Slashdot Mirror

← Back to Stories (view on slashdot.org)

Estonia Tests "Contactless" ID-Cards

Posted by timothy on from the man-exists-for-the-state dept.

borkee writes "Estonian MEAC and CMB start testing a new version of a national ID card containing what they call 'contactless' extensions. Although they do not specifically disclose to us, taxpayers, what technology is used there, it must be quite obvious that it's nothing less than RFID. Add to this, they'll have person's biometrics in memory. (Security gurus of course know: biometrics just don't work.) Soon you can track us poor Estonians by our GSM phones and by our ID cards too!"

3 of 251 comments (clear)

  1. Re:so ? by asd-Strom · · Score: 4, Informative

    No we don't need to have our ID card with us all the time. It's required to own a card if you're older than 15 but you could just keep it home in a box.

  2. Re:Info on Biometrics not being safe ? by Sique · · Score: 4, Informative

    Biometrics have a limited recognition rate, that means: a considerable amount of false positives (wrongly identified) or false negatives (wrongly refused). Often all you can do is having a compromise, either admitting the false positives to have less false negatives, or having lots of people wrongly refused by the system, so the human operators have to manually sort out the remainings.

    Due to the limited recognition rate, you can often easily fool a biometric scanner. Face recognition systems are often fooled by holding a picture of the right person before the lense. Same often works for iris scanners. Finger print scanners can be fooled by fake fingerprints made from wax (stearine). Hand scanner sometimes are easiest. Cut out a cardboard with the right hand profile.

    Most of those biometric scanners thus should never run unattended, to minimize manipulation as stated above. And if you have humans watch the scanners, you could as easily have those humans perform the checks themselves, probably getting better recognition rates.

    Biometric scanners may give you additional security, if you use all the common methods like picture ids, signature and similar too, because now an attacker has not only to disguise himself accordingly, but has to fake the biometric data too. But without a central database for crosschecking the data, its rather meaningless. If he can fake a picture ID with his face and a false name, he can also fake the biometric data to fit his own data. As a stand alone tool the biometric scanners are not really ready.

    --
    .sig: Sique *sigh*
  3. Re:pardon my ignorance, but by pe1rxq · · Score: 4, Informative

    Actually outside the US privacy laws are often a lot stricter.....

    --
    Secure messaging: http://quickmsg.vreeken.net/