Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.6: Study on ID Documents
 |
Title: EUROPEAN PASSPORT |
 |
As the technical components for the European passport are described in chapter and the legal grounds are described in chapter in this chapter procedural aspects of the introduction will be discussed.
The European passport uses two new technologies (RFID and Biometrics) which have not been used with these technical specifications for such a purpose and such a large number of users so far. Biometrics is known to show a number of quality problems when applied to a large number of persons with a large variety of socio cultural backgrounds. For RFID no comparable predecessor application exists.
The combination of these technologies has been developed in a timeframe of two years taking a minimum of privacy, technical and procedural security into account (see chapter ). Most of the concrete privacy and security requirements for the implementation of biometrics and RFID in MRTD for example stated by the Article 29 Data Protection Working Party were not integrated in the legal European framework for MRTDs.
Only one field test with about 14,000 participants has been carried out: at the airport Schiphol in The Netherlands in 2005. In addition to the problems stated in the official report (BZK 2005) information that the RFID can be read out from a distance of 10 m (officially: 10 cm), became public. In addition Basic Access Control (BAC) seems to be cryptographically weak and could be ‘brute forced’ within two hours as the effective key-length for the encryption applied can be compared to 35 bit or in some cases 28 bit (Beel, Gipp 2005) only. For comparison: the Advanced Encryption Standard (AES) issued by the (U. S.) National Institute for Standards and Technology (NIST) typically uses at least 128 bit key length. Symmetric cryptography works only in case keys remain secret. In this case the key to the data on the document is stored in the MRZ on the document itself. This key management can be compared to a PIN printed directly on a banking card and provides no secrecy if the document becomes lost or stolen.
These publicly reported problems have had no consequences so far. In Germany the European passport is issued without conceptual modifications since November 2005. And procedural solutions for the quality problems of biometrics have been required (for example in BZK 2005 or BSI 2005), but not been discussed or co-ordinated on an international level so far.
Compared to the technological and social complexity the introduction of the European passport has been carried out in a remarkable fast, non-transparent, insufficiently co-ordinated and socially not integrated way. Criticism includes:
Compared to the complexity of the project and the degree of innovation much too short planning and development phase; errors in the design of the overall system are obvious even before start (see chapter )
Insufficient public political discussion of the technology, its impact on society and a democratic basis for the decision of introduction that is at least debateable (see chapter )
Compared to the sheer largeness of the introduction the project with 280 million users in Europe remarkable small and short laboratory and field testing phases
Results from the testing did not lead to modified concepts or implementations of ID documents so far
| |
   |
|
| Denis Royer | 29 / 56 |
