Slashdot Mirror
Estonia Tests "Contactless" ID-Cards
borkee writes "Estonian MEAC and CMB start testing a new version of a national ID card containing what they call 'contactless' extensions. Although they do not specifically disclose to us, taxpayers, what technology is used there, it must be quite obvious that it's nothing less than RFID. Add to this, they'll have person's biometrics in memory. (Security gurus of course know: biometrics just don't work.) Soon you can track us poor Estonians by our GSM phones and by our ID cards too!"
You'd think that the ex-Soviet countries would be really protective of their new freedoms...
Real Daleks don't climb stairs - they level the building.
like someone wants to track you ?
and as always when new technology is introduced, it will probably take a long time (let's say 2 years or so) until every department (communal house, police department, hospital,..) which needs to get information from your id card, will have the correct reader installed, so until then it's used the old fashoned way.
btw are you guys required to have your id card with you all the time ?
Learn about pinball machines on www.flippers.be
Where can I read about biometrics not being safe ?
That's very interesting, and I've never heard about it before. I mean surely the pattern in your eyes and your fingerprints are unique and does not change, no ?
Check out my PHP Url Validator
I'm sure they are protective. This was probably put to them in A Good Way. It's doing THEM a favor. No point in carrying cash, when you have credit cards which are protected even if stolen.
Take it to your own level of whether this is good or bad. I'm sure the comment arguments have already started.
riding round the world on an old motorcycle
They do? There are plenty of viable biometric measurements out there. They are not 100% reliable, but when compared to wetware trying to remember passwords they stack up pretty well.
I for instance have a finger print reader on both my palmtop and my desktop. In the limited environment I have, they identify and authorize perfectly well.
Admittedly, I dont know too much about the Estonian political system etc, to comment on the issue of choice, and how much of it the people there had when their government decided to introduce such a thing. However, it has been my experience that outside the US, a lot of cultures dont seem to make that big a deal about privacy, so maybe it is not that big a deal after all to Estonian citizens.
OTOH, RFIDs have already been implemented by clubs, etc to have painless billing, etc, so there are at least a few people around the world who dont think they are that big a deal.
Living in the US, however, my own fears are based on what I have heard about the privacy issues surrounding such technology, in that anyone with a scanner can find out a dangerous amount of information about you without your knowledge or consent; so to me it seems like a bad idea at least until someone can manage to convince me otherwise about how my information will be protected.
This could have some nifty scientific uses even if you can't decrypt the data. Just think of the sociological experiments. Knowing exactly who's on what road, when? Who shops where? The possiblities are mind-blowing. And the sample would be great because it's taken from the public.
Since when has this country used intellectual elite as a pejorative term?
A good ID verifying-device (card, token, whatever):
* Does not contain or rely on biometrics. Generally can change, and once copied/forged one can never change the identifying information.
* Is capable of doing public-key encryption on-card. The information that identifies the person never leaks to the device. (Technically, this can be done with symmetric encryption as well in conjunction with a trusted centralized server, but this has some drawbacks.)
* Has a PIN, so that stealing the card is not sufficient to impersonate a person.
* Has a PIN entry keypad *on-card*, so that false readers and bogus ATMs cannot steal PINs.
* If any data must go back to the card owner, has a rudimentary display *on-card* (say, a calculator-style LCD display), so that a false reader or bogus ATM cannot say that someone is paying "$10.00 to WalMart" for something and actually having them pay "$14.00 to Joe Hacker".
* Should support a scheme where personal identity is not disclosed, but a persona is (my "persona" at the moment is "0x0d0a"). This is because any national ID card will naturally be used by other systems as well, and without this step, severe privacy abuses will occur. This requires use of a trusted, centralized server or of a card that can natively store multiple identities.
* Allows one to disable the trusted nature of the the card quickly and easily if it is lost, and in a manner that cannot be easily done by others (which would allow a denial-of-service attack against the card owner).
* Can handle water, crushing force, and high temperature.
* Can fit in a wallet.
* Should have the ability to log identity verification usage, so that the user can sync his card up with a computer or similar and check to see what he actually signed off on two days ago.
This certainly isn't a complete list of desireable characteristics, but it's a start.
May we never see th
People just don't understand what biometrics are for. They are not appropriate as a primary means of verifying identity, but they do work well as a supplement to other methods.
I think the problem is you've got some sales monkeys who are selling the idea of biometrics as an authentication pancea to pointy-haired types, which is just further proof that non-technical people should never be in a position of authority or act in a primary decision making capacity where technology is concerned.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
I can't read the article, but are you sure it's talking about RFID? Contactless smartcards are different to RFID tags. Maybe the paranoia's well founded, but there is a very important difference between an application card which can be pressed to a reader rather than inserted, and a tag which is designed to be tracked from several feet away.
Which is this?
I dont't think, it's too hard to format this lil' pecker and rewrite the data, when the specific card readers/writers become aviable. Since it's contactless, U don't have to show the real pic on the card anyway.
And about this GSM-tracking? I'd like to whack that bastard who came up with the idea to bring this to the public. It's pretty dawm hard to give your girlfriend impression you're doing overtime @work, when your phone puts you in the strip-club.
GSM-LocatorSimple.
where Dilbert always goes on business trips?
Rus
Cheap UK and US VPS
Estonia has a large non citizen population, mostly resettled Russian nationals. There are serious questions about who is a citizen and who isn't.
This, and other problems that arose from the long term Soviet occupation make a secure method on identification necessary.
Under their circumstances, the Estonian Government believes security is more important than privacy.
Tinfoil hat wearers might try the following method:
1) Fry the electronics in the card by putting it in a microwave oven etc.
2) Report the card as lost and get a new working card.
You can then keep the working card wrapped in tinfoil and use it only when you really need its identification technology.
Otherwise use the card with the disabled electronics as you would use a 'normal' ID card.
- "They misunderestimated me."
...Faraday-cage id card wallets
-- Even if a god did exist, why the fsck should I worship it?
... then they will know also that rfid or _ANYTHING_ ELSE TECHNOLOGICAL "TRACKING" has very little to do with being a police state or not(rfid is just a number anyways that just happens to be readable wirelessly).
being a DDR like hellhole is a _social_ _people_ problem, not something that just spurs out of technology. you cold have a super invasive super bitchy governing system with just people and hard sticks.
besides than this I would bet these id cards to be similar to bus cards, that you would have to place them in a reader anyways(no 'secret' reading). the id cards would probably have the same stuff in them that finland has in it's new electronic cards that allows for digitally signing some papers & etc, allowing you to file some papers through the net.
besides, they won't probably be mandatory to hurle around just to get to the next city. you would be surprised how much the store clerk at your local neighbourhood grocery store remembers about you as well...
the cold hard fact is that information _will_ be gathered about you, it's what the goverment(or other organizations with power) does with that information that matters... but this is nothing new. information was always gatherable about anyone(hell, even usa has long tradition about gathering information about labour activists through private detectives and using that to.. umm. well - kill them.), in ddr they could just ask the kids if they wanted dirt on a family(or just made it up).
world was created 5 seconds before this post as it is.
Once you detect fraud being done with your biometric identity,
where can you revoke your fingerprint and have a new one issued?
Before this gets labeled flamebait, this kind of intrusion really pisses me off.
The problem with this technology is it not only tracks you, it will allow tracking of your activities. What you buy. Where you go. The ability to, for good or bad, compile a docier on your life.
The only thing preventing this from happening before was the sheer logistics of it. Now that its real, I would like to wake people out of slumber.
I mentioned the ability to do good. I might even call them selling point excuses:
Tailored ads. Stand in front of a Coke machine with reader-"Mr. Jones, you like Cherry Coke! It's been a while since you've had one! Go ahead-we won't tell the Other cola co.!" This ad is beamed into your head(REAL technology-trial balloon tested in Japan!)-another distraction. If they are powerful enough readers, billboards changes to emphasize something in area based on your personal tastes.
Use for convenience. Make it a feature before it becomes mandatory.
For inventory/shipping control. Box 'a' has XXX going to YYY. You don't even need to scan for it directly.
Look folks, Walmart is forcing the use of tags on all their products. If the reader can read your RFID, it can read those too. Instant knowledge base of all the things you do, what you buy, or don't. Become a nonprofitable customer not well dealt with. Ack.
The potential for abuse is way to great. I have heard of no laws about the use of RFID tags. Right now they are being used on Gillette razors, being very expensive and easily stolen. Problem is, these chips are being made by the billion. You tryin' to tell me they sell BILLIONS of razors? Bah! There are 'plastic watch' chips for military use, used in Haiti for the refugee crisis.
Some tech specs-they are supposed to be burnt out at time of purchase, but they aren't, possible shielding on metal products(cans, etc.) Current readers have up to 20' read range. To deactivate them, microwave for a few secs, but set item on fire. Some are embedded in sandals. That would come in handy for tracking you. Unless you are an anti 1984ist(wow!, created a newspeak!), this should start to sound nasty. Someone with a scanner with devious intent could know all about you by scanning your curbed Hefty Cinchsack. Take an item, plant at a scene of a crime. *knock knock* "Mr. Jones, we have evidence that links you to...."
Like I said, there are ZERO laws concerning the use of these buggers. No search warrants, just scanning.
I try to be well informed, but biometrics seems better, because you know when they are being accessed, but still intrusive. With this junk(RFID), you will have the Law of Unintended consequences knocking on your door.
There are way too many possible abuses to go into, thx for patiently reading rant.
This mind intentionally left blank.
The KKK a bunch of sheetheads? You decide!
A full one third of the population there speaks Russian. It is a local language whether you want it or not. Compare the situation with that of the Swedish language in Finland. Shame, I tells ya.
It has pretty much always been possible to track any given persons GSM mobile phone. You wouldnt believe the amount of crimes this has helped solve and prevent as well as the amount of people who get lost and get found only thanks to their phone signal. Everyone I know owns a mobile phone. Everyone I know KNOWS that you can be tracked through your cellphone. I am yet to hear ANYBODY complain.
Isn't that what this is?? If a secure way can be found to implement RFID isn't that a good thing?? Small losses of personal liberty when we have a global threat to non-muslims seems imsignificant. Chose your priority, life and security vs. political correctness. Oh Nancy, I'm afraid!!!! If want to improve RFID technology, be part of the solution, dont just be a group of frikking whiners like usual.
A passport is not the same as a national ID card. No one is required to hold a passport, so can refuse to show it, or pretend that they do not have one. The same goes for driving licenses.
A compulsory national ID card is very different. You cannot claim not to have it, and hence can be required to produce it - even if that requirement is not immediate.
I _AM_ me, not only do I know this for an ABSOLUTE FACT, but those people that I know (family, friends, lovers, ect) also know it (and vice versa of course)
Outside of a body-snatcher type science fiction film I am my own walking talking biometric identifier, even a 20-seconds-to-complete perfect genetic clone still won't fool anyone unless you can ALSO fill that perfect genetic clone with a perfect copy of my brain and memories, attitudes, experiences, dreams, fears, etc etc etc.
The idea that ANY subset of that data can be used to identify me with a usefully high positive degree of accuracy and a usefully low negative degree of accuracy is patently retarded.
Biometric ID was essentially instroduced by the police, in the form of fingerprints, eg on a murder weapon, as a method of tying one unique individual amongst many to a specific event at a specific time and place via a specific identifier, eg the fingerprint.
Fact is the fingerprint, far from foolproof and not that hard to fake (and getting easier as time passes) is still the best, in that it is fairly unique, but it still takes significant human detective effort to match a print to a suspect.
The advent of DNA testing has NOT improved accuracy (english law is already littered with example of overturned convictions that were based on flawed DNA evidence), it has lowered it (the billions to one stuff is bullshit, DNA tests do not match you entire genome, just a few (literally) nodes, most of whom you will share anyway with genetically similar humans, eg people from your area, especially distant relatives.
Adding extra bits of data, eg iris pattern, blood type, known allergies, pantone skin colour, proportion of mercury or other heavy metals in the body, can ONLY EVER INCREASE ACCURACY is the police detective / forensic sense, when trying to match a specific individual to a particular event at a particular place and time.
IT WILL BE NO BENEFIT WHATSOEVER as a general everyday method of identifying "me" from "you", and using that ID for the purposes of granting or restricting access to something, eg my bank account or workplace computer.
ON THE CONTRARY, since there is no instant method of verification of the ID card data against the individual holding it, the very fact that there is a wealth of data on the card will make it easier for me to withdraw cash from your ATM, and then slit the next passer by's throat, thus not only tying YOU in with this crime, but creating a good alibi for myself, since MY ID card doesn't match the data left at the scene of the crime by YOUR card.
We will then be in the ludicrous situation, which happens today in courts up and down the land, where the absolutely MOST reliably form of ID verification, friends and family, are dismissed, ignored or worse still branded as liars and conspirators, for contradicting the Identity "EVIDENCE" which states that you were not at home with them, you were drawing money from an ATM 30 feet from the murder scence within 60 seconds of the murder.
This is a parallel with the "smashed mechanical analogue watch or timepiece" showing the time of death, or at least the time the person was struck by the car of fell from the roof, the modern more accurate with calculator bluetooth and god know what digital timepiece gives more information to the coroner, but ZERO USEFUL INFORMATION.
No, ID exists only for the same purposes as the original fingerprint checks, to tie a specific person to a specific place.
ID as a method of general identification is a whole different game, and the only systems that have EVER been accepted as having ANY worth are those that were based on the original public / private key verification / signing thing, and which still apply today if I want to sit a driving test in the UK and do NOT have one of the new photcoard driving licences, but an older no picture type, I must bring a photograph of me, SIGNED BY PEOPLE OF STANDING IN THE COMMUNITY (my doctor, local policeman, bank manager, etc) WHO K
http://slashdot.org/~GuyFawkes/journal
Oh, Estonia ... I was thinking Elbonia. Sorry - my bad.
Laws affecting technology will always be bad until enough techies become lawyers.
This is a magnetic card which needs to be moved about 1 1/2 inch in front of the reader . The magnetic card is topped by a Photo ID , so it the contactless means almost zero wear and tear of swiping.
... being a card-puncher like this means they track my in and out timings (like when I leave my floor for lunch or stuff).
..
:)
All doors in the office open as soon as you flash the ID cards (the doors beep , and everyone looks up at you as if to say "what are you doing roaming around")
The entry into various rooms are restricted like this (this is an outsourcing company , so clients are very very paranoid about "nonfull disclosure" being maintained). Testing server room doors could with your ID could even get you fired here
It need not be RFID or anything magic - just extend the reader to something like the metal detector in an airport to read this magnetic ink (holding this against the noonday sun shows that these are lines/bar-codes running the whole length of the card like those security threads in currency)....
And I'm sitting here clocking the first 9 1/2 of the 47 1/2 hours needed for the week , commenting on slashdot
Quidquid latine dictum sit, altum videtur