NIST Standards for New Biometric ID Card Published

rts008 writes "eWEEK is reporting that NIST has published the biometric data specs on the new Federal ID cards for employees and contractors that will be issued in October. From the article: 'Specifically, the guidelines state that two fingerprints must be stored on the card as "minutia templates," mathematical representations of fingerprint images. [...] Guidelines require that all biometric data to be embedded in the CBEFF (Common Biometric Exchange Formats Framework) structure. This ensures that all biometric data will be digitally signed and uniformly encapsulated. This format will apply not only to PIV cards, but also to any other biometric records kept by federal government agencies.'" The published standards [PDF] are also available from the NIST web site.

Implications for British ID cards?

[pjt33]

Maybe this will kill Tony Blair's "We have to have biometric ID cards first so that we can create the de facto standards" argument. Or maybe that's wishful thinking on my part.

Re:Implications for British ID cards?

[mu-sly]

"I still think that they are useful for stopping low level crime if they are linked to a national register of fingerprints and DNA"

Well, you might as well have said "I believe turning the UK into a police state would be useful for stopping low level crime" - because that's what this amounts to.

So what if ID cards can stop low level crime? Why should it be at the expense of the liberty of the rest of the millions of completely innocent, law abiding people living here?

We wouldn't accept CCTV in every room of our homes - even though it would help catch all kinds of domestic violence, child abuse, drug dealers, bomb preparation and so on. We wouldn't accept the government locking us in our homes and selling us a key, every time we wanted to go out - even though that would undoubtedly help cut crime, since people would think twice before leaving the house, so less people out (and the government keeping track) = less crime. We wouldn't accept tracking devices under our skin, even though it would help the police work out who was in a specific area at a certain time and identify potential suspects.

The fact is: being good at stopping crime is nowhere near a good enough reason for having ID cards, especially when they come at the expense of our fundamental liberties.

So they would be good at stopping low level crime... so was Saddam Hussein's regieme!!

If we give up our freedom so easily, remind me what exactly it is that we're trying to preserve here? Because the way I see it, ID cards just cut off our nose to spite our face.

I think the government are going to find out one way or another that the British people (at least, enough of them to completely thwart this system) will not give up their liberties on the back of such a flimsy argument. I for one will take bankruptcy and jail over ID, any day of the week.

I'd rather live with the possibility of encountering crime in a free country, than be locked in a completely safe government-enforced cotton wool wrap in a police state.

You can put a gun against my head, and the answer is still "no fucking way, not now, not ever"... Defy ID!

Fingerprints?

[Old+Spider]

But... fingerprints can be stolen. How does storing someone's fingerprint on these cards make them better than any other form of ID? If the image of your fingerprints is on the card, then anyone who has stolen your card can make fake fingerprints... and likely a fake card with thier photo on it and with your fingerprint data. I mean, if they stored your retina patterns and maybe even a snapshot of your brain structure, then I could believe these cards are worth the trouble, but something tells me these new cards are nothing more than a way for whomever is making them to get some government cash by way of a false sense of security. What a joke.

Re:Fingerprints?

[cdrguru]

Making "fake" fingerprints isn't all that simple.

Sure, if you need a fingerprint that withstands some sort of cursory optical examination, that can be done without too much trouble.

But, if they are actually using any of the better techniques, like a guy with an ink roller or a sensor that isn't optically based, you can forget about faking it.

Actually, even just having someone watching as your fingerprint is read is going to deter about 90% (maybe 99%) of fake attempts. You don't get to use a fake finger or most things on your finger if someone is actually watching and looking for that. Not 100% certain, for sure, but nowhere near as weak as you seem to think.

Re:Fingerprints?

[MrAnnoyanceToYou]

Unfortunately, as soon as fingerprints are on cards, along with other biometrics, the cards themselves become much more trusted. One of the dangers of security is the appearance of things being more secure than the actual method. Ergo, much more trusted despite only marginally more effective security. This means that when you get the key to the castle, you have one to all the doors. Not good. This is a case of the added value of having such identification on a card being trumped by the reality that if someone gets their hands on it and the ability to use it your financial life is not going to go well for a seriously long time.

Making a security system more complex does not disallow it from being broken, it simply puts more complex holes in it. The reason anyone wants biometrics on a card is to take advantage of the gathered information, and has nothing to do with wanting more effective fraud reduction.

Re:Fingerprints?

[Reaperducer]

But... fingerprints can be stolen. How does storing someone's fingerprint on these cards make them better than any other form of ID? If the image of your fingerprints is on the card, then anyone who has stolen your card can make fake fingerprints

It doesn't sound like they're storing the actual finger prints, but a mathematical representation of them. Which could mean some kind of one-way mathematical hash, like many computers have for passwords. I'm not saying it's perfect, but I don't see how it's possible to take a set of numbers and create someone else's fingerprints. Sounds like someone's dishing out warm steaming bowls of FUD for breakfast.

Why store them on the card?

[EnsilZah]

If i wanted to verify someone's information, i'd rather do so from a secure database rather than a card he gave me.
Or am i missing something?

Re:Why store them on the card?

[joe+155]

well you seem to be putting a lot of faith in the "security" of the database, I'm reminded of those 35,000 or so patient records which were stolen from an employees car which were supposed to be being held "securely"... at least if someone robs your card they only get one person's data... alhtough it'll probably have a coresponding database anyway, in which case they are just creating more potential problems

Re:Why store them on the card?

[Agelmar]

You're missing the fact that the biometric data (actually, likely all data on the card) is signed. Think of it this way:

The issuer of the card has a certificate issued for that purpose. When the card issuer creates your card, they store your biometric information and a signature of that information on the card. If anyone tries to change the biometric information, the signature is no longer valid. Assuming that the certificate uses strong encryption and that the private part of the certificate's signing key is protected (which are both reasonable assumptions), then the data integrity is ensured.

This makes a lot of practical sense. If you want to pull everything from a centralized database, then your readers all have to be networked. This means that each reader next to every door in the building must be networked, and while that's fine for many situations, in some areas it's not practical. With the signed data on the card, the user can present their card which contains their biometrics and access credentials, the reader can verify this locally, and then act accordingly. Of course you still need to have a way to publish the root certificate and CRLs from time to time, but it does give you more flexibility.

Re:New CAC Cards?

[CaptainJeff]

So you want another Common Access Card card? Then you would need another PIN number... :)

India's richest temple has already implmented this

[ravee]

Biometrics is widely used in India's richest temple at Tirupati(which is also worlds richest one). Infact, if the devotees have to get into the temple, they have to get their finger print copied to a database using biometrics and they are alloted a time to enter the temple. This is because over quarter million people daily visit the temple and crowd control is a big job for the administration.

Re:New CAC Cards?

[pedestrian+crossing]

Current CACs have biometrics. Remember pressing your thumbs on the reader when you got it?

Brilliant idea!

[David+Horn]

I know, let's make people carry around a card with copies of their fingerprints and retinal scans on it. You know, just in case they forget to bring along their hands or eyeballs.

I am more concerned

[binkzz]

That one day these will be mandatory, and that they will be placed as a chip under the skin of the hand or the forehead. If you don't have one of these chips, you won't be able to pay for anything or even buy food.

Re:No thank you

[mcheu]

According to the description, this card is for a new government employee ID. I'm Canadian, so I don't know for sure how this is for the US, but up here, if you work for the government, your government department is already going to have a lot of your personal information. While it's not required for all public service jobs, some positions require to get at least a minimal security clearance, and depending on how high a clearance you need to get, you might get fingerprinted. The only thing new here is that they're encoding all that digitally onto your staff ID card.

It should be rediculously easy to avoid getting one of these cards: Just don't apply for a government job.

4th Amendment violation?

[Antony-Kyre]

I'm not so sure if it's legal to mandate that the employees give up their fingerprints like that.

Below is the part of the 4th Amendment in which I am referring. Aren't our fingerprints considered to be part of our property? Isn't mandating that they collect our fingerprints without being suspected of a crime an unreasonable search? (It's one thing to do a background check and ask for fingerprints. It's another thing to require your fingerprints be on a card you have to carry around.)

The right of the people to be secure in their persons, ... against unreasonable searches and seizures, shall not be violated,

Re:4th Amendment violation?

[NewbieProgrammerMan]

I'm sure there's a good chance that the 4th amendment can be reinterpreted by the Supreme Court to find that the federal government is empowered to require almost anything of federal employees. And an even higher chance that a team of federal lawyers can write reams and reams on how there's nothing to worry about unless you're a terrorist.

<dons flame-retardant suit>

Of course, even if it doesn't officially get interpreted that way, US Presidents seem to be able to get away with doing things that they aren't empowered to do (except receive blowjobs in the Oval Office and tell G. Gordon to break into Democrat headquarters). After all, it's just a goddamned piece of paper!

Static bad; biodata static :. biodata bad.

[Errandboy+of+Doom]

Aren't static keys always inferior to dynamic keys?* (Isn't that why we're supposed to regularly change our passwords?)

Isn't biometric data static?

So why is anyone interested in biometric security?

Isn't it (perhaps counterintuitively) an inherently insecure means of indentification, by its very nature?

I must be missing something.

*(Maybe this is because anything can be duplicated and forged, given enough time. Changing your key a lot makes forging impractical?)

Re:Static bad; biodata static :. biodata bad.

[maxume]

Simply, this is better than a card without the fingerprints. See:
http://it.slashdot.org/comments.pl?sid=176330&cid= 14646699

for why it is more 'trustworthy'. As long as the data is signed and the data stored isn't sufficient to generate fingerprints from, a biometric card like this does a pretty good job of ensuring that the card was issued to a person with matching fingerprints.

As far as biometrics providing 'static' versus 'dynamic' keys, if the card stores a salted hash of the actual data, then the keys are dynamic enough to be re-issued. New salt every month or whatever, for newly issued cards. As long as your secret sauce^h^h^lt stays secret, it's fine.

How sure you are that only authorized cards are issued(how secure is your trust mechanism) isn't really part of evaluating the card. It might make the card impractical, but it doesn't change the fact that it is better.

Identity is *hard*. I like to think of my drivers license as a symbol of the fact that the State of Michigan believes I am who I say I am. Other peoples drivers licences are either symbols of the same, or that they were willing and able to pay to fake it. I know I am me, and I know I obtained the license, so I don't have to make the exception for mine being fake. You still do. It is still useful to issue them, as it allows other people to say 'Michigan is careful enough that I can trust that card this much' and use it as my identity with lower risk(probably) than just using whatever I say.

Re:Fingerprints- Come on read the summary at least

[ScrewMaster]

So, if I were a secure cow, would that be a roast beef or a corned beef hash?

Cripes, it's way past lunchtime ... no wonder I'm thinking about food.

Are you a "federal employees and contractors"?

[Browzer]

If you are, how is this any different than for example the generic attire/monkey-suit your employer expects you to wear?

If you are not a federal employee and/or contractor, please have a sit and keep your mouth shut.

Thank you.

P.S. Why does everything on slashdot has to be blown out of proportions?

Social Engineering

[Doomedsnowball]

Shoot... people are still the weakest link in any security system involving semi-intelligent primates. Even if TFA is talking about merely ID'ing someone accurately, there will always be a system to circumvent "the system."

Because you cannot forget it.

[khasim]

The only advantage biometric data has is that the user cannot lose it or forget it.

Other than that, if someone is watching you authenticate, it might be possible for them to see you using a fake finger or something.

Minutia Templates

[Epicyon]

What is being stored is the mathmatical representation of the fingerprint, not an image of the fingerprint itself.

It is not possible to recreate the image of a fingerprint from the template.

Re:Are you a "federal employees and contractors"?

[Reaperducer]

P.S. Why does everything on slashdot has to be blown out of proportions?

Because whether the information is right or wrong, Slashdot makes money on the page views. They're not the drug dealer. They're not the cop. They're the informant that makes money from both sides.

Project website

[Midnight+Warrior]

For those seeking to follow the actual PIV program for federal employees/contractors, check out their home page.

Re:No thank you

Well that's great if you dont work for the government or work as a contractor. But if you do, like me, it puts you in a terrible predicament. I've been a contractor for several years now, and have talked with my contracting officer about this extensively in the past. He said he won't make me do it,and that he'll resist doing it himself (he's a fed, I'm a contractor). If worse comes to worse, I'll just quit. My job has nothing to do with national security or defense, there's no need for them to have this data about me any more than they would need it from any old citizen. I don't get it, and I won't play.

Cart before the horse

[schwit1]

This card is supposed to contain fingerprints as an important part of ensuring a person's ID, but as far as I know there is NO federal standard for matching/comparing fingerprints. The boondoggled Mayfield case should be proof enough that as fingerprint IDs are not ready for prime time.

Lessons From The Brandon Mayfield Case

Re:No thank you MOD UP

[drDugan]

The world needs more people with your understanding and convicition. I too will not be getting another passport (when my current one runs out) or any biometrically - linked ID card if the current trends continue. I will chose not to drive to avoid this.

This is yet another example of where technology advances will support inflexibilty in rule enforcement. (other examples include red-light camera, DRM, etc.) In each example, human judgement is being taken out of the loop in the enforcement of a particular rule. Next it will be a machine that decides if you are who you say you are, not a person looking at you, knowing you, or judging the picture on a badge. This is yet another hook in someone that brings us a step closer to the possibility of tyranny.

As long as all the rules are fair, equally enforced, and democratically supported -- then there is no problem with machines enforcing the rules. The problem is that more often than not, none of these factors apply and rarely do any of them apply. Rules are often created arbitrarily by property owners / corporations (like EULAs), supported by small fractions of the people they affect (speeding laws), or simply conflict with other accepted rules (copyright/DRM and fair use).

Re:No thank you

[drDugan]

Just don't apply for a government job

Sorry, it's not that easy. Two problems with this. First, the class of workers that work for/in the gov.t is a huge group, and we have every reason to believe that this class will grow in size.

Second, you run a slippery slope accepting things you disagree with, even if they don't affect you personally. If it's OK for gov't workers, next it will be OK for everyone. Next everyone will need a biometric ID to use a bank, or travel. Next if you have an outstanding issue with the government, -- oops, no money, can't travel, you're outta-luck buddy. Next Canada will say -- it's OK in the US, we should do that here. etc etc etc...

Re:Quality of the card is irrelevant

[Intellectual+Elitist]

> Why would I try to crack the card when I could just offer a small sum of money to the nice lady working the security desk, and making the cards? Or if she's got too much integrity for that, I suppose I could just kidnap her son/daughter? I'm quite confident she'd make me a card then.

Because the PIV system is designed so that a single corrupt person in the chain can't wind up issuing a valid credential. The person who sponsors your application is different from the person who collects your biometrics, who's different from the person who puts together your physical card, who's different from the person who checks your biometrics against the final card and issues it to you. You'd have to bribe at least a couple of people in that chain in order to get an illicit card that actually worked.

Re:How does this prevent fake IDs?

[Intellectual+Elitist]

> What stops me from making a fake ID card, that says I'm somebody else, but with MY fingerprints encoded in the card.

The fingerprint minutiae templates are digitally signed and protected by a PIN, and the cards are only issued by approved PIV Issuers who have to get all of the data used on the card through a secure network that you wouldn't have access to. And even if you did, you'd have to corrupt at least two of the major players in the issuance process in order to create a fake card.