diff options
Diffstat (limited to 'updates')
-rw-r--r-- | updates/2005/pm20050906.en.md | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/updates/2005/pm20050906.en.md b/updates/2005/pm20050906.en.md new file mode 100644 index 00000000..6b0b2551 --- /dev/null +++ b/updates/2005/pm20050906.en.md | |||
@@ -0,0 +1,118 @@ | |||
1 | title: Press Release BioP II Study | ||
2 | date: 2005-09-06 00:00:00 | ||
3 | updated: 2009-04-18 19:12:41 | ||
4 | author: frankro | ||
5 | tags: update | ||
6 | |||
7 | CCC warns of disaster with biometry in new passports | ||
8 | |||
9 | <!-- TEASER_END --> | ||
10 | |||
11 | The German Federal Office for Information Security (BSI) has recently | ||
12 | published the "BioP2 study" on the capabilities of biometric methods for | ||
13 | the new traveling passports ("ePass"). The Chaos Computer Club (CCC) | ||
14 | warns against the usage of the obviously unsuitable biometric systems | ||
15 | after analyzing the study. Facing the inadequate technology and the | ||
16 | enormous costs, a hi-tech fiasco is looming for the federal government. | ||
17 | |||
18 | Every year nearly 2 million Germans will be affected by the introduction | ||
19 | of the ePass beginning on November 1, 2005. The BSI-study's aim was to | ||
20 | investigate the usability and feasibility of biometric procedures under | ||
21 | real world conditions. It was commissioned to provide a factual base for | ||
22 | the law-making process and to give recommendations for a possible | ||
23 | implementation on airports and borders. The study results were | ||
24 | completely ignored in the lawmaking process. | ||
25 | |||
26 | ### Biometric systems unsuitable | ||
27 | |||
28 | The tested systems were found to falsely reject between 3 and 23 percent | ||
29 | of the participating persons. Every day tens of thousands of people will | ||
30 | be stranded in front of red-blinking monitors if those systems are to be | ||
31 | used in border controls all over Germany. People's fingerprints or | ||
32 | digital photos aren't recognized by the software. According to the | ||
33 | Federal Ministry of the Interior these citizens will face 'aggravated | ||
34 | inspections'. | ||
35 | |||
36 | Research regarding the security against circumvention of the biometric | ||
37 | systems has also been conducted during the BSI-study. The results of | ||
38 | these tests are kept secret. "We assume the BSI came to the same | ||
39 | devastating results as we did in our research", said Andy Müller-Maguhn, | ||
40 | speaker of the CCC. The hacker's society has in the recent past often | ||
41 | demonstrated the circumvention of various biometric systems by simple | ||
42 | means. | ||
43 | |||
44 | The study comes to the conclusion that many technological improvements | ||
45 | and again a "in-depth research about the grade of operability, the | ||
46 | detection rate and the security against circumvention" is needed. The | ||
47 | BSI thus admits that the technology is everything but usable in practice | ||
48 | right now. They BSI even expresses the feeble hope that citizens will | ||
49 | adapt to the rejections, high error-rates and non-intuitive user | ||
50 | interface of the systems, as they want to pass the border anyway. | ||
51 | |||
52 | According to the German Federal Criminal Police Office (BKA) the German | ||
53 | passport printing technology is the most secure in the world. | ||
54 | Radio-chips and biometric systems will lower that level of security | ||
55 | because border police officers will get used to trust the inadequate | ||
56 | technology. Andy Müller-Maguhn sums up: "An expensive and insecure | ||
57 | system will be introduced here which has the best chances to become | ||
58 | another large scale technology disaster. It is obvious that the | ||
59 | introduction of the ePass is mainly targeted at serving industry | ||
60 | interests and to salvage the recently privatized German Bundesdruckerei | ||
61 | from the threat of bankruptcy." | ||
62 | |||
63 | The Chaos Computer Club demands to immediately discontinue the | ||
64 | introduction of biometric systems and radio-chips into passports until | ||
65 | further research has been conducted. Should a non-biased audit of the | ||
66 | procedures and systems confirm that they are not usable, their use in | ||
67 | passports must be abandoned completely. | ||
68 | |||
69 | ### Criticism in overview: | ||
70 | |||
71 | - Recognition performance:\ | ||
72 | None of the tested systems has a satisfying performance. In | ||
73 | particular, the iris and facial recognition was generating false | ||
74 | rejection rates which made clear that they are unusable. | ||
75 | - Security:\ | ||
76 | The operational reliability of the security mechanisms and their | ||
77 | security against circumvention could not be documented since those | ||
78 | test results were not published. Independent research by the CCC | ||
79 | showed that all biometric systems had an inadequate security against | ||
80 | circumvention. | ||
81 | - Usability:\ | ||
82 | The systems do not provide an adequate user interface. Intensive | ||
83 | supervision of the user and extensive training for the border guards | ||
84 | are required. The passport holders will bear the costs for this. | ||
85 | - User acceptance:\ | ||
86 | Because of the high false rejection rates and the non-intuitive user | ||
87 | interface more than half of the testsubjects did show their | ||
88 | dissatisfaction by not participating the field-test anymore after | ||
89 | registration. | ||
90 | - Biased results of the study:\ | ||
91 | By removing significantly bad results in the beginning of the field | ||
92 | test the recognition rate of the systems was presented biased. A | ||
93 | change of the testparameters during the test period skewed the | ||
94 | results additionally and further reduced the already small test data | ||
95 | base. The appendix with the concrete basic data from the tests was | ||
96 | not published. | ||
97 | - Representativeness:\ | ||
98 | The number and choice of participants in the study is not | ||
99 | representative for the German population regarding age, gender, job | ||
100 | and other attributes. The results of the study thus provide no | ||
101 | reliable information for the real feasibility of the procedures. | ||
102 | Because of the inadequate composition of the study participants, | ||
103 | much worse results in a real life environment are to be expected. | ||
104 | - Costs:\ | ||
105 | The cost for the procurement of the biometric enrollment systems in | ||
106 | the approximately 6000 registration offices, the thousands of | ||
107 | inspection machines for the 419 borders checkpoints, the additional | ||
108 | personal on those machines, the training of the personal and the | ||
109 | necessary building modifications (for optimal illumination for | ||
110 | facial recognition) were not looked at. A cost benefit analysis was | ||
111 | not done. | ||
112 | |||
113 | Some background material about problems associated with biometrics is | ||
114 | provided online by the CCC at [www.ccc.de/epass](/epass/). We recommend | ||
115 | the answers of ministry of interior to our questions | ||
116 | ([](/epass/stellungnahme-bmi)) with our comments to the media in | ||
117 | particular.\ | ||
118 | Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912. | ||