Schneier on Security
A blog covering security and security technology.
« Wi-Fi Liabilities |
| Universal Automobile Surveillance »
April 21, 2005
Biometric Passports in the UK
The UK government tried, and failed, to get a national ID. Now they're adding biometrics to their passports.
Financing for the Passport Office is planned to rise from £182 million a year to £415 million a year by 2008 to cope with the introduction of biometric information such as fingerprints.
A Home Office spokesman said the aim was to cut out the 1,500 fraudulent applications found through the postal system last year alone.
Okay, let's do the math. Eliminating 1,500 instances of fraud will cost £233 million a year. That comes to £155,000 per instance of fraud.
Does this kind of security trade-off make sense to anyone? Is there absolutely nothing better the UK government can do to ensure security and safety with £233 million a year?
Yes, adding additional biometrics to passports -- there's already a picture -- will make them more secure. But I don't think that the additional security is worth the money and the additional risks. It's a bad security trade-off.
And I'm not a fan of national IDs.
Posted on April 21, 2005 at 1:18 PM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I'm a big fan of NID (boo hiss) since it is inevitable, but I do think that from the article other answers may provide a better solution to their overall dilemma. It doesn't appear many mass scale operations handle biometrics in a robust fashion. :/
The quotation says they detected 1500 fraudulent applications. Could it be that they have some estimate of the number they didn't find, and that the additional biometrics are intended to act as an improved backup to the detection?
If you look back in my previous postings you will see I have made comments on this sort of thing before.
In the UK a group of Civil Servents have been trying since the phasing out of national ID cards post WWII to get them back again. Just about every elected government since has told them where to get off.
However post 9/11 and with benifit and other fraud running at an all time high (due to incompetence more than anything else) the excuse to bring back a National ID card has surfaced and been swallod hook line and sinker by the current incumbrent Government (Tony Blair and Co).
As a side note the person who pushed for all of this was David Blunket who was warned on several occasions that it was A, not going to work and B, cost him his ministerial post.
He went ahead and various people made his very convaluted private life public knowledge. He lost his job and it was taken over by Charles "Fungus" Clark who very sensibly has done very little or nothing to further the ID card system and has allowed it to drop.
At the end of the day it is all about money, or the lack of it. The UK Politicians are so frightened of raising direct taxation that they are trying every stealth tax they can.
For instance when your driving licence expires you have to get a new one they used to be just send a form in and they where posted to you. Now you have to get a pasport photograph and pay atleast 19GBP (35USD) to get a replacment, you also have to send positive proof of identity (ie your pasport) for looking at this there is another charge of atleast 4GBP. There are several other charges as well, oh and if they lose your pasport or other documents that's your problem.
The UK passport used to cost around 30GBP with the biometrics they are talking 80-120GBP, most of this money will go to the high tech companies who are selling the systems to the government (and who also put large bungs into the Labour Party coffers directly and through lobbying firms).
Most of the companies bidding have also had past Government work (ie Capita known by most as Crapita) and failed very expensivly to provide a working service (see back issues of Computing or have a look on the Register etc).
They all have very poor reputations when it comes to the handaling of data. Crapita in particular runs the London Congestion Charge and something like 80% of those who appeal the charge get it droped usually due to the poor record keeping.
They also are responsable for managing a database of Sex and other Offenders, that local councils, childrens organisations, schools, charites and other organisations dealing with vulnerable people are supposed to use to vet prospective workers. The DB and the systems handaling it are in such a mess that at one point there was something like a 4 month backlog of enquires wating to be processed.
Another is the UK pasport office it's self likewise this IT system went wrong and backlogs of anyhting upto 6 months occured. There is a rumor going around the IT industry that the large number of Fraudulent applications are due to this system being so vulnerable that it was easy to get away with. Much much easier than the old method of find the record of somebody who had died or emigrated befor they where 18 (as was graphicaly described in the "Day of the Jackle" that was writen something like 30 years ago).
I could go on and on and on about the Sc*** ups these companies make but I would be here forever.
Put simply the current Government are in love with technology but have no understanding of it, the have there election campaing paid for by money from these companies. The same compaines give directorships, consultancy secondments (basically bribes) to officials who are supposed to be impartial. And these same impartial officials decide who proposes these systems and who gets the contracts.
One last point the Government promised the Banks that they would provide a method of positive identification, after the government changed the money laudering laws. The method of Identification was to be the national ID card, which of course you would have to pay 80GBP to get. So the cost of ensuring the Banks did their job properly was nicely shoved on to the general public...
The Home Office spokesman possibly couldn't be bothered going through all the reasons they've given in the past. I know I can't. (-:
1500 is the number of fraudulent postal applications the Passport Office identified in 2001. I fear it's all too plausible that HMG has no more recent estimate. The Passport Office business plan, however, also stresses document integrity and reduction of internal fraud. These are probably more extensive than fraudulent applications, some of which will blur into internal fraud anyway. They're worth fixing.
They really want passports that are harder to forge or alter, and switching to interviews for first timers is intended to add to this by tying new passport IDs to genuine people. The fingerprint stuff isn't really needed to achieve the goals, but it's going into passports anyway as part of HMG's ID card policy laundering. Appropriately enough...
My understanding was that fingerprints would be required to enter the United States -- is that wrong?
If that's right, then the £233 million a year is the cost of issuing passports which can be used to travel to the USA.
Reducing fraud is a side benefit and/or a smokescreen.
Yes, it is the US that is pushing for the passport "enhancements". In fact, believe it or not, the US might even be using the UK as their "test population" (or "most compliant neighbor", depending on how you look at it):
"We would not use our own people as test populations if we thought there was any risk associated with this passport," [Frank Moss, Deputy Assistant Secretary for the US Department of State's Passport Services group] said, referring to wireless chips. "The idea that you can walk down a hotel hallway and identify the Americans is, quite frankly, poppycock."
Right. Glad to hear the US State Department believes that Americans blend right into the wallpaper.
Anyway, I think the big point here is that "the ACLU's Steinhardt argued that the initiative is the latest example of US 'policy laundering,' where the administration uses an international agency to create a standard that can then be marketed to Congress as a global norm that the nation should follow."
And as the Register article concludes, if you don't like it "you better start writing to your members of Congress".
So who is my member of congress in the UK? I really need to talk to him, quickly, There is so much we need to discuss. When was he elected?
Unless the passport is of the new type, with biometrics, the passenger would need a visa to get to USA - even from countries which have long been visa-free. So it's like extortion, all in the name of counterterrorism.
One big problem with these new passports (also the current type w/o biometrics) is that they don't last very long. The hard plastic that's laminated over the personal data tends to crack easily. And the passports are getting more and more expensive...
You are probably best served by contacting your local official, or you might start by writing to David T. Johnson, Chargé d'Affaires at the US Embassy in London.
The root of the issue is in US policy. Enhanced passports were spurred by the post 9-11 US laws that bar US immigration and border officials from accepting traditional passports from citizens of the twenty-seven European and Asian nations that do not need visas to enter the US.
The changes are not happening as fast as Congress had wanted (they originally gave an October 2004 deadline):
Nonetheless, it is important to note that the UK's move to biometric passports is a response to American law, which has been couched by the Bush Administration in vague terms related to meeting "global" requirements. Yes, it's circular reasoning...
Hope that helps clarify.
I would recommend anyone interested in the UK's (now abandoned) ID card scheme to at least skim read the London School of Economics' report on it, which can be found at http://www.lse.ac.uk/collections/...
Also remember that of the two main parties standing in the 5 May election, Labour fully plan to bring back the ID Cards Bill (http://news.bbc.co.uk/1/hi/uk/4453811.stm), and the Tories wish to "review" it.
It's good to see someone making a (public) stab at cost/benefit analysis for a security measure.
Well spotted on the 1,500 fraud attempts being the number detected by current precedures, rather than the number attempted. Such are the difficulties of said cost/benefit analysis.
You imply that UKP155,000 is an excessive average value of the cost to society of each successfully fraudulent passport application. You may be right (I don't know), but do you have an actual figure for what average value we should use, rather than a very conservative upper limit?
Concerning border checks on passports, it is (I think) well known that currently checks on the validity of passports, using the machine-readable data and on-line or stop list checks, are rare to non-existent (and, obviously, stop lists are only useful for known lost/stolen passports; not for total forgeries that are not known). This could be improved without any changes to the existing machine-readable passports.
The addition of identity data and photograph, each protected and bound together by a digital signature, would allow border checks on passport validity without need for on-line checks.
In addition, manual checks of the digitised (and digitally signed) photograph would be a significant improvement against forgeries based on photograph substitution on an otherwise valid passport.
From the currently available performance of the biometric of face, especially with templates derived from passport photographs, it is most unlikely that biometric checks at borders of just the facial biometric would be significantly useful. Thus investment in only facial biometric systems at border posts should be viewed as most unlikely to justify itself.
On this, manufacturers might disagree. I will change my mind if they can specify an operating point (simultaneous false accept rate and false reject rate) that is both achieveable and sufficiently useful.
However, poor performance of face as a biometric does not stop digitally signed photographs from being useful.
Well, the UK Government haven't exactly failed to to introduce ID cards, they've just failed to push them through before the dissolution of parliament prior to the forthcoming election. Charles Clarke is still talking openly about introducing them, and I confidently predict the bill is going to reemerge in the event of another Labour government (and probably a Tory one too).
FOR EDUCATIONAL PURPOSES ONLY
The Demeaning of Identity and Personhood in National Identification Systems
"In a free society under a constitution of enumerated and delegated powers, a regime develops based upon and generating basic, retained rights for individuals as persons. This system derives from the overarching principle of governance by consent. This dimension creates a buffer around individuals and against state action. Individuals inherently possess rights and political identities. However, under a national identification system, rights are derived from credentials. People obtain ersatz-identities based on identification documents and numbers or places in databanks. The requirement [*322] to prove identity or appear in a national databank in order to obtain and exercise certain rights demeans the foundation on which free governance is based. The use of personal information for governmental action without consent or due process violates liberty and property rights. The existence of databanks and identification schemes implies that society has a right to surveil its subjects and to define individual identities separate from the inherent nature of personhood. The difference appears in the contrast between a system with a constitutional right to be free from unreasonable search as a person and a system with police privileges to search anyone at will. Freedom from search by virtue of personhood contrasts with obtaining that right only after one has proved to be a citizen through identification and thus deserving of that right or privilege. When one may only exercise fundamental rights with proper documentation, the nature of political and personal identity is degraded. Personhood is a fundamental element of both personal and political identity n5 that implies a "bundle of rights." n6 As Justice William O. Douglas noted about the importance of personhood in his concurrence to Roe v. Wade in Doe v. Bolton, "the autonomous control over the development and expression of one's intellect, interests, tastes, and personality" is a constitutionally protected right and fundamental to privacy. n7 In his dissent in United States v. White, Justice Douglas advised that:
Invasions of privacy demean the individual. Can a society be better than the people composing it? When a government degrades its citizens, or permits them to degrade each other, however beneficent the specific purpose, it limits opportunities for individual fulfillment and national accomplishment. n8[*323]
The creation of a NIDS undermines the basic principles of personhood, sovereignty, due process, and federalism in the U.S. Constitution while ultimately providing questionable utility. The increased reach and effects of a NIDS on these fundamental issues requires the exploration and contemplation of its constitutional and policy implications."
LENGTH: 34804 words.
I thought this was worth passing along to you and the readers here.
The first "pass laws" in South Africa, enacted in 1760, mandated that all slaves "in the cape" carry passes.
"A Home Office spokesman said the aim was to cut out the 1,500 fraudulent applications found through the postal system last year alone."
Could someone explain to me how putting a fingerprint on the passport helps? The main issue with fraudulent passport applications is that the name on the application does not belong with to the person whose picture is on the application (it is still my picture, just not my name). So now you have a name that does not belong to the person whose picture and fingerprint is on the application. The only way it will help is if they have a definitive database of everybody's fingerprints, otherwise, the best they can do is catch fraudulent applications from known 'bad guys'. For that you could just add a question to the application "are you a bad guy?" :-)
The extortion by US was accepted by the highest representatives of all EU members last year, they all agreed to make hi-tech passports on some summit. I don't know if RFID was also the condition, but it seems that all are going to be contactless. Now all EU countries are working to introduce new expensive passports. We are talking about hundreds of millions of it. Some companies are going to earn enormous money.
"are you a bad guy?"
I had a local police officer ask me this in a round about way. I told him in a round about way that we aren't the nicest people, but we do what we have to do. He got the point. This turned into a warrantless search I'm fairly sure he did at least. He shouldn't need to ask me again. I'm sure his intentions were good. Somethings change, while others remain the same. He stuck his hand in my pockets. The current political trend in Washington is to attack the federal judges. This is a lobbyist led campaign for reinventing and expanding power along with the Tom DeLay forces. We'll see about who wins. Take the long view of things or take the road to hell, it's not as long.
THE ASSOCIATED PRESS
NEW ORLEANS - A federal appeals court has opened the door for police officers in three states to search homes and buildings for evidence without a warrant - a ruling that two dissenting judges called "the road to hell."
"I have no doubt that the deputy sheriffs believed they were acting reasonably and with good intentions," Judges Harold DeMoss Jr. and Carl E. Stewart wrote. "But the old adage warns us that 'The road to hell is paved with good intentions.' "
ROAD TO HELL
URL to the full AP story
Police work has dangers. I guess the issue is, will warrantless searches make the police more secure and safer? Police without warrants doing searches may uncover evidence. I think a warrant is good for the police, because it requires them to be accountable for what they are looking for. It is a check. It also prevents wild goose chases.
In his dissent in United States v. White, Justice Douglas advised that:
Invasions of privacy demean the individual. Can a society be better than the people composing it? When a government degrades its citizens, or permits them to degrade each other, however beneficent the specific purpose, it limits opportunities for individual fulfillment and national accomplishment.
I don't believe warrantless searches will pave the way for a more secure national purpose. The police powers are limited by design, just as the judicial powers are limited by wisdom. I guess it is really a political question. As far as Passports go, you really can't expect total security as a result of documentation. Databases are viewed by some as security tools, so this adds another layer of complexity. As we have seen lately, database security is often compromised. Then there is this idea of cameras all over the place watching things.
The big dumb idea today is the idea that less privacy will lead to more security. It seems to me that privacy protects the integrity of identification and enhances security. If there is no privacy, how much security can we expect?
If less privacy is better and more secure, try putting all of your personal information; passwords, credit cards, bank information, social security number, telephone numbers, employment information and everything else on a web page and see how much more secure you are. You can have zero privacy then and you will be more secure. Yea, right!
Warrantless searches are the road to hell. No privacy is hell. I guess hell offers total security, but no air conditioning.
A really secure new person.
I made him up. He has no privacy, but he has total security. Model of the future you don't want.
Name: Frank C. Foundstoned
Location: 1235 R Street East
Bedrock, NY 567873245757546575875-9980
MS Passport Fed. ID
Phone co. acct. # 535353A2342SdfdfSdfsS
Passport ID #34345645-535345-535346-0984
National ID DB #3534554-666-7775-212443
English Royal Cert. ID
Master Card 4323-466-456664-8099 exp. 02/06
SS # 67467-645645-1984
ISP password: ihavenosecurity34535
Login for corporate network
Slate Industries Inc.
Federal Universal Cyber Knowledge ID
GPS node locator number
National Drivers License Number
Supermarket super saver shopper ID
Starbucks coffee drinker ID
Airport Universal Pass ID
Fed Univ Camera Knowledge ID
RFID CHIP Number
Chip located in brain.
VOTING RECORD NUMBER
Entered into the Federal Universal Cyber
Knowledge Database by 456uy76984 on 3-17-2005. Record expires upon death-01-15-2006
More data upon request.
Contact VCF-Universal Cyber Knowlege Agency, Washington DC via V.C.F.U.C.K.A secure network.
Cleared for air travel to these nations: England
It's all fixed now! You too can have complete and total security.
Exactly how are biometrics in passports supposed to stop fraudulent applications through the postal system? They just don't want to think logically about this.
"Exactly how are biometrics in passports supposed to stop fraudulent applications through the postal system?"
They aren't. The current U.K. proposals envisage that EVERYONE applying for a passport for the first time would be required to attend the passport office IN PERSON to have their fingerprints taken and their application checked. This would later be rolled out to those renewing their passports.
Big Brother, eat your heart out... :-(
"The root of the issue is in US policy. Enhanced passports were spurred by the post 9-11 US laws that bar US immigration and border officials from accepting traditional passports from citizens of the twenty-seven European and Asian nations that do not need visas to enter the US."
That's correct, but European governments share the blame. They were all too happy to jump on the "anti-terrorism" bandwagon after 9-11.
"Exactly how are biometrics in passports supposed to stop fraudulent applications through the postal system? They just don't want to think logically about this."
They don't think logically at all. A German politician said, only two months after 9-11, that biometric passports could have prevented the terror attacks. Pure nonsense. By the way, he never responded to me when I asked for an explanation. And that was a Green (Volker beck), one of the guys whom, ages ago, were ardent defenders of privacy.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.