Estonia Tests "Contactless" ID-Cards

borkee writes "Estonian MEAC and CMB start testing a new version of a national ID card containing what they call 'contactless' extensions. Although they do not specifically disclose to us, taxpayers, what technology is used there, it must be quite obvious that it's nothing less than RFID. Add to this, they'll have person's biometrics in memory. (Security gurus of course know: biometrics just don't work.) Soon you can track us poor Estonians by our GSM phones and by our ID cards too!"

Re:In Soviet Estonia..

[meringuoid]

The depressing thing is that Estonia actually WAS in Soviet Russia. I don't recall that they were particularly happy with the situation.

You'd think that the ex-Soviet countries would be really protective of their new freedoms...

Info on Biometrics not being safe ?

[acebone]

Where can I read about biometrics not being safe ?

That's very interesting, and I've never heard about it before. I mean surely the pattern in your eyes and your fingerprints are unique and does not change, no ?

Re:Info on Biometrics not being safe ?

[nzgeek]

There is only one of you. You have one set of fingerprints and one set of unique retinal patterns.

If someone manages to compromise this, say by lifting one of your prints off a discarded coke can, or removing one of your eyeballs, then you're - as the kids say - 0wned.

Sure biometrics may be mildly harder to compromise than a password, but a password is a hell of a lot easier to revoke if it has been compromised.

Re:Info on Biometrics not being safe ?

[R.Caley]

Can't say about retinal or iris patterns, but fingerprints are so dodgy, even when compared by experts, that the US government felt the need to ban funding of any study into how reliable they are. (New Scientist report).

I think we can assume that if they thought the results of such a study would be positive they would be pouring money at it, in the hope of being able ditch that embarassing `images are very like themselves' study.

Cool

[c0dedude]

This could have some nifty scientific uses even if you can't decrypt the data. Just think of the sociological experiments. Knowing exactly who's on what road, when? Who shops where? The possiblities are mind-blowing. And the sample would be great because it's taken from the public.

Re:so ?

No, of course we are not required to carry it all the time. I myself find the ID card very useful. I don't have a driver's licence and it's quite a pain in the a.. to carry the passport with me all the time. Mostly I need the ID card when shopping, because almost all shops ask some form of ID if paying with debit or credit card, when the bill is over 500 EEK (ca 32 euros).
Also since Estonia has become full member of the EU, the ID card is a very convenient travel document within the EU/EEA borders. No need to carry passport. Tried/tested.
As of contactless reading, do'nt know much about those plans.

Re:so ?

It is not so obvious that you're not required to carry it all the time. In belgium for example you have to carry you're id all the time from you 16th birthday. If the cops stop you and you don't have it with you, you risk a ticket (depends on the cop in front of you).

Mmmm... Possibilities :)

I dont't think, it's too hard to format this lil' pecker and rewrite the data, when the specific card readers/writers become aviable. Since it's contactless, U don't have to show the real pic on the card anyway.

And about this GSM-tracking? I'd like to whack that bastard who came up with the idea to bring this to the public. It's pretty dawm hard to give your girlfriend impression you're doing overtime @work, when your phone puts you in the strip-club.

GSM-LocatorSimple.

Re:Broken

[Beautyon]

is a system that relies on a mix of documents that you choose to provide, and not something provided to you by the state, no matter how cool it is.

Estonians, dont whine about ID cards; do what the Australians did and refuse to carry them at all.

Your government will withdraw the scheme. Guaranteed.

Re:Sweeping statement

[Alsee]

How does one go about making use of those finger prints

Google knows all.

how hard would it really be to make a system that defends against false readings?

Apparently very hard. It seems that all commonly available scanners are easily defeated by Gummi Bears.

-

Re:In Soviet Estonia..

[gl4ss]

... then they will know also that rfid or _ANYTHING_ ELSE TECHNOLOGICAL "TRACKING" has very little to do with being a police state or not(rfid is just a number anyways that just happens to be readable wirelessly).

being a DDR like hellhole is a _social_ _people_ problem, not something that just spurs out of technology. you cold have a super invasive super bitchy governing system with just people and hard sticks.

besides than this I would bet these id cards to be similar to bus cards, that you would have to place them in a reader anyways(no 'secret' reading). the id cards would probably have the same stuff in them that finland has in it's new electronic cards that allows for digitally signing some papers & etc, allowing you to file some papers through the net.

besides, they won't probably be mandatory to hurle around just to get to the next city. you would be surprised how much the store clerk at your local neighbourhood grocery store remembers about you as well...

the cold hard fact is that information _will_ be gathered about you, it's what the goverment(or other organizations with power) does with that information that matters... but this is nothing new. information was always gatherable about anyone(hell, even usa has long tradition about gathering information about labour activists through private detectives and using that to.. umm. well - kill them.), in ddr they could just ask the kids if they wanted dirt on a family(or just made it up).

Re:so ?

[DZign]

I'm also from Belgium so therefor my question too.

I guess we're used to having it with us always and don't find this weird.

It sometimes amazes me about all the fuzz some countries make (UK now, but otoh, UK is against just about anything new :-) when id cards are introduced,
or I sometimes just wonder how countries like the USA can even operate well without id cards or anything like that.

OK in the USA they use the social security number or driver license as id card, which gives problems with id theft because your unique key (which would be on your id card) is also used for other functions. Why not just put this unique key on your id card and only use it for identifying you ?

OK people say then want to be free and do whatever they want. Bad luck. At the same time you want to get social security, get unemployment money, drive a car, and much more, so at least prove who you are when you want to cash that check.

Having an id card and not needing to have it with you also gives the possibility for abuse.
In the end the 'good' people who don't do anything wrong aren't bothered by it, and at least it can stop mis-use by people who want to defraud the system.

Recently there was a program on tv about people in France driving without driver licenses (driver license with points, have to many violations and they revoke it), one of the guys had a friend who looked like him, so if he got stopped he said to the policeman he didn't have his papers with him, but his name was Y and then this friend would go to the police station to say he did the offence.
Duh.. At least these kind of things could be stopped if you needed to have your papers with you all the time.

That's only one example, I guess there are many more you can come up with in which people commit fraud by saying they're someone else.

Re:so ?

[DZign]

I'm not defending rfid's in id cards, I wouldn't like it myself either (as we always have to carry them, technically we would be easy to track then if there ever was enough infrastructury for this rolled out).

I just wanted to say that id cards in general are not a bad thing on themselves.
I wonder how other countries do without, and if this doesn't give more possibilities to for mis-use and fraud.
My impression is they can be useful and help society in general, if used properly.

However, people on /. always suspect the worst.
OK anything can be misused and there should be strict rules what can (not) be done with them.

And indeed, to answer (2) I was speaking about law-abiding citizens.

Hmm. Now thinking about all this, I was going to write that people should at least have some trust in their country and they live (at least most of us) in a democracy. Just made me realise that I'm too optimistic about this and most governments are corrupt and imo democracy doesn't work. But that's another discussion.
And extreme-right is becoming more popular here so the gestapo-reply by someone else here could actually become possible in 10 years or so. But that's worst case scenario..

Re:so ?

[the+chao+goes+mu]

Not just minorities. Try being white and entering a "known drug neighborhood". Worse, try being white and living in or near one. It is almost as if being white in the wrong part of the city is a crime.

Re:Broken

[0x0d0a]

PIN-entry on card. Right. Like my ATM is going to believe your card when it says you have the PIN. That's like rsh, except with money. You go first.

In smartcard-like systems (which differ from credit card systems), the PIN is not for the benefit of the ATM -- the smartcard would *never* hand over a PIN if it could get it directly from the user. As soon as you enter a PIN in smartcard, the ATM hands off the PIN to the smartcard and then is supposed to promptly "forget" about the PIN. The PIN is just what tells the smartcard that it should sign/endorse/do whatever the ATM hands to it. Generally, smartcards disable themselves if they get several bogus PINs in a row, as a matter of fact. The only reason for putting the buttons on the machine is that it reduces the unit cost of the card and lets you put buttons with nice texture and feedback.

As a matter of fact, cell phones could already provide much of this functionality onboard (though cell companies would be *certain* to want to route purchases through their own networks and take a cut, rather than just using IrDA or similar to talk directly to the ATM), and the FBI would be sure to want the phone to broadcast where you're using it and the like. Sigh.

I'm also wondering how I'm going to send someone payment without sending them personal information.

You don't. Your card-issuer (or a proxy, if there's any interest from card-issuers in providing anonymized transactions, which I'm guessing there won't be. :-(

Here's the data that goes back and forth in such a system:

1) You stick card into reader. Reader provides power, card powers itself on.

2) You enter PIN. Card notices that PIN is really yours and decides that "you are you", and allows you to authorize things.

3) ATM sends "WalMart, $55.95" to the card.

4) The card displays "WalMart, $55.95 on its display".

5) You hit "okay" on the card (probably doubles as one of the number buttons).

6) The card signs the following tuple ("12529134131", "WalMart, $55.95, 3451", where "3451" is an internal counter to the card that is incremented each use -- this prevents replay attacks, much like the serial number on a check), and sends it back to the reader. "12529134131" is a number that identifies you. Note that this can be anything, which is why such a system allows disconnecting personal information from your identity that WalMart can see. You could have just one, as debit card/credit cards currently have. You could have a number of "personas" on card that you hit a number to choose between. You could have a large store of one-time-use, pre-approved numbers on the card that are just moved through, one by one. This prevents Wal-Mart from tracking you, but gives them an identifier that whoever is holding your account (probably your card vendor or a proxy) knows maps to "you".

7) If you have the required money, the account-holding-server can return a response containing a tuple of "authorized" and all the data that they were previously sent (this prevents attacking transmission lines to ATMs and sending bogus "authorized" responses) signed with their *own* private key.

8) The reader checks, decides that the response is good, and gives you a recepit.

If anything, this is *easier* to use than a credit card, because the interface on a given, hell, I dunno what to call a button-and-display-enabled smartcard...(say, "brilliant card", in the vein of the "smart rocks"/"brilliant pebbles" anti-ICBM defense), brilliant card, is the same each time. With a card reader, the user has to figure out something different each time.

And for the life of me I don't see why biometrics couldn't be used in conjunction with other ID methods for enhanced security.

In theory, they could, as long as all ATMs/readers *strictly* never trusted biometrics alone, and required a second, strong form of authentication. There are two main drawbacks: (1) this destroys any possible vestig