committing page revision 1

author: frankro <frankro@berlin.ccc.de> 2009-04-18 19:12:41 +0000
committer: frankro <frankro@berlin.ccc.de> 2020-05-23 13:38:27 +0000
commit: f0577eb7bebe8d0b88f91acc9881cf11d8597443 (patch)
tree: 33d7b0e5d5e2307937c6dff3d155c9c7b2cf5af4 /updates/2005
parent: 2052d517942032e2f3df834876cc47c1d37a0a3e (diff)
1 files changed, 118 insertions, 0 deletions
diff --git a/updates/2005/pm20050906.en.md b/updates/2005/pm20050906.en.md
new file mode 100644
index 00000000..6b0b2551
--- /dev/null
+++ b/updates/2005/pm20050906.en.md
@@ -0,0 +1,118 @@
+title: Press Release BioP II Study
+date: 2005-09-06 00:00:00 
+updated: 2009-04-18 19:12:41 
+author: frankro
+tags: update
+CCC warns of disaster with biometry in new passports
+<!-- TEASER_END -->
+The German Federal Office for Information Security (BSI) has recently
+published the "BioP2 study" on the capabilities of biometric methods for
+the new traveling passports ("ePass"). The Chaos Computer Club (CCC)
+warns against the usage of the obviously unsuitable biometric systems
+after analyzing the study. Facing the inadequate technology and the
+enormous costs, a hi-tech fiasco is looming for the federal government.
+Every year nearly 2 million Germans will be affected by the introduction
+of the ePass beginning on November 1, 2005. The BSI-study's aim was to
+investigate the usability and feasibility of biometric procedures under
+real world conditions. It was commissioned to provide a factual base for
+the law-making process and to give recommendations for a possible
+implementation on airports and borders. The study results were
+completely ignored in the lawmaking process.
+### Biometric systems unsuitable
+The tested systems were found to falsely reject between 3 and 23 percent
+of the participating persons. Every day tens of thousands of people will
+be stranded in front of red-blinking monitors if those systems are to be
+used in border controls all over Germany. People's fingerprints or
+digital photos aren't recognized by the software. According to the
+Federal Ministry of the Interior these citizens will face 'aggravated
+inspections'.
+Research regarding the security against circumvention of the biometric
+systems has also been conducted during the BSI-study. The results of
+these tests are kept secret. "We assume the BSI came to the same
+devastating results as we did in our research", said Andy Müller-Maguhn,
+speaker of the CCC. The hacker's society has in the recent past often
+demonstrated the circumvention of various biometric systems by simple
+means.
+The study comes to the conclusion that many technological improvements
+and again a "in-depth research about the grade of operability, the
+detection rate and the security against circumvention" is needed. The
+BSI thus admits that the technology is everything but usable in practice
+right now. They BSI even expresses the feeble hope that citizens will
+adapt to the rejections, high error-rates and non-intuitive user
+interface of the systems, as they want to pass the border anyway.
+According to the German Federal Criminal Police Office (BKA) the German
+passport printing technology is the most secure in the world.
+Radio-chips and biometric systems will lower that level of security
+because border police officers will get used to trust the inadequate
+technology. Andy Müller-Maguhn sums up: "An expensive and insecure
+system will be introduced here which has the best chances to become
+another large scale technology disaster. It is obvious that the
+introduction of the ePass is mainly targeted at serving industry
+interests and to salvage the recently privatized German Bundesdruckerei
+from the threat of bankruptcy."
+The Chaos Computer Club demands to immediately discontinue the
+introduction of biometric systems and radio-chips into passports until
+further research has been conducted. Should a non-biased audit of the
+procedures and systems confirm that they are not usable, their use in
+passports must be abandoned completely.
+### Criticism in overview:
+-   Recognition performance:\
+    None of the tested systems has a satisfying performance. In
+    particular, the iris and facial recognition was generating false
+    rejection rates which made clear that they are unusable.
+-   Security:\
+    The operational reliability of the security mechanisms and their
+    security against circumvention could not be documented since those
+    test results were not published. Independent research by the CCC
+    showed that all biometric systems had an inadequate security against
+    circumvention.
+-   Usability:\
+    The systems do not provide an adequate user interface. Intensive
+    supervision of the user and extensive training for the border guards
+    are required. The passport holders will bear the costs for this.
+-   User acceptance:\
+    Because of the high false rejection rates and the non-intuitive user
+    interface more than half of the testsubjects did show their
+    dissatisfaction by not participating the field-test anymore after
+    registration.
+-   Biased results of the study:\
+    By removing significantly bad results in the beginning of the field
+    test the recognition rate of the systems was presented biased. A
+    change of the testparameters during the test period skewed the
+    results additionally and further reduced the already small test data
+    base. The appendix with the concrete basic data from the tests was
+    not published.
+-   Representativeness:\
+    The number and choice of participants in the study is not
+    representative for the German population regarding age, gender, job
+    and other attributes. The results of the study thus provide no
+    reliable information for the real feasibility of the procedures.
+    Because of the inadequate composition of the study participants,
+    much worse results in a real life environment are to be expected.
+-   Costs:\
+    The cost for the procurement of the biometric enrollment systems in
+    the approximately 6000 registration offices, the thousands of
+    inspection machines for the 419 borders checkpoints, the additional
+    personal on those machines, the training of the personal and the
+    necessary building modifications (for optimal illumination for
+    facial recognition) were not looked at. A cost benefit analysis was
+    not done.
+Some background material about problems associated with biometrics is
+provided online by the CCC at [www.ccc.de/epass](/epass/). We recommend
+the answers of ministry of interior to our questions
+([](/epass/stellungnahme-bmi)) with our comments to the media in
+particular.\
+Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912.
author	frankro <frankro@berlin.ccc.de>	2009-04-18 19:12:41 +0000
committer	frankro <frankro@berlin.ccc.de>	2020-05-23 13:38:27 +0000
commit	f0577eb7bebe8d0b88f91acc9881cf11d8597443 (patch)
tree	33d7b0e5d5e2307937c6dff3d155c9c7b2cf5af4 /updates/2005
parent	2052d517942032e2f3df834876cc47c1d37a0a3e (diff)

diff --git a/updates/2005/pm20050906.en.md b/updates/2005/pm20050906.en.md new file mode 100644 index 00000000..6b0b2551 --- /dev/null +++ b/updates/2005/pm20050906.en.md
@@ -0,0 +1,118 @@
	1	title: Press Release BioP II Study
	2	date: 2005-09-06 00:00:00
	3	updated: 2009-04-18 19:12:41
	4	author: frankro
	5	tags: update
	6
	7	CCC warns of disaster with biometry in new passports
	8
	9	<!-- TEASER_END -->
	10
	11	The German Federal Office for Information Security (BSI) has recently
	12	published the "BioP2 study" on the capabilities of biometric methods for
	13	the new traveling passports ("ePass"). The Chaos Computer Club (CCC)
	14	warns against the usage of the obviously unsuitable biometric systems
	15	after analyzing the study. Facing the inadequate technology and the
	16	enormous costs, a hi-tech fiasco is looming for the federal government.
	17
	18	Every year nearly 2 million Germans will be affected by the introduction
	19	of the ePass beginning on November 1, 2005. The BSI-study's aim was to
	20	investigate the usability and feasibility of biometric procedures under
	21	real world conditions. It was commissioned to provide a factual base for
	22	the law-making process and to give recommendations for a possible
	23	implementation on airports and borders. The study results were
	24	completely ignored in the lawmaking process.
	25
	26	### Biometric systems unsuitable
	27
	28	The tested systems were found to falsely reject between 3 and 23 percent
	29	of the participating persons. Every day tens of thousands of people will
	30	be stranded in front of red-blinking monitors if those systems are to be
	31	used in border controls all over Germany. People's fingerprints or
	32	digital photos aren't recognized by the software. According to the
	33	Federal Ministry of the Interior these citizens will face 'aggravated
	34	inspections'.
	35
	36	Research regarding the security against circumvention of the biometric
	37	systems has also been conducted during the BSI-study. The results of
	38	these tests are kept secret. "We assume the BSI came to the same
	39	devastating results as we did in our research", said Andy Müller-Maguhn,
	40	speaker of the CCC. The hacker's society has in the recent past often
	41	demonstrated the circumvention of various biometric systems by simple
	42	means.
	43
	44	The study comes to the conclusion that many technological improvements
	45	and again a "in-depth research about the grade of operability, the
	46	detection rate and the security against circumvention" is needed. The
	47	BSI thus admits that the technology is everything but usable in practice
	48	right now. They BSI even expresses the feeble hope that citizens will
	49	adapt to the rejections, high error-rates and non-intuitive user
	50	interface of the systems, as they want to pass the border anyway.
	51
	52	According to the German Federal Criminal Police Office (BKA) the German
	53	passport printing technology is the most secure in the world.
	54	Radio-chips and biometric systems will lower that level of security
	55	because border police officers will get used to trust the inadequate
	56	technology. Andy Müller-Maguhn sums up: "An expensive and insecure
	57	system will be introduced here which has the best chances to become
	58	another large scale technology disaster. It is obvious that the
	59	introduction of the ePass is mainly targeted at serving industry
	60	interests and to salvage the recently privatized German Bundesdruckerei
	61	from the threat of bankruptcy."
	62
	63	The Chaos Computer Club demands to immediately discontinue the
	64	introduction of biometric systems and radio-chips into passports until
	65	further research has been conducted. Should a non-biased audit of the
	66	procedures and systems confirm that they are not usable, their use in
	67	passports must be abandoned completely.
	68
	69	### Criticism in overview:
	70
	71	- Recognition performance:\
	72	None of the tested systems has a satisfying performance. In
	73	particular, the iris and facial recognition was generating false
	74	rejection rates which made clear that they are unusable.
	75	- Security:\
	76	The operational reliability of the security mechanisms and their
	77	security against circumvention could not be documented since those
	78	test results were not published. Independent research by the CCC
	79	showed that all biometric systems had an inadequate security against
	80	circumvention.
	81	- Usability:\
	82	The systems do not provide an adequate user interface. Intensive
	83	supervision of the user and extensive training for the border guards
	84	are required. The passport holders will bear the costs for this.
	85	- User acceptance:\
	86	Because of the high false rejection rates and the non-intuitive user
	87	interface more than half of the testsubjects did show their
	88	dissatisfaction by not participating the field-test anymore after
	89	registration.
	90	- Biased results of the study:\
	91	By removing significantly bad results in the beginning of the field
	92	test the recognition rate of the systems was presented biased. A
	93	change of the testparameters during the test period skewed the
	94	results additionally and further reduced the already small test data
	95	base. The appendix with the concrete basic data from the tests was
	96	not published.
	97	- Representativeness:\
	98	The number and choice of participants in the study is not
	99	representative for the German population regarding age, gender, job
	100	and other attributes. The results of the study thus provide no
	101	reliable information for the real feasibility of the procedures.
	102	Because of the inadequate composition of the study participants,
	103	much worse results in a real life environment are to be expected.
	104	- Costs:\
	105	The cost for the procurement of the biometric enrollment systems in
	106	the approximately 6000 registration offices, the thousands of
	107	inspection machines for the 419 borders checkpoints, the additional
	108	personal on those machines, the training of the personal and the
	109	necessary building modifications (for optimal illumination for
	110	facial recognition) were not looked at. A cost benefit analysis was
	111	not done.
	112
	113	Some background material about problems associated with biometrics is
	114	provided online by the CCC at [www.ccc.de/epass](/epass/). We recommend
	115	the answers of ministry of interior to our questions
	116	([](/epass/stellungnahme-bmi)) with our comments to the media in
	117	particular.\
	118	Questions to biometrie(at)ccc.de or Frank Rosengart, +49-177-3786912.