First and foremost: I think that adding biometric security features to our legally issued IDs is a normal technological improvement of security- and the matter is only “how” and “when”, not “if”.
“Biometric” IDs include information that is unique (more or less) for each individual.
Of course, it is cheaper to print a piece of paper and add a stamp than adding a chip containing your fingerprints or retina scan, or other information.
Also if I think that biometric chips should not be implanted on people, at least not for official uses, for reasons that will be explained in this short article.
Part of the initiatives to create a visible European identity included a unified color for passports, and common information and requirements on identity and security.
But technology sometimes promises more than it can deliver. And when you mix electronic technology and identity checking, you can get some unexpected consequences.
As an example, consider the evolution of identification with credit cards.
Until not too long ago, a signature was enough; then, a magnetic strip to check and authorize, while I first saw in the US credit cards signed with “see ID” (i.e. authenticate the person using a government-issued ID), the PIN code, and finally also the chip.
Each innovation was presented as an increase in security- but no expert ever claimed “100% security”.
The next step? RFID chips, like the ones used in supermarkets and shops, and, to identify people, “biometric” information, i.e. something that is specific to each individual (from your fingerprints to a scan of your retina, to anything else).
As shown by the credit card example, each new way to identify is more advanced (and expensive) than the previous one.
And why the change? If you lived in London, you heard probably about “skimming”.
When the magnetic strips and POS (Point-of-Sale) terminals were introduced, they weren’t widespread, and usually you noticed how they were used.
Eventually, they became so common, that most credit card users did not bother watching anymore- in London, you even left the card to the bartender as a “security”, while running a tab.
Skimming is nothing more than swiping your card twice, once to read for your transaction, and the other time to “capture” the information on the magnetic strip.
When I had one of the first electronic-only cards that came with a PIN but did not allow just swiping, once I noticed a clerk in a shop passing the card into the POS terminal- after swiping it quickly in the other sense in what looked like a parallel swipe device, while talking with me.
Of course, I had to tell to the clerk twice that it would not work that way- and eventually grudgingly a PIN-pad appeared.
Later, I read an article stating that temporary clerks rotating between shops and pubs in London could get up to 500 GBP for each card whose data they “captured” in that way.
Eventually, also the PIN (as static information) was not enough- and a chip was added.
The same applies with identity: it used to be that you could say who you are- and that was enough to identify yourself.
In some countries, you always had to carry a government-issued ID at all times, while in London I remember in late 1980s my astonishment on seeing that a colleague was registering at the hotel… by giving his library card.
Eventually, the humble paper ID card with your picture was not enough- and other security features (say, a copy of a fingerprint, a stamp or watermark) were added, while in some countries it is already planned (and started for parts of the population) the distribution of ID cards with biometric data stored on the card itself.
Again- gradually increasing complexity, mirrored by increasing costs.
But is it an increase in security? Temporarily, yes.
If the information stored is static, and everybody has a reader to check it, then whoever has the reader has also access to the technology to duplicate it.
And that’s why we moved from simply checking the PIN on credit cards, to requiring that there is a connection to validate your credit card.
A retina scan is considered now highly secure (and expensive): but what will happen, when retina scan reading will be commonplace?
How will you differentiate between the legitimate readers and those asking (and retaining) more information than they should retain?
I remember another case: in Rome, there was a copy and print shop nearby a political party.
I went there few times, and often I had to stand in line- with people from the political party coming to print documents.
Once, I needed an additional copy of a document that I had just printed, so I gave again to the clerk my USB key.
The clerk said that it wasn’t needed- and proceeded to open the list of files printed, to search my files. All stored on his computer- and I saw that the list of files was quite exhaustive.
Now, imagine the same with your biometric card.
You would be delivering all the information needed to duplicate your identity (also if few more steps actually reduce the possibility of anybody being able to create a duplicate ID).
The more widespread is the “reading” activity, the less you would think about checking how the data read are processed.
And the more incentive there is for forgers to invest on technology to create fake IDs (as they did to create fake banknotes since they have been invented).
I do not expect that when you go out and print a document in a shop you check if a copy of the document is kept.
And maybe you are sending a fax with your signature, banking details, credit card information, and all the other information required to reserve a travel from a shop that uses a computer-based fax machine (i.e. creates files).
Solution? When something becomes widespread, add new security features to differentiate more critical uses.
And, if possible, something that is not static, and requires real interaction on both sides.
Electronic IDs that carry everything are a good idea, and why not also a mini-electronic wallet to pay for bus or parking fees- but only if they can be improved as security needs change.
The idea of inserting the electronic IDs under the form of “chips” under the skin with static information is fine only for movies, not to increase real security.
Also because some chips do not require physical contact or batteries- therefore, you would not even notice if somebody is reading your data.
As more and more information will be added to these identification chips, it will make even less sense to have them permanently installed and active.
The concept is: a paper-based ID is just a piece of paper; when you move to electronic IDs, the temptation to add more information in a single point is too strong.
But you just need to simply remind that the reason why a paper-based ID does not carry all your medical, banking (including the PIN etc), credit information is security.
Would you like your hairdresser to be able to potentially access all the health or financial data on your ID card? Certainly not (see also what the Google CEO said about the end of privacy).
While eventually identification based on biometrics will be widespread, the main issues are really simple:
- to separate the information in a way that allows accessing only what is really needed
- to create biometric IDs that can be improved and evolve as and when needed with minimal inconvenience for the user
With current technology, an implant under the skin does not fit the bill.
As for those customers who had the chip implanted: will they get a chip from each club?
A chip for all the clubs that they patronize?
And will they manage their own and the clubs’ evolution in “trendiness” (i.e. when either or both fade)?
Maybe these “fashion chips” will allow “tattoo removal shops” to offer an additional service: chip removal or replacement.