Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canada Moves to Biometric Passports

Posted by timothy on from the hey-it's-better-than-an-in-arm-rfid dept.

ancarett writes "The Toronto Star reports that Canada's Passport Office is preparing to roll out a biometric passport in 2005. The new e-Passport will include a digital chip that can store the holder's photograph and other personal information. Nothing but vague assurances on privacy and security of data: who's surprised?"

3 of 21 comments (clear)

  1. This could be done safely, but won't be. by e9th · · Score: 3, Interesting
    Store digitized photo, DOB, fingerprints, etc. onboard the passport. The gov't stores only a hash of that information. That way, the passport could be verified, but not recreated, from the database.

    But it'll never happen that way. To have all that nifty data in one place is just too tempting.

  2. PPT Sucks by billcopc · · Score: 3, Insightful

    Having worked there, I can honestly assure you that any technical endeavor is half-assed licensed crap from some clever contractor who knows how to milk a cow.

    So what if we have this whizbang electronic passport ? Who else has the hardware to verify its integrity except the canadian authorities ? The purpose of a passport is to authenticate your identity ABROAD. Do you think border guards in Mexico will have the e-reader ? Hell no. Anything that relies on local verification is doomed to fail, just like it does on our beloved Internet. Someone out there is going to get their hands on a chip programmer and a holographic printer because there is sufficient monetary and criminal incentive to do so. No way around it unless the whole world gets together and implements a central DB, and even then, sysadmins can be bought.

    It's always a race against crime, except the bad guys have all the trump cards.

    --
    -Billco, Fnarg.com
  3. Re:How would a hash work? by BranMan · · Score: 4, Interesting

    I think it would work like this: Use the hash to determine that the data stored on the card is the data recorded when the passport was created. Then, use that verified data to validate the current facial / fingerprint scans that uses some algorithm to compare them. If all matches, all is well.

    This is acually a pretty good system - the actual biometric data is NOT stored anywhere it can be stolen and reused. If the passport is lost, report it stolen, and that line in the DB (just the hash) is marked so that anyone using it is apprehended.

    Then, create a new passport for the user. It will have a new hash, and due to the microscopic differences between any two face / fingerprint scans the new hash will be different.

    I think they've just solved the biometric data problem. Now, just try to get the government to agree to it - note this way it can ONLY be used for verification, and only against the passport they are carrying. AND, it prevents anyone from being able to create forged passports unless they are able to insert hashes into the government database. It cannot be used in criminal investigations or general spying because the government doesn't HAVE any data (fingerprints or facial scans) to work with.

    Ingenious. Perfect. Secure. Will never be adopted.