summaryrefslogtreecommitdiff
path: root/updates/2005
diff options
context:
space:
mode:
authorfrankro <frankro@berlin.ccc.de>2009-04-18 19:12:41 +0000
committerfrankro <frankro@berlin.ccc.de>2020-05-23 13:38:27 +0000
commitf0577eb7bebe8d0b88f91acc9881cf11d8597443 (patch)
tree33d7b0e5d5e2307937c6dff3d155c9c7b2cf5af4 /updates/2005
parent2052d517942032e2f3df834876cc47c1d37a0a3e (diff)
committing page revision 1
Diffstat (limited to 'updates/2005')
-rw-r--r--updates/2005/pm20050906.en.md118
1 files changed, 118 insertions, 0 deletions
diff --git a/updates/2005/pm20050906.en.md b/updates/2005/pm20050906.en.md
new file mode 100644
index 00000000..6b0b2551
--- /dev/null
+++ b/updates/2005/pm20050906.en.md
@@ -0,0 +1,118 @@
1title: Press Release BioP II Study
2date: 2005-09-06 00:00:00
3updated: 2009-04-18 19:12:41
4author: frankro
5tags: update
6
7CCC warns of disaster with biometry in new passports
8
9<!-- TEASER_END -->
10
11The German Federal Office for Information Security (BSI) has recently
12published the "BioP2 study" on the capabilities of biometric methods for
13the new traveling passports ("ePass"). The Chaos Computer Club (CCC)
14warns against the usage of the obviously unsuitable biometric systems
15after analyzing the study. Facing the inadequate technology and the
16enormous costs, a hi-tech fiasco is looming for the federal government.
17
18Every year nearly 2 million Germans will be affected by the introduction
19of the ePass beginning on November 1, 2005. The BSI-study's aim was to
20investigate the usability and feasibility of biometric procedures under
21real world conditions. It was commissioned to provide a factual base for
22the law-making process and to give recommendations for a possible
23implementation on airports and borders. The study results were
24completely ignored in the lawmaking process.
25
26### Biometric systems unsuitable
27
28The tested systems were found to falsely reject between 3 and 23 percent
29of the participating persons. Every day tens of thousands of people will
30be stranded in front of red-blinking monitors if those systems are to be
31used in border controls all over Germany. People's fingerprints or
32digital photos aren't recognized by the software. According to the
33Federal Ministry of the Interior these citizens will face 'aggravated
34inspections'.
35
36Research regarding the security against circumvention of the biometric
37systems has also been conducted during the BSI-study. The results of
38these tests are kept secret. "We assume the BSI came to the same
39devastating results as we did in our research", said Andy Müller-Maguhn,
40speaker of the CCC. The hacker's society has in the recent past often
41demonstrated the circumvention of various biometric systems by simple
42means.
43
44The study comes to the conclusion that many technological improvements
45and again a "in-depth research about the grade of operability, the
46detection rate and the security against circumvention" is needed. The
47BSI thus admits that the technology is everything but usable in practice
48right now. They BSI even expresses the feeble hope that citizens will
49adapt to the rejections, high error-rates and non-intuitive user
50interface of the systems, as they want to pass the border anyway.
51
52According to the German Federal Criminal Police Office (BKA) the German
53passport printing technology is the most secure in the world.
54Radio-chips and biometric systems will lower that level of security
55because border police officers will get used to trust the inadequate
56technology. Andy Müller-Maguhn sums up: "An expensive and insecure
57system will be introduced here which has the best chances to become
58another large scale technology disaster. It is obvious that the
59introduction of the ePass is mainly targeted at serving industry
60interests and to salvage the recently privatized German Bundesdruckerei
61from the threat of bankruptcy."
62
63The Chaos Computer Club demands to immediately discontinue the
64introduction of biometric systems and radio-chips into passports until
65further research has been conducted. Should a non-biased audit of the
66procedures and systems confirm that they are not usable, their use in
67passports must be abandoned completely.
68
69### Criticism in overview:
70
71- Recognition performance:\
72 None of the tested systems has a satisfying performance. In
73 particular, the iris and facial recognition was generating false
74 rejection rates which made clear that they are unusable.
75- Security:\
76 The operational reliability of the security mechanisms and their
77 security against circumvention could not be documented since those
78 test results were not published. Independent research by the CCC
79 showed that all biometric systems had an inadequate security against
80 circumvention.
81- Usability:\
82 The systems do not provide an adequate user interface. Intensive
83 supervision of the user and extensive training for the border guards
84 are required. The passport holders will bear the costs for this.
85- User acceptance:\
86 Because of the high false rejection rates and the non-intuitive user
87 interface more than half of the testsubjects did show their
88 dissatisfaction by not participating the field-test anymore after
89 registration.
90- Biased results of the study:\
91 By removing significantly bad results in the beginning of the field
92 test the recognition rate of the systems was presented biased. A
93 change of the testparameters during the test period skewed the
94 results additionally and further reduced the already small test data
95 base. The appendix with the concrete basic data from the tests was
96 not published.
97- Representativeness:\
98 The number and choice of participants in the study is not
99 representative for the German population regarding age, gender, job
100 and other attributes. The results of the study thus provide no
101 reliable information for the real feasibility of the procedures.
102 Because of the inadequate composition of the study participants,
103 much worse results in a real life environment are to be expected.
104- Costs:\
105 The cost for the procurement of the biometric enrollment systems in
106 the approximately 6000 registration offices, the thousands of
107 inspection machines for the 419 borders checkpoints, the additional
108 personal on those machines, the training of the personal and the
109 necessary building modifications (for optimal illumination for
110 facial recognition) were not looked at. A cost benefit analysis was
111 not done.
112
113Some background material about problems associated with biometrics is
114provided online by the CCC at [www.ccc.de/epass](/epass/). We recommend
115the answers of ministry of interior to our questions
116([](/epass/stellungnahme-bmi)) with our comments to the media in
117particular.\
118Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912.