Israel Torres April 11, 2005 8:54 AM

Aside from the obvious vulnerabilities stated in Attachment 1 (attacks on the technology itself). There is little mention of the vulnerabilities rooted in the registration phase of “E-Passport” deployment. If an attacker can successfully manipulate the system at the root such as to convince the system the attacker is a legitimate authorized entity through a battery of attacks (e.g. social engineering, identity theft, etc…) all this technology is no better than current forms of identification. In fact it becomes more of a danger since the identification issued will be deemed almost irrefutably correct. Of course they may not be as simple to forge, but then there really is no need to technically forge something that one can gain legitimately and remain illegitimate at the same time.

Israel Torres

Cypherpunk April 11, 2005 12:37 PM

One of the key points from the Attachment 1 analysis (which they didn’t emphasize, apparently because it didn’t suit their political purpose) is that some biometrics are more dangerous than others. Fingerprints are somewhat problematic because they are more private and are being used in other contexts, as well as being easier to fake. Facial features are the primary biometric being used in ePassports and they are relatively less sensitive because of obviously being public data.

lion April 12, 2005 1:14 AM

I dont realy understand why the US government doesnt want to use the BAC. BAC will be used in all European countries because of the problem of sniffing and reading out your private data from the distance. Perhaps they want to be able to use this for their own purposes? 🙂

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.