CCC warns of disaster with biometry in new passports
The German Federal Office for Information Security (BSI) has recently published the "BioP2 study" on the capabilities of biometric methods for the new traveling passports ("ePass"). The Chaos Computer Club (CCC) warns against the usage of the obviously unsuitable biometric systems after analyzing the study. Facing the inadequate technology and the enormous costs, a hi-tech fiasco is looming for the federal government.
Every year nearly 2 million Germans will be affected by the introduction of the ePass beginning on November 1, 2005. The BSI-study's aim was to investigate the usability and feasibility of biometric procedures under real world conditions. It was commissioned to provide a factual base for the law-making process and to give recommendations for a possible implementation on airports and borders. The study results were completely ignored in the lawmaking process.
Biometric systems unsuitable
The tested systems were found to falsely reject between 3 and 23 percent of the participating persons. Every day tens of thousands of people will be stranded in front of red-blinking monitors if those systems are to be used in border controls all over Germany. People's fingerprints or digital photos aren't recognized by the software. According to the Federal Ministry of the Interior these citizens will face 'aggravated inspections'.
Research regarding the security against circumvention of the biometric systems has also been conducted during the BSI-study. The results of these tests are kept secret. "We assume the BSI came to the same devastating results as we did in our research", said Andy Müller-Maguhn, speaker of the CCC. The hacker's society has in the recent past often demonstrated the circumvention of various biometric systems by simple means.
The study comes to the conclusion that many technological improvements and again a "in-depth research about the grade of operability, the detection rate and the security against circumvention" is needed. The BSI thus admits that the technology is everything but usable in practice right now. They BSI even expresses the feeble hope that citizens will adapt to the rejections, high error-rates and non-intuitive user interface of the systems, as they want to pass the border anyway.
According to the German Federal Criminal Police Office (BKA) the German passport printing technology is the most secure in the world. Radio-chips and biometric systems will lower that level of security because border police officers will get used to trust the inadequate technology. Andy Müller-Maguhn sums up: "An expensive and insecure system will be introduced here which has the best chances to become another large scale technology disaster. It is obvious that the introduction of the ePass is mainly targeted at serving industry interests and to salvage the recently privatized German Bundesdruckerei from the threat of bankruptcy."
The Chaos Computer Club demands to immediately discontinue the introduction of biometric systems and radio-chips into passports until further research has been conducted. Should a non-biased audit of the procedures and systems confirm that they are not usable, their use in passports must be abandoned completely.
Criticism in overview:
- Recognition performance:\ None of the tested systems has a satisfying performance. In particular, the iris and facial recognition was generating false rejection rates which made clear that they are unusable.
- Security:\ The operational reliability of the security mechanisms and their security against circumvention could not be documented since those test results were not published. Independent research by the CCC showed that all biometric systems had an inadequate security against circumvention.
- Usability:\ The systems do not provide an adequate user interface. Intensive supervision of the user and extensive training for the border guards are required. The passport holders will bear the costs for this.
- User acceptance:\ Because of the high false rejection rates and the non-intuitive user interface more than half of the testsubjects did show their dissatisfaction by not participating the field-test anymore after registration.
- Biased results of the study:\ By removing significantly bad results in the beginning of the field test the recognition rate of the systems was presented biased. A change of the testparameters during the test period skewed the results additionally and further reduced the already small test data base. The appendix with the concrete basic data from the tests was not published.
- Representativeness:\ The number and choice of participants in the study is not representative for the German population regarding age, gender, job and other attributes. The results of the study thus provide no reliable information for the real feasibility of the procedures. Because of the inadequate composition of the study participants, much worse results in a real life environment are to be expected.
- Costs:\ The cost for the procurement of the biometric enrollment systems in the approximately 6000 registration offices, the thousands of inspection machines for the 419 borders checkpoints, the additional personal on those machines, the training of the personal and the necessary building modifications (for optimal illumination for facial recognition) were not looked at. A cost benefit analysis was not done.
Some background material about problems associated with biometrics is provided online by the CCC at www.ccc.de/epass. We recommend the answers of ministry of interior to our questions () with our comments to the media in particular.\ Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912.