Biometric Passports

sliabh

The chips would be read only.

There is information out there on what the US ones will have. But I can't find anything on what is planned for the EU ones, or whether they will be RFID at all.

DoesNotCompute

I think this report may be of help to people.

Although I think that biometric-enabled-passports might be a useful for confirming that someone is the person who actually applied for the passport, I don't see how this will stop fradulent biometric passports being issued. All someone needs to do is get their hands on a fake birth cert/adoption cert/naturalisation cert/whatever, and it doesn't matter how much biometric data is inserted into their passport. The person may have unique fingerprints/retinas/dna/whatever, but they can have as many fake supporting documents as they need to get as many passports as they want.

Unless, of course, they issuing body has a check in their system to make sure that a person with that specific biometric data doesn't already hold a valid passport. Having read over my post it seems that such a check would be sensible and any body issuing biometric-enabled passports probably would be diligent enough to perform such a check before issuing a passport. :rolleyes:

Also, I for one don't like the idea of my passport transmitting unencrypted data about me for all to read.

Captain Trips

Fact 1:
In biometric information, you, the honest and relaitvely law abiding citizen cannot change your iris, fingerprints or DNA. Data of these stored electronically as we all well know is about as secure as anything else electronic: it isn't. Once it's electronic, you exist purely as a data identiifer.

That is you. Anyone can replicate this data should they choose to, and commit crimes, steal money electronically, prove that you are who are when you go to the undoubedtly forthcoming iris/fingerprint/whatever ATM.

At the moment, you are still you. When you are electronic data, you can be commiting crimes anywhere and be detained simply for any reasonably intelligent criminal duplicating your "innocent" data and using you to commit the crime - be it financial fraud, bombing an airplane or anything else that require "electronic you" to be verified.

So the result, inevitably, will be that the real human flesh you will kick and scream and shout but the police will pretty much believe electronic you robbed the ATM, bombed the terminal, stole credit card data and so on.

So the result of Fact 1: you no longer have jack **** rights. You are guilty until proved innocent.

I don't yet have a Fact 2. (!). All I'll say is that we are not under threat of terrorist attacks. We as in Ireland. If you want to go to the US, sure give them your data, make them happy. But I don't want to and won't go so I don't want a biometric passport. I'll get one if I ever go there again. Surely we should have the option and not become a vassal state of the US.

EDIT:
Fact 2 (I knew it was something important!)
You can changed you ATM pin, get a new passport if one is stolen, get a new mobile, etc., . You cannot change your fingerprints, iris, DNA: once it's stolen or compromised, that's it for you and welcome to *more trouble than it's worth* territory.

Gurgle

Heard about this on the radio the other day, they were talking about storing a digital photo of you on your passport rfid chip.

This could then be compared to the stuck-on, stamped, embossed, laminated picture already there. So one part of the passport you carry can be compared to another for security purposes. Are terrorists really so badly informed that they won't know about the RFID chip in their stolen and modified passport ?

It would be waaaaaaay easier to change the chip than to change the photo.

There was also the idea of storing fingerprints on the chips, same story. All you would have to do is put in the fingerprints of the person who is going to be using it.

It all reminded me of the identi-eze card in the Hitchhikers guide.

Total waste of time, effort and money. Being Ireland, it will mostly be a waste of money. Expect to pay well over €100 for your first identi-eze passport, as it will include a €3 RFID chip.

arcadegame2004

I think this is a good idea. It would help combat the rampant use of forged passports to get to Ireland. Let's see them try to forge a chip!

bonkey

arcadegame2004 wrote:

Let's see them try to forge a chip!

And once again, just as with e-voting, the mystique of technology gives a false sense of security...

jc

seamus

bonkey wrote:

And once again, just as with e-voting, the mystique of technology gives a false sense of security...

jc

That's one of the main security issues with this kind of thing. Like fingerprinting, people make the mistake of assuming because it's high-tech, it's foolproof and reliable.

Hobbes

arcadegame2004 wrote:

I think this is a good idea. It would help combat the rampant use of forged passports to get to Ireland. Let's see them try to forge a chip!

Chips will be easy to forge. They are simple RFID chips. Duplicating the most easy. Creating new ones would be totally useless to do though, apart from a DB checkup they would most likely have some form of checksum+trap number system built in.

But unless they are going to take your DNA/fingerprint there and then the system isn't going to make you any more safer.

Gurgle

Hobbes wrote:

Chips will be easy to forge. They are simple RFID chips. Duplicating the most easy.

yup.

Hobbes wrote:

Creating new ones would be totally useless to do though, apart from a DB checkup they would most likely have some form of checksum+trap number system built in.

IMHO, there is no chance of them implementing an international database, the idea with the tags is to just copy whats in your passport in print, i.e. photo, height, hair colour etc.

Checksum / encoding / trap numbers - I give them a week.

Every country in the world would have equipment at their airports to read the tags. The security would last until somebody smart got a good route around inside the equipment.

In a word, pointless. Yet another exercise in increasing the 'feeling' of security without actually improving security.

Gurgle

Arcadegame2004 wrote:

I think this is a good idea. It would help combat the rampant use of forged passports to get to Ireland. Let's see them try to forge a chip!

You may have heard of the PlayStations 1 and 2 ?
How about network locked mobile phones ?

Chips are way easier to copy/forge than photographs and much much harder to spot.

Incidentally, how many forged passports have been used to get into Ireland ?

arcadegame2004

The comparison with PS1 and 2 is silly because each PS does'nt have its own unique genetic makeup or isis.

It will certainly be much harder for your average immigrant to forge a chip containing details on iris DNA than simply using a printer and scanner to create fake passports.

bonkey

arcadegame2004 wrote:

The comparison with PS1 and 2 is silly because each PS does'nt have its own unique genetic makeup or isis.

Neither do RFID chips.

arcadegame2004 wrote:

It will certainly be much harder for your average immigrant to forge a chip containing details on iris DNA than simply using a printer and scanner to create fake passports.

/raises his eyes heavenward

And as we all know, printers and scanners are how fake passports are created, with their textured surface, special paper, plastic laminate sections, embossed printing, and so on and so forth.

Seriously dude....are you making this stuff up as you go along? All you're doing is showing how little you know about the existing system, the proposed system, and how the differences will actually make any difference.

jc

Gurgle

arcadegame2004 wrote:

The comparison with PS1 and 2 is silly because each PS does'nt have its own unique genetic makeup or isis.

It will certainly be much harder for your average immigrant to forge a chip containing details on iris DNA than simply using a printer and scanner to create fake passports.

OK, just to clarify:
- Your Iris does not have its own DNA.
- There is no possibility of your DNA being put on a chip in the near future.
- They are talking about putting your photograph and biometric data on an RFID chip and burying this chip in your passport. Biometric data means height, weight, hair colour, eye colour. Its a double check with the print
- Digital data is much easier to copy/replace/edit/forge than analogue data (like a photograph)
- Within months of the PS2 being released, there was a chip available which allowed it to boot from the chip and play from a CD/DVD without a boot sector. That would be much harder to do than to make an RFID chip with a particular persons data on it. Trust me on this.
- You can't make a false passport with a printer and scanner. (Well you could but it would be spotted in a fraction of a second)
- You can make a copy of a chip which couldn't be identified when compared to the real one. This is much harder with a photo.

It would just add one more step for the passport forgers to do, and not a difficult one at that.

Capt'n Midnight

sliabh wrote:

A lot of the guys organising the September 11 attacks were known, but travelled on false documents. This would have been much harder for them if they had to have passports with biometric data.

Just two points,
A - AFAIK those on the planes had valid documentation
B - passports weren't needed for internal flights in the US

Lets not forget that our Government were selling Irish passports to people who had lots of money and shady backgrounds. Supprised that Osama didn't sponser a couple when he was a just a rich business man with CIA contacts.

AFAIK the RFID tags will only be in the higher denomination notes at first. And this will put more pressure on the US dollar in its current printed by bank of monopoly format, you want to print €100 bills, watermarked paper of the exactly correct size and feel won't cost more than a $1 ... Point here is that nearly half of all US treasury notes are held by foreign nationals, you can imagine the scams and indentity theft that will happen when they try to exchange them for any new ones - remember the fuss over changing large amounts of £'s to €'s , there is going to be an awful lot of motive for identity theft by people who aren't concerned by US laws in the foreseeable future.

For credit references only the last three addresses are used, so scamsters can simply stay on the move, homeowners don't have this option and so can have major problems when blackballed by micky-mouse lenders. Extrapolate this to biometric ID theft and a lot of innocent people will suffer.

Thin foil wallets should be a big seller.

Anyone ever see "Diamonds are forever" , forget Rohypnol - that stranger offering you a drink could be after your fingerprints. "Never say never again" can Iris scanners be beaten by contact lenses ?

SKY hav a fairly good encryption system , but the heart of it is that they can reprogram/reissue all the cards anytime and they have full control of the production of the card readers. But they would only reissue the cards if the whole scheme was so cracked that there was a serious threat of loosing revenue. In a biometric scheme no one is going to reissue all passports just because a few people have problems.

Gurgle

The problem with international travel is that nobody has a database with everybody's passport details on it. AFAIK, a forged passport is a genuine stolen one which has been very carefully modified, in minute detail, to change the picture, the name and other details. Airport security look at thousands of passports a day, they can spot a forgery a mile off.
Having done the hard work, you could run a 0.1mm drill through the embedded RF tag and insert another programmed with the details of the 'new' owner. The same airport security staff scan it, the computer says its fine, they're happy its fine. Actually this would make the whole system less secure as this would be seen as a double-check.

TheChameleon

While having information held on passports etc is essential for travel-security i agree that RFID should not be used. It makes us individually identifiable to any scanner we may pass by. While trying to avoid Hollywood references it brings us very close to a Minority Report scenario where by carrying ID Cards (what may very soon become mandatory)or passports containing RFID strips (these can be places in the visa stamp on your present passport), shops, pubs etc can record the frequency of our visits, our image and purchases made with our SMART card which doubles as the ID card.

We Irish are not techno-phobes, it's simply a question of privacy. The Hollywood fantasy is now a reality and to prevent it materialising people need to be informed re. what they are conceeding to. The government furthering our position as a nanny state or by conforming to US standards bringing us ever closer to being that 51st State. Just because the US feel free to monitor the location and every movement of every citizen we should not allow this here. Simply by not allowing RFID features on ID documents. There are plenty of other options which require our consent e.g. passing the ID through a card reader. It's no less primitive and should you not want someone to know your movements you don't have to offer your card.

MadsL

AG2003 wrote:

simply using a printer and scanner to create fake passports.

Ahem...


Earth calling.

Hobbes

Why are people getting worked up about this but not this..

http://www.eetimes.com/story/OEG20011219S0016

(animated Advert) "Hi there! I see you have 200 euros in your pocket, You have just enough to buy our new DVD player and have change left over to eat in McDees".

sliabh

Hobbes wrote:

Why are people getting worked up about this but not this..

http://www.eetimes.com/story/OEG20011219S0016

It might be because this is a story that is more than three years old and is something that is not going t happen. There has been mention of it in the past but as far as I know it is regarded as not feasible and there is no power within the EU looking for it.

RFID chips in passports is very real though. This will happen before the end of the year.

Anyway. I think I have the answer to the question that I asked originally, there is no org working to lobby against this in Ireland.