Slashdot Mirror
Estonia Tests "Contactless" ID-Cards
borkee writes "Estonian MEAC and CMB start testing a new version of a national ID card containing what they call 'contactless' extensions. Although they do not specifically disclose to us, taxpayers, what technology is used there, it must be quite obvious that it's nothing less than RFID. Add to this, they'll have person's biometrics in memory. (Security gurus of course know: biometrics just don't work.) Soon you can track us poor Estonians by our GSM phones and by our ID cards too!"
You'd think that the ex-Soviet countries would be really protective of their new freedoms...
Real Daleks don't climb stairs - they level the building.
like someone wants to track you ?
and as always when new technology is introduced, it will probably take a long time (let's say 2 years or so) until every department (communal house, police department, hospital,..) which needs to get information from your id card, will have the correct reader installed, so until then it's used the old fashoned way.
btw are you guys required to have your id card with you all the time ?
Learn about pinball machines on www.flippers.be
Where can I read about biometrics not being safe ?
That's very interesting, and I've never heard about it before. I mean surely the pattern in your eyes and your fingerprints are unique and does not change, no ?
Check out my PHP Url Validator
I'm sure they are protective. This was probably put to them in A Good Way. It's doing THEM a favor. No point in carrying cash, when you have credit cards which are protected even if stolen.
Take it to your own level of whether this is good or bad. I'm sure the comment arguments have already started.
riding round the world on an old motorcycle
I think you mean Estonia was in the USSR.
The real path to male liberation
They do? There are plenty of viable biometric measurements out there. They are not 100% reliable, but when compared to wetware trying to remember passwords they stack up pretty well.
I for instance have a finger print reader on both my palmtop and my desktop. In the limited environment I have, they identify and authorize perfectly well.
Admittedly, I dont know too much about the Estonian political system etc, to comment on the issue of choice, and how much of it the people there had when their government decided to introduce such a thing. However, it has been my experience that outside the US, a lot of cultures dont seem to make that big a deal about privacy, so maybe it is not that big a deal after all to Estonian citizens.
OTOH, RFIDs have already been implemented by clubs, etc to have painless billing, etc, so there are at least a few people around the world who dont think they are that big a deal.
Living in the US, however, my own fears are based on what I have heard about the privacy issues surrounding such technology, in that anyone with a scanner can find out a dangerous amount of information about you without your knowledge or consent; so to me it seems like a bad idea at least until someone can manage to convince me otherwise about how my information will be protected.
w00t! I got it! You fail!
;)
Too bad you're not on Slashdot High-Speed Internet. Maybe you would have got it then
This could have some nifty scientific uses even if you can't decrypt the data. Just think of the sociological experiments. Knowing exactly who's on what road, when? Who shops where? The possiblities are mind-blowing. And the sample would be great because it's taken from the public.
Since when has this country used intellectual elite as a pejorative term?
Estonia actually WAS in Soviet Russia
;)
It's a common mistake to refer to Soviet as Soviet Russia... Russia was a part of the Soviet Union same way as Estonia, so, saying what you actually did doesn't make any sence
"It would be wrong to refuse to face the fact that everything is fundamentally sick and sad."
They use RF to power the device up and then communicate with it. Been about since I've been at university and I've had about 5 1/2 years worth of job.
A good ID verifying-device (card, token, whatever):
* Does not contain or rely on biometrics. Generally can change, and once copied/forged one can never change the identifying information.
* Is capable of doing public-key encryption on-card. The information that identifies the person never leaks to the device. (Technically, this can be done with symmetric encryption as well in conjunction with a trusted centralized server, but this has some drawbacks.)
* Has a PIN, so that stealing the card is not sufficient to impersonate a person.
* Has a PIN entry keypad *on-card*, so that false readers and bogus ATMs cannot steal PINs.
* If any data must go back to the card owner, has a rudimentary display *on-card* (say, a calculator-style LCD display), so that a false reader or bogus ATM cannot say that someone is paying "$10.00 to WalMart" for something and actually having them pay "$14.00 to Joe Hacker".
* Should support a scheme where personal identity is not disclosed, but a persona is (my "persona" at the moment is "0x0d0a"). This is because any national ID card will naturally be used by other systems as well, and without this step, severe privacy abuses will occur. This requires use of a trusted, centralized server or of a card that can natively store multiple identities.
* Allows one to disable the trusted nature of the the card quickly and easily if it is lost, and in a manner that cannot be easily done by others (which would allow a denial-of-service attack against the card owner).
* Can handle water, crushing force, and high temperature.
* Can fit in a wallet.
* Should have the ability to log identity verification usage, so that the user can sync his card up with a computer or similar and check to see what he actually signed off on two days ago.
This certainly isn't a complete list of desireable characteristics, but it's a start.
May we never see th
People just don't understand what biometrics are for. They are not appropriate as a primary means of verifying identity, but they do work well as a supplement to other methods.
I think the problem is you've got some sales monkeys who are selling the idea of biometrics as an authentication pancea to pointy-haired types, which is just further proof that non-technical people should never be in a position of authority or act in a primary decision making capacity where technology is concerned.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
I can't read the article, but are you sure it's talking about RFID? Contactless smartcards are different to RFID tags. Maybe the paranoia's well founded, but there is a very important difference between an application card which can be pressed to a reader rather than inserted, and a tag which is designed to be tracked from several feet away.
Which is this?
Estonia is relatively small in size and population. With the exception of Tallinn and a couple other cities it's also very rural. RFID is manageable there. Plus, it might help if you get lost in the heavy forests and start treking toward the Soviet border. 1991 wasn't that long ago and many Estonians don't want to go there...
I dont't think, it's too hard to format this lil' pecker and rewrite the data, when the specific card readers/writers become aviable. Since it's contactless, U don't have to show the real pic on the card anyway.
And about this GSM-tracking? I'd like to whack that bastard who came up with the idea to bring this to the public. It's pretty dawm hard to give your girlfriend impression you're doing overtime @work, when your phone puts you in the strip-club.
GSM-LocatorSimple.
Why is everything RFID, and why is it suddenly a privacy issue. Don't bother answering that question, please.
Smartcards like this are usually contactless in that they can be at most several millimetres away from the reader (The power levels achieved typically allow only a very small separation (a few millimeters) between the card and the reader.)
I guess that They can increase the power signal until a satellite can read it, but AFAIK if they can do that, privacy issues are the least of my worries.
where Dilbert always goes on business trips?
Rus
Cheap UK and US VPS
Estonia has a large non citizen population, mostly resettled Russian nationals. There are serious questions about who is a citizen and who isn't.
This, and other problems that arose from the long term Soviet occupation make a secure method on identification necessary.
Under their circumstances, the Estonian Government believes security is more important than privacy.
This is contactless, in the sense that it is read by just being placed on top of a box on the bus. I doubt it can be read from further away (or they'd just put detectors in the door and speed up the queue).
Luckily they use a worthwhile biometric for identification. There is a photo on the card and a human being looking at it.
_O_
.|< The named which can be named is not the true named
How's Estonia, a poor country, funding all this? Money from the EU? Is it being used as a testing ground for rolling out the same scheme in Western Europe?
Tinfoil hat wearers might try the following method:
1) Fry the electronics in the card by putting it in a microwave oven etc.
2) Report the card as lost and get a new working card.
You can then keep the working card wrapped in tinfoil and use it only when you really need its identification technology.
Otherwise use the card with the disabled electronics as you would use a 'normal' ID card.
- "They misunderestimated me."
At least that is what your leaders would like to have you think.
this can't be shaping up to be all that bad now, could it?
WTPOUAWYHTTOTWPA
What's the point of using acronyms when you have to type out the whole phrase anyways?
You're right.. but I've never said it was a big mistake. All I said was that it was a common mistake.
:) So, I think there should be serious privacy concerns.
Anyhow, the chances of new russian invation are the same as the chances the next US president will be an alien
And the last thing... historically speaking the country behind the Great Russia actually is Ukraine.
"It would be wrong to refuse to face the fact that everything is fundamentally sick and sad."
I wouldn't mod it as "funny", I'd mod it "off-topic"... What are you talking about???
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
I often lose my Estonian. This will be a boon to me and many others who frequently suffer that particular embarrassment.
just keep your card in an RF proof wallet, then YOU choose when to give away any details.
There was an unknown error in the submission.
... its their homepage in English
http://www.id.ee/pages.php/0303
Märten
We already have Driver's Licenses and State ID's in the US; Why not simply take those and add RFID tags to them? Otherwise this is simply another addition to an already bulky wallet filled with Credit Cards, Health Insurance Cards, Travel Cards - oh, and some ca$h too.
...Faraday-cage id card wallets
-- Even if a god did exist, why the fsck should I worship it?
... then they will know also that rfid or _ANYTHING_ ELSE TECHNOLOGICAL "TRACKING" has very little to do with being a police state or not(rfid is just a number anyways that just happens to be readable wirelessly).
being a DDR like hellhole is a _social_ _people_ problem, not something that just spurs out of technology. you cold have a super invasive super bitchy governing system with just people and hard sticks.
besides than this I would bet these id cards to be similar to bus cards, that you would have to place them in a reader anyways(no 'secret' reading). the id cards would probably have the same stuff in them that finland has in it's new electronic cards that allows for digitally signing some papers & etc, allowing you to file some papers through the net.
besides, they won't probably be mandatory to hurle around just to get to the next city. you would be surprised how much the store clerk at your local neighbourhood grocery store remembers about you as well...
the cold hard fact is that information _will_ be gathered about you, it's what the goverment(or other organizations with power) does with that information that matters... but this is nothing new. information was always gatherable about anyone(hell, even usa has long tradition about gathering information about labour activists through private detectives and using that to.. umm. well - kill them.), in ddr they could just ask the kids if they wanted dirt on a family(or just made it up).
world was created 5 seconds before this post as it is.
..you read too much Dilbert, I initially read Estonia as Elbonia. :-)
Are you local? There's nothing for you here!
Once you detect fraud being done with your biometric identity,
where can you revoke your fingerprint and have a new one issued?
Before this gets labeled flamebait, this kind of intrusion really pisses me off.
The problem with this technology is it not only tracks you, it will allow tracking of your activities. What you buy. Where you go. The ability to, for good or bad, compile a docier on your life.
The only thing preventing this from happening before was the sheer logistics of it. Now that its real, I would like to wake people out of slumber.
I mentioned the ability to do good. I might even call them selling point excuses:
Tailored ads. Stand in front of a Coke machine with reader-"Mr. Jones, you like Cherry Coke! It's been a while since you've had one! Go ahead-we won't tell the Other cola co.!" This ad is beamed into your head(REAL technology-trial balloon tested in Japan!)-another distraction. If they are powerful enough readers, billboards changes to emphasize something in area based on your personal tastes.
Use for convenience. Make it a feature before it becomes mandatory.
For inventory/shipping control. Box 'a' has XXX going to YYY. You don't even need to scan for it directly.
Look folks, Walmart is forcing the use of tags on all their products. If the reader can read your RFID, it can read those too. Instant knowledge base of all the things you do, what you buy, or don't. Become a nonprofitable customer not well dealt with. Ack.
The potential for abuse is way to great. I have heard of no laws about the use of RFID tags. Right now they are being used on Gillette razors, being very expensive and easily stolen. Problem is, these chips are being made by the billion. You tryin' to tell me they sell BILLIONS of razors? Bah! There are 'plastic watch' chips for military use, used in Haiti for the refugee crisis.
Some tech specs-they are supposed to be burnt out at time of purchase, but they aren't, possible shielding on metal products(cans, etc.) Current readers have up to 20' read range. To deactivate them, microwave for a few secs, but set item on fire. Some are embedded in sandals. That would come in handy for tracking you. Unless you are an anti 1984ist(wow!, created a newspeak!), this should start to sound nasty. Someone with a scanner with devious intent could know all about you by scanning your curbed Hefty Cinchsack. Take an item, plant at a scene of a crime. *knock knock* "Mr. Jones, we have evidence that links you to...."
Like I said, there are ZERO laws concerning the use of these buggers. No search warrants, just scanning.
I try to be well informed, but biometrics seems better, because you know when they are being accessed, but still intrusive. With this junk(RFID), you will have the Law of Unintended consequences knocking on your door.
There are way too many possible abuses to go into, thx for patiently reading rant.
This mind intentionally left blank.
The KKK a bunch of sheetheads? You decide!
A full one third of the population there speaks Russian. It is a local language whether you want it or not. Compare the situation with that of the Swedish language in Finland. Shame, I tells ya.
It has pretty much always been possible to track any given persons GSM mobile phone. You wouldnt believe the amount of crimes this has helped solve and prevent as well as the amount of people who get lost and get found only thanks to their phone signal. Everyone I know owns a mobile phone. Everyone I know KNOWS that you can be tracked through your cellphone. I am yet to hear ANYBODY complain.
I really don't think that these cards are using RFID. They are probably something like the Philips MIFARE card. The way I understand it, contactless smartcards have a much shorter range than RFID chips (~5 cm) and they can store more data (4KB, 8KB, 16KB).
Sean Lane Fuller - The truth is out there!
even the USA. They are called "Passports."
The More Laws, the less Justice --Marcus Tullius Cicero
Isn't that what this is?? If a secure way can be found to implement RFID isn't that a good thing?? Small losses of personal liberty when we have a global threat to non-muslims seems imsignificant. Chose your priority, life and security vs. political correctness. Oh Nancy, I'm afraid!!!! If want to improve RFID technology, be part of the solution, dont just be a group of frikking whiners like usual.
Well acourding to our tracking systems you went round to that drug dealers house every day for more than a month.
Maybe you spent a few too many hours in a mosque.
Maybe you a postman...
thank God the internet isn't a human right.
I think it is a reference to Kievan Rus, a state formed by Vikings in present-day Ukraine. The capital of Kievan Rus would probably have been Kiev, which is still an important city in Ukraine. Anyway, Kievan Rus was in the apex of its power in the 10th century, but regardless of the intervening Mongol invasion, I believe that the later state of Russia is commonly regarded as a historical development of Kievan Rus. Warning: There's a lot of half-remembered history here. I hope someone who knows better will now correct my blatant mistakes... or maybe I should just check out Wikipedia.
So at least for now, the Estonian government (or whoever else) cannot "just" track anyone in Estonia.
People say I'm crazy, I got diamonds on the soles of my shoes...
I _AM_ me, not only do I know this for an ABSOLUTE FACT, but those people that I know (family, friends, lovers, ect) also know it (and vice versa of course)
Outside of a body-snatcher type science fiction film I am my own walking talking biometric identifier, even a 20-seconds-to-complete perfect genetic clone still won't fool anyone unless you can ALSO fill that perfect genetic clone with a perfect copy of my brain and memories, attitudes, experiences, dreams, fears, etc etc etc.
The idea that ANY subset of that data can be used to identify me with a usefully high positive degree of accuracy and a usefully low negative degree of accuracy is patently retarded.
Biometric ID was essentially instroduced by the police, in the form of fingerprints, eg on a murder weapon, as a method of tying one unique individual amongst many to a specific event at a specific time and place via a specific identifier, eg the fingerprint.
Fact is the fingerprint, far from foolproof and not that hard to fake (and getting easier as time passes) is still the best, in that it is fairly unique, but it still takes significant human detective effort to match a print to a suspect.
The advent of DNA testing has NOT improved accuracy (english law is already littered with example of overturned convictions that were based on flawed DNA evidence), it has lowered it (the billions to one stuff is bullshit, DNA tests do not match you entire genome, just a few (literally) nodes, most of whom you will share anyway with genetically similar humans, eg people from your area, especially distant relatives.
Adding extra bits of data, eg iris pattern, blood type, known allergies, pantone skin colour, proportion of mercury or other heavy metals in the body, can ONLY EVER INCREASE ACCURACY is the police detective / forensic sense, when trying to match a specific individual to a particular event at a particular place and time.
IT WILL BE NO BENEFIT WHATSOEVER as a general everyday method of identifying "me" from "you", and using that ID for the purposes of granting or restricting access to something, eg my bank account or workplace computer.
ON THE CONTRARY, since there is no instant method of verification of the ID card data against the individual holding it, the very fact that there is a wealth of data on the card will make it easier for me to withdraw cash from your ATM, and then slit the next passer by's throat, thus not only tying YOU in with this crime, but creating a good alibi for myself, since MY ID card doesn't match the data left at the scene of the crime by YOUR card.
We will then be in the ludicrous situation, which happens today in courts up and down the land, where the absolutely MOST reliably form of ID verification, friends and family, are dismissed, ignored or worse still branded as liars and conspirators, for contradicting the Identity "EVIDENCE" which states that you were not at home with them, you were drawing money from an ATM 30 feet from the murder scence within 60 seconds of the murder.
This is a parallel with the "smashed mechanical analogue watch or timepiece" showing the time of death, or at least the time the person was struck by the car of fell from the roof, the modern more accurate with calculator bluetooth and god know what digital timepiece gives more information to the coroner, but ZERO USEFUL INFORMATION.
No, ID exists only for the same purposes as the original fingerprint checks, to tie a specific person to a specific place.
ID as a method of general identification is a whole different game, and the only systems that have EVER been accepted as having ANY worth are those that were based on the original public / private key verification / signing thing, and which still apply today if I want to sit a driving test in the UK and do NOT have one of the new photcoard driving licences, but an older no picture type, I must bring a photograph of me, SIGNED BY PEOPLE OF STANDING IN THE COMMUNITY (my doctor, local policeman, bank manager, etc) WHO K
http://slashdot.org/~GuyFawkes/journal
What's supposed to work them? Forgetable passwords?
Biometrics work. And the level of detail beats the snot out of some password.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
See CIMU
which says A potential solution in this regard is that of merging the smart card with the National ID Card - thereby providing the citizen with an integrated card based on a medium which in our culture is used continually. This approach has been adopted successfully in Finland and Malaysia. The major stumbling block in this regard could be the Electoral Commission - and its buy-in should be sought in this regard.
Also it says: It is interesting to note that in late 1999, in New Zealand, news of a national smart card for health and welfare caused an uproar that eventually forced the Prime Minster to publicly dissociate his Government from the technology.
A report by the CCTA in the UK had identified driving licences as ideal for first cards.
Meanwhile the e-ID has been introduced which is I believe the same thing, but produced by Microsoft according to local news. Here's a link about it.
SCIREV.NET - fanfics,reviews & more
I can see it now. Considering people have managed to access a bluetooth mobile from 2 miles away with a well designed antenna, it wont take long for people to catch on with the RFID's. Makes it easier for stalkers too I guess
no more battle royale for you. kthxbye.
Maybe I'm missing something here... But can't that happen here too? You lose your card, they cancel it, and they issue you a new one. The only thing here is, that only YOU can use your card. If someone steals it, they can't activate it because they can't fake your biometric data, and by the time they figure out how to activate it, or fake your biometric info, the card has been cancelled and replaced. So when it get's lost or stolen, you report the card missing, it get's cancelled, and they issue a new one that only you can use/activate. Biometric passwords are an additional layer of security, not the only layer.
Your card gets cancelled and a new one gets issued.
Even if someone fakes your biometric information, the lost/stolen card doesn't work anymore.
"Misplacing" your ID-card in someones trunk.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
So you have been on crack for last 15 years?
A card with "RFID's" is the least you can expect from a country where the president officially sanctioned a memorial to the Waffen SS. (Hitler's elite troops.)
Think with your brain and don't swallow the propaganda fed to you.
Midget EU-sponsored pseudo-states like Estonia will crawl back begging to Russia when their current pimp stops using them.
Such is the life of a baltic state. Tant pis.
But of course, it is ever-so-much easier to ignore the fact that one of the worst genocides of the 20th century had, in fact, a Jewish origin. Much nicer to just blame the Georgians, huh?
And I won't mention that the vast majority of the genocide was borne by the Cossacks, not by the Ukrainians. But who cares, right, since they didn't have Jewish support?
(The fact that the Third Reich hasn't existed for the last fifty years hasn't stopped these scumbags.)
The current crop of "European Unificators", just like their ideological forebear Mr. Adolf "United Europe" Hitler, will throw your piss-poor piddling midget states on the trash heap of history once they are done using them as a geopolitical maxipad.
Oh, Estonia ... I was thinking Elbonia. Sorry - my bad.
Laws affecting technology will always be bad until enough techies become lawyers.
This is a magnetic card which needs to be moved about 1 1/2 inch in front of the reader . The magnetic card is topped by a Photo ID , so it the contactless means almost zero wear and tear of swiping.
... being a card-puncher like this means they track my in and out timings (like when I leave my floor for lunch or stuff).
..
:)
All doors in the office open as soon as you flash the ID cards (the doors beep , and everyone looks up at you as if to say "what are you doing roaming around")
The entry into various rooms are restricted like this (this is an outsourcing company , so clients are very very paranoid about "nonfull disclosure" being maintained). Testing server room doors could with your ID could even get you fired here
It need not be RFID or anything magic - just extend the reader to something like the metal detector in an airport to read this magnetic ink (holding this against the noonday sun shows that these are lines/bar-codes running the whole length of the card like those security threads in currency)....
And I'm sitting here clocking the first 9 1/2 of the 47 1/2 hours needed for the week , commenting on slashdot
Quidquid latine dictum sit, altum videtur
...when 100% of your GDP comes from "foreign aid".
Do I trust my goverment, fu*k no :)
:)
The ID card in itself isn't the problem, so much as the handing of a unique identifing key which is common accross every database ever stored on you, the goverment is then free to intergrate that database into one huge database, there designing proper leglislation to add to the number of things which are stored in the database but none to remove information.
And then what stops them from using the increased computational capacity of the future to look at the database and spot abnormalities, some bright spark might even find an alogrythum to predict the chances of a parent harming there child and just by pure fluke youre stasticly likely to harm your child and they take your children from you.
Yes I'm paranoid, but...
Do I trust my goverment, fu*k no
is that you are a racist pig. You've just neatly documented it yourself. Thank you, and please die soon.
Estonia is a parliamentary republic.
Estonia is one of the most free-market oriented countries in all of europe. It is ranked 6th in the world for economic freedom (above both the UK and US). Get your facts straight. And since no one ever cites sources I'll humor you http://www.heritage.org/research/features/index/co untries.html
'Telemarketing'? What's that?
The US Supreme Court upheld random traffic stops to check for people driving under the influence (don't have the citation handy ... I think it was in Michigain and in the 80's).
.. surprise, this person happened to have marijuana in their car.
Point being, if they have no reason, they'll come up with one by the time they get get out of their car.
An actual example: person is driving in my home town in NJ. New Jersey like many states permit you to turn right on red unless otherwise posted-- the actual wording is something to the affect 'a driver shall come to a complete stop, and only if the conditions are safe shall turn right'). The way the law has always been interpreted is that it's the driver's perogative on what is 'safe' and that the driver may choose not to turn right.
A cop pulled someone over for not turning at a red light and
Instead we get to carry our driver's licences, which function as defacto ID cards. I don't have a car, but I keep renewing my licence so I can get by. Big win, eh?
Vino, gyno, and techno -Bruce Sterling
i am in a close to eesti neighborhood country - LV..
Of course they are on to track my ass everywhere i go. As most paying and stuff where you nee to show Your identity will now be able to log times and other stuff in one bis log.
Remember that it's not paranoid to be aware of technology used against You.
Be Sure - It Will. For example: if you have something bad to say about crap like EU or pretty regular fraud done by government officials - Those "good guys" will be instantly able to dig up everyhing they need to discredit You and stuff like that.
You can place your RFID to wallet what blocks all the information in & out You can buy them from internet :)
It's nice to be important, but it's more important to be nice!