Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport.

Published byThomas Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport."— Presentation transcript:

1 Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport study

2 19 February 2013 EU Regulation Regulation EC No 2252/2004: facial image in passport Amendment EC No 444/2009: 2 fingerprints Objective: Enhance harmonized security standards for passports to protect against falsification Combat fraud by strengthening link between passport and legitimate holder of passport L Kool | ePassport

3 19 February 2013 Biometric systems Identify individual based on physical characteristics Digital image of physical identifier is compared to a stored digital template System calculates match between ‘stored’ and ‘live’ image: probability score Lower quality images  lower probability score  biometric data is less usable L Kool | ePassport

4 19 February 2013 Security challenges – Chip Facial image and personal information is protected via encryption (Basic Access Control) Only prevent simple skimming attacks Fingerprints are secured via stronger encryption (Extended Access Control) National keys not distributed adequately: complex and requires trust between MS Fingerprints currently not used for border control throughout EU L Kool | ePassport

5 19 February 2013 Security challenges - Issuance No quality requirements for biometric images Low quality images could be stored in passport No EU standards for issuance procedures Many MS don’t use live pictures although they are more reliable Quality of captured images depend on skills of personnel, but only Slovenia has certified personnel Risk of storage of wrong fingerprints or look a like pictures Threatens security of passport verification and overall security of border control L Kool | ePassport

6 19 February 2013 Interoperability challenges Technical interoperability: Exists for facial image + personal information but regular failures in reading this information Exists also for fingerprints, but, in practice non-interoperability due to difficult key exchange Products and components: MS have different vendors causing interoperability problems No independent test and certification criteria in EU exist L Kool | ePassport

7 19 February 2013 Privacy and data protection challenges Biometric data is sensitive personal data, risks of security breach and identity theft Function creep: central databases for law enforcement Biometric data taken for ePassport is not of sufficient quality for law enforcement Procedures for citizens for correcting errors not addressed by EC/2252/2004; Data protection directive (95/46/EC) is implemented differently by MS Citizens have limited (legal) power to correct mistakes L Kool | ePassport

8 19 February 2013 Usability challenges Some individuals can’t be enrolled in the system  need for alternatives to not exclude this group High quality images take time and cause inconvenience for citizens High usability seems at odds with high security L Kool | ePassport

9 19 February 2013 Conclusions – Lifecycle perspective Decision phase: High political ambitions to raise the security level of border control Underestimating technical & practical implications of biometrics Resulted in inadequate legislation at EU level with no criteria for: Quality of biometric images, issuance process, testing and certification schemes Design & operation phase: Different implementations in MS compromises EU’s ambition secure biometric system for border control L Kool | ePassport

10 19 February 2013 Policy challenges Develop uniform standards for quality of biometric images, issuance process & testing and certification schemes Improve security and interoperability of ePassport Improve procedures for redress for citizens Different requirements at odds with each other: Rethink what the main objectives are for this biometric system L Kool | ePassport

11 19 February 2013 Thank you for your attention! Thanks to Max Snijder (European Biometrics Group), Geert Munnichs (Rathenau Institute) and interviewed experts L Kool | ePassport

12 19 February 2013 Back–up: Country studies Different national implementations, different quality levels and different operating procedures  higher tolerance to lower thresholds throughout EU Germany: pro-active approach, developing standards, conducting pilots. Only Czech Republic and Norway take facial images ‘live’ during the application process Operating personnel is trained for capturing biometric data, but some countries certify their personnel No biometric verification takes place at issuance L Kool | ePassport

Download ppt "Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport."

Similar presentations

1 FPEG Identity theft & payment fraud point 2.2 19 December 2007.

1 FPEG Identity theft & payment fraud point December 2007.
VICTIMS RIGHTS in EU law Daphne III – 2011-2012 AG Call KICK-OFF Meeting 21 January 2013 Centre Albert Borschette, Brussels.

VICTIMS RIGHTS in EU law Daphne III – AG Call KICK-OFF Meeting 21 January 2013 Centre Albert Borschette, Brussels.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
Nairobi, Kenya 29-31October 2007 1 Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.
EC Action Plan: a brief history G8 Asia FLEGT ministerial declaration UK-Indonesia memorandum of understanding International pressure and the work of GW,

EC Action Plan: a brief history G8 Asia FLEGT ministerial declaration UK-Indonesia memorandum of understanding International pressure and the work of GW,
Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar. 2007 NRCCL, UIO.

Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Security Controls – What Works

Security Controls – What Works
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
Biometrics in New Zealand Passport issuing Border crossing System and information access Building access.

Biometrics in New Zealand Passport issuing Border crossing System and information access Building access.
1 Preview of the self service airport R edesign P assenger P rocess (RPP) Club of Amsterdam, 1 Maart 2006.

1 Preview of the self service airport R edesign P assenger P rocess (RPP) Club of Amsterdam, 1 Maart 2006.
Www.ipc.on.ca Biometrics & the Privacy Paradigm: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security.

Biometrics & the Privacy Paradigm: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security.
P O L I C E D E P A R T M E N T  Biometric passport – Passport Act – Issuing a biometric passport – Development project  Biometric Passport To Biometric.

P O L I C E D E P A R T M E N T  Biometric passport – Passport Act – Issuing a biometric passport – Development project  Biometric Passport To Biometric.
Amber Vision – June 25, 2010 Presentation to: West Virginia Board of Education Superintendent’s Leadership Institute.

Amber Vision – June 25, 2010 Presentation to: West Virginia Board of Education Superintendent’s Leadership Institute.
1 Ann-Charlotte Nygård, Programme Manager, FRA Roundtable: Possibilities for cooperation on consular and visa issues in the Danube Region.

1 Ann-Charlotte Nygård, Programme Manager, FRA Roundtable: Possibilities for cooperation on consular and visa issues in the Danube Region.
BY IVAN ZELIĆ Visa Information System EU Migration Law and Policy Jean Monnet Modul prof. dr. sc. Iris Goldner Lang.

BY IVAN ZELIĆ Visa Information System EU Migration Law and Policy Jean Monnet Modul prof. dr. sc. Iris Goldner Lang.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.

Similar presentations

Ads by Google