Reply to: Government ePassports uncrackable

No, but they do Ex-lax our personal data.

Beware Bungling Bureaucrats

Does the Passport Office still send the new passports by normal post (small brown envelope)? Fancy charging £ 80 or so and not sending them by registered post!!
Last time, I insisted on collecting my daughter's from the Petty France Office in London. I got some funny looks by the idiots there, couldn't believe I was so security-conscious.

Exactly. Biometrics are not secrets. They are akin to a pin number stuck to one's head and scattered to the four winds as you pass by. The problem, already identified by someone earlier (perhaps even you), is that people do not know that biometrics are not secrets (this includes the general public and politicians) but treat them as such. This can lead to an insecure system if businesses use biometrics in place of secrets, as often touted by politics.

Currently all that is a digital picture. Well there's a real one in the book that someone can digitize if they want.

The solution to this is easy. Make sure that it is stored (and read) in a faraday cage.

As they can by reading the thing. I'm sorry, but I don't buy into this need to keep all my data secure in order to stop someone pretending to be me. The details that they need to do this are in the public domain somewhere. Shreading my mail does not stop them getting it. If it's possible to steal my identity by knowing my current address (on the electoral register), place and date of birth (available from the register of Births) then there aren't sufficient checks in place when the interloper uses that data. Asking me to make it only very slightly harder for him to obtain my details, is like having tissue paper doors on your house to stop someone breaking in.

It already is.

tim

The government would never be lax with personal data.

The real danger is that people think "oh, it's secure..." and the government spins it so that the majority think it's secure. When that happens, people get lax about keeping the data safe, and it's open season for fraudsters.

Plan B in the making, methinks.

Looking on the bright side, one could not only claim to be Spartacus, but could prove it too.

The biometric data will also be stored - so that's your fingerprints, iris scan and face-shape patterns.

If it's readable from a distance and crackable - both have been proved in (I think) the German or Dutch trials - then any old tom/dick/harry can get pretty much all they need to spoof your life.

If the data is held centrally, then that data is also open to abuse from a disgruntled/dishonest employee. There is also a plan to sell this data - a la DVLA data to car-clampers.

There is a real chance of your personal data being in the public domain if this is allowed to go ahead.

They do now. Someone sent them a couple of CDs...

Government ePassports uncrackable

Given that it only contains details that are available in the passport in a printed form, why is this a problem exactly?

I can see that it's an issue if someone can write forged details back, but I can see no issue at all with someone being able to crack the reading part.

tim

Because the man in the customs office of: middle of nowhere's ville, bongo bongo land is not going to have a connection to that database.

tim

Unless you are a giant alien lizard disguised as a human. Or a grey disguised as a grey shark...

I don't understand why the chip doesn't just contain a serial number, and when you pass through passport control, that's used to do an RMI lookup to a secure DB.

It would be nigh on impossible to forge a passport as the border guys would be able to see what the passport should look like?

:

How can it be?

I thought London was full of foreigners!!! You can't have two places full, somewhere must be empty...

Seems to me that abroad is full of foreigners anyway.