Feeds

EU biometric RFID scheme unworkable, says EU tech report

Orwellian system breaks self. How appropriate...

  • alert
  • submit to reddit

High performance access to file storage

European plans for biometric passports and visas have been derailed by, er, European plans for biometric passports and visas. A technical committee set up to report to the Council of Ministers on the implementation of a uniform visa format has concluded that collisions between contactless chips in a passport would make the current plans unworkable, reports Statewatch.

The basic problem was eminently predictable, and stems from plans for a standard form of biometric identification across a number of different documents, not all of which are entirely controlled by Europe. Notably, the common European passport format is not, if you think about it, entirely controlled by Europe. So how does that work (or not), then?

The technical committee's report commences by saying it is feasible to integrate an RFID chip and two biometric identifiers in a passport "while assuring a high level of security" - you may or may not agree entirely, but so far so good, as far as the committee is concerned. But what happens when you try to put an RFID biometric visa in the passport as well? This "leads to difficulties for the reader to read out the valid visa in case there are several contactless chips on different visa in the same passport."

At the moment Europe's plans for ID consists of two biometric identifiers, facial and fingerprint, for passport and for visas and residence permits for third country nationals. The passport plans theoretically stem from ICAO's standard for biometric passports (which only requires facial) and from US requirements for biometric passports for visitors (again, facial acceptable) from late next year. The European Commission has however been busily devising a far more wide-ranging system of biometric ID with the enthusiastic support of the Council of Ministers. The elected European Parliament has been somewhat less keen, but is generally ignored. Next on the agenda are plans for a common format for ID cards.

Conceivably you could produce a compatible system for RFID-readable biometric passports, residence permits and ID, because European control of the standards here makes it at least theoretically possible to avoid collisions between chips. The ID cards/permits would only have one chip on them (provided the permit was a separate card and not in the passport), and the passport system's operation would only become doubtful if other countries started putting RFID biometric visas in them. But, um, seeing that's precisely what Europe intends to do to third country passports, it would seem obvious that other countries would want to start doing it too. This is where you really start to run into problems. The report considers the possibility of several such visas in the same passport, and concludes that the proposed regulation is "technically not feasible."

It considers a number of proposed permutations and finds they're all unworkable, but tentatively puts forward two others that aren't in the current proposals. A "visa sticker and separate biometric visa smart card" could work, but there's obvious potential for losing the card, while a sticker with no chip, but with biometrics in a barcode wouldn't cause collision problems, but would need a different reader, and would only have space for two fingerprint templates, not ten. Basically, the plans are a mess.

The report however says that some delegations now wish to wait for the introduction of Europe's Visa Information Service (VIS), which has a target of 2007-8, to produce a fix. The VIS is intended to collect biometrics from visa applicants and store them first on national databases, then on a central EU database, which in theory would mean biometrics could be compared from records rather than locally between bearer and document. This, considering that the biometric passport system just adopted by Europe is currently specifically limited to a local compare, mightn't strike the powers that be as entirely ideal.

Britain's position as a non-Schengen state which is planning to introduce its own 'similar but different' biometric system, where all British documents are intended to be part of the same ID system, complicates matters further. In this week's debate on the second reading of the ID Bill Immigration Minister Des Browne welcomed agreement "to introduce biometric travel documents throughout the EU", but failed to mention that the UK wasn't actually party to that agreement, or that chip compatibility issues had been identified.

Humorously, Statewatch quotes a Council note on visa security and controls describing the proposed visa sticker, and saying that any attempt to interfere with the chip would mean that "it self-destructs" or, alternatively, it explodes. So might a visa chip being interfered with by another visa chip think it was under attack and, oh dear... ®

Related Stories:

Europe kicks UK out of biometric passport club
UK ID cards to be issued with first biometric passports
Fingerprints to become compulsory for all EU passports

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Analysts: Bright future for smartphones, tablets, wearables
There's plenty of good money to be made if you stay out of the PC market
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.