From f0577eb7bebe8d0b88f91acc9881cf11d8597443 Mon Sep 17 00:00:00 2001 From: frankro Date: Sat, 18 Apr 2009 19:12:41 +0000 Subject: committing page revision 1 --- updates/2005/pm20050906.en.md | 118 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 updates/2005/pm20050906.en.md diff --git a/updates/2005/pm20050906.en.md b/updates/2005/pm20050906.en.md new file mode 100644 index 00000000..6b0b2551 --- /dev/null +++ b/updates/2005/pm20050906.en.md @@ -0,0 +1,118 @@ +title: Press Release BioP II Study +date: 2005-09-06 00:00:00 +updated: 2009-04-18 19:12:41 +author: frankro +tags: update + +CCC warns of disaster with biometry in new passports + + + +The German Federal Office for Information Security (BSI) has recently +published the "BioP2 study" on the capabilities of biometric methods for +the new traveling passports ("ePass"). The Chaos Computer Club (CCC) +warns against the usage of the obviously unsuitable biometric systems +after analyzing the study. Facing the inadequate technology and the +enormous costs, a hi-tech fiasco is looming for the federal government. + +Every year nearly 2 million Germans will be affected by the introduction +of the ePass beginning on November 1, 2005. The BSI-study's aim was to +investigate the usability and feasibility of biometric procedures under +real world conditions. It was commissioned to provide a factual base for +the law-making process and to give recommendations for a possible +implementation on airports and borders. The study results were +completely ignored in the lawmaking process. + +### Biometric systems unsuitable + +The tested systems were found to falsely reject between 3 and 23 percent +of the participating persons. Every day tens of thousands of people will +be stranded in front of red-blinking monitors if those systems are to be +used in border controls all over Germany. People's fingerprints or +digital photos aren't recognized by the software. According to the +Federal Ministry of the Interior these citizens will face 'aggravated +inspections'. + +Research regarding the security against circumvention of the biometric +systems has also been conducted during the BSI-study. The results of +these tests are kept secret. "We assume the BSI came to the same +devastating results as we did in our research", said Andy Müller-Maguhn, +speaker of the CCC. The hacker's society has in the recent past often +demonstrated the circumvention of various biometric systems by simple +means. + +The study comes to the conclusion that many technological improvements +and again a "in-depth research about the grade of operability, the +detection rate and the security against circumvention" is needed. The +BSI thus admits that the technology is everything but usable in practice +right now. They BSI even expresses the feeble hope that citizens will +adapt to the rejections, high error-rates and non-intuitive user +interface of the systems, as they want to pass the border anyway. + +According to the German Federal Criminal Police Office (BKA) the German +passport printing technology is the most secure in the world. +Radio-chips and biometric systems will lower that level of security +because border police officers will get used to trust the inadequate +technology. Andy Müller-Maguhn sums up: "An expensive and insecure +system will be introduced here which has the best chances to become +another large scale technology disaster. It is obvious that the +introduction of the ePass is mainly targeted at serving industry +interests and to salvage the recently privatized German Bundesdruckerei +from the threat of bankruptcy." + +The Chaos Computer Club demands to immediately discontinue the +introduction of biometric systems and radio-chips into passports until +further research has been conducted. Should a non-biased audit of the +procedures and systems confirm that they are not usable, their use in +passports must be abandoned completely. + +### Criticism in overview: + +- Recognition performance:\ + None of the tested systems has a satisfying performance. In + particular, the iris and facial recognition was generating false + rejection rates which made clear that they are unusable. +- Security:\ + The operational reliability of the security mechanisms and their + security against circumvention could not be documented since those + test results were not published. Independent research by the CCC + showed that all biometric systems had an inadequate security against + circumvention. +- Usability:\ + The systems do not provide an adequate user interface. Intensive + supervision of the user and extensive training for the border guards + are required. The passport holders will bear the costs for this. +- User acceptance:\ + Because of the high false rejection rates and the non-intuitive user + interface more than half of the testsubjects did show their + dissatisfaction by not participating the field-test anymore after + registration. +- Biased results of the study:\ + By removing significantly bad results in the beginning of the field + test the recognition rate of the systems was presented biased. A + change of the testparameters during the test period skewed the + results additionally and further reduced the already small test data + base. The appendix with the concrete basic data from the tests was + not published. +- Representativeness:\ + The number and choice of participants in the study is not + representative for the German population regarding age, gender, job + and other attributes. The results of the study thus provide no + reliable information for the real feasibility of the procedures. + Because of the inadequate composition of the study participants, + much worse results in a real life environment are to be expected. +- Costs:\ + The cost for the procurement of the biometric enrollment systems in + the approximately 6000 registration offices, the thousands of + inspection machines for the 419 borders checkpoints, the additional + personal on those machines, the training of the personal and the + necessary building modifications (for optimal illumination for + facial recognition) were not looked at. A cost benefit analysis was + not done. + +Some background material about problems associated with biometrics is +provided online by the CCC at [www.ccc.de/epass](/epass/). We recommend +the answers of ministry of interior to our questions +([](/epass/stellungnahme-bmi)) with our comments to the media in +particular.\ +Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912. -- cgit v1.2.3