Caroline Muscat
Are biometric cards a great ID-ea?
Biometric ID cards provide an added, though flawed, layer of security, at a terrible potential cost, according to an American expert.
George Tillmann, former chief information officer of Booz Allen Hamilton, a multinational strategy and technology consulting firm, said biometrics did not rely on something you had, such as a credit card, or something you knew (a PIN), but something you were (your fingerprints or retinas).
These unique biological identifiers are electronically read and converted to a string of ones and zeros and sent to an authenticator to be compared with the string of numbers on file in the database. And there lies the weakness, according to Mr Tillmann.
"The risk of database theft remains unchanged - if a credit card number can be stolen, then the sequence of numbers that make up a fingerprint can be stolen just as easily," he told The Sunday Times.
The debate on the need for greater security measures controlling the issue of identity cards was sparked by a recent case of identity theft, but promises that the electronic versions will be safer have not quelled criticism.
After a woman stole somebody else's identity and got a replacement ID card under somebody else's name, the Telecommunications Ministry said last week biometric ID cards would provide greater security because they would contain more information on their owners, including fingerprints.
But since the problem was caused by internal oversight, people commenting on timesofmalta.com questioned whether the biometric cards would in fact put them at greater risk.
The ministry had said the new cards would store personal information on a chip, enabling an electronic verification of identity.
"The chip is not intended to store one's life history but will provide a key to the bearer with which he may provide information to third parties," the ministry said, adding the influx of technology in daily commercial activities had increased the need for secure identification.
But innovative technological solutions for personal transactions, like credit cards, have been plagued by security breaches. So, will ID cards be subject to the same risks?
Mr Tillmann believes biometrics are as subject to abuse, misuse and theft as any other measure, with one frightening exception:
"If your credit card is stolen or lost, a new card can be issued. If your PIN becomes compromised, the bank can give you a new one. But what do you do if someone steals your fingerprints?"
The possibility of unauthorised access to government databases cannot be ruled out. In September 2008, government systems at MITTS were hacked and 20,000 passwords, including those of ministers, were stolen.
A similar data breach, though one involving citizens' personal information, would carry severe repercussions.
Since the chip on electronic cards can store any amount of information on an individual, from health records to financial statements, citizens are asking the government to clarify the exact information e-ID cards would contain.
Ramon Casha from Qormi said: "I think it's about time the government tells us exactly what is going to be stored and whether citizens will have the option not to have sensitive information on the card. I am not happy having health or banking information on a card I have to produce at 100 different entities."
Franco Buttigieg, of Sliema, also expressed concern: "Now, instead of the possibility of an ID card being issued to the wrong person, we will face the greater risk of our personal information and fingerprints being available to those who have access to the database and it could be used for the wrong reasons."
Gozitan Edward Bartolo said citizens had a right to know what would be recorded on these cards, while Roderick Micallef, of Attard, asked why no consultation had taken place.
Plans to introduce ID cards have met with protest in the US, Canada, New Zealand, Australia and other European countries. Opposition to the cards in the UK scaled back plans for their introduction, even though the EU has laid down regulations for biometrics in travel documents issued by member states.
Individual security was not the reason for the EU's standardisation of data, it was improved border control. It is, in fact, a global phenomenon - according to current plans, more than 85 per cent of the world's population will have a biometric document by 2012.
The ministry said electronic ID cards will be issued at the end of the year, and "the change process was going according to plan". In 2007, the ministry had told The Sunday Times they would be introduced early the following year. More than two years after that deadline, citizens still do not fully understand the implications of biometric ID cards.
Popular Stories
Update 3: Woman found dead in car,...
Updated: Woman dies in car crash
Carm Mifsud Bonnici resigns after...
Part of Dwejra 'Azure window' collapses
The end of the bar that ‘never closed’
Bundy does not know whether to...
Updated - Jason Micallef demands...
This WAS the night - Kurt makes it...
Petrol price up 6c
In Discussion
Updated - Jason Micallef demands...
Gozo tunnel could take 5-7 years to...
CABS remote controlled aircraft shot...
Carm Mifsud Bonnici resigns after...
Joseph Calleja condemns portrayal of...
Updated: Labour would give...
CABS drone shot down
Second group of migrants arrives
Adrian Vassallo in scathing...
13 Comments
Post comment
Please sign in or create your Account to post comments.
Christian Sciberras
Jan 25th 2010, 09:49
As usual, people and missinformation (aka ignorance) at their best.
A.Borg
Jan 25th 2010, 09:28
I give my permission for the authorities to take any details they require of me. Including, finger and palm prints, blood sample, hair sample, etc... I also authorise and (recommend) that the government fills this small country (smaller than London) with CCTV camers for enhanced security.
I give my consent for the simple reason that I am not a prima donna and neighter have anything to hide - I am law abiding and the more the security the better. Granted you will never stop everyone from breaking the system - but the more you do, the more you restrict such law breaking to a smaller and smaller and more elite group of law breakers. The easier you leave things, the larger the group.
The small the group the smaller the incidences. This is simple maths.
To those prima donnas complaining that they don't want their details (finger print etc) to be taken etc.. well I hope you will not be the first ones to complain after theft, after id card / identity theft as happened recently by your average low intelligence petty thief.
If you want added (not full - you can never have full) protection - stop complaining&comply
Mrs J. F. Grech
Mar 22nd, 17:52
Prima Donnas?? I don't think you have fully grasped what it means to willing give over all of your personal details and bio information simply because the government has decided they want it. Much greater countries that Malta have strongly resisted such measures. However, Malta is the IDEAL country for such experimentation because everyone is a lemming. They just follow over the cliff. We are being treated as criminals when such information is being demanded and if you honestly think that handing over such information will give you more "security" you could not be more deceived. I am glad that throughout history there were people who did not comply as you are suggesting to extensive control on the part of governments. You sound like the kind of person that would approve of secret police in neighborhoods to inform on people. This is done for security as well isn't it??
Galea. L
Jan 24th 2010, 22:03
And they used to criticize the USSR for being a big brother!!!!!
"The debate on the need for greater security measures controlling the issue of identity cards was sparked by a recent case of identity theft, but promises that the electronic versions will be safer have not quelled criticism."
Dr Joseph Muscat today referred to another case where a person had for 7 long years warned the relevant authorities that a person registered as residing at his garage was a fake. Yet NO action was taken in 7 whole years. Dr Muscat said that the PN has other cases which can be made public. And pn apologists take umbrage when PLand others say that the ID cards are not being renewed because it suits the pn so that those who do not legally qualify to vote will continue to come and vote for the pn.
Robert Agius
Jan 24th 2010, 22:03
@I Abela
Aren't the new passports biometric already? what you going to do if it becomes neccessary for travel for example? you don't have much choice do you.
MBorg
Jan 24th 2010, 22:01
Has anybody figured out the very serious implications that can follow when we use these Biometric ID cards instead of our passports ? Are we going to hand in our fingureprints plus other personal data at every airport or hotel we visit ? It is common knowledge that identity theft is very common overseas are we going to put ourselves at risk every time we leave the island ?
Robert Agius
Jan 24th 2010, 21:57
@ Eric Gahn
My comment is a contemporary culture critique in general, but yes i agree, in Malta its taken to its extreme.
Things such as retina scanning also contain data on health. Now imagine that in the wrong hands (insurance co. for example). Fingerprints are being taken already. Just ask anyone who is unemployed and registering at the moment for example (i personally find that rather amusing).
People are being controlled (mostly by means of fear) like objects and the bottom line being that everyone is a potential threat. However, no system is foolproof and generally systems are not made for the general good but for more control. Its time not only for general public but also influential institutions to wake up.
MBorg
Jan 24th 2010, 20:50
This is not a joke we should be told what personal information will be stored on the chip. and certainly not our fingerprints if it is so easy to copy them. In England people are even against having ID card similar to ours. Why do we have to be different and go all the way ? Are we being treated as guinea-pigs ? Government should first hold public consultation befor enbnarking on this serious matter. It is not right that our personal details will now be public property.
I Abela
Jan 24th 2010, 19:46
I will never give my consent to a biometric document. My biometrics are mine and nobody will have them ever. Please note that there is a software that converts finger prints to ones and zeros and stores them on the card. So obviously this same software must be able to read the ones and zeros on the card and produce an image of this finger print. Now this image can be recreated using a rubber stamp making machine found on ebay. So practically anyone in the world who has access to (or steals) the finger print database, can in theory commit any crime, being murder, theft, etc etc. And stamp my fingerprints all over the place. Then who's going to jail for it ?
Franco Buttigieg
Jan 24th 2010, 17:34
Mr.George Tillmann’s statement reinforces my concern, I wonder if the Government can impose on a person to supply the relevant information required for a Biometric ID card? Will enforcement go against human rights?
Should anyone oppose and opt to find out in court if he has the right to chose what information is held within the chip of his I.D. card, then I am sure that at the rate our courts operate, the I.D. card will not be needed as the person will become deceased before any conclusion is reached.
I suggest that Government should allow each citizen the freedom to chose want extra information one wants to have on his/her I.D. card, apart from the present basic information.
Eric Gahn
Jan 24th 2010, 16:26
@ Robert Agius
I perfectly understand your point. The UK, NZ, Oz, et al have found resistance from citizens when faced with being issued with ID Cards (and not neccesarily the e-ID kind).
But what do you propose? A campaign against the Govt to stop people from having their eID's issued? Shout loud enough telling people that this is more control? My faith in the Maltese people fighting for, or demanding, a right is very low. Unless someone from top tells them to sneeze no body will.
Paul Barrett
Jan 24th 2010, 13:42
When they finally discover that these or indeed any other ID cards will not prevent terrorists or criminals from circumventing the system, perhaps the next alternative madcap idea will be to tattoo each individual with a unique number (barcode?) at birth.
Robert Agius
Jan 24th 2010, 12:47
1984
....fetch fido!....and they follow