Posts Tagged ‘ e-passports ’

Previous entries

New Hampshire to ban biometrics?

Feb 24th, 2010 | By Innovya follow-up | Category: News

By Leischen Stelter – 02.23.2010

CONCORD, N.H.—A bill introduced in the New Hampshire Legislature could have serious consequences for the development and deployment of biometric technology and could also jeopardize public confidence in the technology. HB 1409, sponsored by Rep. Neal Kurk, originated over concerns of privacy, but there is concern that the broadness of the bill could negatively impact the development of biometrics as an important security tool, said Don Erickson, director of government relations for Security Industry Association.

Specifically, this bill dictates, “no government agency or private entity shall issue an identification card, other than an employee identification card, or use an identification device or system, that requires the collection or retention of an individual’s biometric data.” The legislation also restricts the disclosure use of “biometric data as a condition of doing business with, engaging in any business activity or relationship with, or obtaining services from, that agency or entity.”

The legislation would ban all biometrics, including fingerprints, palm prints, facial features, voice data recognition, iris recognition, hand geometry and retinal scans, according to the bill.

If passed, this legislation would take effect on January 1, 2011.

SIA issued a statement saying that banning nearly all the uses of biometrics is an inappropriate response to privacy concerns. “The sponsor was concerned about privacy and the protection of individual privacy” not about issues of security, said Erickson. And, he contends, biometrics are actually more secure than other technologies. “With biometrics, you don’t have a password or a key to lose, it’s biometric information so you don’t have to worry about people stealing it,” he said.

Vijay Kumar, marketing manager for Ingersoll Rand Security Technologies, Schlage biometrics, agreed that biometrics pose minimal privacy concerns. “A lot of people don’t understand biometrics and these situations are based on misperceptions,” he said. “I think people confuse it with the systems they see on TV crime shows.” The major distinction, said Kumar, is differentiating between identification and authenticating systems. “Identification compares a person to all the people in the system and matches one to a number of samples,” he said. “Authentication is a one-to-one search, where a live biometric—a hand sample for example—is presented by a person and compared to a stored biometric given by the person by consent.”

He agrees with Erickson that biometrics are actually a very secure form of identification. “Biometrics of authentication is actually a more private situation than what we had when we used numeric codes and password and those types of identities are easy to capture,” he said.

However, industry members aren’t surprised this bill was introduced. Security concerns are not to be taken lightly. In this day and age, with increasing incidents of credit card and identity theft, people have a reason to be concerned about privacy, said Erickson. “The industry has taken steps to control personal identification information and it’s in their interest to,” he said. “End users need to be sensitive to this and spend time doing their homework on exactly how the technology works and privacy guards in place.”

And while this bill is troubling for those involved with biometrics, few think it will make much more progress in New Hampshire.  Erickson said the bill was recently voted down 11-6 in committee and doubts it will be reintroduced.

Tags: , , , , , , , ,
Posted in News |


Uncomfortable questions over biometric ID Cards and national security

Feb 23rd, 2010 | By Innovya follow-up | Category: News

In the last ten days we have learnt that “persons unknown” stole the identity of British citizens and cloned modern UK passports to enter Dubai to perform an assassination. Last week, the Foreign Secretary got up in the House of Commons to say that his legal action before the Court of Appeal was to protect intelligence vital to national security given to the UK by the USA’s national security agencies.

There are obvious data protection consequences that flow from these events that are not being picked up by journalists as part of the current public discourse.

In relation to biometric passports, the official Government information states that all passports now issued contain ‘biometric’ details “which are unique to you – like your fingerprint, the iris of your eye, and your facial features”. In addition, “the chip inside the passport contains information about the holder’s face – such as the distances between eyes, nose, mouth and ears” which “can then be used to identify the passport-holder”.

Also the chip is protected in four ways:

  • “a ‘digital signature’, which shows that the data is genuine and which country has issued the passport
  • Basic Access Control, a ‘chip protocol’ that prevents the data being read without the passport holder’s knowledge
  • Public Key Infrastructure (PKI), a digital technique that confirms the data on the chip was written by IPS and has not been changed, and
  • the chips can only be read at a few centimetres’ distance from a chip reader – so they cannot be accidentally read”.

So, by implication, either “persons unknown” using the UK Passports in Dubai managed to evade some of the above security checks (including any biometric security) or airport security arrangements at a major international airport has suffered a complete failure. Which one is most culpable? It is a very important question.

For instance, if some or all the biometric features that protect the Passport have been “overcome”, where does this leave the biometric security on the ID Card? If one agency can get round the security, isn’t it rather obvious that others can do so also? Does every significant ID Card check now need a reference to personal data stored on the National Identity Register (and recorded on that infamous audit trail) as the means of making sure an ID Card is not a clone? If so, then the ID Card costs have just increased significantly.

In relation to the intelligence issue, I accept that there are immense difficulties. However, if we start from the position that intelligence is information from which one can deduced or infer a possible action, then the position becomes clearer. For example, if “X has been in contact with Y” then it might be important to put “Y” on a watch list.

However, I do not think that “X has been water-boarded” qualifies as intelligence – it is a description of what has happened to X. It might be confidential to qualify the intelligence by explaining that “intelligence from X has been gained under torture”, but there again, it is the information that is provided that is the “intelligence” and not the means by which it was extracted from the informant.

In other words, the Foreign Secretary’s claim that “The seven paragraphs contain summaries of American intelligence relating to Mr Mohamed’s case held in UK files” cannot possibly be substantiated by the facts. One cannot possibly undermine the principle of protecting intelligence sharing if the information itself does not qualify as intelligence (in this case, it relates to inhuman or degrading treatment).

Reference: In my evidence to the Joint Committee on Human Rights published in 2006, I explore national security in the context of Parliamentary scrutiny, data protection, human rights and terrorism. I explain why the UK system of scrutiny desperately needs an overhaul (http://www.amberhawk.com/policydoc.asp)

Tags: , , , , , , , ,
Posted in News |


Credit Card Frauds: Chip-and-PIN is broken

Feb 18th, 2010 | By Innovya follow-up | Category: News

If Simple Credit Cards are cloneable just imagine how ”New ID cards” are supposed to be ‘unforgeable’ – but it took expert minutes to clone one, and program it with false data

By Cory Doctorow at 11:43 PM February 11, 2010

(Chip and PIN is broken via Schneier)

BBC: New flaws in chip and pin system revealed

Noted security researcher Ross Anderson and colleagues have published a paper showing how “Chip-and-PIN” (the European system for verifying credit- and debit-card transactions) has been thoroughly broken and cannot be considered secure any longer. I remember hearing rumbles that this attack was possible even as Chip-and-PIN was being rolled out across Europe, but that didn’t stop the banks from pushing ahead with it, spending a fortune in the process.

The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.

It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank) — in fact Steven blogged about it here last August.

But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification. The reason why it works can be quite subtle and convoluted: bank authorisation systems are complex beasts, including cryptographic checks, account checks, database checks, and interfaces with fraud detection systems which might apply a points-scoring system to the output of all the above. In theory all the data you need to spot the wedge attack will be present, but in practice? And most of all, how can you spot it if you’re not even looking? The banks didn’t even realise they needed to check.

Tags: , , , , , , , , , , , , ,
Posted in News |


FBI Scans DMV Photos for Criminals

Feb 4th, 2010 | By Innovya follow-up | Category: News

By Jonathan Saupe –

Thursday (Feb. 4th) on KOLD News 13 Live at 10 p.m. “Justice In Sight”: A home invasion, a purse snatching, an armed robbery.. terrifying crimes leaving victims with only blurry details and confused facts for investigators to use in trying to crack the case. Thursday at 10 p.m., Crime Specialist Som Lisaius will have a special Live, Local, & Late Breaking demonstration that will make you a good victim or witness.
(AP) – In its search for fugitives, the FBI has begun using facial-recognition technology on millions of motorists, comparing driver’s license photos with pictures of convicts in a high-tech analysis of chin widths and nose sizes.

The project in North Carolina has already helped nab at least one suspect. Agents are eager to look for more criminals and possibly to expand the effort countrywide. But privacy advocates worry that the method allows authorities to track people who have done nothing wrong.

“Everybody’s participating, essentially, in a virtual lineup by getting a driver’s license,” said Christopher Calabrese, an attorney who focuses on privacy issues at the American Civil Liberties Union.

Earlier this year, investigators learned that a double-homicide suspect named Rodolfo Corrales had moved to North Carolina. The FBI took a 1991 booking photo from California and compared it with 30 million photos stored by the motor vehicle agency in Raleigh.

In seconds, the search returned dozens of drivers who resembled Corrales, and an FBI analyst reviewed a gallery of images before zeroing in on a man who called himself Jose Solis.

A week later, after corroborating Corrales’ identity, agents arrested him in High Point, southwest of Greensboro, where they believe he had built a new life under the assumed name. Corrales is scheduled for a preliminary hearing in Los Angeles later this month.

“Running facial recognition is not very labor-intensive at all,” analyst Michael Garcia said. “If I can probe a hundred fugitives and get one or two, that’s a home run.”

Facial-recognition software is not entirely new, but the North Carolina project is the first major step for the FBI as it considers expanding use of the technology to find fugitives nationwide.

So-called biometric information that is unique to each person also includes fingerprints and DNA. More distant possibilities include iris patterns in the eye, voices, scent and even a person’s gait.

FBI officials have organized a panel of authorities to study how best to increase use of the software. It will take at least a year to establish standards for license photos, and there’s no timetable to roll out the program nationally.

Calabrese said Americans should be concerned about how their driver’s licenses are being used.

Licenses “started as a permission to drive,” he said. “Now you need them to open a bank account. You need them to be identified everywhere. And suddenly they’re becoming the de facto law enforcement database.”

State and federal laws allow driver’s license agencies to release records for law enforcement, and local agencies have access to North Carolina’s database, too. But the FBI is not authorized to collect and store the photos. That means the facial-recognition analysis must be done at the North Carolina Division of Motor Vehicles.

“Unless the person’s a criminal, we would not have a need to have that information in the system,” said Kim Del Greco, who oversees the FBI’s biometrics division. “I think that would be a privacy concern. We’re staying away from that.”

Dan Roberts, assistant director of the FBI’s Criminal Justice Information Services Division, added: “We’re not interested in housing a bunch of photos of people who have done absolutely nothing wrong.”

Gone are the days when states made drivers’ licenses by snapping Polaroid photos and laminating them onto cards without recording copies.

Now states have quality photo machines and rules that prohibit drivers from smiling during the snapshot to improve the accuracy of computer comparisons.

North Carolina’s lab scans an image and, within 10 seconds, compares the likeness with other photos based on an algorithm of factors such as the width of a chin or the structure of cheekbones. The search returns several hundred photos ranked by the similarities.

“We’ll get some close hits, and we’ll get some hits that are right on,” said Stephen Lamm, who oversees the DMV lab.

The technology allowed the DMV to quickly highlight 28 different photos of one man who was apparently using many identities. It also identified one person who, as part of a sex change, came in with plucked eyebrows, long flowing hair and a new name – but the same radiant smile.

The system is not always right. Investigators used one DMV photo of an Associated Press reporter to search for a second DMV photo, but the system first returned dozens of other people, including a North Carolina terrorism suspect who had some similar facial features.

The images from the reporter and terror suspect scored a likeness of 72 percent, below the mid-80s that officials consider a solid hit.

Facial-recognition experts believe the technology has improved drastically since 2002, when extremely high failure rates led authorities to scrap a program planned for the entrances to the Winter Olympics in Salt Lake City.

Lamm said investigators reviewing the galleries can almost always find the right photo, using a combination of the computer and the naked eye.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, questioned whether the facial-recognition systems that were pushed after the Sept. 11 attacks are accurate or even worthwhile.

“We don’t have good photos of terrorists,” Rotenberg said. “Most of the facial-recognition systems today are built on state DMV records because that’s where the good photos are. It’s not where the terrorists are.

Tags: , , , , , , , ,
Posted in News |


Interpol chief: Passport fraud major global threat

Jan 30th, 2010 | By Innovya follow-up | Category: News

By ANGELA CHARLTON
Associated Press Writer – Charlotte Observer

DAVOS, Switzerland The biggest travel threat facing the world now is passport fraud, according to the chief of Interpol – the millions of stolen documents that could be used by terrorists or criminals to travel worldwide.

Airport body scanners, embraced by many in the aftermath of the attempted Christmas Day airplane bombing, are a misguided solution to travel threats, Interpol Secretary-General Ronald K. Noble told The Associated Press in an interview Thursday night.

“The greatest threat in the world is that last year there were 500 million, half a billion, international air arrivals worldwide where travel documents were not compared against Interpol databases,” he said on the sidelines of the World Economic Forum, where 2,500 business and political leaders are gathered in this Alpine resort.

“Right now in our database we have over 11 million stolen or lost passports,” he said. “These passports are being used, fraudulently altered and are being given to terrorists, war criminals, drug traffickers, human traffickers.”

The solution, he said, is better intelligence, and better intelligence sharing, among countries.

“You don’t know the motivation behind the person carrying the passport,” he said. If you’re a terrorist, he said, “Are you going to carry explosives that are going to be detected? No.”

Many U.S. airports use the body-scanning machines and airports in other countries are adopting them after Nigerian Umar Farouk Abdulmutallab allegedly tried to detonate explosives hidden in his underwear Dec. 25 on the Detroit-bound flight.

But Noble questioned “the amount of money and resources that go into these (body-scanning) machines.”

He cited a case two weeks ago in a Caribbean country where five people were arrested carrying European passports, but were caught after they were found to be carrying stolen passports – one stolen back in 2001. The five had “definite links to crime, organized crime, human trafficking but no definite links to terrorism,” he said, though he wouldn’t name the country.

He said U.S. authorities are recognizing the threat of passport fraud – in 2006, U.S. authorities scanned the Interpol database about 2,000 times, while last year they did so 78 million times. They came up with 4,000 people traveling on stolen or lost passports.

Intelligence experts have cast doubt on the usefulness of the so-called no-fly lists of suspects shared among airports worldwide, saying that criminals can change their names or make simple name spelling changes that render them untrackable.

“(The lists) are useful but I don’t believe they are the be-all and end-all,” Noble said, adding he was concerned about governments’ efforts to expand them.

Noble, who has expanded Interpol’s efforts to fight terrorism, cybercrime, corruption and maritime piracy in his nearly 10 years at the helm of international police agency Interpol, also had words of warning for people hoping to donate money to Haiti after its devastating earthquake.

“Be very careful,” he said, citing several cases of fraudsters preying on donors and stealing their money via fake charity Web sites.

“Whenever there’s a tragedy it seems to bring out the best in people and unfortunately the worst,” he said. He said several U.S. sites have been taken down since the earthquake after they were found to represent no known charity.

Interpol has a team helping identify victims in Haiti, a daunting task with an estimated 200,000 dead. Another daunting task will be rebuilding Haiti’s law enforcement.

Policing in Haiti “was a challenge before this happened,” he said.

Tags: , , , , , , , , , , , ,
Posted in News |


Euro project to arrest us for what they think we will do

Jan 27th, 2010 | By Innovya follow-up | Category: Articles

‘Positively chilling’ says Liberty

By John Ozimek • The Register

Radical Think Tank Open Europe has this week exposed a study by the EU that could lead to the creation of a massive cross-Europe database, amassing vast amounts of personal data on every single citizen in the EU.

The scope of this project also reveals a growing governmental preference for systems capable of locking people up not for what they have done, but for what they might do.

Open Europe (OE) researcher, Stephen Booth, has been reviewing projects currently in receipt of EU funding. Last week he identified one of these - Project INDECT – as having potentially far-reaching effects for anyone living or working in Europe. The main objectives of this project, according to its own website, are:

To develop a platform for: the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence, to develop the prototype of an integrated, network-centric system supporting the operational activities of police officers.

In addition, it aims “to develop a set of techniques supporting surveillance of internet resources, analysis of the acquired information, and detection of criminal activities and threats.”

There are two controversial aspects to this research. First is the extent of data collection implied by the project scope. Second, and perhaps far more worrying, is the proposition that law enforcement agencies, in possession of sufficient data, will in future be able to model potentially criminal and anti-social behaviour and therefore focus on individuals before crimes are committed.

In this, it echoes another EU-sponsored piece of research – ADABTS – which is all about Automatic Detection of Abnormal Behaviour and Threats in crowded Spaces. According to the ADABTS prospectus, it “aims to develop models for abnormal and threat behaviours and algorithms for automatic detection of such behaviours as well as deviations from normal behaviour in surveillance data.”

The INDECT project is co-ordinated by Polish academic Professor Andrzej Dziech. Participants include several institutions from Poland – which until recently had its own issues with over-arching state surveillance – as well as the Northern Ireland Police Service.

Shami Chakrabarti, the director of human rights group Liberty, described this approach as a “sinister step” for any country, but “positively chilling” on a European scale.

Stephen Booth added: “The problem with the EU funding these types of projects is the lack of accountability. Citizens are left completely in the dark as to who has approved them and there is no way to ensure that civil liberties are being duly respected.

“The absence of any political debate about the use of these new surveillance technologies in our society is a very dangerous trend, which is especially acute at the EU level.”

However, the idea of punishing potential criminals is not just an EU notion. As El Regreported last year, the Home Office has certainly considered the use of automated profiling to check travellers at points of entry to the UK. This has been controversial, both because of the veiled racism implied by such a policy, as well as evidence provided to the Home Office that it might not actually work.

However, the Vetting Database – which is due to go live later this year – will take decisions on whether people are fit to work in millions of “regulated” positions on the basis of a scoring system, designed to “predict” likelihood to offend.

The introduction of predictive models into society appears to be carrying on apace, with very little public debate as to how desirable they are, or how the state should compensate citizens where mistakes occur. There is also a blurring of the lines between predicting a threat – in which case law enforcement officers can be asked to investigate – and simply predicting criminality and penalising an individual on the basis of something they have not yet done.

OE is interested in seeing less formal integration across Europe, and a return to more issues being resolved at the national level. Their investigation looked at funding provided under the Seventh Framework Programme (FP7). This can be accessed via the Cordis portal, and is a mechanism whereby funds controlled by the EU Commission are made available for research projects.

The existence of an FP7 project is not necessarily an indicator of EU policy in an area, but it is clear evidence of some interest in the approach being investigated.

Project INDECT launched on 1 January this year with a project budget of 14.86 million Euros. It is due to deliver the goods, including a 15-node pilot project, by the end of 2013. ®

Tags: , , , , , , , , , , ,
Posted in Articles |


Defects in e-Passports allow real-time tracking

Jan 27th, 2010 | By Innovya follow-up | Category: News

This threat brought to you by RFID

By Dan Goodin in San FranciscoThe Register

Computer scientists in Britain have uncovered weaknesses in electronic passports issued by the US, UK, and some 50 other countries that allow attackers to trace the movements of individuals as they enter or exit buildings.

The so-called traceability attack is not the only exploit of an e-passport that allows attackers to remotely track a given credential in real time without first knowing the cryptographic keys that protect it, the scientists from University of Birmingham said. What’s more, RFID, or radio-frequency identification, data in the passports can’t be turned off, making the threat persistent unless the holder shields the government-mandated identity document in a special pouch.

“A traceability attack does not lead to the compromise of all data on the tag, but it does pose a very real threat to the privacy of anyone that carries such a device,” the authors, Tom Chothia and Vitaliy Smirnov, wrote. “Assuming that the target carried their passport on them, an attacker could place a device in a doorway that would detect when the target entered or left a building.”

To exploit the weakness, attackers would need to observe the targeted passport as it interacted with an authorized RFID reader at a border crossing or other official location. They could then build a special device that detects the credential each time it comes into range. The scientists estimated the device could have a reach of about 20 inches.

“This would make it easy to eavesdrop on the required message from someone as they used their passport at, for instance, a customs post,” the authors wrote.

The attack works by recording the unique message sent between a particular passport and an official RFID reader and later replaying it within range of the special device. By measuring the time it takes the device to respond, attackers can determine whether the targeted passport is within range. In the case of e-passports from France, the process is even easier: electronic credentials from that country will return the error message “6A80: Incorrect parameters” if the targeted person is in range and “6300: no information given” if the person is not.

The research is only the latest to identify the risks of embedding RFID tags into passports and other identification documents. Last year, information-security expert Chris Paget demonstrated a low-cost mobile platform that surreptitiously sniffs the unique digital identifiers in US passport cards and next-generation drivers licenses. Among other things, civil liberties advocates have warned that those identifiers could be recorded at political demonstrations or other gatherings so police or private citizens could later determine whether a given individual attended.

To be sure, the practicality of traceability attacks is more limited because a targeted passport first must be observed within range of a legitimate reader. But once this hurdle is cleared – as would be relatively easy for unscrupulous government bureaucrats to do – the attack becomes a viable way to track a target.

Chothia and Smirnov of the University of Birmingham’s School of Computer Science said the security hole can be closed by standardizing error messages and “padding” response times in future e-passports. But that will do nothing to protect holders of more than 30 million passports from more than 50 countries who are vulnerable now, they said.

And that’s sure to fuel criticism of RFID-enabled identification.

“This is a great example of why e-passports are a bad idea,” Paget wrote in an email to The Register. “It’s simply too expensive to replace vulnerable documents (especially when they have a 10-year lifespan) in response to legitimate security concerns, regardless of their severity. People will continue to poke holes in e-passports; without a mechanism to fix those problems there’s a strong argument that’s we’re better off without the RFID.”

Tags: , , , , , , , , , , , , , ,
Posted in News |


Airport face scanners ‘cannot tell the difference between Osama bin Laden and Winona Ryder’

Jan 16th, 2010 | By Innovya follow-up | Category: News

By Duncan Gardham, Security Correspondent

Osama bin Laden and Winona Ryder: airport face scanners reportedly cannot tell the difference Photo: GETTY; EPA

Osama bin Laden and Winona Ryder: airport face scanners reportedly cannot tell the difference Photo: GETTY; EPA

In a leaked memo, an official says the machines have been recalibrated to an “unacceptable” level meaning travellers whose faces are shown to have only a 30% (Thirty per cent) likeness to their passport photographs can pass through.

The machines, undergoing trials at Manchester airport, have apparently been questioning so many passengers’ identities that they were creating huge queues.

The technology was designed to help immigration officials spot people traveling under false passports, particularly terrorists, but the multi-million pound scheme now appears to be in jeopardy.

In the email, the official says: “Update on the calibration – the facial recognition booths are letting passengers through at 30%.

“Changes appear to have been made without any explanation [or] giving anyone a reason for the machines [creating] what is in effect a 70% error rate.

“[The fact that] the machines do not operate at 100% is unacceptable. In addition it would be interesting to know why the acceptance level has been allowed to decrease.”

Rob Jenkins, an expert in facial recognition at Glasgow University’s psychology department, said lowering the match level to 30 per cent would make the system almost worthless.

Using facial recognition software from Sydney airport in Australia set at 30 per cent, he found the machines could not tell the difference between Osama bin Laden and the actors Kevin Spacey or even the actress Winona Ryder while Gordon Brown was indistinguishable from Mel Gibson.

Announcing a trial of five of the devices at Manchester airport last August, Jacqui Smith, the Home Secretary, said they would improve security by making it more difficult for terrorists using false passports.

At the moment the technology is only being used on British and European travelers on “high risk” flights but it is planned to extend the technology to almost all non-European Union citizens by the end of 2010.

Patrick Mercer, chairman of the House of Commons subcommittee on counter-terrorism, said he would be asking the UK Borders agency about the warnings.

The Home Office said: “We can categorically confirm that the gates are making the same high level of checks on the British and European passengers using them as they were when the trials began in August last year.

“Previous tests show that they system can reliably pick out imposters and even distinguish between identical twins. An immigration officer supervises the whole process and will intervene where necessary.”

Tags: , , , , , , , , , ,
Posted in News |


Big Brother: National Biometrics in Israel

Dec 30th, 2009 | By Innovya follow-up | Category: News

The Knesset has passed Israel’s Biometric Database Law, expected to provide the statutory basis for introduction of ’smart’ identification documents for all Israelis.

Interior Ministry officials will be authorized to collect the Biometric data – fingerprints and facial contours – of all residents for the purpose of issuing identity cards, passports or other official documents.

As with similar identity regimes in Australia and elsewhere (eg the latest generation of Australian passports), those documents will feature a microprocessor (ie a chip similar to those used in some credit cards and perimeter access cards) that will contain data based on the individual’s fingerprints (two fingers) and facial geometry, eg a unique hash generated from an image of the person’s face rather than the image itself. Biometric and other information on the databases will be matched with registration information on national databases. That would permit an official to determine, for example, that the photo on an identity document corresponds to the bearer’s face but that the individual is using another name and therefore is engaging in an identity offence.

As yet I haven’t sighted the legislation. From media reports it appears that the government has mollified some critics through a statutory commitment to establish two discrete databases: one including the card-bearer’s name and the other featuring data from the individual’s fingerprints and the face. The databases will be established and maintained in two separate ministries and “will be linked by a code”. There seem to be no official statements about sharing data with the private sector.

The ’splitting’ of initial plans for a central database was an addition to the draft legislation in November, promoted as a safety measure -

so that anyone managing to penetrate one data bank would have only part of the information and it would be meaningless without the information from the other data bank.

The Chair of the Knesset Science & Technology Committee claimed -

The protection provided for this data bank is among the best in the world. It is protected at a level of 11 on a scale of one to 10

… which sounds impressive but is arguably meaningless. (What’s an ‘11′ when the scale ends at ‘10′? The Bill’s sponsor subsequently explained that “if the databases of the Mossad, the Shin Bet and the Prime Minister’s Office are currently protected at a level of 10, then this one will be protected at a level of 11″.)

Debate about development of the new regime featured the usual claims. A government spokesperson claimed that “there are 350,000 people living in Israel with fraudulent documents including tens of thousands with forged passports” and that forgery of the ’smart’ documents will be impossible.

One former police executive offered an exceptionalist argument, commenting that -

in a normal state that does not face the enemies we face, there is no need for such a system. But here we are in an intolerable situation, facing internal and external enemies. The ease with which current Israeli documents can be forged is an enormous problem.

[Identity documents] are so easily faked. For us, this is an existential issue. There are thousands of people walking around with fake IDs or with no IDs whatsoever. Some are criminals, and others are hostile elements. You would not believe how many suspects we have found who changed their identities to hide previous convictions. Many identities have also been stolen.

He noted that the danger of official misuse of information is present with existing databases.

Critics expressed concern that information will be leaked or misused, eg “Criminals could steal fingerprint information and use it to incriminate innocent people”. Likud Minister Michael Eitan indicated that -

Not only will the system threaten the privacy of all Israelis, but even worse, it will create an atmosphere in which everyone will feel their privacy is being invaded….

Eitan was not however planning to vote against the law. (???!!!)

Implementation of the law involves a two year trial period, during which participation in the biometric database/s will be voluntary. Three months prior to the end of trial, the government will formally re-assess the regime’s effectiveness, with the Prime Minister and Interior minister reporting to a special ministerial committee and to a Knesset committee. If the trial is deemed successful, Interior Ministry officials will be mandated to collect the biometric information without consent. The legislation allows some wriggle room: the Interior Minister will be empowered to extend the trial by an additional two years after provision of the reports, with a requirement that a ‘final decision’ must be made within four years after initiation of the databases.

Posted by Bruce Arnold at 2:03 PM

Tags: , , , , , , , , , , , ,
Posted in News |


Letter: By December 31, 2009 – Citizens will not be able to use their driver’s licenses as identification to board commercial aircraft

Dec 14th, 2009 | By Innovya follow-up | Category: Evidence

Letter

Executive Committee Home

November 18, 2009

The Honorable Nancy Pelosi
Speaker
U.S. House of Representatives
Washington, DC  20515

The Honorable Harry Reid
Majority Leader
United States Senate
Washington, DC  20510

The Honorable John Boehner
Minority Leader
U.S. House of Representatives
Washington, DC  20515

The Honorable Mitch McConnell
Minority Leader
United States Senate
Washington, DC  20510

Dear Speaker Pelosi, Senator Reid, Senator McConnell, and Representative Boehner:

By December 31, 2009, states must be materially compliant with the REAL ID Act of 2005 (REAL ID) or their citizens will not be able to use their driver’s licenses as identification to board commercial aircraft.  Based on a survey of our states, we believe that as many as 36 states will not meet the requirements of REAL ID by the end of the year.  To avoid this disruption to our citizens, especially during the holiday travel period, Congress must pass S. 1261, the “Providing for Additional Security in States’ Identification Act” (PASS ID), this year.

Since REAL ID was enacted, states have maintained that its timelines and requirements are unrealistic and constitute a huge unfunded mandate with costs far outpacing federal funding.  For these reasons, and as a result of privacy concerns, 13 states have enacted legislation prohibiting full compliance with the requirements of REAL ID, and several others have passed anti-REAL ID resolutions or have similar legislation pending. Without state participation, REAL ID falls far short of its promises, and the uncertainty of its future leaves us less secure.

PASS ID offers better, more secure and less costly standards for driver’s licenses than REAL ID.  It would alter REAL ID to allow state innovation in meeting security requirements and reduce costs by eliminating unnecessary requirements that do not increase the security and integrity of driver’s licenses and identification cards.  It also addresses privacy concerns by protecting individuals’ personal information and takes the first step toward covering the cost of compliance by authorizing funds for all states to implement the law.

The Senate Homeland Security and Governmental Affairs Committee unanimously approved S. 1261 in July.  The bill enjoys bipartisan support and the endorsement of the Secretary of the U.S. Department of Homeland Security as a practical solution that builds on the strengths of REAL ID, fixes its weaknesses and represents the best way to fulfill an important recommendation of the 9/11 Commission.

Our citizens should not be punished for the failures of REAL ID.  We therefore ask that you work with us to pass S. 1261 before the end of the year.

Sincerely,

Governor James H. Douglas

Governor Joe Manchin III

Tags: , , , , , , , , , , ,
Posted in Evidence |


Next Page » 1 2 3 Next Page »