Slashdot Mirror
Privacy vs. Security: Biometric E-Passports
ftblguy writes "Countries such as the UK, Belgium, Netherlands, Canada, US, Australia, and New Zealand are currently looking into adding RFID chips to citizens' passports. The chips would contain data such as a digital image of the person's face. A real-time facial scan of the carrier of the passport would then be matched to the data encoded in the chip. But privacy advocates such as CASPIAN are concerned that this data could get into the hands of the wrong people or that governments could use the data to track their citizens as they go about their personal business. But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."
Soon they'll want to implant RFID tags (or something similar) in your left molar. Everyone will be able to be traced from a simpe computer terminal. Great for parents who's kids are kidnapped, or hikers lost in the mountains, bad for everyone else.
Sugapablo
dupe!
UK Laptops
I probably wouldn't object to this idea, if I just knew that I could turn it off.
Biometric systems are not secure as a means of authentication, they are too easy to fake.
The three ways you can authenticate a person are:
-
What they are
-
What they have
-
What they know
A good security system combines at least two of these. This one does, but since it only authenticates against what you have, it is not very good. If each passport had a key encrypted with a passphrase (like in PGP), and you needed the passphrase to use it, you would have good protection against stolen passports.But these don't do that.
they'll be needed in the years to come...
every day http://en.wikipedia.org/wiki/Special:Random
bringing passport documents into the digital world is sure to increase security."
Surely noone believes that do they? Why?
Digital is inherently easier to copy then analogue - I think this would decrease security.
My pics.
Security doesn't come for free. You have to invest something for getting it. No sane person would run a Windows or a Linux box on teh internet without elaborate security setup.
And in anti-terrorism this translates to getting better passports with more detailed information.
For all the people who start to whine about privacy: if there is really a problem with this then your problem is not the passport. Your problem are the goverment and companies who can't be trusted. If you vote such people into office you shouldn't whine about the privacy issues of RFID chips. You just get what you wanted.
Sorry but a don't want a 747 crashed into my home just because some fools don't reliaze where the real problem is. It's like guns: not weapons are killing people, people are doing this. Technology isn't inherently evil.
Seriously im all for storing a picture of the person on their card if it makes general facial recognition easier but why the fuck does it need to be RFID someone please explain why a normal chip on the card would not do?
This comment does not represent the views or opinions of the user.
Whenever I hear "with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security," I cringe. The idea that something which sounds like increased security will actually amount to increased security without any real analysis is an all too common reaction these days.
Think about the TSA (Thousands Standing Around|Take Scissors Away) - does taking knitting needles make anyone safer? The biggest change in airline safety because of 9/11 was 9/11. Before folks figured that they could just quietly land in Cuba and live on peanuts for a few days before they would be brought home. All that has changed, but it didn't require billions of dollars, air marshals, or any of the other visible crap the government did to create the illusion of security.
While biometric passports might make identification more certain, you need to fully look at who/where/how passports are used, and see if these measures will actually be useful in the real world. Urg.
How the hell will this protect us from terrorism? I'm sick and tired of our governments trying to implement 1984 under our noses in the name of security.
For example, I'm sure no-one would notice if a farmer bought a load of fertilizer and diesel fuel, and no one would notice if he drove a van into the centre of some large city, but that's all he'd need to do to blow up a lot of people.
The only way we can truly protect ourselves is to quite literally monitor everyone's actions 24-7, but if that were the case I'd rather live in North Korea.
Why should that increase security? Perhaps there will be even more opportunities for forgeries. From Bruce Schneier' Crypto-Gram
There's one other problem with identity documents: the ease of getting legitimate documents in fraudulent names. Several of the 9/11 terrorists obtained fraudulent IDs from the Virginia Department of Motor Vehicles by paying a corrupt employee $1000 each. These weren't fake IDs. These were real IDs in fake names, with all the holograms and micro printing and whatever else the driver's licenses have to make them hard to forge.
Prove first that these new technologies will in fact increase security and then I'll argue the privacy case.
But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security
First of all, and as 300 other comments would be pointing out by now, all those bastards on 9/11 planes had valid passports too. Whether passport is valid or not doesn't prove nothing.
Plus, IMHO, its harder to forge a non-digital passport. Thats a real skill. You can't walk into Radioshack, buy $70 worth of equipment, come back home and start playing with the RFIDs on the passport if its digital and all.
If its a non-digital passport, sure as hell if you indeed plan on forging/tampering it, you will have to find someone highly skilled that can accomplish that. And, if its a bad forgery job, its very easy for a human being to spot that.
My 0.02
Free XBox, PS2
"But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security"
... "
Has the lack of digital passports ever facilitated a breach of security? You know that the 9/11 hijackers had valid US passports. If they had digital RFID passports on them instead would they somehow have thought twice about hijacking the plane?
It's dorks like you who will eventually get CCTV into people's houses with the apologist "hey if you've got nothing to hide
"It's not your information. It's information about you" - John Ford, Vice President, Equifax
Will my passport run linux? There must be a way :)
A little stupidity is as unlikely as a little pregnancy
The post implies that with all "the recent terrorist threats" this is in some way a good thing.
There hasn't been a terrorist attack in any of those countries for some time now - certainly not an attack of any form. Can somebody please tell me what evidence of threats we have despite that which is given to us by the same people who lied about WMD in Iraq?
The terrorism is happening in countries that will not be aided by the countries listed in the article putting RFID tags into passports. It's just another excuse to have another civil liberty stripped from you. Don't accept it.
Not just Government officials. My security is NOT increased by a powerful elite having information about me while I don't have information about them. Surveillance technology is probably unavoidable. But if implemented in the "Free World" (or the West), it should be Public Access, so that any citizen can keep tabs on anyone. Recognise that that most schemes that the government proposes do NOT follow this principle, as they are really seeking additional power over the populace, not seeking to help security.
Preserve the balance of power: require all surveillance systems to be public-access.
Privacy is on it's way out.
Only reduce insecurity
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Ok ive RTFA and it doesn't explain anywhere why these things need RFID. There's absolutely no reason for it! Sticking all this information on standard 'smart-cards' would be just as effective (well i don't know how effective or what its really supposed to do anyway but it would produce the same effect). In the article it just says these are designed to only operate up to 10cm (we all know what that means) but 10cm is still enough for someone to scan your back pocket! The only possible argument is that the contacts on chips wear out and people are too lazy to stick their cards in a reader! That's not an argument. So the only thing we can conclude is:
the people in charge of this are:
a) totally stupid
b) totally ignorant
c) getting a buy 1bn get 1bn free deal on RFID
d) designing this so they can scan people without their knowledge
take your pick.
This comment does not represent the views or opinions of the user.
I'm sure no-one would notice if a farmer bought a load of fertilizer and diesel fuel, and no one would notice if he drove a van into the centre of some large city, but that's all he'd need to do to blow up a lot of people.
Sure, but people don't just go and do that kind of thing without any prior planning. The intent has to be there first, manifesting itself in deviations from regular patterns of activity and other abnormalities in the lead-up to the act. Abnormalities which the government relies upon noticing, because tracking everyone 24/7 is impossible even for them.
Anyway, increased tracking capabilities just makes the task of picking up irregularities simpler, because they have more data to work with. More data = better predictions
/Devil's Advocate
Antiquis temporibus, nati tibi similes in rupibus ventosissimis exponebantur ad necem.
This isn't about the war on terrorism or even "regular" crime. It is about the war on illegal papers as used in illegal immigration.
Another point is that many european countries are getting closer and closer to introducing mandatory ID to be carried at all times. Add RFID tags and the next easy step will be to add RFID receivers everywhere to track every person.
What, current law would prohibit it? So? This is europe, home of the holocaust. It is not what use tracking everyone will have now. It is what it will be used for 20 yrs from now.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Is it necessarily a foregone conclusion that privacy and security are in opposition to one another? I'll grant that privacy and sloppy security are opposed, but why have sloppy security at all?
It seems to me that we (anyone who is the subject of either privacy or security) should be expecting BOTH, not accepting the proposition that the privacy-security issue (or the liberty-security issue) is a zero-sum equation.
Yes, in the U.S. the current politics seem to indicate that 'They' don't care, but what I'm really saying is, even if the government doesn't care, shouldn't the governed?
At the risk of sounding like a zealot, semantics matter and when we speak of privacy and liberty being 'traded' for security, we are tacitly conceding that we can do without either if we are scared enough. I personally want more liberty and privacy when I'm scared, not less.
Just a thought to the writers of headlines and story titles.
But what they cannot do is scan your passport while you are protesting against $EVIL_POWER.
Although if you have a cellphone...
- These characters were randomly selected.
Because we're not scared enough...yet. As things ratchet up in the loss of freedoms, we will feel "safer." Each "event" will scare us to agreeing to the next level.
For small losses of freedom, a simple raising of the terror alert level to red (or violet, or puce, or whatever the top is) will suffice. But to start chipping people, it'll probably require another attack (and that attack will come). It may also take the form of "convienience" - if you get chipped, you can walk right onto the plane. Then it will be come an "inconvienience" - if you're one fo the few not chipped its, "please step aside for a body cavity search."
The oceans fill up one raindrop at a time.
Is it just my observation, or are there way too many stupid people in the world?
You mean the ones based upon ancient and/or falsified information, much of it obtained under TORTURE by the U.S. Military?
The "war on terrr" has only three purposes:
1. To make key members of the US govt. richer
2. To control citizens every move
3. To realise biblical prophecy by igniting a "clash of civilisations" between east and west, ultimately resulting in the Zionists dream of "greater israel", leading the way for armageddon. The palestinians and a billion and a half arabs are standing in the way of this.
That last bit might sound a bit far-fetched, but ask any fundamentalist christian zionist - for example one of the ones that have successflly brought about a coup in the U.S government.
Now - you're not going to like any of these reasons - which is just why the govt want your biometric information on a national database so dissenters may be traced whereever they are.
In order to do this, they have to scare you witless. This is what the endless "war on terror" is here for. The "terrorists" don't wear robes or turbans. They wear stars and stripes tie pins and appear on FOX news.
Yeah, right... so any Russian hacker or spotty-faced teenager can crank out fake passports in his garage. How long before the government's über-ROT26 encoding scheme is cracked? Once more, we'll end up with rules that penalize the law-abiding, while providing no protection against the criminal. Normal people will have to go through the annoyance WHEN, not if, the RFID tag in their passport fails, or is misread, and they are taken for Osama bin Laden, or Teddy Kennedy.
Or wait, was this -1, Sarcastic?
I want to delete my account but Slashdot doesn't allow it.
Note that only the U.S. is advocating that digital passports contain unencrypted data about their owners that can be read from a distance. All other countries are supporting the idea that owner's data is encrypted on the passport by a key encoded in a barcode on the password, thus can only be accessed physically by a customs official.
Joseph R. Kiniry
http://kind.ucd.ie/~kiniry/
Lecturer
UCD School of Computer Science and Informatics
Before we think that this is a panacea for our security worriess we should be aware that facial recognition technology isn't all that good. In ideal conditions, with a relatively small database of images, it works reasonably well. But as soon as you put it in a real world environment (an airport for example) the reliability goes way down.
Once this is rolled out on passports, how many false negatives are they going to be getting? To my eyes, my own passport photograph doesn't look all that much like me. God knows what a computer would make of it.
Essentially this is a way for Gov't to waste lots and lots of money without adding to security. If that's all they want to do, they should give the money to me - I'll waste it for them, no problem.
1) How is this sure to increase security? Known terrorists are hardly the problem now; implementing this won't help against the known ones, and the unknown ones, well, they're unknown...
2) What do you mean, "lately"? Some of us have been living with the possibility of a terrorist attack all our lives.
It's official. Most of you are morons.
I pass hundreds of people in an airport who could have RFID readers and thus would have my data to copy and retransmit. Get that data from me and a few hundred other people and they will find someone they look enough like that they can make a very effective fake passport.
This data should not be transmitted contactless. Are you going to tell an immigration official, "Just scan the passport in my pocket"? No, you will still present the actual passport, so they can simple touch a smart card style chip on the passport to a reader and get the same information (more effectively than trying to pick out my info from that of dozens of others nearby).
Biometric info is not necessarily a bad thing, but RFID is not the right technology choice. Perhaps if I carry my passport in a tin foil bag...
Why don't we enact foreign policies that don't piss off the rest of the world?
Or is this virtually impossible? Are there any good reasons for we the west is hated so much, that are absolutely necessary to our survival, and to others' survival? How differently could we do these things?
"But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security"
WHY? What does a passport have to do with terrorist threats? Is everyone bloody unhinged?
Besides, if the movies teach us anything, it's the experienced old cop who spots something out of place, while the young greenhorne smacks the battery casing of his incarcerator2000.
Wine, music and cinema are the three great creations of humanity. -T'Ian Han
Really, it would not be that hard to temporarely disable the RFID function. I can imagine how this RFID feature would be usefull when 'reading' the passport at, for example, an airport.
However, the RFID feature has no use when you just walk around with the passport in your wallet. In fact, this could be a privacy concern, since you could be 'tracked' without your consent. If you worry about this, loose the tinfoil hat and buy the tinfoil wallet.
Or you could carry your passport and other RFID-enabled documents and cards in a fancy metal case such as the ones used for cigarettes - unreadable as long as you do not open the case!
> The three ways you can authenticate a person are:
> What they are, What they have, What they know
The trouble is that the government really wants to know "what you want", rather than any of those things. Using "what you are" to determine "what you want" works only by extrapolating from previous behaviour, and is necessarily restricted to past offenders. What we need is a passport that requires you to state your intentions every time you use it. It could go something like this:
"It looks like you are about to board a plane. Could you please reassure me that you do not wish to hijack it, blow it up, fly it into a government building, ignite your left shoe, have sex in the restroom, hassle the flight attendants, or behave in a threatening manner?"
"I am just going on a trip to Afganistan to meet some Mr.Laden or something. I don't know nothin' about all rest of that."
"Thank you for your cooperation."
- - That being said, the issue is cut-and-dry. These passports won't stop terrorism. The only thing RFID passport will do is make it easier for people with good forgeries to get on planes. As people become more dependent on high technology, the number of people who can abuse the system becomes smaller but the level of abuse they can perform grows. This does not make anyone safer, it makes the elite criminals who can crack the system richer. You don't have to be an expert hacker to give someone a fake criminal record, you just have to have the money and resources to hire one.
- - You work in an airport. You're told the new security system is much better than the old one. It certainly seems more complicated to fake the system out. Therefore you are naturally less suspicious of anyone the machine approves. There only has to be one criminal out there who can make forgeries to fool your system. As soon as someone out there figures it out, this system is obsolete. Terrorists have money to burn, between selling opium and (the even more lucritive and addictive) crude oil.
- - Undetected forgeries are the first failure of all security; human beings are the second. Has everyone forgotten how it was the terrorists got into the cockpits of those planes? They took hostages, and the pilots broke procedure by opening the door. Since in politics you can't effectively shoot down an idea without suggesting an alternative, I have a solution that takes into account forging documents and faulty PeopleSoft.
Problems with the current solution:
Solution: Make stronger doors that can't open while the plane is in flight, and require all planes use them.
- - It's cheaper than adding all of this RFID crap, less offensive than racial profiling, and less intrusive than a body cavity search. Terrorists trying to force the door open would be stopped by Air Marshalls. When it comes down to it, stopping crimes before they happen is incredibly difficult, expensive, and ultimately impossible. Preventing crimes from completing successfully is far easier and less expensive.
Just wrap your damn passport in aluminum foil already.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
But, with all of the terrorist threats lately
You mean the vague 'sky is falling!' warnings the government issues whenever it's numbers start to dip? Those threats?
The only way to end those threats is to shoot every politician in the country. That'll also end the threat to our privacy too.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
....The Canadian government had looked into this for Canadian passports but a decision was made recently not to change the passport.
If passports have RFIDs that can be read from more than a few cm away, terrorists will be able to build bombs triggered by the presence of citizens of specific countries. Politicians, thanks for looking after us!
But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security.
... will it catch enough terrorists to matter? Will it catch any?
And will our society still be recognizably "free" at that point?
Surely this is a troll. Surely.
The question is not whether this will increase security. It won't, of course, since America is a goldfish bowl with too many ways in and no way to control them all. Terrorists are perfectly willing to spend years and millions of dollars (pounds, rubles, whatever) planning each operation and they will find a way in. And I wouldn't be surprised to find this kind of embedded RFID system get hacked and be readily available on the underground market. At some point the things will need to be programmed, and if nothing else a supply of blank cards and a programmer will be obtained from whoever makes them. I mean, come on, black-market Social Security cards can be found and some of them are apparently indistinguishable from the real thing because they are the real thing. It's called an "inside job."
The real question is: from whom must we be secured? And why? I've yet to see any rational discourse on the subject from the OHS or any of the other government organs involved that really makes the case that these devices (or any other form of technologically advanced tracking of the citizenry) will help in the (ahem) "War on Terrorism." The net effect will be to inconvenience and incarcerate some number of ordinary citizens who haven't a terrorist bone in their bodies while the real nut jobs use their hacked RFID's to walk right through airport security.
England has spent an incredible amount of money in wiring their country with video cameras. The justification for this "investment" (and I use the term loosely) was to catch terrorists. Well, the camera network has certainly helped in apprehending purse snatchers and other petty thieves but things are still getting blown up over there, so one wonders just how effective it really is. Were heading down the same road, and when all is said and done
The higher the technology, the sharper that two-edged sword.
This is going to happen, so let some entrepreneur start now. We need wallets, and passport sleeves, with a wire mesh woven in to make a "Faraday cage" to block RF from going in or out. This lets our RFID tags in our credit cards or whatever readable only when we want them to be.
J