Expert warns e-passports are open to abuse
Plans for a new passport have sparked debate over the inclusion of an electronic chip containing biometric details, and the creation of a central fingerprint database.
Peter Heinzmann, a professor of internet technologies and applications at Rapperswil Technical College outside Zurich, tells swissinfo of the risks posed by the project.
Supporters, including the government and a majority in parliament, argue a European single border treaty, known as the Schengen accord, obliges Switzerland to introduce biometric passports by March next year.
However, a central fingerprint register is not a requirement for participation in the Schengen agreement.
The government says the new travel document will ensure travel freedom and allow visa-free entry into the United States.
But opponents argue that data protection is at stake.
Voters have the final say on the introduction of the new passports on May 17.
swissinfo: What are the specific features of a central database storing fingerprints?
Peter Heinzmann: A central register with passport information, including fingerprints, has advantages for data administration. It facilitates the identification procedure when replacing missing passports.
But such a record could be used in investigations and it could be an attractive target for hackers and criminals.
Third parties might also want to use the data for their own means. Access to personal details could appeal to credit card companies or airport shops for instance.
swissinfo: Why is a fingerprint register more risky than a database with photos and other personal information?
P.H.: Fingerprints are increasingly used to identify a person, and the possession of such data would allow identity theft, so to speak.
They are the most common means for biometric identification of a person.
An increasing number of systems are equipped with fingerprint readers to identify people. There are buildings and rooms only accessible with the correct fingerprints.
Login to notebooks and other computers might be controlled via fingerprints and customers in department stores could trigger a payment from their accounts using this technique.
swissinfo: How can abuse be prevented?
P.H.: Information security management measures must be applied on several levels. Organisational methods, including a clear policy, the definition of the aim and purpose of the database and a risk assessment are a starting point.
The selection and training of personnel with access to a database is another issue, as well as the control of access to the database and the cryptographic protection of the stored information.
Reviews and checks of security measures, and perhaps even a certification of the achieved security level, might be necessary.
swissinfo: How credible are allegations by opponents of the planned new travel documents that electronic passports can easily be read?
P.H.: There is enough evidence to prove it is relatively easy to read data from the electronic chip in a passport. Videos showing how it is done and information on how to do this are not difficult to find.
I strongly suspect that it will be possible to crack the security barrier of the chips within a short space of time. But admittedly the safety standards of the biometric passports of different countries vary.
To prevent abuse I think the whole system should be thoroughly reviewed.
swissinfo: Some experts tell us that the new passport improves security, others warn it is less secure. How can the citizen decide what’s right?
P.H.: It depends what they mean by security. For some it means ‘counterfeit proof’ so that no other person can copy my passport.
Or that it is not possible to hide another person behind my personal details, for instance inserting other fingerprints, and using a different photo.
For others security is the crucial element in the debate over terrorism in the context of travelling and air transport.
Then there is also the data protection aspect, and whether an unauthorised party could secure possession of personal data and specifically, fingerprint specimens.
Finally, time is a crucial element in discussions about information security. Things that are fairly secure today may become insecure in a few years’ time.
Just consider the possibilities and costs of a personal computer ten years ago, and where we are now.
swissinfo: To what extent are the specialists biased and their perspectives limited?
P.H.: Obviously experts on either side defend their own interests. It is up to every individual to consider the technical and political issues at stake and draw the conclusions.
I’m not sure that the federal authorities have taken into account all the elements on a technical level. It is for instance dangerous to argue a technical system is absolutely secure.
swissinfo: Even more reason to be sceptical?
P.H.: A degree of scepticism is necessary, but not only towards the authorities. Their technical insight might appear limited, but they are highly competent in political and legal matters.
It’s precisely the opposite with technical experts who take part in the worldwide debate on biometric passports.
swissinfo: But scepticism specifically towards the state?
P.H.: I don’t consider myself a hardliner on data protection despite my post as vice- president of the Swiss Data Protection Forum.
As a frequent internet user for years, I’m pretty sure that my personal details can be traced to a large extent. Many of us must blame ourselves because we make the data so easily accessible simply by taking part in commercial campaigns, using search engine forums or by participating in internet communities.
I understand the doubts and mistrust of the state. There is plenty of evidence in the recent past to show that regulations have been violated or changed.
Only in February for instance the Swiss government gave in to pressure and ordered a leading bank to hand out confidential client data to the US justice authorities.
swissinfo-interview: Urs Geiser
A broad coalition is challenging a parliamentary decision to introduce biometric passports, including a central fingerprint database.
The ballot is scheduled for May 17.
The government and the two main centre-right parties argue the new passports facilitate travelling, while the centre-left and rightwing groups raise objections about data security.
Data protection officials have warned against a central fingerprint register.
Under an agreement with Europe’s single border Schengen Area, Switzerland is to introduce e-passports by March 2010.
Washington has made biometric passports a precondition for visa-free entry into the US.
Biometrics is the science of measuring an individual’s physical properties.
Biometric systems recognise features such as a fingerprint, iris patterns, ear shape, and vein structure.
A person’s biometric data can be compared with the information contained in the passport for verification purposes.
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.