Wolfgang Schauble, Germany’s interior minister and a big fan of fingerprint-based security, is getting a personal experience with limitations in the technology. A German hacker group called Chaos Computer Club has gotten hold of his fingerprint and distributed 4,000 plastic copies along with issues of Die Datenschleuder magazine.
This highlights several major weaknesses in such technology. These include the fact that the readers can be manipulated: either physically or electronically. They also include the fact that a biometric token can never be revoked. Unlike locks and passwords, which can be replaced once they are known, a person’s fingerprints and retinal scans basically cannot be changed.
I have written about problems with biometric security before.
Federal Minister of the Interior Wolfgang Schäuble said of the new biometric passports:
“Each individual’s fingerprints are unique. This technology will help us keep one step ahead of criminals. We want to make it impossible to enter the Schengen area using a counterfeit passport. With the new passport, it is possible to conduct biometric checks, which will also prevent authentic passports from being misused by unauthorized persons who happen to look like the person in the passport photo. And German citizens will benefit from the new application process: All applications will be submitted and sent to the passport producer in electronic form, which will reduce processing times. Following nation-wide testing, the federal, state and local governments are ready to start using the new procedures.”
Bruce Schneier also has a post on this.
Here is the fingerprint