-channel attacks as well.
How? It's not that hard.
Defeating simple power analysis (watching the power consumption for one run through the encryption) is easy, and cards fixed this problem quickly -- just install a capacitor that buffers the power consumption. In theory, enough buffering can completely smooth the power consumption curve and defeat all power analysis, but as Paul Kocher (inventor of power analysis) found, in practice if you run the card through enough cycles and apply some math to the results you can still extract the information. This is differential power analysis.
There are a wide variety of mechanisms for defeating DPA. Some focus on protocol design, ensuring that the same data is never encrypted twice, or limiting the number of times that a particular key is used, by doing most work with session keys established during an authentication protocol, counting the number of failed authentications and refusing to operate after a small number of them. This does enable a DOS attack, but that's less damaging to the system as a whole. Other approaches focus on the cryptographic algorithms, exploiting nuances of their structure. For example, some IBM researchers discovered that they could inject randomness into DES calculations, XORing random numbers with the values in the computations at certain points and then XORing again to remove the effects. The result is randomized power consumption, without compromising the consistency of the results. A 3DES engine built with randomized DES is immune to DPA. The current direction anti-DPA technology is less technologically sophisticated but just as effective: A hardware encryption engine. Because a hardware 3DES or AES engine performs its computations in such a tiny amount of time, and at such tiny power consumption, a very small capacitor can complete buffer the operation.
Many other side channel attacks have been defeated as well, mostly by shielding the chips with heat and power-conductive sheaths.
It's interesting to note that public key cryptography in smart cards *is* still vulnerable to power analysis, in most cases even to simple power analysis. PK cards use a hardware coprocessor, but the process still takes time, and that makes SPA/DPA possible.
Cards are not 100% secure, but nothing is. Current best estimates are that a modern card that incorporates all of the current security features would cost approximately $300,000 to break. All good designers of smart card systems understand that, and take various precautions (which I won't go into here) to ensure that the compromise of one card does not compromise the entire system.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.