How to abuse biometric passport systems
| Published date | 11 May 2012 |
| Pages | 68-81 |
| Date | 11 May 2012 |
| DOI | https://doi.org/10.1108/14779961211226985 |
| Author | Olli I. Heimo,Antti Hakkala,Kai K. Kimppa |
| Subject Matter | Information & knowledge management |
How to abuse biometric passport
systems
Olli I. Heimo
Business and Innovation Development Special Unit, University of Turku,
Turku, Finland
Antti Hakkala
Department of Information Technology, Turku Centre for Computer Science,
University of Turku, Turku, Finland, and
Kai K. Kimppa
Department of Management, Turku School of Economics,
University of Turku, Turku, Finland
Abstract
Purpose – The purpose of this paper is to show that most, if not all RFID/biometric passports have
clear technical and social problems in their intended use and that there are clear problems with the
databases into which biometric data are being collected, due to use of this data for other (publicly),
non-intended uses.
Design/methodology/approach – The approach of this paper is both a meta-study of the flaws in
the technological specifications as well as the social implementation of RFID/biometric passports.
Finland is used as a case, but the results extend beyond Finland in most, if not all the topics
presented – not necessarily all results to all implementations, but all to some others.
Findings – The current implementations of RFID/biometric passports are lacking in both technical
and social implementations and pose clear risks to their use, both due to lax implementation of the
technology itself but specifically due to the social changes brought about. These problems cause both
erosion of privacy and trust.
Research limitations/implications – Further research into other potential social implications on a
national level is required. The authors fear that the cases presented do not necessarily reflect all the
potential problems, but just the most evident ones.
Practical implications – The problems with the technological implications can be averted by using
the best technological solutions, and thus the best technological solutions should be used instead of the
ones proven to be lacking.
Social implications – The social implications should at least be brought forth for public discourse
and acknowledged, which currently does not seem to happen.
Originality/value – The paper contributes to the understanding of problems with current
RFID/biometric passport implementations as well as inherent social problems that are hard, if not
impossible to avoid. The problems belong under the category of critical eGovernment applications,
and similar issues are visible in other eGovernment applications.
Keywords Finland, Data security,Biodata, Information systems,Trust, Privacy,
Radiofrequency identification,Information security,Biometric identification,Biometrics, Functioncreep,
eGovernment, Passpo rts
Paper type Conceptual paper
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1477-996X.htm
JICES
10,2
68
Received 20 January 2012
Revised 11 February 2012
Accepted 12 February 2012
Journal of Information,
Communication and Ethics in Society
Vol. 10 No. 2, 2012
pp. 68-81
qEmerald Group Publishing Limited
1477-996X
DOI 10.1108/14779961211226985
To continue reading
Request your trial