1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
title: Press Release BioP II Study
date: 2005-09-06 00:00:00
updated: 2010-04-10 17:10:31
author: frankro
tags: update, biometrie, biop2
CCC warns of disaster with biometry in new passports
<!-- TEASER_END -->
The German Federal Office for Information Security (BSI) has recently
published the "BioP2 study" on the capabilities of biometric methods for
the new traveling passports ("ePass"). The Chaos Computer Club (CCC)
warns against the usage of the obviously unsuitable biometric systems
after analyzing the study. Facing the inadequate technology and the
enormous costs, a hi-tech fiasco is looming for the federal government.
Every year nearly 2 million Germans will be affected by the introduction
of the ePass beginning on November 1, 2005. The BSI-study's aim was to
investigate the usability and feasibility of biometric procedures under
real world conditions. It was commissioned to provide a factual base for
the law-making process and to give recommendations for a possible
implementation on airports and borders. The study results were
completely ignored in the lawmaking process.
### Biometric systems unsuitable
The tested systems were found to falsely reject between 3 and 23 percent
of the participating persons. Every day tens of thousands of people will
be stranded in front of red-blinking monitors if those systems are to be
used in border controls all over Germany. People's fingerprints or
digital photos aren't recognized by the software. According to the
Federal Ministry of the Interior these citizens will face 'aggravated
inspections'.
Research regarding the security against circumvention of the biometric
systems has also been conducted during the BSI-study. The results of
these tests are kept secret. "We assume the BSI came to the same
devastating results as we did in our research", said Andy Müller-Maguhn,
speaker of the CCC. The hacker's society has in the recent past often
demonstrated the circumvention of various biometric systems by simple
means.
The study comes to the conclusion that many technological improvements
and again a "in-depth research about the grade of operability, the
detection rate and the security against circumvention" is needed. The
BSI thus admits that the technology is everything but usable in practice
right now. They BSI even expresses the feeble hope that citizens will
adapt to the rejections, high error-rates and non-intuitive user
interface of the systems, as they want to pass the border anyway.
According to the German Federal Criminal Police Office (BKA) the German
passport printing technology is the most secure in the world.
Radio-chips and biometric systems will lower that level of security
because border police officers will get used to trust the inadequate
technology. Andy Müller-Maguhn sums up: "An expensive and insecure
system will be introduced here which has the best chances to become
another large scale technology disaster. It is obvious that the
introduction of the ePass is mainly targeted at serving industry
interests and to salvage the recently privatized German Bundesdruckerei
from the threat of bankruptcy."
The Chaos Computer Club demands to immediately discontinue the
introduction of biometric systems and radio-chips into passports until
further research has been conducted. Should a non-biased audit of the
procedures and systems confirm that they are not usable, their use in
passports must be abandoned completely.
### Criticism in overview:
- Recognition performance:\
None of the tested systems has a satisfying performance. In
particular, the iris and facial recognition was generating false
rejection rates which made clear that they are unusable.
- Security:\
The operational reliability of the security mechanisms and their
security against circumvention could not be documented since those
test results were not published. Independent research by the CCC
showed that all biometric systems had an inadequate security against
circumvention.
- Usability:\
The systems do not provide an adequate user interface. Intensive
supervision of the user and extensive training for the border guards
are required. The passport holders will bear the costs for this.
- User acceptance:\
Because of the high false rejection rates and the non-intuitive user
interface more than half of the testsubjects did show their
dissatisfaction by not participating the field-test anymore after
registration.
- Biased results of the study:\
By removing significantly bad results in the beginning of the field
test the recognition rate of the systems was presented biased. A
change of the testparameters during the test period skewed the
results additionally and further reduced the already small test data
base. The appendix with the concrete basic data from the tests was
not published.
- Representativeness:\
The number and choice of participants in the study is not
representative for the German population regarding age, gender, job
and other attributes. The results of the study thus provide no
reliable information for the real feasibility of the procedures.
Because of the inadequate composition of the study participants,
much worse results in a real life environment are to be expected.
- Costs:\
The cost for the procurement of the biometric enrollment systems in
the approximately 6000 registration offices, the thousands of
inspection machines for the 419 borders checkpoints, the additional
personal on those machines, the training of the personal and the
necessary building modifications (for optimal illumination for
facial recognition) were not looked at. A cost benefit analysis was
not done.
Some background material about problems associated with biometrics is
provided online by the CCC at [www.ccc.de/epass](/epass/). We recommend
the answers of ministry of interior to our questions
([](/epass/stellungnahme-bmi)) with our comments to the media in
particular.\
Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912.
|
