Tool to backup, modify and clone ePassport released

[ukcrypto@chiark.greenend.org.uk]

Quoting Ian Batten <igb@batten.eu.org>:

[snip]

> I don't.  It'd be stunned if the design hadn't made a trip to the West
> Country.  The subversion of the entire UK passport system would be
> rather uncool.  The passports have had the benefit of some of the best
> physical security people in the game in the design of the paper and the
> watermarks, so why wouldn't they be equally motivated to sort out the
> electronic properties?

CESG were saying (at least, they said to me in 2003 / 2004) that there =20
were significant problems with biometrics for ID card use.

Did they say that to anyone that matters?  Did those people listen?  I =20
don't know, and I won't find out, because CESG and GCHQ are secret.

[snip]

> I think it's significant that the passport electronic stuff is driven
> by ICAO, not anyone serious.  I think it's there so you can use a
> passport as the identification at a self checkin machine, and so
> airlines can extract pre-fly information more easily.  End of.  I don't
> think it's a primary, or even a secondary, source of real ``can I cross
> borders'' authentication.
>
> ian

Advocates of national ID cards say that passports are not good enough =20
to identify a person as that person.  That's a bit worrying, unless =20
it's a nonsense made up to push biometric ID cards on top of biometric =20
passports.

Splitting passports from a national ID card seems to have been a big =20
mistake.  Having to jump through hoops to get an ID card AND a =20
passport, and pay significant amounts for both, has annoyed many of =20
the people who were happy with the principal of an ID card.

I wonder if the weird passport procedure will be dropped for people =20
who have a valid ID card?