U.S. Biometric Passports By Late 2004

truthsearch writes "The Register is reporting 'Current plans call for the new passport books to include a contactless smart chip based on the 14443 standard, with a minimum of 32 Kbytes of EEPROM storage. The chip will contain a compressed full-face image for use as a biometric. European biometric passports, by contrast, are planned to feature both retinal and fingerprint recognition biometrics on their smart cards.' How they tie this to '9/11 fears' is curious considering the hijackers had valid paperwork."

Worth?

[Squidgee]

What's this worth? The images on a smart-chip are going to be lower resolution tham your passport image, and I don't see what good being sure you are who you say you are is going to do..

It doesn't effect privacy either; it's just kinda worthless, since "Adbar" could be a terrorist, but hey, we don't know that; we just know he's Adbar! 100%!

Big deal? Maybe...but not necessarily for worse

[stuyman]

This honestly doesn't seem like such a big deal to me. Consider that this changes very little: there's already a picture on your passport, and any country that wants could just photocopy or scan that. This probably won't help prevent terrorism, though it certainly seems to eliminate a less sophisticated avenue of fraud. Far fewer people have the technology to produce a fake passport with a smart chip than without.

Here's another interesting potential positive. When you want a visa to visit a country (something we americans don't need to do for most "westernized" nations) you usually need to send along 2 passport-sized photos, which means the PITA of going to get pictures taken. Now, if the embassy of Brunei has a smartcard reader for the passport, they could just download the picture from your passport instead! Electronic storage of visas and such might even eventually let us do all these things over the net.

There are privacy issues with any form of identification, but they rely less on what the identifier is but more on how it is used. If we want to preserve our rights, we need to fight against regulations forcing us to show or carry ID (a la Gilmore). The form these IDs take is not so important (well, unless they want to implant them in our skin, or make them checkable via radio, etc, but these are separate animals...)

False Security

For me, the issue isn't that this invades privacy (although it's not unprecendented for governments to sell personal information from their databases when they run low on cash). The problem is that this is a whole lot of effort to go through to fix a security problem that doesn't exist. So you don't have 100% biometric proof that so-and-so is the REAL so-and-so. Guess what? Even with this biometric information, you're STILL not 100% sure, just a lot surer. And what exactly does this information get you, security-wise? Well, you know that Mr. Psycho Bomber is the REAL Mr. Psycho Bomber, and you happily let him pass because he couldn't be up to no good if he's not concealing his identity.

Shit. We'd be more secure if we had a policy of only allowing women on planes, because there's actual statistical evidence to show they're less likely to cause problems. Sure it'd upset some people, but is it really better to implement a policy that doesn't even fix anything?

Re:False Security

[Alien+Being]

You're so right.

"Mr. Psycho Bomber"

Or in the context of 9/11 (which is obviously the impetus for this change), "guy who can fell tall building with a single boxcutter". What high tech measures could have been used to prevent those attacks? Oh, I dunno...maybe CLOSING THE COCKPIT DOOR!

I think the security experts need to learn the 80/20 rule.

Re:False Privacy

[CracktownHts]

Right on. My passport (US) has a digitized photo anyway, so I would assume my digital mug is floating around in a Federal computer system somewhere. Given that airlines generally (if not universally) maintain passport numbers in the passenger manifest of any flight in and out of this country, it's a trivial matter to have the pictures up and ready when the flight lands at its port of entry.

The European scheme, with fingerprints and retinal scans, would disturb me a bit more if I were subject to it.

Re:Well its about friggin time

[Tackhead]

> As the original contractor/code-monkey on the INSPASS project,

Automatic (+1, You Poor Bastard, how did you escape with your mind intact?)

> I'm amazed it only took 10 years to cut through enough of the beaurocratic B.S.

ObPeeve: "Bureaucratic".

But apart from that. Damn. At least INS and Customs have been integrated under the same department. That's a start, but it's only a start. The acid test for BICE will be whether or not they can integrate their back-end infrastructure to avoid the problems you outline.

> Of course, precision of card printing being what it is, the photo would often obscure or otherwise make the data in the other formats unreadable.

I'd like to think that today's printers and scanners have gotten good enough that one could steganographically embed biometric data in the photograph. Joe BICEpack at the immigration desk couldn't verify its presence/veracity by eye, but he could sure as heck stick it under a scanner at the port of entry and see if his terminal pops up a warning, like "Picture biometric does not match passport printed data. Picture appears to match Mr. Foo Bar, SSN/ITIN AAA-BB-CC, A#123456789, Mr. Foo Bar is/isn't on watch lists X, Y, and Z. Mr. Foo Bar has/hasn't a track record of customs violations, etc. etc. etc."

The one reservation I'd have about such an approach would be what happens if the scanner at the airport or border crossing gets coated with crud/residue after having processed thousands of passports a week. Perhaps a periodic recalibration with a "test card" (designed to be almost unreadable, worse than the average passport) after a spray on the scanner window with Windex or something could be part of the officer's morning routine. Get in, wipe window with rub, insert test card, re-wipe until test card says "OK", then open wicket for business with real passports.

Fer the record, I hereby place that idea in the public domain. Anyone in .gov who wants to take credit for it is welcome to do so, especially if they can get it - or anything more secure - implemented in less than 10 years.

To the privacy crowd: Privacy's good stuff. But the purpose of a passport is to provide proof of identity and citizenship. Unless you simultaneously advocate anonymous cross-border travel, policies which secure passports from exploits are perfectly compatible with privacy rights as they exist in law today, and as they existed in law before 9/11.

Plausable denyability

[lorcha]

The reason the buying alcohol with a fake trick works is that if you show reasonably-close ID, then the clerk is no longer at fault if you're underage. Consider the difference between these two situations:

Officer: You just sold alcohol to a 16-year old. Did you card him?
You: No
Officer: You're in trouble, then.

vs.

Officer: You just sold alcohol to a 16-year old. Did you card him?
You: Yes, and the picture looked like him.
Officer: Well, it turns out it was his older brother. Try to be more careful next time.

At that point, it's the 16-year-old's fault for posessing a fake id and using it to misrepresent himself. Both are crimes in the US.

Also, it's in the store's best interest to sell to as many people as they can. After all, they're in the biz to make money. Not to enforce our puritanical drinking laws.