Bordering on crazy?
By davebirch posted Aug 31 2007 at 6:53 PMsaves you approximately half a second in the border-control process [but] open a potential security hole.The hole is that the border control systems have to store certificates (with the public keys that are needed to check the signatures on passports) that are pre-verified, so if the bad guys can get their certificates into the system, their (bent) passports will be accepted as real. There is a proposal floating around to implement a more sophisticated PKD (with cross-certification, so that countries could check the signatures on other country's certificates) but that means a more complicated structure. I'm not sure this is the kind of interoperability that should be a goal for other sectors.
Technorati Tags: fraud, identity, interoperability, passport, PKI
When I last commented on e-passports, I said that one might expect to see "e-passport cracked/cloned/useless" stories for some time to come. This was an entirely accurate prediction, and some of the problems being uncovered are pretty interesting. Take, for example, Mr. Lukas Grunwald. Mr. Grunwald was an e-passport consultant to the German government. He's discovered security flaws that allow someone to seize and clone the fingerprint image stored on the biometric e-passport (which is actually not that hard since the passports don't yet implement proper access control) as well as how to code the RFID chip in an e-passport to sabotage readers! He achieved that latter by modifying the JPEG2000 image file containing the passport photo to exploit a buffer-overrun problem.
Mind you, if were a foreign drug baron, child pornographer or terrorist sleeper trying to get in to the U.K., I don't think I'd go go for these complicated technical attacks. I would just buy a bent passport from a bent civil servant like everyone else.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]
ePassports are an expensive charade. The security is wobbly, as noted in Dave Birch's post. The biometrics are unreliable. Biometrics based on physical geometry have been lambasted by the National Physical Laboratory. And biometrics based on flat print fingerprinting regularly deliver 20% false non-match rates. Taxpayers' money worldwide is being wasted on this indefensible ICAO initiative. We know that.
But suppose the technology worked? What then?
How would our senior diplomats be able to travel incognito, as is their current practice? Every time they cross a border, their biometrics may be stored against their name. Imagine the scene:
"Ah, Sir Peter, how pleasant to see you again," says the Syrian immigration officer, "but wait, what is this, last time you came through you were biometrically a lowly oil engineer called Blake. What was the purpose of that visit, Sir Peter, may I ask? And, this is most extraordinary, but my Yemeni colleagues think you were an accredited arms dealer before that, called Philby, en route to Mesopotamia. What can this mean? Perhaps you could step into the back room here and we could discuss the matter over a cup of Polonium".
If the biometrics and the security on ePassports worked, then anonymity/new identity would become very difficult. With ePassports and with their cousins -- ID cards and biometric visas.
When the police offer someone witness protection to come forward and give evidence in a criminal trial, it's hard enough already to convince them that they will be safe. But if their biometrics have been disseminated all over the world, stored every time they undertake a bank transaction or cross a border or -- in some of the loopier scenarios -- buy alcohol or cigarettes -- the possibility of their old identity being deleted or at least screened off -- vanishes. And then justice will find it even harder to be done.
We don't benefit from these schemes if they don't work. And we don't benefit if they do. So ...
Posted by: David Moss | 01/09/2007 at 12:55 PM