Norway, Sweden push ahead with biometric passports
- 04 November, 2005 07:59
Sweden and Norway began deploying biometric passports in October but privacy and security issues may limit the potential of the new systems.
Both Norway and Sweden will store digital facial images on smart cards embedded into the passports. The digital image will be used as an additional safeguard against fraudulent passports.
While so far few if any passport control centers in the world have the readers necessary to read the chips in the biometric passports, in the future, a passport control official could check that the printed photograph, the digital image and the live person all match, said Tommi Nordberg, senior vice president of sales and marketing for Setec.
Setec, a Gemplus International company, is supplying the passports in Norway and Sweden, Setec announced on Thursday. The countries are among the first in Europe to introduce biometric passports.
To allay the fears of Swedish people concerned about the security of the system and their privacy rights, the digital image on the chips won't be stored in any database, said Lars Karlsand, principal administrative officer at the Swedish National Police Board. "There is no kind of national register for this kind of information," he said. In addition, when readers are installed at passport control centers, the data won't be stored there either, he said.
That means that the digital images aren't compared against any sort of database that might identify people who may be wanted by law enforcement agencies. "The idea of the passports is really to verify that the passport holder and the passport belong to one package," said Nordberg. While the biometric passports may help in cutting down on some types of passport fraud, they won't help officials identify people they may be looking for.
Placing this limitation on the data saved to the smart chip is in keeping with recommendations issued in a report adopted in September by the Data Protection Working Party, a European Commission initiative studying the security repercussions of biometric passports and travel cards. The group supports a European Parliament decision from December 2004 that prohibits the creation of a central database of biometric information collected from European Union passports and travel documents.
The chips being used in Norway and Sweden employ a security feature recommended by the International Civil Aviation Organization (ICAO) but the method isn't entirely secure, according to the Working Party's findings. Passport control officials must first scan the machine readable portion of the passport to obtain a key that is made up of the passport number, date of birth of the passport holder and the expiration date of the passport. Once that key is created, the information stored on the chip can be unlocked and accessed.
However, the Working Party points out that the information that makes up the key is increasingly available to companies that ask passport holders for the information. For example, some ticket brokers ask buyers for passport numbers. The Working Party warns that with such information available combined with the algorithm for the key, which could leak out to the public, the data stored on the cards could be fraudulently accessed.
While such fraud may not be a major issue with just a digital image stored on the chips, the next step of the biometric passports is to store fingerprints on the chips. ICAO recommends a slightly stronger security mechanism be implemented once fingerprint data is included on biometric passports. The Working Party recommends such security mechanisms become mandatory because they are currently only recommended.
Sweden is developing plans to add fingerprints to the chips by December 2007, but there is one roadblock to the plan: current law in Sweden says that biometric passports can include a facial image but nothing else, Karlsand said. That law will have to change before the fingerprint initiative can be implemented.
A number of civil liberties groups in Europe have expressed displeasure at plans to implement biometric passports. This first type of implementation, including just the facial image, is largely a waste of government money, said Ross Anderson, a spokesman for the Foundation of Information Policy Research, a U.K. body that studies the impact of technology on society. "The fundamental objection is that they're doing the wrong thing," he said. "The issue with terrorism isn't identity." He suggests that the money would be better spent on hiring more intelligence agents and police.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
CIO 100: Carsales wins top gong for innovation
How to secure passwords and other critical numbers
Meeting Business Data Protection
When it comes to data back-up and recovery, the rules have changed. Virtualization has enabled IT organisations to become more efficient, but also more complex. This whitepaper addresses these new realities, and provides a comprehensive solution for virtual and physical environments, backup of applications and data, disaster recovery and replication of complete systems or applications, and for ensuring high availability of mission-critical services.
Efficient Data Management in Three Simple Steps
Gartner reports that Business Intelligence, Mobile Technologies and Cloud Computing rank 1-2-3 as the 2013 Global CIO Technology Priorities. These three trends, labelled the “Perfect Storm” of new technologies, are transforming every link in the IT value chain, promising to deliver more efficient, responsive and dynamic IT operations. But this also means massive shifts in the way IT applications and services are created, deployed and maintained. This whitepaper aims to help you begin the journey to efficient modern data management
Leadership and technology: Mobility and BYOD insights for midmarket enterprises
BYOD trends are putting pressure on IT departments to support all personal mobile devices in all work spaces, while Analysys Mason forecasts that revenue from mobility for mid-market enterprises will grow to US$79 billion by 2018. This white paper looks at the power of mobility as part of a unified communications (UC) platform; the competing interests of IT departments, and why vendors supplying these solutions are well prepared to meet the needs of mid-market enterprise technology and business challenges.