Germany is switching over to the second generation of ePassport passports, with the addition of fingerprint biometrics. Fingerprints become mandatory in June 2009*, and according to NXP, which supplies the chips for the passports, it will be the first country in the world "to introduce second-generation ePassports with enhanced …
And don't forget
Even if the path between the passport and the reader is completely secure, when your data reaches their system, it will be stored on their database. That means your photo (pristine quality), your fingerprints, your name, nationality, D.O.B., place of birth, and everything else on that passport.
Once you are in there, you will never get out of there. They will then make this information available to whomever wants it, without your consent or knowledge, and of course, if their database is compromised by whatever means, the data will leak out en masse.
When you go to any place on holiday, even the smallest country, your data will be captured. You might trust the German government to keep your data 'private' but would you trust, say, a 'third world' government to keep your data private? Some of the biggest 'third world countries' have just rolled out their own 'secure' passports and have the reader infrastructure coming next. When you go to these places, your passport data will be captured, and in these countries where corruption is endemic, you can bet that your data will be harvested and sold to the highest bidder on a regular basis.
All of this is not about the 'security' of the passport; this is about setting up a world wide system of control where the authorities can see who is going where in real-time. The amazing thing is, this aim can be achieved without invasive biometrics and RFID; it can be done with the machine readable strips that already exist on the passport.
It is nothing more than a pretext to fleece the sheeple, the money going to venal vendors.
Ah, so now we know...
So it's NXP who are paying backhanders to the government is it?
This fingerprint reader is covered in snot!
"Germany has already taken delivery of 18,000 fingerprint readers"
AP: Germany Jan 1st 2010. The deadly outbreak of MSRA continues to spread throughout Germany. The recommended use of gloves to restrict exposure to the bug has been made useless by the need of most German citizens to use fingerprint machines. Emergency deliveries of Detol to all government buildings has been slowed by a shortage of delivery drivers.
The scariest thing
"achieves a security level which experts consider tamper-proof also in the future."
The scariest thing is that the 'authorities' really believe this bullshit.
I imagine that most of the people reading The Register are fully aware that no electronic / computerised system is ever going to be 'tamper proof'. The trouble is, the average plod isn't that tech-savvy, and when you get to judges and juries...............
The film 'Rendition' starts to seem a little too plausible.
Your ID card, your passport, your biometrics. YOU did it.
The only way to protect sensitive authentication data...
It is one thing to make the field reader tamper proof but that does nothing to prevent abuse of a central database by politically or commercially corrupt insiders.
The only way to prevent that is for citizens to hold on to their own data (typically on their mobile phones) and to use an enrolment / key exchange protocol to verify the legitimacy of the fingerprint data in the field.
As per (yawn) the ID Card Proposal at
"which experts consider tamper-proof also in the future"
why does it worry me when experts predict the future.
What if you have no fingerprints
What about those people who don't have fingerprints and I'm not talking about the ones who don't have them for genetic reasons. I'm talking about those that don't have them because of the type of work they do. People that work with abrasive materials all day long often don't have detectable fingerprints. I still have spots on my finger tips that are completely smooth and have no detectable prints with ink or scanners. And what about those that have lost part of their digits due to an accident or birth defect. It will be interesting how the system deals with these people if prints are a requirement.
Um, they're compulsory already
"Fingerprints become mandatory in June 2009*"
I've had mine all my life. Didn't get a chance to tick the box turning this option down with the digital (geddit?) EULA at birth
Re: And don't forget
All incredibly good points, Mr A. Coward.
I really wonder how the government would counter what you've said.
"The German system uses encryption to protect the biometric data as it's communicated to the reader..."
So it's not stored encrypted?
I'm sure someone will work out how to dismantle it to access the data directly.
"Fingerprints become mandatory in June 2009"
And about time too, I've had mine for longer than I can remember!
Do the germans, like the dear old NHS, have a slot in their database for religion?
SELECT citizen_number,name,address from NHS JOIN IPS ON NHS.ID = IPS.citizen_number WHERE NHS.religion = [scapegoat_du_jour];
slides 5 and 30. the IT angle? see slide 29.
The tinfoil hat, please.
We at The Reg have always been worried about the Lizard People. Making having fingerprints mandatory should smoke them out.
Probably along the oft disproven lines of "if you've got nothing to hide..."
Biometrics are just big fixed passwords that you can't change...
and are only ever as good as the security on the database which holds them. Break into that, and everything you are is gone - owned by the thief for ever. BECAUSE YOU CAN'T CHANGE IT.
This is a disaster waiting to happen.