Electronic passports might not measure up
Results 1 to 6 of 6

Thread: Electronic passports might not measure up

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Electronic passports might not measure up

    God lord! The potential for abuse -- from a privacy standpoint to blantant hiding of one's true identity -- is huge. One of the biggest problems is that this depends on EVERY nation adhering to this 100%, whatever standard is used (smart card/RFID or biometric). The problem is that there is no cross-certification of individuals. Trust built up between nations (e.g., US/Canada border) has long been used as sufficient proof.

    Perhaps we should just take a DNA sample of everyone and be done with it... except the database could be compromised and altered.

    A no-win no matter how you look at it.

    Even if biometrics are used, what about the FAR/FRR? One site suggests it's as high as 43% FRR . And I know that iris scans have the lowest and can have a decent acceptance rate. Has there been enough testing of the technology to ensure that it truly has a low FAR/FRR and can adapt to changes in humans (my face has changed over time due to braces and other cosmetic dentistry as well as weight loss). Maybe this method of biometric isn't the best to use...

    What would you suggest as a good enough unique identifier that could be used when travelling for security and ID verification?

    Source: The Globe and Mail

    The United States hasn't issued any microchip-equipped passports yet, but as the Department of State tests different prototypes, the international standards for the passports are under fire from privacy advocates who worry the technology won't protect travellers from identity thieves.

    The American Civil Liberties union has raised alarms and even an executive at one of the companies developing a prototype for the State Department calls the international standards woefully inadequate.

    The international standards for "electronic" passports were set by the U.N.-affiliated International Civil Aviation Organization, which has worked on standards for machine-readable passports since 1968.

    On the latest passports, the agency has "taken a 'keep it simple' approach, which, unfortunately, really disregards a basic privacy approach and leaves out the basic security methods we would have expected to have been incorporated for the security of the documents," said Neville Pattinson, an executive at Axalto North America, which is working on a prototype U.S. electronic passport.

    As part of heightened security post-Sept. 11, all new U.S. passports issued by the end of 2005 are expected to have a chip containing the holders' name, birth date and issuing office, as well as a "biometric" identifier - a photo of the holders' face. The photo is the international standard for biometrics, but countries are free to add other biometrics, such as fingerprints, for greater accuracy.

    Privacy advocates have complained about the security standards for the passports, but Mr. Pattinson is the most prominent person involved in their creation to express concern that they could become prey for identity thieves if safeguards aren't standardized.

    A slide in a presentation he gives says, "Don't lose the public's confidence at the get go." Another asks, "Who is up for a black eye?"

    The international passport standards call for "a very sophisticated smart card device," that uses a chip and an antenna embedded in the passports' covers, Mr. Pattinson said.

    Unlike cheaper and dumber RFID tags, the passport chips would be microprocessors that could send one piece of information at a time in answer to queries from a machine reader. They could also be equipped with multiple layers of encryption for security.

    The international standards spell out ways the passports could incorporate more protection from identity thieves, but they make those methods optional.

    Under the standards, information on the chip could be picked up by someone who wires a briefcase with a reader, then swings it within inches of a passport, Mr. Pattinson said. Over a greater distance, an interloper could eavesdrop on border control devices reading the passports, he said.

    "There's no security built into it," said Barry Steinhardt, director of the technology and liberty program, at the American Civil Liberties Union. "This will enable identity theft and put Americans at some risk when they travel internationally."

    One rudimentary way to protect electronic passports from identity thieves is to wrap them in tinfoil, which blocks radio waves. A single size Doritos bag would do the trick. Protecting border control agents' readers with a metal shield would protect against eavesdropping.

    The International Civil Aviation Organization and State Department say they're looking at more organized methods.

    The privacy issues "have come up and they are being looked at," said Denis Schagnon, a spokesman for ICAO. "This is a process that is being implemented over the next few years, it is not something that happens overnight."

    One way to fight identity theft is already in the standards, he said: The passports will have built-in encrypted authentication to let electronic readers know they are original documents, not forgeries.

    The international standard "is obviously a baseline," said Angela Aggeler, spokesperson for the bureau of consular affairs at the State Department. "This is something we continue to develop and work on. (Privacy) is the thing that is driving a lot of our considerations. Personal privacy issues are of paramount consideration."

    Other countries are also making the switch to microchipped, biometric passports, at U.S. request. Under the Patriot Act, visitors from 27 countries whose citizens don't need visas to visit the United States will need electronic passports, too.

    The United States originally asked that visitors from those countries have the electronic passports by this October. President Bush in August gave the countries an extra year to issue them; they will be required by next October.

    In testimony before a House committee, Secretary of State Colin Powell said that other countries were finding the switch "daunting," as was the United States.

    The Government Printing Office is manufacturing test passports using chip packages provided by four companies, it said when the contracts were awarded in October. The National Institute of Standards will then test the prototypes to see if they meet durability, security and electronic requirements. The State Department and the Department of Homeland Security are also testing the passports, Mr. Aggeler said.

    One or more companies will win a contract for the passports by the end of the year, according to the printing office's schedule, and the U.S. government would begin issuing them to officials and diplomats starting early next year.

    The companies under contract are Axalto, whose parent company is headquartered in France, SuperCom Inc., Infineon Technologies and BearingPoint, which have been awarded contracts worth a total of $373,000 (U.S.).

    BearingPoint is the only company headquartered in the United States.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    AFAIK the best fake passports are obtained by PRIOR identity theft, so are actually genuine documents that contain FAKE information.

    Obviously, the documents will check out, because they are genuine, it is just that the person is not who the document says they are.

    I think that the tail is starting to wag the technology dog a bit here

    My main concern/objection is that a lot of taxpayer's money could be wasted on something that does not work.

    In the UK our government has a good track record for this.................the DHSS system, our new air traffic control system ........and so on.

    just a thought

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Perhaps we should just take a DNA sample of everyone and be done with it... except the database could be compromised and altered.
    From the little I have read, thats exactly what the Government want to do over here and tie it into a national ID card. How much it will cost will be the stumbling block though, from my point of view.

    As for compomised databases, it seems to me the more our Governments try to tie us all into a global, "electronic data" world. The more our rights, privacy and security are becoming potentualy compromised.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    My main concern/objection is that a lot of taxpayer's money could be wasted on something that does not work.

    In the UK our government has a good track record for this.................the DHSS system, our new air traffic control system ........and so on.
    Nihil, you can add the CSA to that also.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    As for compomised databases, it seems to me the more our Governments try to tie us all into a global, "electronic data" world. The more our rights, privacy and security are becoming potentualy compromised.
    In case no one has been outside the country, other than Mexico and Canada... it's done at a computer terminal. Your passport has been issued and controlled by databases for 20 years.

    The compormised data issue along with the constitutional foundation are the reasons I am against a us "National" id card. But using technology to make a passport harder to forge by adding some elecronic means to store data I already carry on a driver's license isn't a bad thing? We are talking about ensuring our Identity in foreign countries here, not tracking our movements on native soil. That's where a national ID comes in. Not cool.

    \\EDIT And you do all realize this is a United Nations thing?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    Member
    Join Date
    Dec 2003
    Posts
    97
    Addind the electronic components don't worry me too much...but it depends on the implementation. If they add a smart-card like component to it, there's no real concern there. It's an additional means of verification that requires they have physical access to my passport to view.

    The RFID, on the other hand, is a bit concerning...I don't like the thought of someone being able to track me from a distance by the RFID embedded in my passport.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •