Slashdot Mirror
U.S. Biometric Passports By Late 2004
truthsearch writes "The Register is reporting 'Current plans call for the new passport books to include a contactless smart chip based on the 14443 standard, with a minimum of 32 Kbytes of EEPROM storage. The chip will contain a compressed full-face image for use as a biometric. European biometric passports, by contrast, are planned to feature both retinal and fingerprint recognition biometrics on their smart cards.' How they tie this to '9/11 fears' is curious considering the hijackers had valid paperwork."
Even though we have better-than-32K resolution in the
Analog photos in our passports, I bet that at least half
The Slashdot readership's back hair is standing on end.
Maybe this is a privacy concern. Maybe. Especially if
You're concerned about automatic face recognition and such.
Anyone could create a device which could match your face from a
Scan of your passport photo. And your retinas can even be
Scanned while you're in line. What's the big deal here?
Money exists only to be spent. Technology exists mostly to be bought (and occasionally to just look cool on its own). Politicians are known for spending money like it's going out of style.
Ergo, let's go burn billions on this new technology that wouldn't have made a damn bit of difference anyway. Cuz, like, it's cool.
"To err is human, to forgive is simply not my policy." --root
They ratchet up security procedures, requiring everybody to show ID when flying, but when they decide that the aircraft went down not because of terrorism but because of a design flaw, do they roll back the tightened security?
Not on your life.
Face it lads, we're property. Nothing more.
Is this truly the only Earth I can live on?
How would you not tie it to 9/11? When you want total control, you will do anything to achieve it. Even using a tragic event as a means to what you want.
http://github.com/gbook/nidb
Woah! This is going way too far....A picture in a Passport! The audacity! Won't anyone think of the 4th admendment? I should quit my job and join the Michigan Milita. Viva La Revolution!
Come on people....If this had been done 5 years ago the response would have been "A digital picture in my passport? SWEET! One more thing I can try to hack..." Not everything is a facist government conspiracy to rob you of your freedom. Sometimes it's just using technology to make something better.
All of these security measures are useless until we come up with a solution to people killing themselves to kill us.
I don't mind having my biometric information stored in my passport. What I care about is having my biometric information in a government database. Once the government starts collecting this information, they're going to save a copy for themselves. Then the database will be available whenever they want to determine who someone is, such as when analyzing photos of protests.
It didn't mention this in the article so I thought I'd post here and ask. I just recently purchased a US passport which doesn't expire for 10 years. Will I be required to purchase the 'upgrade' to the new passport or can I continue to use it until it expires in 2013?
:(
With all the outstanding passports I couldn't imagine the US Gov would re-issue new ones for free. Hopefully we'll all be 'grandfathered' in, although since it is their property they could revoke them in Oct. 2004.
Thanks,
--
Matt
As someone who lives off his passport on a daily basis this seems like a gimick. Passports are totally insecure documents and always will be because they are used by people who leave their country and its laws behind.
The real wake up call about passports happened for me when my first one expired. I had memorized the number and assumed that naturally this ultra important piece of ID would be kept for life --not a chance.
I specifically requested to keep my old number and the feds said, no its not allowed.
This struck me as totally bizarre, but by that point I'd travelled enough to have met people who casually threw away their passports and got new ones whenever they got into visa problems so I wasn't all that surprised. Passports are a joke and always will be.
When will the government learn that forward thinking foreign policy is an infinitely more efficient means of increasing security than technological card-house building.
As much as I like the idea of more government tech jobs, I can't help but worry about our national security in the era of us-vs-them foreign policy.
The point is that this wouldn't help because ALL the hijackers came here LEGALLY! The hijackers didn't try to use fake passports or anything like that. Also almost all the hijackers (if not all) were relatively unknown to us until they did their crime.
Hmmm... Pie...
If you plan to kill yourself you can be a legitimate citizen with proper papers and still commit a heinous crime in your suicide for which you go unpunished. This doesn't make you more safe.
Does that mean that someone (anyone?) can make a nice little data collection device and place it near a walkway at an international airport to collect this information? It is one thing to be forced to give this information when entering a country, it is quite another if someone can just sniff it. Am I missing something?
I propose each citizen at least 18 yrs of age and with no history of crime or mental illness be REQUIRED BY LAW to carry a firearm at ALL TIMES in public places, including public transportation.
M.A.D. worked to save the world from the cold war nuclear threat, now it can save us from terrorism.
Clean those guns. Lock and load.
It will be interesting to see how the public reacts to this. Done correctly, it will increase the security of the passport without really compromising privacy. If the format of the data on the smart card is completely documented, it will be easy to verify that the only information is being stored appears in printed form on the passport itself. Since all of the information in printed form is being stored someplace now, it's hard to argue that a smart-card version of this information disadvantages the traveler somehow.
The presence of the digital signature, however, provides MUCH stronger assurances that these identity credentials aren't forged; this seems to me to be a very good thing indeed.
2) I have half a dozen ID and transit cards that use some sort of magnetic technology that isn't affected by strong electronic signals like cell phones or computers. I'm sure these chips will be designed the same way to resist tampering with magnets.
Lousy minor setbacks! This world sucks! -- Homer Simpson
> Adding a smart chip with biometrics is going to make it a lot harder for people to counterfeit these IDs.
:), so now you're always going to be identified as the person who did _whatever_the_thief_did. It's not like a username/password or email address or telephone # - those can always be exchanged for new ones when your 'identity' is stolen. But when your biometric data gets stolen - your actual identity is stolen, and it's stolen forever. The US passport version, with just a photo, is okay, as it's only replicating what is on existing US passports, but any more biometric data than that is a REMARKABLY bad idea.
The problem with biometrics and government-issued 'encrypted' biometric data is that once the technology IS cracked (and it WILL be cracked - make no mistake about that!), then what do you do? You can't change your biometric data (well, not without plastic surgery or eye replacements
"How they tie this to '9/11 fears' is curious considering the hijackers had valid paperwork."
The 9/11 hijackers had valid paperwork because various government agencies were not doing their jobs. These agencies are now under intense scruitiny, and are trying to do a better job to prevent potential terrorists from entering the country again. Smart chip passports will be much harder and more expensive to forge, making it harder for terrorists to travel using false identities. Overall, it's a small, important step in a larger program to keep the USA safe.
This honestly doesn't seem like such a big deal to me. Consider that this changes very little...
... seems to eliminate a less sophisticated avenue of fraud...
This sort of matches my viewpoint too. I mean, as a Brit living in the USA I already have an ID card with multiple features to make it hard to fake and biometric data (photo and fingerprint) - its called a "green card" although only the lettering on the back is green anymore. Wouldnt surprise me in the slightest to discover that theres all sorts of data encoded on it in machine-readable form from my visa application through to the final interview when they authorised giving me the card in the first place. I havent looked into it in any detail because I dont give a rats ass. They have the data anyway and the rules that govern its use dont change just because they stick it on a card. The harder it is for some jerk with a semtex fetish to fake one of these and maybe pretend to be me the happier I'll be. Personally I'd rather not get a vacation in Cuba thanks to identity theft....
I had a
What this fixes is the problem of HUMAN recognition of other humans.. which is remarkably bad. How many 16 year old kids borrow an older kids ID to sneak into a club or by liquor (hell I've done it). These are two different people, yet 90% of the time it works without a hitch.
When your in customs, and you have thousands and thousands of people coming into the country.. the margin for error just goes up and up. Screw 9/11, this is just a good idea. It's nothing that we don't have already.. it's just a more efficient and more accurate system that better ensures the person who has the passport matches up with the person that passport was assigned to.
Turn s60 photos into awesome videos with mScrapbook for all S60 3rd edition phones!
It wouldn't have helped prevent 9-11 but I do think it would help prevent FEARS about future 9-11 events.
Thats usually the governments game. Why else would they take your fingernail clippers?
Your passport image has a hologram overlayed over it, which makes any attempt to scan or copy it functionally impossible--sure it can be done, but the resulting image is very obviously not original. I know of no hack around this.
This digital copy, OTOH, will have no such protection. Oh sure, it will be encrypted and scrambled and blah blah blah, but anyone with half a brain and a propensity to scan the tech headlines of the past decade can tell you it's a matter of when, not if, it is defeated (e.g. CSS, Windows Media, "Enhanced CD" copy protection, half a dozen others).
So, to sum up: the photo on your passport now: not hackable. The photo stored in your passport 5 years from now: hackable. You can see why some claim this will degrade our privacy.
I think there is a world market for maybe five personal web logs.
The 9/11 attackers had real US passports, some attempted legally, others obtained via such out-of-band means as by murder, and bribery.
So these lovely smartcard based passports will only provide better tracking of lawful citizens, while criminals and terrorists are still free to walk amongst us.
And further considering that your country has made hundreds of these little, and some not-so little, changes over the past twenty years (remember the War on Drugs and Patriot Act?) there's little worry that you'll ever lose basic rights and freedoms. After all, hundreds of these little steps never add up large steps, right?
The best security relies on people knowing people and knowing things about people. An example: made to measure suits. If you belong to the social group that wears them, you will probably be able to recognise them on someone else. Unlike a car or credit card that can easily be stolen, a made to measure suit is effectively a biometric form of recognition. Nowadays, when a billionaire may wander around in jeans and T-shirt, it's harder for an investment banker to recognise a prospect.
There are examples in the Bible (the ability to pronounce "shibboleth" being used to distinguish friend from foe.) and from WW2 (the Navajo talkers being used as an ultra-secure communications channel.) The upshot is that we now live in a society where people can be extremely anonymous, and this is a huge benefit to both terrorists and criminals.
If we want to live in a society with high levels of security - and on the whole we seem to - we have to sacrifice some of our anonymity somewhere. Is it better to sacrifice anonymity at the local level (nosy neighbours) and have lots of little things that identify you to small groups of people who may be small minded, annoying or intrusive, or to sacrifice anonymity at the highest level (have a single point of identification which is apparently secure, but which is available to many people in government who may be corrupt or criminal?)
I don't know the answer, by the way
Panurge has posted for the last time. Thanks for the positive moderations.
As far as I am aware, one of the most effective routes to obtaining a fake ID is to actually apply for one through official channels. Why fake one when can have the govt print you one for only a nominal fee?
That's one one thing dead people are useful for.
sigs are hazardous to your health
Please tell me where does it say that you have the right (not just privilege) to demonstrate anonymously?
This question has stumped several activists already.
The analogy of liquor stores is severely flawed as, at least from my experience, most liquor stores and bars won't have you blowing them up if you beat the system. In fact, it is in their financial interest to serve you, assuming they don't get busted and hit with a fine (or lose their licence). Also, in most places, enforcement of these laws are very lax (the exception being college towns, basically).
The current trend is that if you add the word "digital", or some other computer-techie words to something, it's instantly better. It's just smokescreens and mirrors.
Let's think about how a person would get one of these new passports:
Like today, a person would conceivably need to have a photo taken somewhere to submit with the paperwork. A simple walk to a 1-hour-photo place will take care of that. Then this person, like today, will go to a govt. office to file the paperwork and sumbit the photo. Like today, the govt. employee will take the photo and paperwork, send it to someone who doesn't care if the photo and name match up - it's not his job, he just makes the passport - and several weeks later the applicant will get a letter in the mail with his passport. So what in this digital "biometric" data is stopping someone from getting a false ID (say, state drivers' licence), getting a photo, and submitting false paperwork to the govt. clerk in the hopes of getting a false passport? Better yet, since the digital photo is "signed" by the US Govt's private key, this false passport is even more authoritative and "legit" than my current (real) passport. Just wrap something in computer-speak, and instantly it's a whole lot safer, apparenly.
The security of any system is only as good as it's weakest link. That weak link in this new passport system still is the human element. True security has three aspects: something you have (like a key), something you are (like a fingerprint or retina scan), and something you know (like a passphrase). Combining these three elements, it is extremely difficult to comprimise a system.
"Jesus saves, but everyone else in a 10 foot radius takes full damage from the fireball."
I wonder if these new id's will implement the "red crystal on the hand" technology as demonstrated in the movie "Logan's Run"? If so and you are nearing your 30th birthday then you might want to leave it at home....or you could just explode...
You aren't free to do anything, until you've lost everything.
"I think all of you against this technology need a reality check. No one is going to track us, they are merely keeping us safe."
Here is a reply to your statement above from someone who is probably turning in his grave:
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin
http://www.bartleby.com/100/245.1.html
Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
pass an amendment guaranteeing privacy? ... generate publicity?
In a public place, at a public event, the purpose of which is to
OK, I'm as libertarian as the next guy, but WHY would anyone participating in a public event, in a public place, for the purpose of generating publicity have ANY expectation of privacy?
That's like me going swimming and getting mad that I got wet.
"If, therefore, any be unhappy, let him remember that he is unhappy by reason of himself alone."
~Epictetus
Once again, the Ninth Amendment of the Constitution:
m endment09/
http://caselaw.lp.findlaw.com/data/constitution/a
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Annotations
Rights Retained by the People
Aside from contending that a bill of rights was unnecessary, the Federalists responded to those opposing ratification of the Constitution because of the lack of a declaration of fundamental rights by arguing that inasmuch as it would be impossible to list all rights it would be dangerous to list some because there would be those who would seize on the absence of the omitted rights to assert that government was unrestrained as to those. 1 Madison adverted to this argument in presenting his proposed amendments to the House of Representatives. ''It has been objected also against a bill of rights, that, by enumerating particular exceptions to the grant of power, it would disparage those rights which were not placed in that enumeration; and it might follow by implication, that those rights which were not singled out, were intended to be assigned into the hands of the General Government, and were consequently insecure. This is one of the most plausible arguments I have ever heard against the admission of a bill of rights into this system; but, I conceive, that it may be guarded against. I have attempted it, as gentlemen may see by turning to the last clause of the fourth resolution.'' 2 It is clear from its text and from Madison's statement that the Amendment states but a rule of construction, making clear that a Bill of Rights might not by implication be taken to increase the powers of the national government in areas not enumerated, and that it does not contain within itself any guarantee of a right or a proscription of an infringement. 3 Recently, however, the Amendment has been construed to be positive affirmation of the existence of rights which are not enumerated but which are nonetheless protected by other provisions.
----
In other words, in order to protect the First Amendment rights of an individual, a right to privacy must be construed, else, as my "First Amendment Zone" abuse citation illustrates, there is no First Amendment right to free speech, if the speaker knows that his identity is being serriptitiously deduced and cataloged by opponents in the government, presumably to harrass or destroy the speaker.
The Ninth implies rights necessary to enable the enumerated rights. It denies the goverment the ability to increase its powers in the areas not enumerated, if those new powers exist soley to disable enumerated rights.
As I Read this and one of the replies to this comment, it occured to me that although I do consider myself somewhat of a Patriot. And the difference between a Patriot and a Terrorist can be merely the semantics of which side of any armed dispute your on. Based on that fact, which is part of the definition of what makes someone a terrorist, I would have to answer yes to that question. I serve in the US Army, and am quite certain that Mr. Hussein considers all american soldiers terrorists.
My point is that, that question is a very bad one to ask people. They may as well ask "Are you a citizen of a country that has any dispute with any other country or group in the world?"
I'm too lazy to compose a creative sig.
This digital copy, OTOH, will have no such protection. Oh sure, it will be encrypted and scrambled and blah blah blah, but anyone with half a brain and a propensity to scan the tech headlines of the past decade can tell you it's a matter of when, not if, it is defeated (e.g. CSS, Windows Media, "Enhanced CD" copy protection, half a dozen others).
There's a difference between being able to hack something with access to the hardware and software needed to make it work (DeCSS,Copyprotected CDs) and those that you don't. You'll never be able to get past this unless you can physically get your hands on the private keys. That means having access to a passport making machine.
DeCSS used weak keys, and someone left their keys unencrypted. It was because of that that DeCSS could have been made. DeCSS would not have been possible with a proper encryption. Protected CDs are a joke.
There are a lot of crypto systems that have not been hacked, such as RSA, etc PGP, RSA has been around for decades and is secure. These guys will probably be using RSA or something similar with a reasonable key length. There's no need for anything more complicated then RSA for this.
autopr0n is like, down and stuff.