17 November 2006
NO2ID – in association with a number of security experts, including Adam
Laurie of The Bunker [1] – has, as revealed today in the Guardian’s G2
supplement [2], demonstrated that the technology and security of the
‘biometric’ ePassport is fatally flawed. With a standard RFID reader bought
over the internet for just £95.73, the campaign was able to prove that the
same ‘contactless’ microchips that are also to be incorporated into ID cards
will “dramatically decrease [citizens’] security and privacy, and increase
risk of identity theft” [3].
Phil Booth, NO2ID's [4] National Coordinator said:
"By knowingly implementing technology in such an insecure fashion, under a
smokescreen of 'international obligation', the government is clearly
derelict in its duty to protect the privacy and security of British
citizens. It seems to care more about kow-towing to the US [5] than
protecting the people it was elected to serve.
“This casual arrogance - "We can't possibly be wrong" - combined with gross
technical negligence [6] demonstrates precisely why it cannot be trusted to
impose a system of compulsory ID cards and state identity control on every
adult in the country.”
-ENDS-
Notes for editors:
1. Adam Laurie has led security initiatives in the computing industry since
the 1980s and plays an active industry role in identifying and solving
security threats and problems across a wide variety of platforms and
devices. He works for The Bunker - http://www.thebunker.net/
2. http://www.guardian.co.uk/idcards/story/0,,1950229,00.html and Steve
Boggan in Guardian G2, 17/11/06, ‘Cracked it!’ -
http://www.guardian.co.uk/idcards/story/0,,1950226,00.html
3. FIDIS, Budapest declaration, 8/11/06: “Simply put, the current
implementation of the European passport utilises technologies and standards
that are poorly conceived for its purpose.” -
http://www.fidis.net/press-events/press-releases/budapest-declaration/
4. NO2ID is the non-partisan national campaign against ID cards and the
database state. See http://www.no2id.net
5. The UK government has incorporated ‘RFID’-type chips into British
passports, submitting to US demands (US visa waiver scheme), whilst the US
has yet to implement the very same technologies into US passports. The
Department for Homeland Security recently concluded:
“…for other applications related to human beings, RFID appears to offer
little benefit when compared to the consequences it brings for privacy and
data integrity. Instead, it increases risks to personal privacy and
security, with no commensurate benefit for performance or national
security.” -
http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_rpt_rfid_draft.pdf
6. E.g. any competent security expert could have prevented the ‘brute force’
attack NO2ID can demonstrate by the inclusion of a simple ‘lockout’
mechanism, such as used in chip & PIN bank and credit cards. The passport
permits an infinite number of attempts to unlock it.
For further information, or for immediate or future interview, please
contact Phil Booth (National Co-ordinator, national.coordinator@no2id.net)
on 07974 230 839, Michael Parker (Press Officer, press.officer@no2id.net)
on 07773 376 166, or Guy Herbert (General Secretary) on 07956 544 308.
The NO2ID Campaign
Box 412
19-21 Crawford Street
London W1H 1PJ
enquiries@no2id.net
Tel: 07005 800 651
Press: click here
