If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Privacy coalition calls for halt to biometric/RFID passport plans
Edward Hasbrouck wrote:
passport and travel document standards to include biometric information and remotely-readable radio-frequency identification (RFID) chips. There are even greater dangers with biometric and especially RFID. First and foremost, an individual would have no way of knowing when his personal information contained in his RFID-equipped passport has been scanned by *anyone*. So a crook could be collecting tons of personal information by just standing next to the customs's hall exits. Secondly, right now, the information stored in your passport does not contain any "personal identification" used in ATMs or building security systems. But if passports are to contain biometric information such as fingerprints or iris "prints", then such information could then be used to access your money through ATMs should ATMs even switch from PIN to fingerprint/eye identification. If you suspect your PIN has been compromised, you can change it. You can't change your fingerprints or eye prints if you suspect your personal information has been compromised. They would need to develop a smarter RFID with built in CPU/authentcation where the only output from the RFID would be true or false. (input biometric info and output true or false). This way, casual scanning of a passport could not reveal any personal information. This does not however remove the problem that like it or not, your biometric would be recorded by immigration of a country when they scan you in order to verify it against the info in your passport. Technically, it would be possible that your biometric info would be just kept in the immigration system's RAM until it is validated against your passport and never then written to disk. But you cannot trust all countries, especially those with 1984ish regimes who have implemented goals of knowing everything about everyone. Because passports would need to be "readable" in any country, the encoding and any encryption would need to essentially be public domain. This means that any sophisticated crook could produce a passport with fake ID but real biometric information so that the holder would be authenticated when traveling through immigration. (unless they actually check against a database and find out the guy has changed fingerprints since the last time he entered that country). A safer method would be to have the biometric info staored at your government's data centre. Immigration of counrtry X would read your fingerprint, send it along with your name , passport number etc to yoru home country who would then reply "true" or "false". This way, only recognized countries with proper data security/privacy laws would be granted access to this "true or false" service and countries without safeguards would not be granted access by your home country. For the USA, it would defeat their true goal since in order to gain access to a foreign countries biometric verification service, the USA would have to pass the strict privacy laws that exist elsewhere and that would prevent the USA from misusing that info which is exactly what the USA wants to do. |
#2
|
|||
|
|||
Privacy coalition calls for halt to biometric/RFID passport plans
http://hasbrouck.org/blog/archives/000178.html
INTERNATIONAL PRIVACY COALITION CALLS FOR HALT TO ICAO RFID/BIOMETRIC PASSPORT PLANS In "An Open Letter to the ICAO" released today by Privacy International", 35 privacy and civil liberties organizations from around the world (with more still joining as endorsers) are calling on the International Civil Aviation Organization not to adopt the proposals currently before ICAO for passport and travel document standards to include biometric information and remotely-readable radio-frequency identification (RFID) chips. Letter: http://www.privacyinternational.org/.../terrorism/rpt /icaoletter.pdf Background paper: http://www.privacyinternational.org/.../terrorism/rpt /icaobackground.html Previous discussion in my blog: http://hasbrouck.org/blog/archives/000070.html As discussed in a background paper from Privacy International accompanying the joint letter to ICAO, and as previously discussed in my blog, ICAO's Facilitation Division has been meeting last week and this week in Cairo, Egypt to consider, inter alia, proposals to require the inclusion in passports and travel documents of remotely-readable RFID chips and digitally encoded biometric information, and for the standardization and sharing with governments of personal information contained in airline reservations. ICAO facilitation Section session: http://www.icao.int/icao/en/atb/fal/fal12/index.html ICAO proposals: http://www.icao.int/icao/en/atb/fal/...umentation.htm ICAO Working Group on Machine-Readable Travel Documents: These proposals, which are already close to adoption, have enormous privacy and civil liberties implications which ICAO has not addressed. So far as I know, no privacy or civil liberties organizations have been consulted by the relevant ICAO working group, or are in attendance at the Cairo meetings. In combination, the proposals now before ICAO would convert existing commercial airline reservation systems, and individual countries' border control systems into an integrated "International Infrastructure for Surveillance of Movement" which would lead both to global biometric (facial photo and/or iris scan and/or fingerprint) databases and the ability for governments and commercial entities secretly (due to the potential for remote reading of RFID chips) to construct and access lifetime biographic and biometric travel histories. ICAO is the source of current passport barcode standards. Because the law in the USA already requires passports used for visa-free travel to the USA to comply with whatever standard is adopted by ICAO, ICAO (a "technical" body with no formal procedure for public input) has in effect been delegated authority to legislate USA and global legal requirements for passports. Today's open letter to ICAO is signed by Privacy International, the American Civil Liberties Union, and other leading digital privacy and civil liberties groups in the USA, Canada, Europe, Australia, and Korea: "Specifically, the undersigned call on the ICAO to: * Follow through on earlier promises to review privacy implications of biometrics and trans-border personal information transfers; * Release clear and binding privacy requirements that will reduce the risks of illegal collection, use, retention, and transfers of this information; * Uphold national data protection laws or cultural practices, as previously promised by the ICAO; * Prevent, by design or biometric selection, the development of biometric databases; * Refrain from adopting RFID or biometric standards until their privacy and surveillance implications -- and the possibility of alternatives with less potential for privacy invasion or other abuse by surveillance agencies -- can be more fully evaluated. We hope that the choices of biometrics have been driven primarily by logistical and commercial concerns, and were not intended to facilitate the conversion of travel systems into a global infrastructure of surveillance. But we are deeply concerned that this may become their unintended consequence." The joint statement on RFID and biometric passports, travel document, and databases is the second in a series entitled, "Towards an International Infrastructure for Surveillance of Movement". The first paper in the series, "Transferring Privacy", focused on international transfers of airline reservations, particularly between the European Union and the USA. "Transferring Privacy": http://www.privacyinternational.org/.../terrorism/rpt /transferringprivacy.pdf ---------------- Edward Hasbrouck http://hasbrouck.org "The Practical Nomad: How to Travel Around the World" (3rd edition, February 2004, now in bookstores) "The Practical Nomad Guide to the Online Travel Marketplace" http://www.practicalnomad.com |
#3
|
|||
|
|||
Privacy coalition calls for halt to biometric/RFID passport plans
Edward Hasbrouck wrote:
In "An Open Letter to the ICAO" released today by Privacy International", 35 privacy and civil liberties organizations from around the world (with more still joining as endorsers) are calling on the International Civil Aviation Organization not to adopt the proposals currently before ICAO for passport and travel document standards to include biometric information and remotely-readable radio-frequency identification (RFID) chips. The combination of biometric data and RFID is particularly scary. Anyone who passes within a few feet of you could potentially read all the vitals out of your passport without your noticing. miguel -- Hit The Road! Photos and tales from around the world: http://travel.u.nu |
#4
|
|||
|
|||
Privacy coalition calls for halt to biometric/RFID passport plans
Miguel Cruz writes
Edward Hasbrouck wrote: In "An Open Letter to the ICAO" released today by Privacy International", 35 privacy and civil liberties organizations from around the world (with more still joining as endorsers) are calling on the International Civil Aviation Organization not to adopt the proposals currently before ICAO for passport and travel document standards to include biometric information and remotely-readable radio-frequency identification (RFID) chips. The combination of biometric data and RFID is particularly scary. Anyone who passes within a few feet of you could potentially read all the vitals out of your passport without your noticing. Yes, this is disturbing. No matter how the RFID data is encoded or protected, someone somewhere will find a way of misusing it. But it would be trivial to make a radio opaque passport cover, and just remove one's passport when it needs to be read. The biometric part is a bit of a problem too. It seems that ICAO is rushing into this without ensuring that all the necessary safeguards are in place. -- Simon Elliott http://www.ctsn.co.uk/ |
#5
|
|||
|
|||
Privacy coalition calls for halt to biometric/RFID passport plans
On Tue, 30 Mar 2004 15:42:20 +0100, Simon Elliott
wrote: But it would be trivial to make a radio opaque passport cover, and just remove one's passport when it needs to be read. That's been proposed as a mitigation method. But one has to *display* one's passport frequently to check into a htoel, cahs a travellers check, etc. And with RFID, there will be no way to tell whether the hotel desk clerk, money changer, etc. has read your passport's RFID/biometric chip (and retained the data for future use in identity theft, passport forgery, "gaming" ATM's, etc.). It seems that ICAO is rushing into this without ensuring that all the necessary safeguards are in place. Very true. As the ACLU (one of the initial endorsers of the Privacy international letter to ICAO) says: http://www.aclu.org/Privacy/Privacy.cfm?ID=15353&c=130 "The right to movement is recognized as a fundamental right around the world, and any steps that could restrict that right must be taken with the utmost care and deliberation. We have not seen that kind of public discussion about these measures." ---------------- Edward Hasbrouck http://hasbrouck.org "The Practical Nomad: How to Travel Around the World" (3rd edition, February 2004, now in bookstores) "The Practical Nomad Guide to the Online Travel Marketplace" http://www.practicalnomad.com |
Thread Tools | |
Display Modes | |
|
|