Are Biometric Passports "Good" or "Bad?"

Subscribe
Quote: While these clearly belong in the credit card forums, this isn't quite accurate.

Chip & PIN is significantly more secure than the mag stripe system. Not sure why you'd argue otherwise.

It's extremely easy to clone a mag strip card; exceedingly difficult (not going to say impossible, but it has yet to be done) to clone/skim a chip card. Add to that that mag stripe cards give over unencrypted data allowing man-in-the-middle attacks whereas data breaches with EMV cards are pointless as they'll only capture a one-time token.

As for asking for ID, that goes against Visa/MC policies, not to mention that if the card is cloned as opposed to stolen (which most fraud is), they'll print a card with a name to match the ID...
How is my post not quite accurate?

Visa/MC merchant policies in the US are not all the same as those outside the US.

I'm not arguing that Chip+PIN may be relatively less secure than non-chip+PIN cards, but I'm stating that they are not as secure as some may believe them to be and that they create some additional risk for some innocent people.

And biometric passports also create some additional risk for some innocent persons.

Swiped PINs can be a problem. And swiped biometrics can be a problem. In both cases, they have already led to some problems.

Data breaches with EMV cards are not pointless. The swiped card number + swiped PIN can be used to drain some accounts since not all uses of the cards involve reliance upon the chip.
Reply
So an additional security measure is is now being argued as possible unsafe... As I posted, tinfoil hat territory had been reached. Have your passports ready for inspection.
Reply
Quote: So an additional security measure is is now being argued as possible unsafe... As I posted, tinfoil hat territory had been reached. Have your passports ready for inspection.
Additional security measures can create new vulnerabilities and/or heighten existing vulnerabilities. It has nothing to do with tinfoil hat territory except in the heads of those unwilling or unable to consider the applicable facts on how some measures may create or make worse other problems.
Reply
A future generation of USG-wanted, ICAO-compliant biometric passports are to have RFIDs that are more than just read-only. The push is to require future passports to have electronic read-write storage capacity.

https://www.icao.int/Meetings/mrtd-s...7_Kefauver.pdf
Reply
This document appears to contradict itself. Page 4 boasts of "static" data being secure but the LDS2 proposal promises "update" of photo as well as intrusion of travel patterns and other data that presumably would be used to restrict/override a passenger's use of a visa.

Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
Reply
I don't remember giving fingerprints for my US passport.

But, CIS have my fingerprints from when I wasn't a citizen. I wonder if those are destroyed... they ought to be.

I also think DMVs take thumbprints... I don't like those either.
Reply
Quote: This document appears to contradict itself. Page 4 boasts of "static" data being secure but the LDS2 proposal promises "update" of photo as well as intrusion of travel patterns and other data that presumably would be used to restrict/override a passenger's use of a visa.

Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
The intent is to have both a static (read-only) element and a dynamic (read-write) element for governmental use purposes.

Governments want more automated inspection using biometrics because the CBP-type personnel may be no better at manually matching (or rejecting matches of) people's faces against passport photos than a toddler.

When manual inspection fails, it's not as systematically and time-intensively disruptive as when massive automation, applicable to huge numbers of people, massively fails.
Reply
Quote: I also think DMVs take thumbprints... I don't like those either.
I guess it depends on the state? NJ doesn't, and 99.99% sure that neither does NY or Florida
Reply
Quote: I guess it depends on the state? NJ doesn't, and 99.99% sure that neither does NY or Florida
Most regular license drivers in the US aren't required to submit fingerprints to get an ordinary state-issued driving license.
Reply
Quote: I guess it depends on the state? NJ doesn't, and 99.99% sure that neither does NY or Florida
New York doesn't for a standard or enhanced driver's license, and Pennsylvania definitely doesn't either.
Reply
Hmm seems only four states - CA, CO, GA and TX - require fingerprints! I did it in CA. But, it's an old website.

https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
Reply
Quote: New York doesn't for a standard or enhanced driver's license, and Pennsylvania definitely doesn't either.
Didn't think PA either but forgot to add them to my "list."
Reply
Quote: Hmm seems only four states - CA, CO, GA and TX - require fingerprints! I did it in CA. But, it's an old website.

https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
Sounds like that covers a minority of the driving US population.
Reply
A minority for sure but in 2014 those states made up about 24% of licensed drivers so not an insignificant portion either.
Reply
Quote: A minority for sure but in 2014 those states made up about 24% of licensed drivers so not an insignificant portion either.
20 to 25% is indeed a substantial minority.
Reply