Slashdot Mirror
Privacy vs. Security: Biometric E-Passports
ftblguy writes "Countries such as the UK, Belgium, Netherlands, Canada, US, Australia, and New Zealand are currently looking into adding RFID chips to citizens' passports. The chips would contain data such as a digital image of the person's face. A real-time facial scan of the carrier of the passport would then be matched to the data encoded in the chip. But privacy advocates such as CASPIAN are concerned that this data could get into the hands of the wrong people or that governments could use the data to track their citizens as they go about their personal business. But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."
bringing passport documents into the digital world is sure to increase security."
Surely noone believes that do they? Why?
Digital is inherently easier to copy then analogue - I think this would decrease security.
My pics.
Security doesn't come for free. You have to invest something for getting it. No sane person would run a Windows or a Linux box on teh internet without elaborate security setup.
And in anti-terrorism this translates to getting better passports with more detailed information.
For all the people who start to whine about privacy: if there is really a problem with this then your problem is not the passport. Your problem are the goverment and companies who can't be trusted. If you vote such people into office you shouldn't whine about the privacy issues of RFID chips. You just get what you wanted.
Sorry but a don't want a 747 crashed into my home just because some fools don't reliaze where the real problem is. It's like guns: not weapons are killing people, people are doing this. Technology isn't inherently evil.
Seriously im all for storing a picture of the person on their card if it makes general facial recognition easier but why the fuck does it need to be RFID someone please explain why a normal chip on the card would not do?
This comment does not represent the views or opinions of the user.
"But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."
Sure?
The post implies that with all "the recent terrorist threats" this is in some way a good thing.
There hasn't been a terrorist attack in any of those countries for some time now - certainly not an attack of any form. Can somebody please tell me what evidence of threats we have despite that which is given to us by the same people who lied about WMD in Iraq?
The terrorism is happening in countries that will not be aided by the countries listed in the article putting RFID tags into passports. It's just another excuse to have another civil liberty stripped from you. Don't accept it.
"But, with all of the terrorist threats lately"
Uhm.. yeah... well, yeah.. Yeah there are terrorist treaths, but it's all being a LITTLE bit exaggerated.
Fear makes people scared, scared people want to feel safe and secure, so scared people are more likely to let '1984'-like laws pass than not scared people and since Bush already said he'd like a dictatorship alot better..
oh, and did I mention that America passed a law that allowed the government(read Bush) can delay election day if there is a terrorist attack in the U.S. between today and the sheduled election day.
Now, doesn't that reek of something?
Ok ive RTFA and it doesn't explain anywhere why these things need RFID. There's absolutely no reason for it! Sticking all this information on standard 'smart-cards' would be just as effective (well i don't know how effective or what its really supposed to do anyway but it would produce the same effect). In the article it just says these are designed to only operate up to 10cm (we all know what that means) but 10cm is still enough for someone to scan your back pocket! The only possible argument is that the contacts on chips wear out and people are too lazy to stick their cards in a reader! That's not an argument. So the only thing we can conclude is:
the people in charge of this are:
a) totally stupid
b) totally ignorant
c) getting a buy 1bn get 1bn free deal on RFID
d) designing this so they can scan people without their knowledge
take your pick.
This comment does not represent the views or opinions of the user.
I'm sure no-one would notice if a farmer bought a load of fertilizer and diesel fuel, and no one would notice if he drove a van into the centre of some large city, but that's all he'd need to do to blow up a lot of people.
Sure, but people don't just go and do that kind of thing without any prior planning. The intent has to be there first, manifesting itself in deviations from regular patterns of activity and other abnormalities in the lead-up to the act. Abnormalities which the government relies upon noticing, because tracking everyone 24/7 is impossible even for them.
Anyway, increased tracking capabilities just makes the task of picking up irregularities simpler, because they have more data to work with. More data = better predictions
/Devil's Advocate
Antiquis temporibus, nati tibi similes in rupibus ventosissimis exponebantur ad necem.
So... you have some encoded data embedded in the passport. If it's encoded, there needs to be a key. If the key is in the possession of the customs officials (who presumably need to verify your identity), then it's susceptible to being stolen and abused.
Note that only the U.S. is advocating that digital passports contain unencrypted data about their owners that can be read from a distance. All other countries are supporting the idea that owner's data is encrypted on the passport by a key encoded in a barcode on the password, thus can only be accessed physically by a customs official.
Joseph R. Kiniry
http://kind.ucd.ie/~kiniry/
Lecturer
UCD School of Computer Science and Informatics
Before we think that this is a panacea for our security worriess we should be aware that facial recognition technology isn't all that good. In ideal conditions, with a relatively small database of images, it works reasonably well. But as soon as you put it in a real world environment (an airport for example) the reliability goes way down.
Once this is rolled out on passports, how many false negatives are they going to be getting? To my eyes, my own passport photograph doesn't look all that much like me. God knows what a computer would make of it.
Essentially this is a way for Gov't to waste lots and lots of money without adding to security. If that's all they want to do, they should give the money to me - I'll waste it for them, no problem.
Besides, if the movies teach us anything, it's the experienced old cop who spots something out of place, while the young greenhorne smacks the battery casing of his incarcerator2000.
Wine, music and cinema are the three great creations of humanity. -T'Ian Han
As of a month, when making a photo for a dutch passport, you are not allowed to smile ; as this would disturb the 'default' position from where all the other positions of the face can be determined (for face recognition) : This info is embedded within the passport.
> The three ways you can authenticate a person are:
> What they are, What they have, What they know
The trouble is that the government really wants to know "what you want", rather than any of those things. Using "what you are" to determine "what you want" works only by extrapolating from previous behaviour, and is necessarily restricted to past offenders. What we need is a passport that requires you to state your intentions every time you use it. It could go something like this:
"It looks like you are about to board a plane. Could you please reassure me that you do not wish to hijack it, blow it up, fly it into a government building, ignite your left shoe, have sex in the restroom, hassle the flight attendants, or behave in a threatening manner?"
"I am just going on a trip to Afganistan to meet some Mr.Laden or something. I don't know nothin' about all rest of that."
"Thank you for your cooperation."
- - That being said, the issue is cut-and-dry. These passports won't stop terrorism. The only thing RFID passport will do is make it easier for people with good forgeries to get on planes. As people become more dependent on high technology, the number of people who can abuse the system becomes smaller but the level of abuse they can perform grows. This does not make anyone safer, it makes the elite criminals who can crack the system richer. You don't have to be an expert hacker to give someone a fake criminal record, you just have to have the money and resources to hire one.
- - You work in an airport. You're told the new security system is much better than the old one. It certainly seems more complicated to fake the system out. Therefore you are naturally less suspicious of anyone the machine approves. There only has to be one criminal out there who can make forgeries to fool your system. As soon as someone out there figures it out, this system is obsolete. Terrorists have money to burn, between selling opium and (the even more lucritive and addictive) crude oil.
- - Undetected forgeries are the first failure of all security; human beings are the second. Has everyone forgotten how it was the terrorists got into the cockpits of those planes? They took hostages, and the pilots broke procedure by opening the door. Since in politics you can't effectively shoot down an idea without suggesting an alternative, I have a solution that takes into account forging documents and faulty PeopleSoft.
Problems with the current solution:
Solution: Make stronger doors that can't open while the plane is in flight, and require all planes use them.
- - It's cheaper than adding all of this RFID crap, less offensive than racial profiling, and less intrusive than a body cavity search. Terrorists trying to force the door open would be stopped by Air Marshalls. When it comes down to it, stopping crimes before they happen is incredibly difficult, expensive, and ultimately impossible. Preventing crimes from completing successfully is far easier and less expensive.
But, with all of the terrorist threats lately
You mean the vague 'sky is falling!' warnings the government issues whenever it's numbers start to dip? Those threats?
The only way to end those threats is to shoot every politician in the country. That'll also end the threat to our privacy too.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
....The Canadian government had looked into this for Canadian passports but a decision was made recently not to change the passport.
Might not ... Any reasonably competent forger will be able to download the required information into a fake passport with no more effort than making a Costco membership card.
The UK scheme is nothing to do with security, its a scam to take $100 off every man, woman and child in the country to pay for the war in Iraq.
Sent from my ASR33 using ASCII
Every time RFID comes up on Slashdot someone brings up that it can be read over a distance. Do not forget that there are many forms of RFID and that there are some that will not give up their information until they recieve the right unlocking key.
Not 100% secure, but the same type of authentication that CRAM-MD5 uses, which is trusted by many email servers and corporate remote authentication devices.
Don't assume that the type of RFID used will be chosen by techno-dolts who look only at price tag. There are knowledgeable folks out there doing the actual implementations.
But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security.
... will it catch enough terrorists to matter? Will it catch any?
And will our society still be recognizably "free" at that point?
Surely this is a troll. Surely.
The question is not whether this will increase security. It won't, of course, since America is a goldfish bowl with too many ways in and no way to control them all. Terrorists are perfectly willing to spend years and millions of dollars (pounds, rubles, whatever) planning each operation and they will find a way in. And I wouldn't be surprised to find this kind of embedded RFID system get hacked and be readily available on the underground market. At some point the things will need to be programmed, and if nothing else a supply of blank cards and a programmer will be obtained from whoever makes them. I mean, come on, black-market Social Security cards can be found and some of them are apparently indistinguishable from the real thing because they are the real thing. It's called an "inside job."
The real question is: from whom must we be secured? And why? I've yet to see any rational discourse on the subject from the OHS or any of the other government organs involved that really makes the case that these devices (or any other form of technologically advanced tracking of the citizenry) will help in the (ahem) "War on Terrorism." The net effect will be to inconvenience and incarcerate some number of ordinary citizens who haven't a terrorist bone in their bodies while the real nut jobs use their hacked RFID's to walk right through airport security.
England has spent an incredible amount of money in wiring their country with video cameras. The justification for this "investment" (and I use the term loosely) was to catch terrorists. Well, the camera network has certainly helped in apprehending purse snatchers and other petty thieves but things are still getting blown up over there, so one wonders just how effective it really is. Were heading down the same road, and when all is said and done
The higher the technology, the sharper that two-edged sword.
Heck, it could reduce security.
Why?
Currently a screener has to LOOK at the passport. They actually might have to use a few brain cells. They might find something isn't quite right and investigate further.
If the screener thinks the new passport is "secure" or the computer is always correct, they might (probably will) just let the computer think for them. The computer says the passport is valid, well, go right on through.
Biometric passports may speed up processing. Increase security, nope.
This is going to happen, so let some entrepreneur start now. We need wallets, and passport sleeves, with a wire mesh woven in to make a "Faraday cage" to block RF from going in or out. This lets our RFID tags in our credit cards or whatever readable only when we want them to be.
J