Slashdot Mirror
Privacy vs. Security: Biometric E-Passports
ftblguy writes "Countries such as the UK, Belgium, Netherlands, Canada, US, Australia, and New Zealand are currently looking into adding RFID chips to citizens' passports. The chips would contain data such as a digital image of the person's face. A real-time facial scan of the carrier of the passport would then be matched to the data encoded in the chip. But privacy advocates such as CASPIAN are concerned that this data could get into the hands of the wrong people or that governments could use the data to track their citizens as they go about their personal business. But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."
Soon they'll want to implant RFID tags (or something similar) in your left molar. Everyone will be able to be traced from a simpe computer terminal. Great for parents who's kids are kidnapped, or hikers lost in the mountains, bad for everyone else.
Sugapablo
they'll be needed in the years to come...
every day http://en.wikipedia.org/wiki/Special:Random
A real-time facial scan of the carrier of the passport would then be matched to the data encoded in the chip. But privacy advocates such as CASPIAN are concerned that this data could get into the hands of the wrong people or that governments could use the data to track their citizens as they go about their personal business.
well, my U.S. passport has a line of characters on the bottom of the first page (y'know, the one with the picture of me on it). the characters include my name, birthdate, and passport number. everytime i've returned to the u.s. from travelling, my passport is opened to that page and run through a scanner slot. i assume they are reading these values (as far as i can tell, there is no magnetic strip on there). other countries usually just make me write down my name, address, birthdate, and passport number when i pass through customs. so, governments can already track me as i go about my personal business. as for matching the facial scan, good thing, it means that i won't have to worry about my passport being stolen and used.
Whenever I hear "with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security," I cringe. The idea that something which sounds like increased security will actually amount to increased security without any real analysis is an all too common reaction these days.
Think about the TSA (Thousands Standing Around|Take Scissors Away) - does taking knitting needles make anyone safer? The biggest change in airline safety because of 9/11 was 9/11. Before folks figured that they could just quietly land in Cuba and live on peanuts for a few days before they would be brought home. All that has changed, but it didn't require billions of dollars, air marshals, or any of the other visible crap the government did to create the illusion of security.
While biometric passports might make identification more certain, you need to fully look at who/where/how passports are used, and see if these measures will actually be useful in the real world. Urg.
You are a retard.
The 11/9/2001 terrorists had valid passports. This system would have done nothing to prevent that attack.
My pics.
How the hell will this protect us from terrorism? I'm sick and tired of our governments trying to implement 1984 under our noses in the name of security.
For example, I'm sure no-one would notice if a farmer bought a load of fertilizer and diesel fuel, and no one would notice if he drove a van into the centre of some large city, but that's all he'd need to do to blow up a lot of people.
The only way we can truly protect ourselves is to quite literally monitor everyone's actions 24-7, but if that were the case I'd rather live in North Korea.
exactly, how about making the authorities show they are capable of understanding and using regular passports before they make things 10 times more complicated with RFID ones.
Prove first that these new technologies will in fact increase security and then I'll argue the privacy case.
But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security
First of all, and as 300 other comments would be pointing out by now, all those bastards on 9/11 planes had valid passports too. Whether passport is valid or not doesn't prove nothing.
Plus, IMHO, its harder to forge a non-digital passport. Thats a real skill. You can't walk into Radioshack, buy $70 worth of equipment, come back home and start playing with the RFIDs on the passport if its digital and all.
If its a non-digital passport, sure as hell if you indeed plan on forging/tampering it, you will have to find someone highly skilled that can accomplish that. And, if its a bad forgery job, its very easy for a human being to spot that.
My 0.02
Free XBox, PS2
Not just Government officials. My security is NOT increased by a powerful elite having information about me while I don't have information about them. Surveillance technology is probably unavoidable. But if implemented in the "Free World" (or the West), it should be Public Access, so that any citizen can keep tabs on anyone. Recognise that that most schemes that the government proposes do NOT follow this principle, as they are really seeking additional power over the populace, not seeking to help security.
Preserve the balance of power: require all surveillance systems to be public-access.
Privacy is on it's way out.
Only reduce insecurity
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
"But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."
You mean, without terrorist threats it wouldn't be an increase in security?
In additon, what exactly makes you think that this will "increase security"? Has security been defined? Can we measure it? Before and after introducing these passports?
Cheers!
Actually, it makes things less secure, because the training courses will emphasize that these "unbreakable" cards will give nearly perfect results. A good forgery will be even less likely to be questioned.
Most of the cr@p instituted falls under the "keeping honest people honest" area of security.
Is it just my observation, or are there way too many stupid people in the world?
Is it necessarily a foregone conclusion that privacy and security are in opposition to one another? I'll grant that privacy and sloppy security are opposed, but why have sloppy security at all?
It seems to me that we (anyone who is the subject of either privacy or security) should be expecting BOTH, not accepting the proposition that the privacy-security issue (or the liberty-security issue) is a zero-sum equation.
Yes, in the U.S. the current politics seem to indicate that 'They' don't care, but what I'm really saying is, even if the government doesn't care, shouldn't the governed?
At the risk of sounding like a zealot, semantics matter and when we speak of privacy and liberty being 'traded' for security, we are tacitly conceding that we can do without either if we are scared enough. I personally want more liberty and privacy when I'm scared, not less.
Just a thought to the writers of headlines and story titles.
Because we're not scared enough...yet. As things ratchet up in the loss of freedoms, we will feel "safer." Each "event" will scare us to agreeing to the next level.
For small losses of freedom, a simple raising of the terror alert level to red (or violet, or puce, or whatever the top is) will suffice. But to start chipping people, it'll probably require another attack (and that attack will come). It may also take the form of "convienience" - if you get chipped, you can walk right onto the plane. Then it will be come an "inconvienience" - if you're one fo the few not chipped its, "please step aside for a body cavity search."
The oceans fill up one raindrop at a time.
Is it just my observation, or are there way too many stupid people in the world?
You mean the ones based upon ancient and/or falsified information, much of it obtained under TORTURE by the U.S. Military?
The "war on terrr" has only three purposes:
1. To make key members of the US govt. richer
2. To control citizens every move
3. To realise biblical prophecy by igniting a "clash of civilisations" between east and west, ultimately resulting in the Zionists dream of "greater israel", leading the way for armageddon. The palestinians and a billion and a half arabs are standing in the way of this.
That last bit might sound a bit far-fetched, but ask any fundamentalist christian zionist - for example one of the ones that have successflly brought about a coup in the U.S government.
Now - you're not going to like any of these reasons - which is just why the govt want your biometric information on a national database so dissenters may be traced whereever they are.
In order to do this, they have to scare you witless. This is what the endless "war on terror" is here for. The "terrorists" don't wear robes or turbans. They wear stars and stripes tie pins and appear on FOX news.
Yeah, right... so any Russian hacker or spotty-faced teenager can crank out fake passports in his garage. How long before the government's über-ROT26 encoding scheme is cracked? Once more, we'll end up with rules that penalize the law-abiding, while providing no protection against the criminal. Normal people will have to go through the annoyance WHEN, not if, the RFID tag in their passport fails, or is misread, and they are taken for Osama bin Laden, or Teddy Kennedy.
Or wait, was this -1, Sarcastic?
I want to delete my account but Slashdot doesn't allow it.
1) How is this sure to increase security? Known terrorists are hardly the problem now; implementing this won't help against the known ones, and the unknown ones, well, they're unknown...
2) What do you mean, "lately"? Some of us have been living with the possibility of a terrorist attack all our lives.
It's official. Most of you are morons.
I pass hundreds of people in an airport who could have RFID readers and thus would have my data to copy and retransmit. Get that data from me and a few hundred other people and they will find someone they look enough like that they can make a very effective fake passport.
This data should not be transmitted contactless. Are you going to tell an immigration official, "Just scan the passport in my pocket"? No, you will still present the actual passport, so they can simple touch a smart card style chip on the passport to a reader and get the same information (more effectively than trying to pick out my info from that of dozens of others nearby).
Biometric info is not necessarily a bad thing, but RFID is not the right technology choice. Perhaps if I carry my passport in a tin foil bag...
Why don't we enact foreign policies that don't piss off the rest of the world?
Or is this virtually impossible? Are there any good reasons for we the west is hated so much, that are absolutely necessary to our survival, and to others' survival? How differently could we do these things?
That's one problem. Another is that you can never change that authentication token, the way you can change passwords or keys. Imagine a scenario where you work at the airport and the Evil Terrorists (tm) manage to get a copy of your fingerprint (can be done with latex gel and an eraser) or retinal scan and can use it to access something important. The only secure response is to deny access to anyone with a fingerprint that looks like yours, forever. So either you never work again, or you get to have a special password system just for you (and all the other ID-theft victims). But of course, at that point primary security rests with the password system; which you miight as well just use in the first place.
Biometric security systems strike me as being very similar in spirit to the various copy-protection schemes out there that the RIAA loves; they sound intimidating and high-tech, but are really poorly thought-out and only good to keep out amateurs, while serving to make all our lives more difficult. I wonder if our security guys really do think that al-Qaida really is a bunch of amateurs? Are they?
As for biometric passports - why in Ashcrofts name would you keep the biometric information on the passport as opposed to in a central database? If your ATM card didn't rely on a central server the banks would have been cleaned out long ago. I have no doubt that professional forgers, being the third oldest profession (bureaucrat being the second, and we all know what the first is), could sooner or later figure out how to encode the biometric information. In other words, the passport has to be considered insecure and information on it shouldn't be trusted.
Now, if you don't keep the fingerprint scan on the passport, why make a big fuss about "biometric" passports? Deliberate misinformation? Or is it a two-step scheme where the retinal scan is too big to transmit, so a copy is stored on the passport and e.g. a hash on the central server to verify the integrity of the passport?
Of course, you can still hump it across the Rio Grande, biometric passport or no biometric passport. So now we have to start checking people inside the country as well as at the border. Sooner or later this road leads only one place: frequent random searches of all citizens and demands for "Your paperz, bitte" anywhere, anytime.
Human genome = 3 billion base pairs = 6 GBit. Windows + Office = 20 Gbit. Which is more impressive?
"But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security"
WHY? What does a passport have to do with terrorist threats? Is everyone bloody unhinged?
Really, it would not be that hard to temporarely disable the RFID function. I can imagine how this RFID feature would be usefull when 'reading' the passport at, for example, an airport.
However, the RFID feature has no use when you just walk around with the passport in your wallet. In fact, this could be a privacy concern, since you could be 'tracked' without your consent. If you worry about this, loose the tinfoil hat and buy the tinfoil wallet.
Or you could carry your passport and other RFID-enabled documents and cards in a fancy metal case such as the ones used for cigarettes - unreadable as long as you do not open the case!
Just make sure it has a damn OFF Switch.
If passports have RFIDs that can be read from more than a few cm away, terrorists will be able to build bombs triggered by the presence of citizens of specific countries. Politicians, thanks for looking after us!