Slashdot Mirror
Estonia Tests "Contactless" ID-Cards
borkee writes "Estonian MEAC and CMB start testing a new version of a national ID card containing what they call 'contactless' extensions. Although they do not specifically disclose to us, taxpayers, what technology is used there, it must be quite obvious that it's nothing less than RFID. Add to this, they'll have person's biometrics in memory. (Security gurus of course know: biometrics just don't work.) Soon you can track us poor Estonians by our GSM phones and by our ID cards too!"
Where can I read about biometrics not being safe ?
That's very interesting, and I've never heard about it before. I mean surely the pattern in your eyes and your fingerprints are unique and does not change, no ?
Check out my PHP Url Validator
No we don't need to have our ID card with us all the time. It's required to own a card if you're older than 15 but you could just keep it home in a box.
like someone wants to track you ?
No, they're not interested in the average Joe as long as he remains that. But should he ever become or try to become someone of power and importance (or just too annoying), they'd love to have all sorts of dirt to wreck your life, career and credibility. It is considerable leverage both to prevent you becoming an influence, and controlling you if you do.
The KGB etc. were notorious for collecting vast amounts of information. Most of it they never needed, but they had it in case that person was turning out to be a problem. As long as you are a good little pawn and do nothing "wrong", there is no problem. That was true even in the Soviet union. So then you don't have any problem with them gathering this information?
Kjella
Live today, because you never know what tomorrow brings
Actually outside the US privacy laws are often a lot stricter.....
Secure messaging: http://quickmsg.vreeken.net/
A good ID verifying-device (card, token, whatever):
* Does not contain or rely on biometrics. Generally can change, and once copied/forged one can never change the identifying information.
* Is capable of doing public-key encryption on-card. The information that identifies the person never leaks to the device. (Technically, this can be done with symmetric encryption as well in conjunction with a trusted centralized server, but this has some drawbacks.)
* Has a PIN, so that stealing the card is not sufficient to impersonate a person.
* Has a PIN entry keypad *on-card*, so that false readers and bogus ATMs cannot steal PINs.
* If any data must go back to the card owner, has a rudimentary display *on-card* (say, a calculator-style LCD display), so that a false reader or bogus ATM cannot say that someone is paying "$10.00 to WalMart" for something and actually having them pay "$14.00 to Joe Hacker".
* Should support a scheme where personal identity is not disclosed, but a persona is (my "persona" at the moment is "0x0d0a"). This is because any national ID card will naturally be used by other systems as well, and without this step, severe privacy abuses will occur. This requires use of a trusted, centralized server or of a card that can natively store multiple identities.
* Allows one to disable the trusted nature of the the card quickly and easily if it is lost, and in a manner that cannot be easily done by others (which would allow a denial-of-service attack against the card owner).
* Can handle water, crushing force, and high temperature.
* Can fit in a wallet.
* Should have the ability to log identity verification usage, so that the user can sync his card up with a computer or similar and check to see what he actually signed off on two days ago.
This certainly isn't a complete list of desireable characteristics, but it's a start.
May we never see th
Almost all security is simply a means of raising the cost of hacking it to a level above it's value.
You are completely correct, and I have implemented a cunning plan that has made the effort of hacking me not worth doing.
I have no life, no job, no financial prospects and no worth to my identity. I plan to soon get a criminal record and become a terror suspect. Eventually I will also return my internet connection to a 2400bps modem, and will be insanely secure, as there will be no worth in breaking my security
Take that, evil hackers of the world, TAKE THAT!
I'm also from Belgium so therefor my question too.
:-) when id cards are introduced,
I guess we're used to having it with us always and don't find this weird.
It sometimes amazes me about all the fuzz some countries make (UK now, but otoh, UK is against just about anything new
or I sometimes just wonder how countries like the USA can even operate well without id cards or anything like that.
OK in the USA they use the social security number or driver license as id card, which gives problems with id theft because your unique key (which would be on your id card) is also used for other functions. Why not just put this unique key on your id card and only use it for identifying you ?
OK people say then want to be free and do whatever they want. Bad luck. At the same time you want to get social security, get unemployment money, drive a car, and much more, so at least prove who you are when you want to cash that check.
Having an id card and not needing to have it with you also gives the possibility for abuse.
In the end the 'good' people who don't do anything wrong aren't bothered by it, and at least it can stop mis-use by people who want to defraud the system.
Recently there was a program on tv about people in France driving without driver licenses (driver license with points, have to many violations and they revoke it), one of the guys had a friend who looked like him, so if he got stopped he said to the policeman he didn't have his papers with him, but his name was Y and then this friend would go to the police station to say he did the offence.
Duh.. At least these kind of things could be stopped if you needed to have your papers with you all the time.
That's only one example, I guess there are many more you can come up with in which people commit fraud by saying they're someone else.
Learn about pinball machines on www.flippers.be
Before this gets labeled flamebait, this kind of intrusion really pisses me off.
The problem with this technology is it not only tracks you, it will allow tracking of your activities. What you buy. Where you go. The ability to, for good or bad, compile a docier on your life.
The only thing preventing this from happening before was the sheer logistics of it. Now that its real, I would like to wake people out of slumber.
I mentioned the ability to do good. I might even call them selling point excuses:
Tailored ads. Stand in front of a Coke machine with reader-"Mr. Jones, you like Cherry Coke! It's been a while since you've had one! Go ahead-we won't tell the Other cola co.!" This ad is beamed into your head(REAL technology-trial balloon tested in Japan!)-another distraction. If they are powerful enough readers, billboards changes to emphasize something in area based on your personal tastes.
Use for convenience. Make it a feature before it becomes mandatory.
For inventory/shipping control. Box 'a' has XXX going to YYY. You don't even need to scan for it directly.
Look folks, Walmart is forcing the use of tags on all their products. If the reader can read your RFID, it can read those too. Instant knowledge base of all the things you do, what you buy, or don't. Become a nonprofitable customer not well dealt with. Ack.
The potential for abuse is way to great. I have heard of no laws about the use of RFID tags. Right now they are being used on Gillette razors, being very expensive and easily stolen. Problem is, these chips are being made by the billion. You tryin' to tell me they sell BILLIONS of razors? Bah! There are 'plastic watch' chips for military use, used in Haiti for the refugee crisis.
Some tech specs-they are supposed to be burnt out at time of purchase, but they aren't, possible shielding on metal products(cans, etc.) Current readers have up to 20' read range. To deactivate them, microwave for a few secs, but set item on fire. Some are embedded in sandals. That would come in handy for tracking you. Unless you are an anti 1984ist(wow!, created a newspeak!), this should start to sound nasty. Someone with a scanner with devious intent could know all about you by scanning your curbed Hefty Cinchsack. Take an item, plant at a scene of a crime. *knock knock* "Mr. Jones, we have evidence that links you to...."
Like I said, there are ZERO laws concerning the use of these buggers. No search warrants, just scanning.
I try to be well informed, but biometrics seems better, because you know when they are being accessed, but still intrusive. With this junk(RFID), you will have the Law of Unintended consequences knocking on your door.
There are way too many possible abuses to go into, thx for patiently reading rant.
This mind intentionally left blank.
The KKK a bunch of sheetheads? You decide!
A passport is not the same as a national ID card. No one is required to hold a passport, so can refuse to show it, or pretend that they do not have one. The same goes for driving licenses.
A compulsory national ID card is very different. You cannot claim not to have it, and hence can be required to produce it - even if that requirement is not immediate.
When you go to an international airport, you should make sure your mobile phone is turned off, or people will clone it on the grounds that you'll be out of the country and won't notice for a few weeks. This contactless technology is looked upon favourably by Blunkett, so I face the prospect of having to take my passport to the airport wrapped in a Faraday shield to prevent people reading the information and burgling my house on the grounds it will be empty for a few days.