The EU-funded FIDIS (Future of Identity in the Information Society) project has warned that implementation of the current generation of biometric travel ID will dramatically decrease security and privacy, and increase the risk of identity theft. In the Budapest Declaration, which derives from FIDIS' September meeting in Budapest, FIDIS calls for short-term damage control measures to be taken (because biometric ID is already being rolled out), and for "a new convincing and integrated security concept" to be developed within the next three years.
FIDIS points out that the new generation of biometric Machine Readable Travel Document (MRTD) is remotely readable at a distance of 2-10 metres, and that current security simply isn't good enough to protect it.
The most significant problems with these MRTDs are:
- Biometrics in MRTDs currently cannot be revoked and since biometric features of the users such as fingerprints and facial features cannot easily be changed, "stolen" biometrics can be abused for a long period of time
- The key to access data on the RFID tag is stored on the passport itself and can be read by humans and machine scanners.
- Eavesdropping of communication between RFID tag and reader
- Cloning of RFID tags in MRTDs
- Abuse of the remote readability of RFID tags in passports
Even more evidence against ID cards, not that Blair’ll listen of course…
No comments:
Post a Comment