CCC warns of disaster with biometry in new passports
The German Federal Office for Information Security (BSI) has recently published the "BioP2 study" on the capabilities of biometric methods for the new traveling passports ("ePass"). The Chaos Computer Club (CCC) warns against the usage of the obviously unsuitable biometric systems after analyzing the study. Facing the inadequate technology and the enormous costs, a hi-tech fiasco is looming for the federal government.
Every year nearly 2 million Germans will be affected by the introduction of the ePass beginning on November 1, 2005. The BSI-study's aim was to investigate the usability and feasibility of biometric procedures under real world conditions. It was commissioned to provide a factual base for the law-making process and to give recommendations for a possible implementation on airports and borders. The study results were completely ignored in the lawmaking process.
The tested systems were found to falsely reject between 3 and 23 percent of the participating persons. Every day tens of thousands of people will be stranded in front of red-blinking monitors if those systems are to be used in border controls all over Germany. People's fingerprints or digital photos aren't recognized by the software. According to the Federal Ministry of the Interior these citizens will face 'aggravated inspections'.
Research regarding the security against circumvention of the biometric systems has also been conducted during the BSI-study. The results of these tests are kept secret. "We assume the BSI came to the same devastating results as we did in our research", said Andy Müller-Maguhn, speaker of the CCC. The hacker's society has in the recent past often demonstrated the circumvention of various biometric systems by simple means.
The study comes to the conclusion that many technological improvements and again a "in-depth research about the grade of operability, the detection rate and the security against circumvention" is needed. The BSI thus admits that the technology is everything but usable in practice right now. They BSI even expresses the feeble hope that citizens will adapt to the rejections, high error-rates and non-intuitive user interface of the systems, as they want to pass the border anyway.
According to the German Federal Criminal Police Office (BKA) the German passport printing technology is the most secure in the world. Radio-chips and biometric systems will lower that level of security because border police officers will get used to trust the inadequate technology. Andy Müller-Maguhn sums up: "An expensive and insecure system will be introduced here which has the best chances to become another large scale technology disaster. It is obvious that the introduction of the ePass is mainly targeted at serving industry interests and to salvage the recently privatized German Bundesdruckerei from the threat of bankruptcy."
The Chaos Computer Club demands to immediately discontinue the introduction of biometric systems and radio-chips into passports until further research has been conducted. Should a non-biased audit of the procedures and systems confirm that they are not usable, their use in passports must be abandoned completely.
Some background material about problems associated with biometrics is
provided online by the CCC at www.ccc.de/epass.
We recommend the answers of ministry of interior to our
questions ()
with our comments to the media in particular.
Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912.