High hopes, harsh reality for biometric chip cards

Executives from the chip-card industry are excited by the prospect of using cards carrying digital biometric data to improve speed and security in banking, immigration, and other activities requiring a secure means of identifying individuals. But critics are cautioning that there are major roadblocks, both technical and legal, before such systems can be made practical.

The use of biometrics -- such as fingerprints, face or iris scans, or voice prints -- to enhance security is a major focus of discussion at the Omnicard 2002 conference on chip-card technology, currently under way here.

A boom in interest in the topic was sparked in the aftermath of the Sept. 11 attacks in the U.S., said Bruno Struif, deputy manager for security and smart-card technology at the nonprofit Fraunhofer Institute for Secure Telecooperation.

There is strong potential for biometrics to be used to verify cardholder identity, he said. Such a system would prevent unauthorized persons from using lost or stolen cards and passwords.

"I think that perhaps the credit card organizations will lead the charge," Struif said.

Another potential use of digital biometric data, for identity and travel documents, is much in the news lately, especially after a package of new security measures passed in Germany called for the consideration of new biometric features in national identity cards.

Andreas Wieberneit, senior software engineer at Dermalog Identification Systems GmbH, described a national identification card project his company has implemented in the southeast Asian country of Brunei.

Starting in 1999, Brunei replaced existing registries of citizens, legal residents, and frequent visitors with a system of chip cards carrying encrypted data, including photos and thumbprints. Corresponding copies of the data are stored in a central database, making it easy to verify if an applicant for an identification card is fictitiously maintaining a separate identity, for example.

In the latest update, Brunei began last year to include visa and passport information on chip cards, so-called Smart Border Endorsement Cards, in order to speed travelers through the immigration process.

Wieberneit acknowledged, however, that a system that works for tiny Brunei, with fewer than 350,000 inhabitants, might not work for a bigger country.

Or, for that matter, for a country like Germany, with its strict legal guarantees of personal data privacy. Officials here have faced harsh questions over the proposal, championed by Interior Minister Otto Schily, to include encrypted biometric data on national identification cards. Would such information be stored in a central database? How could citizens be ensured of their privacy?

Schily canceled a scheduled appearance at the conference, and his representative, Minister of State Brigitte Zypries, brushed aside questions on the constitutional issues raised by the proposal.

"I personally much prefer this banking idea (biometric chip cards issued by banks), rather than telling everyone to get a new ID," she said, referring to a pilot project in Finland to issue chip-card national IDs, which met with limited citizen interest.

"Anyway, we already have biometrics on our ID cards: photos, eye color, and height," she added, referring to the non-encrypted, analogue information carried on standard cards.

But even banking use of the technology faces a number of hurdles, said Christoph Thiel, a cryptography and IT security specialist with Germany's Sparkasse group of savings banks.

A system that tests thumbprints to verify automated teller machine (ATM) transactions will always be less consumer-friendly, he said, than the current system using a card and a personal identification number (PIN) password.

"The customer must be assured that he'll be able to get money. If he has his card, the correct code, and money in his account, he gets money. But if a thumbprint is given, there's no 100 percent guarantee of a correct procedure," he said.

In fact, he said, customers would still need a password as a backup in case the print can't be properly read, negating the customer advantage of not having to memorize a PIN.

"Optimistically, we can't foresee (biometric chip-card technology) in the next 10 years. Basically we don't think it's suitable for the banking business," he said.

A further issue is raised by the storage of the digital thumbprints: Would they only be stored on the card itself, or in a central database? In the former case, cardholders might have to come personally to a bank branch office to give thumbprints each time a new card was issued -- a major inconvenience compared to the current system, where cards and PINs are simply mailed to customers.

But the other option, storing prints in a database, raises legal and ethical issues, said Richard Aufreiter, product manager for personal device security at Utimaco Safeware AG.

"Lots of people don't feel good about the idea of biometric data being stored centrally," he said, adding that there are still no widely accepted standards for the encryption and storage of biometric data to begin with, making it hard for different proprietary security systems to share one set of stored prints.

But a bank could, for example, ask a customer to enter a first thumbprint at any ATM the first time a new card is used. Until then, a temporary PIN would serve as security; the user could then opt, after entering a thumbprint, to deactivate the PIN.

Aufreiter admitted, though, that such a procedure would not prevent abuse of the system if a person other than the proper cardholder entered the first print, unless a bank employee were present to verify identity.

The Omnicard conference continues in Berlin through Friday.