Slashdot Mirror
France May Require Biometric ID Cards
Will Affleck-Asch writes "According to an article on Infoworld today, France may require her citizens pay for new identity cards that hold their biometric information in electronic format. The French government outlined its plan last month to replace the identity cards and passports offered to French citizens with new ones that carry a microchip containing digitized photographs and fingerprints. The plan is to introduce the passports in 2006, and the identity cards a year later. Citizens haven't been forced to carry ID cards since 1955."
You can bet if the French think it's a good idea, the US will put current plans on hold.
A feeling of having made the same mistake before: Deja Foobar
I would object far less to having biometric data on an ID card if it were a one-way hash than if it's storing a copy of my fingerprint/retina scan. Can the biometric data be hashed and the hash used for verification instead? Like what we do for passwords... the scary thing about someone being able to get an electronic copy of the data is the ability to make a replica.
500GB of disk, 5TB of transfer, $5.95/mo
"My name is George W Bush, my voice is my passport. Please verify me."
Um..... I hate to point it out to you, but if the government gave those cards out "free" the people would be PAYING for them in taxes.
Aint nothing from the government that doesnt come out of someones pocket, except hot air.
"The Nazis had pieces of flair. They made the Jews wear them."
"The object of war is not to die for your country, but to make the other bastard die for his." - Patton
Query: Does Godwin's Law apply to Slashdot?
Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
Forgive me if I am missing the point, but is not the purpouse of biometrics to REMOVE potentially compromised security keys, like ID cards? Biometrics, as I understand the science, allows an individual to use their body as a form of ID. Trust beaurrocrats to get the complete wrong idea about technologies.
I don't believe such strategies help. Using extreme means to eradicate extremism, spawns extremism. When people are humiliated, they tend to react. I'm not saying that the average citizen will feal humiliated, but a few will take it as a sign of a corrupt and bad government. Freedom can't be guarded with a gun! Freedom can only be guarded by true freedom, where the people has seen the freedom, and wants it. And is ready to defend it. Not with guns, but with pacifistic methods, like Mahatma Gandhi did. He was inferior to the british commonwealth, yet he managed to free his people from slavery. This is the opposite. The trend now is to use violence for everything.
Ah, I'll be modded down for that one, but it is a important point I think!Assembling etherkillers for fun an profit
Walking down the street to get me some gum, show the doorman my credentials so I can leave my own building. Show the officer on the street corner my papers so that I can continue walking down the street. Pause at the front entrance of the store to flash some ID. Show my valid cards at the counter when I buy some gum. Walk again past the officer who again asked for my papers. Show my credentials to the doorman who lets me back inside my apartment.
I'll need to hire someone to stand outside my apartment to check my ID to be completely safe from bad guys.
Wait the bad guys have computers too?!? Then it's all for naught
*DrugCheese rants*
Exactly how would a National ID Card make people safer?
it's a much different world now.
Yes it is. Unfortunately *people* haven't changed a bit.
It must if Wikipedia has a definition of Godwin's Law. This thread is closed now. Nothing to see here.
It goes against my libertarian leanings to support something like a biometric card
Hmmm....
but I do think it would help make the world safer in the long run.
In what way?
but it's a much different world now.
In what way?
Are you aware of any hashes that don't depend on invariable inputs? I don't know of any biometric measures that are used for security that can be measured with any reasonable hope of invariance.
We already have biometric data on our passports. It's called a photograph.
Can somebody explain to me:
A lot of the identity card/biometrics scare I hear seems nothing more than fear of the unfamiliar versus technology for technology's sake. This just seems like more of the same.
I was thinking more of it being a universal ID and required by everyone that enters the U.S. It would make it easier tracking who is entering the U.S. and it would make it easier to kick out people that are here under false pretenses. I'm not going to pretend to know how to implement such a system. I qualifed my original statement with an "If".
It sounds like a French passport costs about as much right now as it does in the U.S., but I guess a lot of people randomly choose not to renew or even obtain them, thus limiting their revenue stream.
Because criminals of the Hannibal Lector type would have to carve your face and finger tips off to pass off as you! Therefore you're more ... uh .. safe.
that's the ticket, yeah...
A feeling of having made the same mistake before: Deja Foobar
...imagine an unwashed, French slipper on a human face -- for ever.
We need proper, verifiable identification so that, after a bunch of bad guys come try to kill us, we'll know exactly who to attack. If they turn out to be Saudi Arabians working in conjunction with associates of the Afghan government, we'll know that we need to bomb Iraq...
You see?
This sig has been temporarily disconnected or is no longer in service
The terrorists, being law-abiding people, would carefully register their legal occupation as "terrorist", and thus it would be easy to find them in our national databases.
...it will make it easier to detain and deport illegal Muslim immigrants from the Maghreb. Seems like a pretty crappy reason to implement a national biometric card system if its going to be used to harass minorities.
I was thinking "he's got a point" until I read:
it's a much different world now.
I'm always amazed that people feel so confident that things like nazism are gone forever. Freedom requires daily care and devotion.
to their new Biometric Identity card overlords
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
This is misleading. While there is no "National ID Card", You're required by law to carry ID at all times in France, and the police may ask to see it at their discretion.
A less confusing way of putting it would have been, "While a national ID card hasn't existed in France since 1955, French people are required carry some form of valid ID with them."
Obliteracy: Words with explosions
I'm hoping (and frankly, expecting) some pretty strong negative reaction from the French citizenry. They have a bad history with ID cards (for reasons I shall respectfully not mention) and I dare say that the French are more alarmed by ID cards than citizens in anglo countries. They have a more intense concept of anonymity vis a vis the state.
Even here in North America, New Brunswick and Quebec have some of the most lenient driver's licensing laws. Unless things have changed, neither province requires the photo on the license, and Quebec is the only jurisdiction in, possibly the world, which issues a driver's license with a digital photograph and the photograph is not archived. That's a level of freedom that's been lost to most of the world's citizens in just 10-15 years.
Because God knows the 3 million illegal immigrants from Mexico we now have living in the US wouldn't be here if we all had national ID cards! 1) Suicide bombers probably prefer it if you know their identity after the fact. What magic method were you planning on using that only gives ID cards to law-abiding citizens, and makes sure no persons with criminal intent get one? 2) As mentioned again, millions of people enter the country without authorization of any kind. Unless you're going to post armed guards on every corner to demand passerby show thier papers, I don't think mandatory ID will help at all with the problem of 5000 miles of porous borders.
"Freedom means freedom for everybody" -- Dick Cheney
It's a lot harder to get away with the mass murder of millions of white or off-white people today than it was in the 1930's and 40's. Granted the U.S. and the rest of the world will turn a blind eye to genocide going on in African nations but some organizations actually recognize the problem and try to ineffectually address it. With the global media a nation isn't going to get away with the atrocities that Hitler could.
And once you've worked out the cost, you gotta worry about the *currency*.
the layman's guide to computer science
I already have a Driver's license, a U.S. Passport, and a Texas Concealed Handgun License. (All of which by the way are against my Libertarian leanings.) Also, my fingerprints are already on file with the DPS, the FBI, and the FAA. (From background checks, all of which have certified me as a bona fide Good Guy.) How is one more I.D. Card or sheet of paper going to make me and my fellow Americans safer?
It's good to use your head, but not as a battering ram.
Well, the reason I asked it instead of stating it is because I'm not sure if some supersmart person figured out a way to mitigate the normal variation which would happen while reading the biometric information, perhaps using redundancy in some fashion. Smart people do amazing things all the time which seem counterintuitive.
500GB of disk, 5TB of transfer, $5.95/mo
It may be compulsory to carry it but it does not have to be readable.
I guess I'll microwave mine as soon as I get it, good luck for the identity theft then!
That's not clear, but that's the history of ID cards and other photo based documents.
The photo based driver's license was justified as an all purpose ID card, but my research has indicated that no one could justify a strong need for it...nor was there driver's licensing fraud that would be eliminated with the photo. I hypothesize that the photo driver's license was essentially a way of photograph companies to sell expensive instant color photographic equipment. (Those interested in my reasoning can ask.)
The photo based passport really became vogue during World War I, when european nations were afraid that spies would be crossing border. (Hello! Counterfeiting? I'm glad people were as dumb then as they are now.) With new regulations US citizens won't be able to return to the US after 2006 without a passport, even in the western hemisphere. US Citizens were not required to travel with a passport until 1941 (and during World War I and the Civil War.) For reasons not clear to me, the restriction was only rolled back to hemisphere travel after World War II.
So the lesson is, mandatory identification is either vendor driven, or war/terrorism/fear driven, or, as is most likely the case, both.
In the UK, it appears that, having had the government's draconian ID card plans rejected (for the time being), they're planning to start the biometric-isation process early, by adding compulsory fingerprints to our passports. However, it also appears that this doesn't need democratic consent - they can just do it whenever they feel like. Oh, and bury it halfway through a busy election campaign too.
These fingerprints will, you guessed it, be stored on a gigantic database that the police can consult whenever they feel like.
May I suggest that anyone in the UK who finds these plans... disturbing... lets someone know about it.
Such systems do not help with security. Many of the 9-11 terrorists had valid ids. When you enforce such restrictions, you do nothing but limit the law abiding. Carrying an ID will not prevent you from committing any crime, but it will make some poor soul who forgets their ID once out of a hundred times a criminal. A biometric ID will not jump out of your pocket to stop you from shooting a gun, cannot stop you from robbing someone, cannot do anything. All it can do is inconvience the law abiding. In the end, people get more fed up with the government, leading to MORE violence, not less.
SAILING MISHAP
With the global media a nation isn't going to get away with the atrocities that Hitler could.
China seems to get away with some pretty nasty stuff. So do parts of Africa.
If the US started to commit genocide against a certain race, who would stop them? It was only the threat of invasion that rallied people against them.
But that wasn't the only atrocity the Nazis committed. They arrested and imprisoned people who spoke against the government - much like many nations still manage to do today. They censered the news, rewrote history, and tried to make sure that everyone saw the future of the Nazi philosophy.
And this doesn't explain how ID cards would protect anyone from anything.
...and how will carrying a little card prevent anything? They've already had the debates in the UK and the government have admitted that ID cards won't do anything to help prevent terrorism, they'll just do some other good things...
Every major french citizen (i'm one i should know) is forced to carry an ID card since the Vichy regim during the second world war.
And when a cop ask you for it, you have to show it or be arrested.
In fact like in any "latin law" country this law is not really enforced but is here for the convenience of the cops.
I don't know any french against this state of fact.
It's true it can be abused by racist cops on minorities, but which law could'nt be abused by the authorities.
Choose good authorities, or no at all but don't try to make people believe there are perfect laws.
I believe you are refferring to your neighbours.
/. groupthink says it is! Just steal the chip, steal a finger and you are set.
I remember some statistics that your family and close friends are the most likely to kill you. In addition they are the most likely to go on multiple murders ending in a suicide.
It turns out that by being mean to your own family, you breed resentment and bad feelings, these multiple murders are just Darwin's discovery getting back at you for antisurvial behaviour.
ontopic, stay on topic... Well Biometrics is bad because
Check journal for info on Anti-TextBook, an idea by me.
Ok, I'm asking: what supports that suggestion besides mere cynicism? Not that a cynical worldview is often wrong, but I'm guessing that you wouldn't have thrown out that broad hint if you hadn't had something to offer.
See what I've been reading.
I don't know if you've noticed but the US is now requiring biometric passports to allow entry on the Visa Waiver Program.
m s/telegr ams_1393.html
e.g.
http://travel.state.gov/visa/laws/telegra
So, next time the bombers will have to get visas to enter the country... Just like last time.
Deleted
Nah. They'd probably just rip your eyeballs out.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
I would hazzard a guess and say that one reason they are doing this is to subsidize french IT.
-The French got behind smart cards from their inception.
-Sagem is one of the leaders in AFIS. (automatic fingerprint identification system) They provide a whole lot of biometric hardware and software technology to countries that can afford to install it.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Many of the 9-11 terrorists had valid ids.
You're kind of missing the point. It's not necessarily to prevent things from happening beforehand (though many proponents hope it will).
It's so that investigators even have a starting point after an event has occurred. Whether the IDs are fake, valid, or what-have-you, it's all critical information to investigating the attack, possibly helping to prevent imminent parallel attacks (e.g., all fake IDs coming from the same source/state/etc, sharing a characteristic, etc.), and to prevent future attacks.
To raise a related issue, if no ID at all were required to, say, board planes, and it didn't arouse suspicion or trigger a search to show no ID at all - as the no-ID proponents want - then there would be NO investigative starting point after an attack, and perhaps no way of even knowing who's responsible.
Some might say they'd pay the price of occasional terrorist attacks in exchange for privacy for all. Well, most people won't, as was evidenced by the airline industry reeling to this day after 9/11. Perhaps that's a wrongheaded philosophy, but it's reality. People want to feel like the government is *doing something*. Whether it's national guardsmen walking around airports with unloaded weapons or asking everyone for ID, empty actions like this were important to getting a huge industry - and all of its associated economic influence - back on track.
It's not as simple as you want it to be.
To be decided in the Senate and the House/Senate Conference Committee is the Real ID Act of 2005 sponsored by F. James Sensenbrenner. This will be a backdoor defacto National ID through your driver's license. Included is a linked database known as the Driver License Agreement as sponsored by the American Association of Motor Vehicle Administrators. States will be required to sign it in order for given state driver's license to accepted when dealing with the Federal Gov't such as boarding an airplane or train.
Included in the Driver License Agreement is sharing information not only within the US but with Canada and Mexico (pg 4, item 11 in PDF Document). Required in the database is identity theft type of information such as your Social Security number. Also the Driver License Agreement as a side "benefit" requires your state to punish you with points for a traffic offense anywhere within North America. So a speeding ticket from a vacation in Cancun, Mexico or Montreal, Quebec, Canada will tarnish your home state driving record and as an insult to injury, your insurance goes up !
There is not much time left to defeat this legislation. It is attached to HR1268 - Emergency Appropriations for Iraq, Tsunami Relief. The Senate has removed it but the House will insist on the Real ID Act of 2005 in conference committee and we need to let our Senator's know that we are against this. Information to Contact Congress web link.
The biometric data's on the card to prove that the card is genuine.
For obvious reasons you already have your retina and fingers with you at all times. An ID card is simply a cheap and convenient mechanism for mapping you to a database record somewhere (possibly cached on the card itself). If retinal or fingerprint scanners were cheap enough there would be no need for the card. But you'd still need the database and you'd still need to be in it.
But what should go in the database?
The ID card would probably contain fingerprint data and a digital signature saying that the government recognizes the fingerprint as that of one of its citizens. The fingerprint doesn't even need to be connected to the person's identity.
Without that, how could scanners at airports and other public locations decide to accept or reject a person based on her fingerprint ? Send it to a big-brother-esque central database, uh ? OK, the scanner still needs to download a list of revocated IDs from time to time.
ID + fingerprint = something you have + something you are.
http://scholar.google.com/scholar?q=biometric+hash
First result:
Biometric hash based on statistical features of online signatures
Vielhauer, C. Steinmetz, R. Mayerhofer, A.
Abstract: Presents an approach to generating biometric hash values based on statistical features in online signature signals. Whilst the output of typical online signature verification systems are threshold-based true-false decisions, based on a comparison between test sample signals and sets of reference signals, our system responds to a signature input with a biometric hash vector, which is calculated based on an individual interval matrix. Especially for applications, which require key management strategies, hash values are of great interest, as keys can be derived directly from the hash value, whereas a verification decision can only grant or refuse access to a stored key. Further, our approach does not require storage of templates for reference signatures, thus increases the security of the system. In our prototype implementation, the generated biometric hash values are calculated on a pen-based PDA and used for key generation for a future secure data communication between a PDA and a server by encryption. First tests show that the system is actuality able to generate stable biometric hash values of the users and although the system was exposed to skilled forgeries, no test person was able to reproduce another subject's hash vector.
I hate to burst your bubble, but your fingerprint will always be tied to your identity.
The whole scheme is very secretive, but from what we know, all citizens will have to take about 50 pieces of personal data, their eyeballs and £80 to a registration centre for the dubious pleasure of being entered into a national database. Their fingerprints and iris patterns will be digitised and a hash generated from each. The hash is then written to the chip on the card. the idea of the government is that soon Britain will have tens of thousands of biometric readers at paces like airports, police stations, hospitals and doctors. Whenever you need a service, enter or leave the country or get arrested you'd have to produce the card.
It won't be compulsory (at first) to carry a card, but it will be compulsory to register and keep your personal data up-to-date. The card is not yours, instead it remains the property of the government and can be withdrawn at any time on the say-so of the Home Secretary.
Last year the government conducted a trial of 10,000 people and promised to tell us the results before the ID card bill was brought before Parliament. Well they've had one go at getting the bill through but ran out of time before Parliament's dissolution - and we still haven't seen the results of the trials. Which is kind of suspicious - surely if everything is hunky dory then they would have been shouting it from the rooftops?
As for reliability, the Home Office (think Ministry of the Interior) doesn't seem to know the difference between false positive matches between two biometrics (where one person is mistaken for another) and false negatives (where a person isn't recognised at all). In written answers they only ever cite a failure rate based on the very low false positives - NEVER the much higher failure rate for false negatives. BUT positive confirmation of identity is the entire reason for their introduction.
The general feeling of IT experts is that the scheme will rocket in price and never work properly - but that millions of people will be inconvenienced and perhaps thousands have their lives ruined by the cards.
So for those UK people reading (hello!) - Labour is the only party promising to introduce ID cards. The Tories made no mention of it in their manifesto and have gradually gone off of the scheme. The LibDems, Greens and nationalist parties are all opposed. If you don't want ID cards, then the nice people at No2ID will be able to help.
It is my understanding that all of the 9/11 terrorists had valid U.S. IDs (drivers licenses, mostly) and/or valid passports which had been scrutinized at the border. These IDs were all in their own names (though perhaps not in the name under which they were wanted). So far as I know, no one has suggested that they had obtained these IDs fraudulently: they all could have gotten the new biometric IDs that so many seem to want.
We knew who they were, and some of them were on ``wanted'' or ``watch'' lists under the names on their legitimate IDs, the IDs which they used to board their planes. Identity was never a factor in the 9/11 hijackings. Therefore, obviously, what we need to make sure it never happens again is a new, improved National ID system which will further tighten the government's control over us. Yes, indeed. It kept the Jews safe in the 1930s, after all. We'll try not to think about what happened to them in the 1940s.
All this isn't to quibble with what the parent post said, but to reinforce it.
See what I've been reading.
Yeah, I have to agree with you there. There are certainly strong arguments for the national ID card, biometric or otherwise. BUT, the notion that the card would somehow prevent terrorism is bunk, and I think that EVERY person, Rep or Dem, in Washington (DC) knows this full well. There is a common notion that we have got to nail down the borders if we're going to take security seriously. I suspect that this will never happen and that the borders will remain wide open. Rather, is the important thing actually just to make us all FEEL safer? I think it may be so. The real terrorists will always find a way to try, which is why the FBI/CIA has to work harder to get to them before they get to us. Oh, it goes on and on...
Anyhow, I'm a geek and I want my Orwellian biometric card so I can use it to go shopping or turn the lights on in the house remotely or whatever. SOUNDS COOL! Liberties be damned.
"The Borba"
Now if anyone tries to require such a card in the US we can simply accuse them of being France-like and it'll never get approved. I knew 'freedom fries' would come in handy one day.
Liberté, égalité, fraternité, ou la mort!
Rings a bell?
That's not the point ; an ID card in France is a proof of french nationality. Although it's not mandatory to have one (I lived pretty well for more than 10 years on my driver ID alone), you run one day or another into an administrative hell if you don't have one. Happened to me, spent 2 months waiting for the f*ing card, and will probably be glad to pay for the new one as it's so damned useful.
You call pictures and fingerprints biometric?
Please, I got my voter's credential here. It's got my picture and my fingerprints. Does it make it "biometric"?
Mon nom est George W Bush, ma voix est mon passeport. Veuillez me vérifier.
Professor Karmadillo Songs of Science
Here at Brasil we have lots of documents, each one with "unique" numbers to identify them...
The problem is that experience has proved that none of this numbers are really unique, one can claim that lost his old document and get a new one with a different ID. So the governament is still trying to figure out some way to create a unified way to identificate the citzens.
This is not as bad as it sounds, a unified database is the holy grail of our public healthcare system (yeah, we have one). This way the Hospitals can access the history of any patient, and check if he is alergic to some medicine or if he has some cronical disease, etc.
With biometry the identification can be done even if the patient is not awake, or has lost his ID card. This would be of enourmous help on emergencies, to quickly identify the victms of acidents and to contact their relatives.
Congrats to France, a realy good idea.
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
Getting someone's fingerprint or photo, as proposed for passports is not that difficult anyway.
Don't like to get into this Nazi discussion, but to answer your question: YES.
As a Dutchman, I read a while ago that most jews deported from the Netherlands during WWII, weren't caught on the streets by German soldiers, but snitched on/given away by fellow countrymen. It wasn't Germans that found them, but Dutch people themselves that destroyed the lives of their (jewish) neighbours, in exchange for rewards, immunity, some favours, whatever. All the German command needed to do, was put out those rewards, and follow the leads they received.
And German soldiers that drove these people in the gas chambers, you say they had no choice? Sure, a refusal to obey orders might have meant a bullet on the spot, but don't kid yourself here: These soldiers knew what was going on, and sure had the choice of saying: "NO, I won't do this. If you'll shoot me then, do what you have to, but I won't co-operate with this". Instead they chose (en masse) to push these millions of victims towards their death.
This is very comparable to US anti-terrorism propaganda of the last few years. Sure, terrorism is a problem, but have US actions made the world a safer place? I think when the next generation Bin Ladens have grown up, we'll see how much damage the US has done to world peace and eh... 'freedom'.
Now if US citizens wish to screw up their own lives: okay, have fun. But the sad part: Their bullying of allies and smaller countries makes many countries follow their lead. Just the other day, a Dutch airliner heading for Mexico, was refused passage through US air space. Terrorists on board? Who knows, but essentially it's the US setting the agenda in many parts of the world, even if measures are violating local law. Like passenger data that's turned over to US intelligence, possibly in violation of European law.
And the scary part: all this propaganda has caused US citizens to really believe that terrorism is the #1 problem in the world. Are you kidding me? Worse than poverty? Worse than hunger? HIV? Civil wars? Let's face it: how many people are killed each year by terrorist acts? I suspect even plane crashes (world's safest way of travel) kill more people. My chances of getting struck by lightning are way higher than running into a Bin Laden follower. And speaking of the man, I fear the results of Mr. Bush's actions more than this terrorist turning up at my doorstep. Mr. Laden, if you're reading this: I don't like you either, but you're welcome at my place for a coffee and exchange of thoughts. Mr. Bush, if you're reading this, you're welcome here for a good kick in your b*tt.
Freedom starts with saying: NO! Live free, or die. You can take away my life, but you can't take away my freedom. Damn, I love these quotes ;-)
I should also note that in many systems no server copy of the prints or templates is kept. All the information is on the card. However, I would guess that governments would tend to keep such information if given the chance.
Lasers Controlled Games!
A neural net could do that. It can detect pattern in noisy input.
Votator.com implements a fair voting scheme (free
This has to be the worst dupe ever. How often has slashdot covered this?
The *entire European union* will require biometrics stored in contactless chips (RFID) in a passport. The EU didn`t think of this all by itself, the US forced it. If the EU doesn`t go along fast with this billion dollar hype it`s citizens will have to get a visa to visit the US. (How are US plans for this coming along?)
The biometrics are two fingerprints and a digital portrait. The last one will be to low resolution for camera surveilance but ofcourse this wont stop people from trying. Face it(no phun), the words "false positive" sound complicated and no politician is going to bother to look like caring about these words. Ofcourse you can translate them to "huge lines at the airport", "tens of innocent people questioned on ever major airport every day" (So mister Bin Laden, how did you turn into an asian twelve year old?).
Want to hear some of the argumentation behind this? Yes you do! Implementing passports with biometric identifiers will be a great business opertunity, especially for the business that get to build the hardware for this stuff... Boy do I wish I was making this up.
Of course the people who sell biometrics are alway happy to tell how many people on this planet have the same fingerprint and face. wanna guess? Its always a very low number, like zero. In fact they keep saying this over and over. They never have any time left to mention that:
a. biometric comparisons always allows for lots of differences because no one want`s to hold up a line at the airport because of a mismatch due to some sweat.... every time someone sweats one these occasions.
b. cheap fingerprint scanners are fooled by gummy bear taste gelatine prints, pressing bags of water on the scanner.... or just blowing on it. Can you blame these vendors for not mentioning this? Maybe not, they are afterall, very busy in this "post 911 world". Or so they keep saying.
Ofcourse it doesn`t stop here. Other bright ideas going on the the EU:
- Giving US three leter ancronym agencies read access to all airline booking systems. If airlines refused they couldn`t land in the US, now they comply they might be send back midair from time to time. But hey, what are the chances of someone matching a name on a list of 70,000 names? (If you think this list sounds to short, don`t worry adding names is easy, no evidence of anything is required)
- Storing traffic data for every telephone or Internet connection in the EU... Depending on the phase of the moon this data consists of telephone call data, GSM location data and ofcourse URL`s of every site visited and headers for send and/or received mail. Yes I mean storing everything about the communication of everyone....
Apparently the words terabyte`s/day, gigabyte`s/sec and innocent until proven guilty have to be reinvented.Meanwhile Italy, Germany and Sweden are investigating what heaponed to a some of their citizens. They where kidnapped by the CIA and sent to places that make abu graib look like the holiday in... Ofcourse these investigations arent about getting justice for these people, they are just about making things difficult for the national goverment for allowing these kidnap operations.
Anyway, it seamed like the right time for an European update on these things.
Come again? The UN just voted to give $4.5B in aid to Darfur, and apparently the only country who attempted to condition this on the cessation of genocidal activity was the U.S. And why did other countries block the U.S.'s attempt to stop the killing? Oil!
If you don't know where you are going, you will wind up somewhere else.
Reminds me of that prefect from Les Miserables (by Victor Hugo) who wanted to make a census of a small town and find out where each person came from, what their past history was, etc. The main character, the mayor of this town, tried to talk that dude out of it.
Once everyone indifferently accepts this, you'll start seeing stories in the media about murderers, terrorists, etc. stripping off their finger prints with acid.
The idea of something more 'secure' such as subcutaneous rfid will seem acceptable to the masses eventually.
With pleasure.
Interesting fact: it is indisputed that it is easier to identify people with a black and white photograph than with a color photograph. As an actor, my headshots are in black and white, as is the case with most actor's headshots for NY based actors...the features of the face pop up better in black and white than in color. If a person presents a passport to an immigration official, and the official isn't sure if it's the same person or not, often they will photograph the person in black and white, and then compare the black and white photograph with the color photograph. Black and white photographs are superior to color when it comes to identification. They would make it much harder for people to use others' ID cards.
Yet, every state and province (except for Alberta) issues a driver's license with a color photograph. (And Alberta used to, their black and white photograph is based on the technology they use to create their license, not based on a preference for black and white.) In fact, if you read state legislative codes, it will say, in nearly all instances, that there shall be a "color photograph" on the driver's license. Historically, in all the states I have known and read the legal code, the word color was there from the very beginning (Ohio for instance had it in 1967 when they codified the mandatory photo license law.) The only exceptions are Colorado and California, who issued black and white photo licenses from about 1957-1965, at which point they switched to color and codified the color requirement (those two states admittedly blow my argument a bit.)
At any rate, that all seems too purposeful to me, which brings me to the timing issue. A lot of states started codifying photo licenses in the late 1960s. Polaroid developed color instant photography in 1964...and was the leader for at least 10 years in photo ID card issuance systems (in fact, it was their only profitable business from the 1990s on. It was spun-off when Polaroid entered bankruptcy.) As a cultural thing, we were crazy about photography in the 1960s...I've seen newspaper advertisements for general stores where a pack of flash bulbs was just as expensive as men's shoes. But color instant photography was fantastically expensive, and out of reach for the average person...so I hypothesize that Polaroid was searching for something to do with the technology other than sell it to people directly. (I've got an advertisement in my possession of a local Columbus bank issuing credit cards with polaroid photos from 1967...offering it as a good ID for cashing checks. They did go out of their way to mention that it was with Polaroid photos.)
Perhaps even more key than the color requirement and the timing is the fact that every state has always and still does...takes the picture for you. Compare to a passport--you bring your photo in, and it's incorporated into the document. In fact, there are countries in which you bring your photo for your license or ID card...countries which have had photos on their licenses or ID cards for much longer than in the US. Remember this from a historical perspective...it would have been cheaper for a person to bring any old photograph of themself, than to pay the state to take a color instant photo for them. But clearly if that were to occur that would shortchange the revenue stream for the company wanting a very lucrative photo ID contract. It's essential that the state takes the photograph.
So if you look at it in that context...you could say that vendor driven documents are those in which the photo is taken of you (many ID cards, driver's licenses, et cetera.) Documents that were created for reasons other than vendor lobbying you take the photo yourself (passports.)
With more time and research, I can probably string together more arguments. One thing I've been wanting is Polaroid annual reports from the mid to late 1960s.
Um... I lived in France for several years, and everyone, citizen or foreigner, was required to carry an I.D. at all times. One of my friends was caught without identification, and was required to bring it to the police station the next day. I remember going along with him.
Long live the Speaker Bracelet
Rolo D. Monkey
If you wear your biometric ID card in your breast pocket and a terrorist would stab you with a sharp pointy toothpick, the ID card could significantly blunt the toothpick and make the other end stab said terrorist in the palm of his hand, thereby teaching said terrorist a valuable lesson in Newtonian mechanics, namely that every stupid action has an equally stupid reaction.
Oh well, what the hell...
Why bother?.. do they think it will lead to more safty in france? All i see out of this is trouble. Soo there will be fake cards, with god knows who, accessing god knows what. I may be Paranoid, so be it. But i really do not see the point.
I am French, and terribably sorry for my spelling.
"Let them eat snake"
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
Fortunately Montana is trying (last I heard it passed the house, but was still working through the senate) to stop this, by making it illegal to place this information on their drivers licenses. Unfortunately Montana doesn't have the population to make everyone care when their people can't fly or take a train anywhere.
I wish my state would do this.
Almost correct. As I recall a few of them had expired Ids. All entered the US legally. (some had over stayed, and some were on watch lists)
No one except, let's see... the 9-11 commission. Try reading it sometime. Here is a link to the search query for "fraudulent". It is freaking astounding. You are correct when you say that they did have valid documents on them, but the majority of these documents were indeed obtained fraudulently or had been fraudulently manipulated as well. For instance, many of the hijackers had had their passports fraudulently manipulated to conceal travel in and through Iran and Afghanistan, knowing full well that such travel histories would likely incur further scrutiny upon entry to the US or when applying for entry visas. I'll let you read the rest... the document manipulation capabilities of Al Qaeda were quite impressive.
"It takes considerable knowledge just to realize the extent of your own ignorance." - Thomas Sowell
Plastic cards? Seems far more practical to just implant the chip in the neck or something, no chance of losing it that way (well, not without you knowing it). They do it with our beloved canine pets and it seems to work well enough.
Mens et Manus
I always thought that good security, at least in terms of authentication, was based on something you have, and something you know. I have always taken the "something you have part" to be a soemthing independantly verifiable.
With biometric information on an ID, I have always taken that to mean that something can read the information uses it to verify me. I don't find that so secure, like a signature on the back of a credit card, it only verifies that I am telling you what I am telling you.
Someone could, possibly, have a fake ID card with his picture and biometric information, but a different name. In this case, the card holder is verified by the information he provides.
What is the point?
Very nice article, thanks for the link.
It is as if the collective poisons festering below the surface need to be vomited up, much like what happened in Nazi Germany. What else will motivate people to look at the pervasive anger, hatred, blind ignorance and scapegoating in the world?
ID or no ID, I don't see a solution to the new Visigoths and Vandals sacking Rome. We have become to comfortable, too indulgent, and too removed from the essentials of life and essential values.
I can easily believe that their passports were fraudulent. That doesn't mean that they weren't valid. Whether the issuing country was in on it or not is really immaterial to the current issue. Note that the grandparent post (GPP) said that ``These IDs were all in their own names (though perhaps not in the name under which they were wanted). '' It's my understanding that their U.S. IDs were all legitimate, though the indentity on them may not have been the one they were born with.
Even if we grant that those drivers licenses in the false names on the valid passports were fraudulent, the GPP's argument was that biometric IDs wouldn't have changed a thing: the hijackers could all have gotten them.
As for not recording travel to countries like Afganistan, et cetera, that's common practice. I've been told that people who are traveling in the Middle East get their passports stamped on a removeable page when they go to Israel, so they can go on to the muslim countries without hassle. The Israelis do this, I'm told, to encourage tourism.
See what I've been reading.
Yeah, I know that a concept of "rights" is becoming a pretty strange notion in the USA nowadays. Or that thinking for oneself is a baaad thing.
But basically all you're saying there is that France does still treat people as humans, not like a bunch of terrorists until proven innocent. E.g., yes, there was a demonstration. It may be surprising to you, but demonstrations _are_ a legal thing in a democracy.
Was _everyone_ in the demonstration an illegal immigrant? No, seriously? How do you know that there aren't also a bunch of french citizens in there?
(Believe it or not every single country has the current USA-style "immigrant = terrorist" scare, or even the same kind of nationalism. The french kind of nationalism for example is more about language and culture, than about being born there. So there could have been quite a bunch of people born in france who are sympathetic, or at least not hostile, to people whose only fault is not being born there.)
So what do you propose that the police should do? Arrest everyone and keep them in custody several days until they can check them all? Break a legal protest on the excuse that some people in that protest might be illegal immigrants?
Yeah, that excuse will soo come in handy next time when people protest something. Give that idea to Bush while you're at it: I'm sure he'll love doing that to the next anti-war demonstration. Hey, there _could_ be illegal Mexican immigrants or some wanted terrorists in that demonstration. Must make sure.
If you really believe that burying democracy alive is the right way to gain some vague promise of safety, you're so mistaken it's not even funny.
Or how about the common sense of being tactful there? You propose, what? That the police clashes with an already agitated group of demonstrators, to show them who's boss? Yeah, way to go to turn a peaceful demonstration into a riot.
So you're telling me, what? That unlike you, someone in the French police actually had a brain?
Briefly: put down the crack pipe, join a 12 step program, or see a competent surgeon about having your head removed from your ass.
A polar bear is a cartesian bear after a coordinate transform.
Tinfoil hats on. Has anyone noticed that in all public announcements about biometric passports there always is a stress on a fact, that biometric data will be kept on the passport? What's the point of keeping your fingerprints in peace of plastic that you present to some officer with a hand that has exactly the same fingerprints? I think the big secret here is that biometric data in the long run will be kept on the passport AND in some big government-and-who-knows-what-else controlled database. That's what's scary.
yep. just do it. We won't check your ID, neither any biometrics.
*squeak*
I mean it is clearly labelled "Carte Nationnale d'identite", did my mayor office cheat me and sell me a fake non existing national ID [naaaah] ? Or are you talking about things you do not know at all [most probable].
First and foremost THERE IS A NATIONAL ID. You are not forced to have one, but if you sign checks, I recommend you to have one or have a driving licence. Else you are SOL. Try giving a check with a birth certificate I wish you fun. Second you cannot be controlled at will, this is incorrect, but you CANNOT refuse to be controlled and this can happen anytime, anywhere if the procurator made an authorisation for this : " Contrôle d'identité de police judiciaire Le contrôle d'identité de police judiciaire est pratiqué sur instruction du procureur de la République pour la recherche d'infractions précises, dans des lieux et pour une période déterminés. " quote from a link from another poster.
So it is not at police DISCRETION but only on order of procurator in some specific cases.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
You all DO realize, the EU members are doing this because YOU MADE US do this?
Frigging hell, -my- governement (Dutch) has now mandatory ID, biometrics is planned for the next Passport version.
It is all done in name of "traveling to the US otherwise requires VISA and thats a bummer" and "Terrorism, you know", but in the meantimne it has been used against me for having my dog walk on grass without a leach, and to snap me up crossing the border INTO The Netherlands for a passport check, we supposedly do not have (Schengen Accord).
We increasingly live in a very controlled state.
Hello all,
Just a little comment to point out that the last line of the article is dead wrong, in France we HAVE to carry an ID at all times and the police can ask for this at all times, if you don't have it with you then they CAN (meaning they don't HAVE to) ask you to follow them to the police station.
Of course the main difference with such a system in the states means that our police and law enforcement system is controlled by sensible people and not mindless robots so they know who and when to bring "suspects" to the police station.
I guess this is just another example of US "federalism" where each state is fighting not for the common good but just to keep it's little power and so they can issue THEIR drivers licence and have THEIR laws and so on, and it gives you funny elections where the opinion of the people of texas and california and new york are not counting because they are already "won" (or lost depends where you're standing) to this or that party while the main focus is Florida or Ohio or any other place, this system is a FANTASTIC opportunity for lobbyism.
As a final point I'd like to repeat the comment of french police when people show their driver's licence as ID "It's not a ID, it's a paper saying you are allowed to drive, it does not PROVE your ID", and in fact the name says it all "driver's licence" or "ID card", which one is the IDentification document ?
Sometimes centralism is good, for ID and for laws at least.
Wouldn't they already be caught by the current system?
;)
If I recall correctly you are asked upon entry to the US whether or not you plan to commit any terrorist activities during you visit. Any honest terrorist should answer that truthfully, but maybe it is only used for statistics?
The UK government isn't going to bother with parliament anymore - they're going to bypass it: http://www.theregister.co.uk/2005/04/12/uk_passpor t_fingerprints/
God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
It wouldn't, at least as long as the borders are open and nobody checks your ID for internal travel.
I just got back from a week in Paris. The "immigration" officer barely even glanced at my passport, and definitely did not scan the OCR strip like every other country I've ever visited. They didn't even stamp my entry until I handed them the passport a second time and requested one (I cut out the stamps and put them in my photo album once the passport expires).
This already comes to 32% of the adult male black population (and 8% of adult male whites) although females are not generally in the database.
Of course the government's dream is to tie this all in together (with supermarket loyalty cards chucked in, if you take a David Blunkett quip that way) to get files on each citizen that would make the Stasi envious (much easier to data-mine when its all digitised). If they could get face recognition technology to work with the dozens of cameras on each central london street they would be even happier...
If the card will be used in the absence of fingerprint or retina scanners that could verify the biometric data, what's the point of including the biometric data?
Biometrics are supposed to transform some physical characteristic of your body into a number that can be used to retrieve a database record. That number could also be printed on your ID card, so a biometric scanner would be able to verify that you were the owner of the card. But biometrics can't authenticate the rest of the card's contents, and they certainly can't provide a secure mapping between you and your database record in the absence of a scanner.
There is no good reason for including biometric data on ID cards - biometrics are an alternative to ID cards, superior because they can't be forged or stolen. A card with biometric data is a card with a false sense of security. Without a scanner you'll never know if the card is stolen; if you have a scanner you don't need the card. Either way, the card is useless. The only reason for including biometrics on an ID card is to justify the collection of biometric data from large numbers of people in order to construct a national database. (Or as the synchronised progress in the US, France and the UK suggests, an international database.)
The Tories may have avoided the issue in their manifesto, but Michael Howard is personally in favour of ID cards and tried to introduce them in 1995, while Ann Widdecombe voted for them in 2005.
ID + fingerprint = something you have + something you are
How is this better than 'fingerprint = something you are'? How does adding an insecure card to a (hopefully) secure biometric increase the security?
Put an expiration date in the card, and digitally sign it together with the fingerprint data.
Revoked IDs can be downloaded off-line. The average size of the list would be (lifetime of the card in years) * (numbers of revocations per year), i.e much smaller than the whole list of valid IDs. In an online system, how would you expect airport screeners to deal with telecom failures ? Keep everybody waiting in line ?
Of course we are discussing "the right way" here. Governments and vendors can still screw it up.
How is this better than 'fingerprint = something you are'
The more factors you check, the better (for security, not necessarily for human rights)
Something you are (biometry)
Something you have (badge, ID, smartcard)
Something you know (password)
an insecure card to a (hopefully) secure biometric
Cards do asymmetric cryptography.
Biometry is public-key cryptography (as in "public domain"). Identification, not authentication.
If you're a minor your parents must be informed.
They can't hold you for more than 4 hours.
Ok, so it can be rather annoying, but in practice they just ask you to come to the commisariat the next day. Unless you're a young north african man of course.
Watch this Heartland Institute video
I tried this like 15 years ago, when "morphing" was all the rage: morph mug shots of two not too dissimilar person.
The resulting picture looks like a legit photo ID to someone who doesn't know both persons.
Surely it doesn't matter if the "key" is public knowledge, as long as no-one can copy or forge it?
It seems to me like you need something far more secret than biometric data to keep your identity private. (In addition to a hash).
Flashing your pinky is definitely more convenient than spelling your name or getting a card out of your wallet. But that's identification, not authentication.
And are you certain that nobody can pick up your hair from the pavement, clone it in their kitchen, then spray it at a crime scene ?
In related news, hand-transplant surgeons, fearing that their profession might become illegal under the proposed biometric ID plan, are protesting worldwide.
I'm not saying that biometrics are perfect, but the point is that regardless of how fallible the biometrics are, cards don't increase security if they're validated by the same biometrics. If you can forge a fingerprint, a digital signature that authenticates the fingerprint you just forged doesn't fix anything. If the biometrics are broken, the card is also broken. If the biometrics aren't broken, the card is redundant.
Yes I agree, the id system would be very useful after a terroist attack -
With an integrated id tracking system you would also have records of all financial transactions, all email, phone calls, web browsing, tax records, health records, employment records, education, access to public services, car registration number, periodicals suscribed to, cctv cameras walked past.
You could pretty soon identify all the people that the terrorist had ever met, been to school with, worked with, played football with, eaten in the same resturant as - and you could immediately start reading these peoples email and arranging for their future interrogation after arrest for minor traffic offenses. You could even pay their neighbours to spy on them! In fact you could do anything that the Former East German Stazi did - only better!!
People forget the cold war when it was a battle between an ultra leftwing communist totalitarian regime - USSR and an ultra right wing democratic totalitarian regime - USA. In those days it was often difficult to distinguish between the madder aspects of State power in the two camps. However it was posible to complain and remove ones own worst transgressions because you could point to the other side abusing that power (at least from the democratic side as we found in the UK when the stop and search SUSS laws were abolished). Now this comparison is no longer possible and stupid bureaucrats are implementing all of the worst nightmares of totalitarian state control with hardly a complaint being raised. In fact if you do complain the thought police accuse you of not being patriotic.
On the other hand since no one looks likely to complain I look forward with enthusiasm to reading and laughing about newspaper scare stories about the weekly jailing of hundreds of innocent people who are victims of faults in the id system - after all they deserve to rot in gaol for not paying more atention to what their governments are up to.
Facts are history now plebs have politics for religion on social media.
evidenced by the airline industry reeling to this day after 9/11.
I don't think the industry is 'reeling'. Some airlines are still in financial trouble, but this has nothing to do with 9/11 as they were going to the crapper anyway and their downfall was delayed by the massive subsidies given to airlines. In fact, I seem to recall reading recently that air travel levels (as measured by total passengers) are at the same levels as prior to 9/11 and are projected to increase.
There are two independent things you can do with a digital ID card.
It doesn't matter if the card can be copied, as long as signatures cannot be forged.
As you point out, authentication is still based on biometry only. But as I explained, this avoids the requirement for an online database.
Presumably such cards cannot be copied too easily. And you can forge a card containing whatever keypair you want, but you can't forge the certificate unless you know the private key of the government.
The system still needs to deal with attacks where the scanner only sees a dummy card which somehow relays the challenge-response to a legitimate card plugged in some trojaned PC.
The combination of both techniques should be pretty effective if you ask George Orwell.
Can the biometric data be hashed and the hash used for verification instead?
The company that I recently worked for makes and sells a fingerprinting system (aka AFIS or Automatic Fingerprint Identification System). It takes input from a fingerprint reader, which is really a special black and white digital camera with a fixed focus, something like this. The software identifies the X,Y coordinates of the specific areas of the fingerprint image, such bifurcations, ridges, furrows and stuff (maybe a fingerprinting expert can help me out here on the details).
The software creates a hash of the two dimensional relationship between the various X,Y coordinates. Here in Hungary if more than 19 of these points match up with a fingerprint taken at a crime scene, you go to jail. That is enough evidence for conviction. The software takes the coordinates of dozens of these areas of interest and can match even partial fingerprints (and palm prints) very quickly, since the search involves comparing short text strings, rather than multi-kilobyte images. As the software analyses spatial relationship rather than image data, it does not matter whether the partial fingerprint is rotated - the relationship between the points stays the same.
FYI, my right thumb's hash was 186 bytes long - that's 1488 bits. 2^1488 is 8.56 x 10^447 (if my maths is correct). My fingerprint is unique indeed. BTW, the 186 bytes is just raw data, no header information.
I wish I still had access to that marketing document where I had a screenshot of my right thumb's hash, I could paste the ASCII text in here for you all to see (hey, the US Government already has my fingerprint on file since the last time I visited Dulles International Airport, why shouldn't you?). Besides, without the actual fingerprinting code, the hash wouldn't do you much good, now, would it.
No, I'm not selling $FINGERPRINTING_SOFTWARE anymore, so don't ask.
To answer the parent's question, the process used in our case is strictly one way. A new fingerprint is hashed and then compared to stored hash(es). There is no way to reconstruct the orginal fingerprint, because all the image data has been thrown away and frankly, it's better this way. Fancy graphics look nice in the mooovies, but are a real pain when it comes to finding a match out of a population of a million fingerprints (and that's a small subset of the national population, since the majority of people have ten fingers.)
Alas, I don't know how the competition does it - probably something similar, though. Yeah, I know, "in post-Communist Hungary, the print fingers YOU!", etc.
Biometrics can't be measured consistently. This makes them useless for identification, as there will be unacceptable levels of false positives or false negatives (or both) depending on the matching tolerance.
Biometrics are supposed to authenticate the holder, not the card. The information on an identity card should be digitally signed by the issuing authority, and the signature should not be too difficult to verify (though revokation lists may pose a problem, depending on how large they grow).
Not only are you overrating the reliability of biometrics, but you seem to be assuming that every identity checkpoint will have online access to the identity database. I don't think that's a sensible design. Although I wouldn't be surprised if the control freaks and IT cowboys behind the government ID card schemes would try to do things this way.
I'm not sure if that post was insightful, interesting or informative or all three. Nice work, please continue the research as it could turn out to be a damn good mainstream press story.