Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport.

Slides:

Advertisements

Similar presentations

1 FPEG Identity theft & payment fraud point December 2007.

Advertisements

VICTIMS RIGHTS in EU law Daphne III – AG Call KICK-OFF Meeting 21 January 2013 Centre Albert Borschette, Brussels.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

EC Action Plan: a brief history G8 Asia FLEGT ministerial declaration UK-Indonesia memorandum of understanding International pressure and the work of GW,

Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.

Security Controls – What Works

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Biometrics in New Zealand Passport issuing Border crossing System and information access Building access.

1 Preview of the self service airport R edesign P assenger P rocess (RPP) Club of Amsterdam, 1 Maart 2006.

Biometrics & the Privacy Paradigm: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security.

P O L I C E D E P A R T M E N T  Biometric passport – Passport Act – Issuing a biometric passport – Development project  Biometric Passport To Biometric.

Amber Vision – June 25, 2010 Presentation to: West Virginia Board of Education Superintendent’s Leadership Institute.

1 Ann-Charlotte Nygård, Programme Manager, FRA Roundtable: Possibilities for cooperation on consular and visa issues in the Danube Region.

BY IVAN ZELIĆ Visa Information System EU Migration Law and Policy Jean Monnet Modul prof. dr. sc. Iris Goldner Lang.

National Smartcard Project Work Package 8 – Security Issues Report.

Securing Data in ePassports Policy Issues ICAO/NTWG.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.

THE ROLE OF CIVIL REGISTRY TO ACTIVATE THE ELECTRONIC AUTHENTICATION

Harmonisation of electronic Identities for the European Citizen Jan van Arkel, co- chair Porvoo group, May 11, 2006 Ljubljana.

Government of Afghanistan legislation, policy, coordination, challenges Presented by Marufi Kaleem Bali Process Ad Hoc Group immigration intelligence best.

1 Photo PAMECA IV TEAM Design of PAMECA IV PAMECA IV started in July 2013 and is scheduled to run until October Its overall objective.

Ministry of Transport, Information Technology and Communications

Challenges to a Canadian Identity Policy: Learning from International Experiences Krista Boa, Andrew Clement & Gus Hosein Identity Project - Canada 7th.

WORKSHOP, Nicosia 2-3rd July 2008 “Extension of SAFETY & QUALITY Common Requirements to the EMAC States” Item 3 : Regulatory Context Peter Stastny EUROCONTROL.

EFC issues for NRA’s Conclusions & recommendations.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Anti-Fraud Strategies

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.

How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)

Minutiae Template Interoperability Testing

European Commission Living in an area of freedom, security and justice Directorate-General Justice and Home affairs Silvia Kolligs DG Justice and Home.

Retail Certificate III 2010  Introductions  Name Name  What do you want to do in the future?  Course overview  Unit overview  Assessments  Review.

National Information Communication Technologies Strategy Vasif Khalafov “National strategy” working group - Web -

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Ministry of State Administration and Administrative Reform, Republic of Bulgaria 18 February 2008 Brdo, Slovenia 18 February 2008 Brdo, Slovenia Contribution.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

WHOIS Public safety and data protection requirements.

Managing Secure Biometric Systems Meghan Armes IA Management April 24, 2007.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 - Foreign, security and defence.

EID and eSignature programs at National level in Europe Detlef Houdeau Nov 2013 Exploratory seminar on e-signatures for e- business in the South Mediterranean.

THE OFFICE FOR REGISTRATION OF MEDICINAL PRODUCTS, MEDICAL DEVICES AND BIOCIDAL PRODUCTS Responsibility in the handling of medical devices.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.

Ivan Mikloš.  Without reforms, especially second Dzurinda’s government reforms, it couldn’t be possible for Slovakia enter eurozone  Continuity in the.

Macedonia-Skopje, 13. May 2011 Security of data and data protection in relation to visa issuance Tanja Slak.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

Nikita Maria Department of Applied Informatics University of Macedonia - Greece.

Information Security and Privacy in HRIS

Securing Data in ePassports

AML/CFT Compliance in the eu

Silvia Kolligs DG Justice and Home Affairs Unit B1 -Borders and Visas-

Silvia Kolligs DG Justice and Home Affairs Unit B1 -Borders and Visas-

Athina Antoniou and Lilian Mitrou

Unique Identification Number Project

FACE RECOGNITION TECHNOLOGY

Securing Data in ePassports

The ePhyto Solution A Guide to implement the ePhyto System

Legal, political and methodological issues in confidentiality in the ESS Maria João Santos, Jean-Marc Museux Eurostat.

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

A Framework of Remote Biometric Authentication on the Open Network

Dashboard eHealth services: actual mockup

Review of Annexes I and II of the Groundwater Directive 2006/118/EC

E-identities (and e-signatures)

Presentation transcript:

Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport study

19 February 2013 EU Regulation Regulation EC No 2252/2004: facial image in passport Amendment EC No 444/2009: 2 fingerprints Objective: Enhance harmonized security standards for passports to protect against falsification Combat fraud by strengthening link between passport and legitimate holder of passport L Kool | ePassport

19 February 2013 Biometric systems Identify individual based on physical characteristics Digital image of physical identifier is compared to a stored digital template System calculates match between ‘stored’ and ‘live’ image: probability score Lower quality images  lower probability score  biometric data is less usable L Kool | ePassport

19 February 2013 Security challenges – Chip Facial image and personal information is protected via encryption (Basic Access Control) Only prevent simple skimming attacks Fingerprints are secured via stronger encryption (Extended Access Control) National keys not distributed adequately: complex and requires trust between MS Fingerprints currently not used for border control throughout EU L Kool | ePassport

19 February 2013 Security challenges - Issuance No quality requirements for biometric images Low quality images could be stored in passport No EU standards for issuance procedures Many MS don’t use live pictures although they are more reliable Quality of captured images depend on skills of personnel, but only Slovenia has certified personnel Risk of storage of wrong fingerprints or look a like pictures Threatens security of passport verification and overall security of border control L Kool | ePassport

19 February 2013 Interoperability challenges Technical interoperability: Exists for facial image + personal information but regular failures in reading this information Exists also for fingerprints, but, in practice non-interoperability due to difficult key exchange Products and components: MS have different vendors causing interoperability problems No independent test and certification criteria in EU exist L Kool | ePassport

19 February 2013 Privacy and data protection challenges Biometric data is sensitive personal data, risks of security breach and identity theft Function creep: central databases for law enforcement Biometric data taken for ePassport is not of sufficient quality for law enforcement Procedures for citizens for correcting errors not addressed by EC/2252/2004; Data protection directive (95/46/EC) is implemented differently by MS Citizens have limited (legal) power to correct mistakes L Kool | ePassport

19 February 2013 Usability challenges Some individuals can’t be enrolled in the system  need for alternatives to not exclude this group High quality images take time and cause inconvenience for citizens High usability seems at odds with high security L Kool | ePassport

19 February 2013 Conclusions – Lifecycle perspective Decision phase: High political ambitions to raise the security level of border control Underestimating technical & practical implications of biometrics Resulted in inadequate legislation at EU level with no criteria for: Quality of biometric images, issuance process, testing and certification schemes Design & operation phase: Different implementations in MS compromises EU’s ambition secure biometric system for border control L Kool | ePassport

19 February 2013 Policy challenges Develop uniform standards for quality of biometric images, issuance process & testing and certification schemes Improve security and interoperability of ePassport Improve procedures for redress for citizens Different requirements at odds with each other: Rethink what the main objectives are for this biometric system L Kool | ePassport

19 February 2013 Thank you for your attention! Thanks to Max Snijder (European Biometrics Group), Geert Munnichs (Rathenau Institute) and interviewed experts L Kool | ePassport

19 February 2013 Back–up: Country studies Different national implementations, different quality levels and different operating procedures  higher tolerance to lower thresholds throughout EU Germany: pro-active approach, developing standards, conducting pilots. Only Czech Republic and Norway take facial images ‘live’ during the application process Operating personnel is trained for capturing biometric data, but some countries certify their personnel No biometric verification takes place at issuance L Kool | ePassport