Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Hong Kong Gets Smart ID Cards

michael posted more than 12 years ago | from the papers-please dept.

Privacy 388

darnellmc writes: "This AP article is about Hong Kong's new smart ID cards (mandatory) with "embedded computer chips that hold names, pictures and birthdates -- as well as a digital template of both thumbprints". The picture in the article shows a man holding them and smiling. The article also mentions "Hong Kong's government backed down on proposals to have the cards carry health and bank records". The Hong Kong government hopes to add optional features like using them as driving licenses and library cards. This government learned nothing from the USA's abuse of the Social Security number, this is much worse. Hoping one card will do it all. These cards are also in the works in other countries like Finland, Malaysia and Japan where they are to be optional. Thailand is working on a mandatory card."

Sorry! There are no comments related to the filter you selected.

Damn chinks (-1)

Ralph JewHater Nader (450769) | more than 12 years ago | (#3148463)

Do those dirty slants rape little kids? They're yellow kikes because they are so greedy.

Re:Damn chinks (-1)

Adolf Hitroll (562418) | more than 12 years ago | (#3148599)

I'm sorry you didn't just melt away...

Open Source? More Like Openly Racist (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3148465)

The Open Source movement, otherwise known as 'Free Software', has been a topic of considerable debate on the Internet's most controversial site. The majority of this debate has centered around the technical merits of the software, with the esteemed editors argueing against adopting Linux by employing the full depth of their considerable intellects, and the other side hurling death threats and similar invective. This has allowed many who would not otherwise receive quality information about Open Source software to be made aware of many of its ramifications, but one issue has been left alone: The overt racism that is deeply embedded in the movement.
Allow me to explain.

Alan Cox; Richard Stallman; Bruce Perens; Wichert Akkerman; Miguel DeIcaza.
What do you see in this list of names? Are there any African-Americans on it? Absolutely not, none of those names sound like one a self-respecting black person would have! No Maurice, no Luther, no Lil' Kim. There are many other lists such as this, you can see one here. Flip through each page, do you see anything other than white faces? Of course you don't, because Open Source and its adherents are ardent racists and they absolutely forbid access to the sacred 'kernel' by any person of color.

Lets look at another list, this time a compendium of the companies using Linux. Are there any black owned companies on that list? Nooooooo. How about these companies? They all have something to do with Open Source software, any of them owned by an African-American? No again. Here is an extensive collection of photographs from a LUG (Linux User Gathering) meeting, more can be viewed at that link. What is odd about these pictures, and every other photograph I have ever seen of a LUG meeting, is that there is not one single black person to be seen, and probably none for miles.

More racist overtones can be found by examining the language of Open Source. They often refer to 'white hat' hackers. These 'white hats' scurry about the Internet doing good, but illegal, acts for their fellow man. In stark contrast we find the 'black hat' hackers. They destroy the good works of others by breaking into systems, stealing data, and generally causing havoc. These two terms reflect the mindset of most Linux developers. White means good, black means bad. Anywhere there is black, there is uncontrollable destruction and lawlessness. Looking further we see black lists that inform other users of 'bad' hardware, Samba, an obvious play on the much hated Little Black Sambo book, Mandrake, which I won't explain except to say that the French are notorious racists. This type is linguistic discrimination is widespread throughout the Open Source culture, lampooned by many of its more popular sites.

It is also a fact that all Unix 'distros' contain a plethora of racist commands with not so hidden symbolism.

It can hardly be coincidence that the prime operating system of choice of the 'open source supremacists' - Linux, features commands which are poorly disguised racist acronyms. For example: 'awk' (All White Klan) , 'sed' (shoot nEgroes dead), 'ln' (lynch negroes), 'rpm' (raical purity mandatory), 'bash' (bring a slave home), 'ps' (persecute sambo), 'mount' (murder or unseat nubians today), 'fsck' (favored supreme Christian klan). I could go on and on about the latent racist symbolism in Linux, but I fear it would take weeks to enumerate every incidence.

Is there a single unix command out there that does not have some hidden racist connotation ? Suffice it to say that the racism pervades Linux like a particularly bad smell. Can you imagine the effect of running such a racist operating system on the impressionable mind ? I don't have to remind you that transmitting subliminal messages is banned in the USA, and yet here we have an operating system that appears to be one enormous submliminal ad for the Klan!

One of the few selling points of Open Source software is that it is available in many different languages. Browsing through the list I see that absolutely none are offered in Swahili, nor Ebonics. Obviously this is done to prevent black people from having access to the kernel. If it weren't for the fact that racism is so blatantly evil I would be impressed by the efforts these Open Sourcers have invested in keeping their little hobby lilly white. It even appears that they hate the Japanese, as some of these self proclaimed hackers defaced a web site with anti-Japanese slogans. Hell, these people even go all the way to Africa (South Africa mind you, better known as White Africa) and the pictures prove that they don't even get close to a black person.

Of course, presenting overwhelming evidence such as this is a bit unfair without some attempt to determine why these Open Sourcers are so racist. Much of the evidence I have collected indicates that their views are so deeply held that they are seldom questioned by the new recruits. This, coupled with the robot-like groupthink that dominates the culture allows the racist mindset to continue to permeate the ranks. Indeed, the Open Source version of a Klan rally, OSDN (known to the world as Open Source Developer's Network, known to insiders as Open Source Denies Negroes) nearly stands up and shouts its racist views on its demographics page. It doesn't mention the black man one single time. Obviously, anyone involved with Open Source doesn't need to be told that the demographic is entirely white, it is a given.

I have a sneaking suspicion as to why their beliefs are so closely held: they are all terrible athletes.

Really. Much like the tragedy at Columbine High School, where two geeks went on a rampage to get back at 'jocks', these adult geeks still bear the emotional scars inflicted upon them due to their lack of athletic ability during their teen years. As African-Americans are well known for their athletic skills, they are an obvious target for the Open Source geeks. As we all know, sports builds character, thus it follows that the lack of sports destroys character. These geeks, locked away in their rooms, munching on stale pizza and Fritos, engage in no character building activities. Further, they interact only with computers and never develop the level of social skill that allows normal people to handle relationships with persons of color.

Contrasted with the closed source, non-geeky software house Microsoft, Open Source has a long, long way to go.

I just wanted to say (-1)

Adolf Hitroll (562418) | more than 12 years ago | (#3148466)

that I love you all... No kidding :-)

ID Card Threat? (2, Insightful)

chchchain (120540) | more than 12 years ago | (#3148471)

Can somebody succinctly summarize the percieved threats of a national ID Card?

Re:ID Card Threat? (2, Interesting)

BurritoWarrior (90481) | more than 12 years ago | (#3148490)

Just pick up a copy of Orwell's 1984 and you will find the answers you are looking for.

We have always been at war with Eurasia.

Re:ID Card Threat? (4, Insightful)

Betcour (50623) | more than 12 years ago | (#3148682)

True - countries with ID cards are police state (all western Europe for example, including Holland) while countries without are free countries (USA for example, which has the highest percentage of jailed people in the world !).

Orwell message would be stronger if he wasn't used and abused all the time...

Re:ID Card Threat? (2, Interesting)

Clay Mitchell (43630) | more than 12 years ago | (#3148493)

I assume people are worried about being tracked... But the only places I could think of needing to use it are when you are either a) getting on an air plane or b) entering a government building. honestly, considering how often people attack those 2 places, i think the national id card is a pretty damned good idea.

Re:ID Card Threat? (2)

gUmbi (95629) | more than 12 years ago | (#3148516)

I assume people are worried about being tracked...

They should be worried if these are contactless smartcards which can be read via radio from short distances now and possibly much longer distances in the future.


Re:ID Card Threat? (1)

Clay Mitchell (43630) | more than 12 years ago | (#3148544)

Now that's true. That means any idiot with a computer could read your little card. That = bad mojo

Re:ID Card Threat? (-1)

Tasty Beef Jerky (543576) | more than 12 years ago | (#3148658)

And this is different from today how?

Oh yeah, today, any sufficiently clever idiot with a computer can find his way into decentralized databases and get your credit history, medical records, driving records, get a credit card/loan in your name, etc, etc, etc.

Simply means he needs to take more steps to do it.

Re:ID Card Threat? (4, Insightful)

tenman (247215) | more than 12 years ago | (#3148572)

But the only places I could think of needing to use it are

That's part of the issue. It starts out needing to be used there, and then the guy who cuts your hair wants to see it, then the magazine subscription company, and then people call your house at 3AM and try to sell you something based on your card. A agree with this poster [slashdot.org] you should have a long read. Then when you say "they would never do something like that", we can all say we told you so.

Re:ID Card Threat? (2, Interesting)

denny_d (454663) | more than 12 years ago | (#3148640)

Smart Cards in general are *not* bad, I use one at school and it speeds access to the information I need about my schedule/profs/etc.*

However, it's the collection and the dissemination of the data that worries me most...China can do it because it has a very weak representative body and a very strong executive body...you can almost say the same for 'most' democratic states today...

Austria for example is proposing the same thing to counter it's immigration problems, complete with Thumbprints. Austria is also 'forcing' it's citizens to use a smart card for insurance...In a pseudo socialist state this is understandable. The 'state' is paying for the insurance (via citizens' taxes) so controlling entry/exit for hospitals is important.

The question though is how long before these kinds of cards will be used for work permits (as in the case of immigrants in HK and Austria (not yet complete)) all over the world...

Futurama ref: scan the career chip and viola, you have a job...or permission to live in such and such community.

We're used to badges for entrance into companies. How long before we're using a badge (smartcard) to do anything that involves the state or it's infrastructure?


Re:ID Card Threat? (5, Interesting)

palmersperry (242842) | more than 12 years ago | (#3148499)

The "threats" that I'm aware of are :-

1) Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state[1].

2) Badly implemented smart cards will make it easy for the theft of other peoples identities.

[1] Of course, Hong Kong has been perilously close (if only in geographic terms) to a police state ever since the Chinese revolution!

Re:ID Card Threat? (0)

Anonymous Coward | more than 12 years ago | (#3148628)

In Finland the Police have the right to ask anyone's
name and national ID number in order to carry out whatever they are doing.

This hasn't made Finland a police state as far as I can tell.

Re:ID Card Threat? (-1)

Tasty Beef Jerky (543576) | more than 12 years ago | (#3148541)

Sure, here you go.

The Government will have the power to track me wherever you go...

  • Let me just verify your ID sir, yes, it comes back valid, you may be seated.
    (122703 - 182244: ID VERIFICATION - Robert Smith - Wung Chu Chinese Restaraunt 1227 Old Lawson Rd. Vernax, GA 31141)
  • Let me just verify your ID sir, yes, it comes back valid, you may procede.
    (122903 - 073418: ID VERIFICATION - Robert Smith - Toll Booth 127 Dulles Toll Road. Centreville, VA 22015)
  • etc
  • etc
Does that answer your question?

Re:ID Card Threat? (1)

nucal (561664) | more than 12 years ago | (#3148607)

As far as issues related to tracking people - it's already happening. Count the number of cameras you see as you go about your day (let alone the cookies on your computer).

Re:ID Card Threat? (0, Informative)

Tasty Beef Jerky (543576) | more than 12 years ago | (#3148723)

Do the cameras connect back to a centralized national database? Are they sufficiently advanced to recognize me in different lighting, different clothing, different environments (Through a car windshield, etc)?

Even with all those things, facial recognition is an imperfect art. Even humans are unable to do so 100% accurately. How many times have you seen someone on the street and thought "Hey, that's Bill, or is it?" only to find out it's not Bill? Oh, and humans are trained from birth to recognize faces. The Smart Card National ID system just makes it easier. Instead of reading a face, you read a signal from the card saying "Hi, I'm Bob Patterson. I'm O+, my fingerprint signature is X41AW8NV...33R47, I live at 123 Park Place, New Orleans, LA 41127."

Lots easier than reading a face and figuring out who it matches.

Re:ID Card Threat? (2, Interesting)

grid geek (532440) | more than 12 years ago | (#3148611)

Its all about who has what information about you.
An ID card could carry your full name, date of birth. Fine, no problem with this. Less hassle getting served at the bar 8).
Now add photo and the state has a current image of almost every citizen which could then be plugged into cctv systems at political demonstrations and immediately identify people opposed to the current government. Bye Bye Freedom of Speach and hello the ability to track someone where ever they go.
Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.
Genetic finger print. Think of Gattaca and the eye lash being found by the police. Immediate identification with very small probability of error. Now tie this in to :
Banking - going for a loan? Any genetic defects and they'll increase the interest rate you're paying and demand cover in case you die before its repaid.
Insurance - any genetic abnormalities and then try getting insurance. Even worse if diseases such as HIV/AIDs were included in your information.
Finally the worst part Identity theft. Government ID card is supposed to prove beyond all reasonable doubt that you are who you say you are. If you have a card with your photo on it, with your fingerprints and genetic fingerprint all matching then obviously you must be the person named on it with access to all your bank accounts, property deeds etc. Anything I've missed?

Re:ID Card Threat? (2, Insightful)

SpoonMeiser (316685) | more than 12 years ago | (#3148749)

Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.

Why would you be at the scene of a crime and not want to talk to the police? Surely you'd either want to help them with their enquires, or you're the criminal. I don't see why making it harder for criminals to escape is a bad thing.

Re:ID Card Threat? (1)

nrd907s (458195) | more than 12 years ago | (#3148763)

"Even worse if diseases such as HIV/AIDs were included in your information"

This is where I am forced to pull out my DUH stick and am forced to beat you with it.

An insurance company would have to be a bunch of blubbering idiots to insure a person infected with HIV/AIDS (which is at this point an uncurable disease, and a cause of certain death).

If insurance companies were forced to insure people with HIV/AIDS then I can forsee alot of smaller companies going out of business.

Despite all of that, if you are insured with a company then you should not lose coverage because of contracting HIV/AIDS, but I really can't see any arguments in favor of making insurance companies give people with HIV/AIDS new coverage.

Re:ID Card Threat? (1)

gilder (267022) | more than 12 years ago | (#3148638)

Believe me I am one of the first to worry about our privacy, but really. This can be implemented in a secure way and the first steps seem to have been taken.
By placing a digital thumbprint on the the card, they have made a tiny DB of the valid users thumbprint. Thus if I have a thumbprint that matched, I am that person. Add to this the visual image match of the digital picture, the picture on the card and my visage and I am feeling pretty secure.
I would love to see this power added to lots of things. ATMs, stores, bars, websites, library, DMV, to name a few. Far better than the status quo of scribbles on a line and the 4 digit numbers we take as secure.
Downside, people are sure that I am me. I believe it was John Locke that said, as I poorly paraphrase, in order to live in a society one must give up certain rights. I think securing our nation and my personal finances are worth the trade off. IMHO.

Re:ID Card Threat? (2, Insightful)

shimmin (469139) | more than 12 years ago | (#3148699)

By placing a digital thumbprint on the the card, they have made a tiny DB of the valid users thumbprint. Thus if I have a thumbprint that matched, I am that person. Add to this the visual image match of the digital picture, the picture on the card and my visage and I am feeling pretty secure.

But not rightfully so. The best fingerprint recognition software has (and has had for some time, so I don't forsee the necessary orders-of-magnitude improvements happening in the near future) a 1-in-100,000 false acceptance rate. This means to do a brute force attack against a fingerprint key, I need a library of only 100,000 fingerprints.

If DES is considered insecure with a keyspace of 2^56, then why would you even want to switch to a system with a keyspace of only 2^17 ?

Other biometrics (face, retina) are no better in terms of keyspace. Only DNA has the necessary size, and (1) Don't expect to see a device that can sequence your DNA in the fractions of a second we find acceptible for authentication anytime soon. (2) I will not submit to a blood sample to get cash out of the ATM.

Not to mention: If my fingerprint unlocks my bank account, there is incentive for someone to chop off my hand.

Re:ID Card Threat? (0)

Anonymous Coward | more than 12 years ago | (#3148720)

Be sure to read Bruce Schneier's excellent book Secrets and Lies before asserting that this can be implemented in a secure way.

Also ask yourself, when -- not if -- a flaw is found, is it reasonable to revoke and reisssue millions of cards to secure it again? And again? And again?

Admittedly, the current system is flawed. But the nice thing about the current system (in the US) is that not all the information is stored in one place, with one primary key and requiring just one credential for complete access to information (Social Security Number notwithstanding).

In the US, (intelligent) people rely on multiple forms of credentials to prove identity. The major flaw of the smart card is that people will believe that because you possess it, you must indeed be that person.

Also bear in mind that the US does not enjoy the same privacy protections borne upon citizens of other countries (most notably those of the EU), so getting the information needed to apply for a smart card in someone else's name is not nearly as difficult.

Re:ID Card Threat? (2)

mpe (36238) | more than 12 years ago | (#3148673)

Can somebody succinctly summarize the percieved threats of a national ID Card?

Most of the proposals arn't simply "identity cards" they are also overloaded with other personal information. We already have enough problems with such things as driving licences being used for things completly unrelated to driving...
Also the more information attached to a specific document the easier "identity theft" becomes.

Learned nothing? (1)

blane.bramble (133160) | more than 12 years ago | (#3148475)

That's a bit of a US-centric assumption isn't it? Maybe the Hong Kong government knows what it's doing, and knows how to ensure the cards etc. aren't compromised and identities forget etc.

Bullshit (-1)

Ralph JewHater Nader (450769) | more than 12 years ago | (#3148484)

Are you trying to imply that chinamen know better than the Aryan race? You're a fucking idiot. That's like saying that jews aren't greedy and negroes aren't stupid.

Re:Learned nothing? (2)

ebbomega (410207) | more than 12 years ago | (#3148514)


It's call trial-and-error. The point is that the system of a single ID card itself is a bit on the flawed side, wouldn't you say? what if you left it at home accidentally? What if you lost that one ID card? You're screwed. There's wayyyy too many variables in the equation.

The question is more that: Has anybody found anything in which the Hong Kong government has addressed the fact that this didn't work in the states and are they prepared to give any reason why it failed and how they're going to avoid it? Because if not, this isn't ethnocentric, it's practical. If the United States tries to win a Land War in Russia, people screaming "Jesus! Didn't you pay attention to Hitler Germany or Napoleonic France???" wouldn't be accused of being Ethnocentric, would they?

Re:Learned nothing? (1)

Cedric C. Girouard (21203) | more than 12 years ago | (#3148564)

It's call trial-and-error. The point is that the system of a single ID card itself is a bit on the flawed side, wouldn't you say? what if you left it at home accidentally? What if you lost that one ID card? You're screwed. There's wayyyy too many variables in the equation.

What if you lose your wallet ? Get it stolen ? Get your house broken into and ransacked.

Does it really make a difference if you had one ID or 20 ? Actually, after going through with one of the situation above, I would have juste LOVED to be able to call a single number to cancel my existing card and order a new one.
Plus, this thing got your paw print on it. Makes it WAY easier then meeting any prerequisite you'd normally have to meet in order to get new cards re-issued.

Re:Learned nothing? (1)

Romancer (19668) | more than 12 years ago | (#3148612)

Do you know any way at all that the info can be read and not be readable at the same time?

If they can read it it's a matter of time before it's read by the wrong people. Data is not secure.

A simple image grab and a hex editor is all that's needed for these cards to be abused.

Optional? (2, Interesting)

jlower (174474) | more than 12 years ago | (#3148483)

If they are introduced as "optional" (as the article states some countries plan), how long before you simply can't do certain things without one?

Sort of like trying to live in the USA without a credit card. It can be done but it complicates your life enormously when you try to do things like rent a car, book hotel rooms, etc.

Sort of like disclosing your SSN (in the USA) is supposed to be 'optional' but you'll find it's not really optional when you try to get a loan, activate certain utilities, and so on.

Point being, 'optional' may be a way to get it in the door but it soon becomes mandantory for all practical purposes.

Really? (5, Funny)

mnordstr (472213) | more than 12 years ago | (#3148485)

These cards are also in the works in other countries like Finland...

Really? I haven't noticed, heard anything. And I live in Finland. Must be very optional.

Re:Really? (0)

Anonymous Coward | more than 12 years ago | (#3148647)

IT's called "HST-kortti" in Finland and you can get it from local police station. It costs 29 . More information from http://www.sahkoinenhenkilokortti.fi/default.asp?t odo=setlang&lang=uk (in english)

Asian cultures.. (2)

Dutchmaan (442553) | more than 12 years ago | (#3148489)

..IMHO by nature would be more accepting of this type of technology. For thousands of years asian cultures have been about the sacrifice of the individual for the whole, so it really doesn't surprise me that this kind of card would be generally accepted, if not eagerly accepted as a fundamental tool to make the system better.

Re:Asian cultures.. (0, Flamebait)

TRACK-YOUR-POSITION (553878) | more than 12 years ago | (#3148591)

For billions of years western cultures have been about making overextended all encompasing generalizations about asian cultures. Wait, what does IMHO mean again? Oh. Well, it looks like TRACK-YOUR-POSITION is an incorrect jerk once again!!!! Gotta go see you later love ya buh-bye....

Re:Asian cultures.. (1)

(trb001) (224998) | more than 12 years ago | (#3148629)

Along the same line, I imagine the penalties in Asian cultures for compromising these cards will be stiffer. I imagine that if spitting on the sidewalk is a felony offense, stealing someone's identity is punishable with your life.

This isn't to say people won't do it, especially if it can be done from a distance, but I would imagine it won't happen as much as it would over here (Sourceforge probably already has a project open for this...)


Re:Asian cultures.. (2)

gnovos (447128) | more than 12 years ago | (#3148708)

Asian cultures IMHO by nature would be more accepting of this type of technology. For thousands of years asian cultures have been about the sacrifice of the individual for the whole...

Not really the sacrifice of the individual so much as the greater good of everyone else. This is a very important concept, becuase it means that these cards won't be misused in the same way that they would be in the US. In countried like, say, Japan, even relativly large corperations are held to a firm moral code. It doesn't always happen perfectly, but usually when a company steps out of line and shows it's dark side, it can and will be severly damaged. Not just lost profits too, but also in what parents tell thier kids... the damage can last for generations.

Wait, don't tell me... (1)

hacker (14635) | more than 12 years ago | (#3148491)

Let me guess.. pioneered by Sony and based on MemoryStick.

How far behind is DRM on credentials going to be mandatory? Orwell would be proud.

IT's happening here (1)

wikki (13091) | more than 12 years ago | (#3148504)

There is legislation being proposed here that could create a national ID card. Either a new one or link the states drivers liscense banks. All in the name of terrorism. I don't see how anyone in their right mind could see this as a way to curb terrorism. Terrorists just get ID cards like everyone else, and hold jobs, and go to pilot school. It's a crock of shit. Just like trying to defend the airports against suicide pilots with no bombs. It just doens't happen.

Re:It's happening here. About time. (2)

Havokmon (89874) | more than 12 years ago | (#3148593)

So if have a WI ID, and I get stopped in FL, It won't take an hour to get my information?

I don't see a problem there. Politics is about leveraging. There needs to be a central database for drivers licenses, and the government should be allowed to SELL THAT INFORMATION!

That's right. Why?
1. The bank you got your car loan from already has that info, AND Charges you interest.
2. The insurance company already has that info.
3. The car dealer already has that info.
Can you think of any more? We ALL HAVE to pay taxes, so why don't we allow the one place that WILL ALWAYS CHARGE US to get additional income instead of the places that we don't need to buy from?

End Rant.

End of the world people: You won't be any safer, or have any more privacy, having personal information spread all over.
And I bet every one of you have nothing more than a simple deadbolt (and maybe a chain) on your door. Practice what you preach.

Re:It's happening here. About time. (2)

mike_the_kid (58164) | more than 12 years ago | (#3148718)

Sure, I've got a chain on my door, and a deadbolt. Is that enough? Well, maybe not. So I have a Desert Eagle .50.
Unfortunately, there is no equivalent to the Desert Eagle with the smart cards. Someone breaks into my apartment, I have it covered. Someone breaks into my smart card (maybe with wireless-only access to the card) or tracks my whereabouts for malicious purposes, then what? How can I proactively protect the information on my smart card? And so it gets a little bit cloudy. I am fine with a database of all our whereabouts and activities if it protects anonymity.
If we had this database, and could use heuristics to determine if people were dangerous (eg, I just purchased three key ingrediants to an explosive and then a plane ticket. Have security give me an extra thorough check) that seems good. If someone can pose as me, that is no good.
Maybe it all comes down to random number generation. As long as the card's encryption is based on pseudo-random numbers, it is worthless.

Subject to make you read message goes here (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3148505)

CmdrTaco: The inherrant flaw in the system is that people working for free won't be perfect.

CmdrTaco: Dissing someone popyular is a great way to make yourself seem smarter or more important.

CmdrTaco: Linux is better. But these days many people use it 'cuz its cool to be different. Its a fad!

CmdrTaco: people are always suspicious of everything. This is *slashdot*. Everyone is paranoid of everything! I'm paranoid! You're paranoid!

CmdrTaco: Some days I just go home so fucking angry because some dickless wonder with no information and a paranoid fantasty is convinced that I'm the antichrist.,

CmdrTaco: People are mean to me in the comments.

CmdrTaco: we have editors discretion.
CmdrTaco: we abuse it sometimes.
CmdrTaco: else we'd get bored.
QuoteMstr: CmdrTaco: So your own personal amusment is more important than a website read by thousands?
CmdrTaco: Quote:Hell yeah.

CmdrTaco: I want to sell karma.

A good thing? (1)

chennes (263526) | more than 12 years ago | (#3148513)

This could almost be viewed as a good thing, from a US perspective. I think that we will see the proposed dangers of these cards appearing before too long - it will, as usual, take a graphic depiction of the problems associated with this type of universal ID before any of the politicians stop to think before they vote.

What kind of crack are they on (2, Insightful)

drew_kime (303965) | more than 12 years ago | (#3148520)

If the card is stolen, officials say the data on the chip can't be easily retrieved.

Officials estimate the seven-year plan to distribute the mandatory cards to all Hong Kong residents, aged 11 and up, will cost $400 million.

The expense includes computer database, networks, card readers, technical support and additional staff.
(My emphasis)

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised. Once bank information is on them -- and I have no doubt that that bit of the proposal is only on hold, not really dropped -- how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

Re:What kind of crack are they on (2, Informative)

cerberusti (239266) | more than 12 years ago | (#3148584)

As of right now, card readers (all of them can also write) are not that expensive, the security comes in the form of encrypted data on the card. It would be about as difficult as decrypting an SSL session to get the data from the card.

Re:What kind of crack are they on (1)

sylvester (98418) | more than 12 years ago | (#3148688)

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised. blah blah

Perhaps there are people better than you at designing these systems, just maybe, could it be?

It is certainly possible to make it *extremely* difficult if not impossible to get a private key out of a smart-card. The NSA did it with Skipjack in the early nineties.

If the card reader also has a private key, and it must submit to the card a certificate that said key has been signed (some sort of challenge/response), and then the data is streamed over some strong cypher (AES, say...with..oh...256 bits, maybe?), and all this is done correctly, it is most certainly possible to make the card readers utterly impossible to compromise and reverse engineer.

Now, whether you trust the person behind the card reader is another matter. And whether you trust the people making the cards to truly dispose of the private keys generated and such is also another question. But from a pure hardware/software system, it is certainly possible to do this securely.

Re:What kind of crack are they on (2, Interesting)

shimmin (469139) | more than 12 years ago | (#3148756)

It is certainly possible to make it *extremely* difficult if not impossible to get a private key out of a smart-card. The NSA did it with Skipjack in the early nineties.

Techniques specific to cracking a smartcard have undone this work. If one knows the encryption algorithm used by the card and the hardware used to implement it, then because the card reader provides the card with power to do its computations, the power-demand-vs-time information gained by the reader can be used to reconstruct the key stored in the card.

All 15 of the AES submissions are vunlerable to this attack. Moral: never stick your smartcard in an untrusted slot.

Re:What kind of crack are they on (1)

torinth (216077) | more than 12 years ago | (#3148705)

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised. Once bank information is on them -- and I have no doubt that that bit of the proposal is only on hold, not really dropped -- how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

I'll just hastily comment that it would only be the most idiotic roll out of smartcards with private information on them that would not use a PIN, password, or biometric verification to prevent improper use. It's like your darn ATM card - the reader is already "compromised" with those. The data is useless without a PIN or other way of identifying that it probably is an authorized use.

Quit your ignorant whining about the non-existant inadequacies of the system, and focus on real concerns, whatever the hell those are.


Re:What kind of crack are they on (2)

bluGill (862) | more than 12 years ago | (#3148758)

I agree only an idiot would roll it out without verification. However finger prints are already stored on the card, so if you can figgure out how to read the card you can get the scan of their fingerprint.

Some old ATM cards held the pin number (unencrypted appearently) and there were folks who managed to figgure out how to change them. Not sure if it still works that way.

Of course not knowing how the fingerprint is implimented I really can't say if this is a problem or not - the card could use the stored fingerprint as verification, that is if you don't present a matching print it would let you at the data. Or other ways to secure this.

I don't like it though.

Re:What kind of crack are they on (3, Interesting)

regen (124808) | more than 12 years ago | (#3148714)

how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

I really doubt this would be an issue. The smart cards have no power supply nor do they have a radio transmitter. It would be extremely difficult to remotely power a device and remotely sense extract data from the device. You could possibly extract information from a reader when the device is in use, but it would be much easier to set up a fake reader to do this rather than doing it remotely from a real card reader.

This is similar to problems faced with ATM machines. A few years ago people started setting up fake ATM which would capture your ATM card info and PIN and then return an error. The crooks would forge new cards and clean out your account. No need to sniff data from working real ATMs when people would use your bogus ATM.

Re:What kind of crack are they on (2)

markj02 (544487) | more than 12 years ago | (#3148726)

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised.

If they did the cryptography right, it doesn't rely on obscurity--even perfectly disassembling one card should give you at most the information on that card, it doesn't compromise the whole system.

Re:What kind of crack are they on (4, Interesting)

fssd (23137) | more than 12 years ago | (#3148764)

Okay, I live in Hong Kong. Actually that's not the worse part, as serveral ppl has mentioned, we would not mind carry such card around, since this is required by law to carry one around(smart or non-smart one, just like the SS). The problem is the way that they choose the vendor, who ever get the lowest price got it. The problem is the vendor who bid the project, Pacific Cyberworks [pccw.com] is not well known on such technology locally. They claim they can finish the whole thing within 18 months cycle, which if you think more about it, it's a ridiculous short time frame. Not to mention their bid is half of the second lowest bid. That makes me have a really bad feeling that the security on such system would not be throughly tested at all. sigh...

A Good Idea.. (1)

Jinky (565098) | more than 12 years ago | (#3148522)

..in itself, but in practice, there's no way at all something like this will avoid abuse, commerical, governmental, or privately. What's to stop someone with a smartcard writer from creating their own, or modifying someone else's? As well, if they decide on implementing access to banking information, credit cards, what happens if you lose your card and don't notice right away? Someone could pick it up and have full access to all of it. And they could really rack up late charges if they put the library card function on it :) There's also another article on this at wired.com [wired.com] .

Re:A Good Idea.. (0)

Anonymous Coward | more than 12 years ago | (#3148707)

How is this card such a horrible thing when all it does is take your wallet and condense it down. If you loose your wallet someone has everything they need to be you and spend your money and whatever. I fail to see how a nationalized version of my wallet will be anymore exploited than it already is. What are they going to do add me to phonelists, track what I buy, or give out my credit information, oh wait I think all tha thas been done.

get me one of those ;-) (1)

DeBaas (470886) | more than 12 years ago | (#3148759)

As soon as someone invents a 'smartcardwriter' let me know. That kind of technology should also be advanced enough to be used to make a replicator ;-)

Anytime there is an article about Smartcards it suprises me again how little the avarage slashdotter knows about smartcards. Smartcards are not simple memory chips. They are extremely hard to crack.
For cracking you need stuff like milliondollar ion-lasers and super strong microscopes.
It can be done, but 'smartcardwriters' don't exist.

The software on the chip though needs to be well-developed and the encryption used needs to be strong. But there is a lot of exerience as these chips are used for electronic purses known in for instance in Europe.

One number to rule all numbers - necessary? (1)

Hasie (316698) | more than 12 years ago | (#3148524)

I live in a country where we do not have a particularly advanced national ID number system such as the American social security system or the system proposed in the article. I recently had an interesting conversation with my dad who works in a hospital on the accounting side. He mentioned that people overseas don't understand how he can function without a well-developed national ID system. They can't believe that it is still possible to track people and get payment (part of my dad's job) without having that person's ID. There are some problems that arise, but the basic point that I am trying to make is that something like this is not necessary - and there are countries that prove it. People are just so used to the system that they can't believe that it is possible to exist without it.

Re:One number to rule all numbers - necessary? (1)

ergo98 (9391) | more than 12 years ago | (#3148583)

Here in Southern Ontario we've had a longstanding problem of Northern US scamsters (no I'm not saying the Northern US is scamsters, but rather I'm saying that the scamsters just happen to be from the Northern US) with stolen or forged health cards or other Canadian/Ontario government ID coming up and getting free healthcare on the backs of Canadian taxpayers. Because of this they've introduced a new more advanced health card, and there is talk of cards similar to the Hong Kong card : If you don't fight it, then people abuse the system.

Personally given the proliferation of networking nationwide, I'd prefer any system that keeps as much of the data centralized and secure versus stored on a card: i.e. If they started storing fingerprints then it most certainly should be in a central database, and your personal card merely correlates you record with yourself whereupon the match is done. Storing it on the card is basically guaranteeing that you'll be replacing the system in a year because someone reverse engineered it and can print their own.

Re:One number to rule all numbers - necessary? (1)

StringBlade (557322) | more than 12 years ago | (#3148589)

I think it depends on the size of the country and the number of people contained therein as well.

I do not know of which country you speak but without some sort of unique identifier for people in the U.S. things would get very confusing very quickly. I know because I work for a company that deals with Public Records and the sheer volumes of data that flow through our systems and into our database is staggering (into the 30 terabytes so far)!

USA's abuse of SSN not a problem in Hong Kong (2, Interesting)

armie (32968) | more than 12 years ago | (#3148527)

This government learned nothing from the USA's abuse of the Social Security number, this is much worse.
ID cards are have been mandatory in Hong Kong for a very long time - they were just not "smart" yet.
Identidy theft/number abuse is NOT a problem.

question for michael (2, Insightful)

BigBir3d (454486) | more than 12 years ago | (#3148528)

Do you have a driver's license?

What is on that?

Mine has; name, birthdate, address, height, weight, sex, eye color, date issued, organ donor status (yes), class, picture of me, and my signature.

And the state that it is issued in has my social security number, car information, insurance information at the dmv.

We have long been in this horrible place that people have only started to worry about since 09/11/2001.

The Slashdot Effect. (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3148534)

The Slashdot Effect. [nedstatbasic.net]

Oh, They've Learned, All Right.... (2)

Steve B (42864) | more than 12 years ago | (#3148536)

This government learned nothing from the USA's abuse of the Social Security number

Er, what makes you think that these abuses aren't precisely what the government wants to emulate?

one more step... the next one is the implant (0)

Anonymous Coward | more than 12 years ago | (#3148537)

And he causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name. Here is wisdom. Let him who has understanding calculate the number of the beast, for it is the number of a man: His number is 666.

Security Issues... (2, Interesting)

SGDarkKnight (253157) | more than 12 years ago | (#3148543)

well im sure everyone is thinking somewhere along the same lines of security issues with these cards. What will happen if someone is able to sucessfully duplicate an individuals card. The information has to be kept somewhere, and if that database ever gets hacked, say goodbye to everything - credit card numbers, back account information, health issues that could arrise from having all your health and medical conditions kept on this one card - - On the plus side i'm sure there is going to be lots of bounus to the card as well. Bac kto the medical reasons, anyone that carries their card could have all the treatment proceduers for that "rare life threating disease" they may have. I think it would be a major toss up, the list of pros and cons could go on for a very long time.

Whats so different? (1)

Milkyman (246513) | more than 12 years ago | (#3148547)

Hong kong has had mandatory ID cards for years, mostly to make sure you werent a mainlander who was there illegally. It's not much of a leap from that to this.

If you thought your info was easy to steal now... (1)

Romancer (19668) | more than 12 years ago | (#3148549)

If you thought your info was easy to steal now...
Just wait till identity theft takes a new turn in the digital age.

Just as the low bandwidth high quality of MP3s allowed the easy download of billions of songs,
I can only imagine how easy it will be for criminals to get their hands on the info stored in those cards, all they need is a reader and a storefront to rake in the identities, turn around and burn their own smart cards, and guess what SHOPPING TIME, YOU'RE DIVORCED, YOUR MARRIED YOUR DEAD, YOUR IN GUAM!

Re:If you thought your info was easy to steal now. (0)

Anonymous Coward | more than 12 years ago | (#3148563)

so then the only solution is an implant...

or the mark of the beast...


Hong Kong already HAS mandatory ID cards (5, Informative)

indecision (21439) | more than 12 years ago | (#3148576)

I lived in Hong Kong for 18 years; everyone over the age of 16 has to carry an ID card, with your ID number, photo, name, and date of birth. The ID cards are also proof of a right of abode in Hong Kong, like a birth certificate in the UK.

So this change is limited to putting a smart chip in a card people already carry.

Not that its not dangerous -- there are a whole load of risks associated with people not knowing what information they are giving up whenever they show it (though there are laws about who is allowed to request it), as opposed to a print-only card where its obvious what you are showing.


Top stuff indeed (0)

Anonymous Coward | more than 12 years ago | (#3148581)

Now if only we could implement a system like this is Britain. With our losses of GBP£8bn per year, this sort of system could be used to help reduce benefit fraud, illegal immigration, monitor health service usage... In fact, with some well written tools, this data could be used *positvely* to target health care resources where they are most needed. Also, having your criminal record tagged to smart cards could also be used by a potential employer to verify your background. This can be a useful means of keeping dishonest employees out of the workforce. There will be loads of people out there screaming "big brother", "1984" and that "sacrifice liberty for safety" quote, but when you look at the benefits of the system, I think it is a brilliant idea.

Re:Top stuff indeed (0)

Anonymous Coward | more than 12 years ago | (#3148604)

Sorry, that £8bn should have been tagged to "scoial security fraud". Too much haste!

Re:Top stuff indeed (0)

Anonymous Coward | more than 12 years ago | (#3148621)

And yes, I should have learned to spell too!

Re:Top stuff indeed (2)

mpe (36238) | more than 12 years ago | (#3148742)

With our losses of GBP£8bn per year, this sort of system could be used to help reduce benefit fraud, illegal immigration, monitor health service usage...

How do you design an ID which is cheap enough to issue to 60 million people. But hard to forge? Even if you have system where the ID is simply a key to a database how do you then ensure that the database is secure? Especially if you only have one database used for everything...
It's quite possible that this will deter the casual criminal whilst making things far easier for organised crime (including terrorism).

Hmmm... in a communist country (2)

truthsearch (249536) | more than 12 years ago | (#3148594)

And no one in the US who's proposing mandatory id cards considers the fact that one of the first implementations comes from a communist country. Yes, Hong Kong was once British territory and their governement probably hasn't changed that much, but they are still under communist rule. This is a TRUE example of 1984, just a little late.

My concern for the people of Hong Kong is less about theft than government control. I hope our representatives are watching closely the actions of the largest communist country in the world. I can't wait to hear a politician say "Well if it worked for China, why not here?" My biggest fear comes from our country eventually attempting the same thing here and how similarly it'll probably get abused by the government.

control? I think yes. (2)

LWolenczak (10527) | more than 12 years ago | (#3148596)

What do you expect from a goverment that is focused on control of the masses?

Paradox (1)

Alien54 (180860) | more than 12 years ago | (#3148597)

here is a possible paradox:

1) The US is a country with possible the greatest level of personal freedoams in history (maybe not, YMMV)
2) The US is a country where the Government has access to more information on people than has even been possible in history.

Typically, in the past Lots of government information = no personal freedom, a very repressive society, etc.

David Brin [davidbrin.com] 's take on this is that there are several other factors involved in this that expalin the apparent parradox, the primary of which is the access to information about the government is also the highest it has ever been, at least in the US.

He has a number of articles online dealing on the issue of privacy [davidbrin.com] . In my mind, to a certain extent it is a war where the government is trying to hold on to it's secrets. This is kinda obvious in China, where alot of corruption is hidden as state secrets.

Not that this would _ever_ take place place in the USA.

on the other hand, I do not know how "transparent" a world I am currently comfortable with.

Worried about forgeries??? (1)

kannen (98813) | more than 12 years ago | (#3148598)

I'm not sure I understand why it is that if they are worried about forgeries, they wouldn't keep data like fingerprints in an online database. (The article specifically said they were not going to keep such data in a government database, in case it was hacked.) It seems that there ought to be a way to verify that the data that is on the card is in fact data that was placed there by the government when the card was issued.

Furthermore, if they are worried that a cracker might access the government data and change it, then they should also create a backup of that data on a permanent storage (ROM) device, like on a CD. That way, they can always check to make sure the government database data is in fact correct.

Without allowing for a way to easily cross check the data on the smart card with data held elsewhere, this ID card will be of little use to anyone, since there will be no guarantee that the card is accurately identifying the card holder as a citizen. In other words, there is no guard against false positives. It has the same limitations as paper Social Security cards, as there is no way to authenticate that the ID card itself is legitimate.

Losing touch with reality? (1)

Jonny_Haircut (558908) | more than 12 years ago | (#3148600)

Why does everyone bring up 1984 like it's the fucking gospel? I seem to recall an essay by Asimov (can't remember the title, and I can't go find it cause I'm at work) that advocates the use of this kind of ID card. He brings up many cogent points, at least grounded in reality.

I'm not particularly afraid of this kind of thing. It seems to be basically all the same information you would already have to carry around, just in one place. Okay, sure - you wouldn't want to lose it - but I don't see how this is in any way the first sign of the apocalypse!

Ah, whatever - Flame away...

Re:Losing touch with reality? (1)

simetra (155655) | more than 12 years ago | (#3148713)

I agree. Everytime any technology is mentioned on /. which refers to personal information, a thousand whiny ass geeks start bawling about 1984, how the government is the great evil, blah blah blah blah blah.

Please! Get a grip! You're not that interesting! The government 1) isn't an evil monolith - you vote for people you want to represent you... 2) has way more important things to worry about than your Star Trek DVD collection.

birthday_S_? (2)

Erich (151) | more than 12 years ago | (#3148602)

embedded computer chips that hold names, pictures and birthdates
How do you have more than one birthday?

Do they count the day that Christians profess faith or something?

Maybe they have conception day on there, too?

Or does it hold other people's birthdays?

Can it beep to remind you that it's your friend's birthday and you're a big slacker and didn't get them a present?

It would be like an ID card and PDA in one!

Re:birthday_S_? (1)

SGDarkKnight (253157) | more than 12 years ago | (#3148653)

come on now, im pretty sure that they made the statement in general. Like your drivers licence has your birthday on it and my d.v. has my birthday on it, therefore d.v.'s in general hold information like names, address's and birthdays. I dont think he ment it as the cards will hold multiple birthdays... or where you just being sarcastic?

Makes a lot of sense in Hong Kong (1)

Abreu (173023) | more than 12 years ago | (#3148618)

Remember that Hong Kong residents have a lot of rights that the rest of the chinese simply do not have. The border with continental China has always been one of the most guarded ever.

In situations like this, a mandatory ID card makes a lot of sense. As a matter of fact, they have always had an ID card, its only smarter now.

Forging Cards (2)

regen (124808) | more than 12 years ago | (#3148627)

I think one of the biggest problems will be that of forged cards. If the cards are going to be trusted absolutely, which the article implies by saying that you will be able to enter and leave HK using the card at a kiosk, no human oversite, then if a sucessful forgery is made, all cards become untrustworthy.

They don't describe how the system protects against forgery, but the do talk about information only being stored on the card. No central database to check against. This seems rather unsafe to me and a poor way to implement an identification mechanism.

unlooper (0)

Anonymous Coward | more than 12 years ago | (#3148634)

these are probibly not mutch different than hu cards dss uses it should be a very short time before people can change the information on them.

UK identity card proposals (1)

GCU Friendly Fire (563491) | more than 12 years ago | (#3148637)

The UK government last month proposed a compulsory-to-own card [bbc.co.uk] , which need not be carried. Consultation papers should be released some time in the Spring or Summer. here [ccta.gov.uk] is the Home Office Press Release.

The Octopus (1)

nounderscores (246517) | more than 12 years ago | (#3148648)


I wonder if the world acclaimed octopus smart proximity card ticketing system suffers from the identiy theft problem which you so fear. anyone here used it?

Data (2)

Wire Tap (61370) | more than 12 years ago | (#3148649)

If the card is stolen, officials say the data on the chip can't be easily retrieved.

A few notes here:

1) Why would the data have to be "retrieved"? Is the person whose card was compromised at some loss here? Will he forget his hair color? His age? I don't think so.

2) Database? Surely if this information is used for emigration purposes (to speed up entry into the coutry, as per the article), it must be checked against a database of the same information. Backup anyone? Just go get a new card. No need for retrieval.

I could be missing something blazingly obvious, but I just don't see it. Why any concern at all about retrievability?

A Poor Example (2)

pinkUZI (515787) | more than 12 years ago | (#3148650)

This government learned nothing from the USA's abuse of the Social Security number.

How could we expect them to learn anything when we have Congressman screaming "National ID" since 9/11. The article itself mentions the USA as considering a national ID.

First step? (1)

Styros (144779) | more than 12 years ago | (#3148657)

I personally think this will be the first step. I think everybody knows that these cards will be tampered with. But, the technology will work. The convenience factor would be too much for ordinary people and governments to pass up. They just need a more tamper proof solution, which will lead to someone suggesting that those smart chips be implanted. It's only a matter of time.

SmartCards are capable of tracking you (1)

insane8 (563668) | more than 12 years ago | (#3148664)

I used to work for a fortune 500 and they had very tight security. ID cards with an embeded chip was mandatory at all times and you had to log in and out of the building. Me an some of my friends noticed that the readers could be magnified to read cards from a couple feet away and still give the green light. What this means is that theoretically, the government could place these readers in the entrances to the subway or to office/gov buildings and see who is comming in or out if your card is in your wallet!!! this also opens up a whole new line of corperate spying/marketing.. A store could simply place a few of these readers strategically in there narrow enterance and every time you entered, they would have all of your personal information and be able to track your shopping habits .etc.. The things they could do are endless!! this is the problem with smart cards as opposed to magnetic stripes.. smart cards do not require contact to be read.. a criminal just needs to walk by you to steal you data/credit info/identity!!

6/4/89 (1)

Konster (252488) | more than 12 years ago | (#3148667)

The Chinese government would use this technology in ways that would benefit everyone [christusrex.org] .

Already cracked. (4, Interesting)

Noryungi (70322) | more than 12 years ago | (#3148670)

From what I can see on the picture (not clear), the cards are standardized "smart"-chip cards.

These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.

All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?

If such a card was introduced in, say, the European Union, citizens would probably have the right to:
  • A. Refuse to show your card or swipe it in a card reader unless the person in front of you could produce reasonable evidence he/she is works for a law enforcement agency. That excludes giving your card to a merchant in order to buy something, for instance.
  • B. Access all data which is contained on the card, and requests modifications and/or removal of sensitive information.

I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.

Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...

So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.

Regarding the Hackability of these cards (2, Informative)

spaten-optimator (560694) | more than 12 years ago | (#3148674)

From the CNN article: If the card is stolen, officials say the data on the chip can't be easily retrieved. This is probably not true. Check out:

Tamperproofing of Chip Card(s) [infowar.com] - abstract: There are two ways of attacking smartcards - destructive reverse engineering of the silicon circuit (including the contents of ROM), and discovering the memory contents by other means; a well equipped laboratory can do both. Persistent amateurs have often managed the latter, and may shortly be able to do the former as well.

Tamper Resistance - a Cautionary Note [cam.ac.uk] - abstract: An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems - some old, some new and some that are simply little known outside the chip testing community. We conclude that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as `the most secure processor generally available' turns out to be vulnerable. Designers of secure systems should consider the consequences with care.

With any cryptographic system, it all comes down to one concept: time. With enough time and resources, these cards CAN be broken, overwritten, you name it. We have seen ubiquitous evidence [distributed.net] that even the strongest cryptography can be broken in time. HK is planning on using these SmartCards as digital passports. "Smart card holders will speed through Hong Kong immigration, using self-service kiosks that match digital biometric data on the card against the cardholder's fingerprint image read by a scanner."

The scariest part, for me, is that HK is setting a precedent. And it won't take long for other countries to jump on the bandwagon.

I had a Hong Kong ID card (1)

mathematician (14765) | more than 12 years ago | (#3148681)

I worked for three months in Hong Kong in 1984, and I had to get an ID card. I still have it today, although it has long since expired. When they took the photograph of me, they spent several minutes touching up the photograph. They also insisted that I take off my glasses. It is one of the most flattering photos of myself that I have ever had.

I also still retain my bank account card. I left HK$10 in that account (about 1 English pound, or US$1.7). I wonder if that account still exists today?

I would rather see the use of DNA ID. (2)

LordZardoz (155141) | more than 12 years ago | (#3148700)

A DNA identification system would probably be best. You do not need to carry a card, or remember some arbitrary number. It would be very difficult for someone else to impersonate you.

The real problem is in how much information should be allowed to any given individual or organization, and how long that information is kept on file. Its one thing for a Bank to learn that you have a history of defaulting on loans. But does a bank really need to know that you were arrested for Possession of a Controled substance and spent 2 years in Prison 15 years ago?

ID's should not be smart. They should only give you enough information that you can positively identify a person and gain access to the information. DNA ID could do that, and if the control of DNA reading equipment was very tightly regulated, there would not be many chances for abuse.


I don't see the problem here (2)

osgeek (239988) | more than 12 years ago | (#3148721)

This government learned nothing from the USA's abuse of the Social Security number

Well, what we learned is that a publicly available identification number shouldn't be used as a password for banks, credit card approval, etc.

We didn't learn that it's necessarily bad to have a national ID.

Personally, I don't see what's wrong with having identifying information on a fairly secure smart card.

Now, being required to carry it everywhere would be a bit more of a hassle than I'd want to endure, but then again, AFAIK the police here in the states can take you in for minor infractions if you don't have any identification on you.

Beta test... (2)

GodHead (101109) | more than 12 years ago | (#3148725)

These are just pilot projects for the one-world government to iron out the kinks before giving all of us these IDs. You KNOW it's the truth! The only way to protect youself from the mind-reading space-stations is to buy one of my Open-Source shiney foil hats.

Don't bother calling, just think of your credit card number REAL hard and we'll direct bill it right away...

Malaysia already has them (1)

flashk (541151) | more than 12 years ago | (#3148735)

We have had them for a while now. Right now we have personal details and currently we can also add our driver's license to it. Since all Malaysians have to carry a mandatory indentification card, it's no big deal and having your license on it is convenient too.

It also has space for future applictions such as health records, electronic cash, a prepaid travel card for selected trains, buses and highway tolls.

As for security, the government assures us that the information is stored and encrypted seperately so that there is no central backdoor (like Clipper) to different departments to get hands to track what you spend and where you are going. Considering Malaysia's human rights record, I'm rather worried about this one. Driver's license and ID card and health is ok for me, but the electronic cash and other forms of transction based functions are rather worrying in the wrong hands.

First Smart ID! (1)

Lawrence Ho (111834) | more than 12 years ago | (#3148750)

Anyway, it is not news for me. I welcome the Hong Kong SAR Government to introduce Smart ID cards. It is very very troublesome to carry all kinds of cards around in my wallet. The new Smart ID will combine my ID card, driving licence and library card into one!

I have long enjoyed the convenience of Octopus, a smart card to travel around and buy things in convenience stores without the need of heavy coins. This certainly made every Hong Konger's life easier and happier. Given such a successful story, I think the Smart ID will be widely accepted, just like Octopus.

IIRC, about a million Smart IDs will be issued during the trial period, before the official launch. I will be happy to be one of the tester of this new technology!

Good for them... (0)

Anonymous Coward | more than 12 years ago | (#3148760)

Let's see... We have a driver's license that has our Name, Address, Date of Birth, height, weight, hair color, eye color, gender, photo and signature -- as well as a unique identification number. This information is available to authorities on a national level.

If you've ever applied for a clearance or government job, been arrested, driven a taxi, or applied for citizenship, etc., the government already has your fingerprints on file. This information is available to authorities on a national level.

Do you have a bank account or credit card? Bought a house? Bought a car? Registered to vote? Filled out a draft card when you turned 18? Filed your taxes? Guess what? This information is available to authorities on a national level.

Not only do the authorities have access to this information, but so do malicious persons in the right place at the right time asking the right questions or breaking the right rules. Identity theft happens all the time, and it probably won't be any different with a national ID card system -- unless the system can be made better through technology and the never-ending pursuit of a more efficient and secure way.

With advances in technology, there are always going to be a select group of people that will try and break it -- and some will succeed. This will only work in the favor of advancement, though. If we are left to believe that a system is unbreakable, without the chance to *prove* that it is unbreakable (whether legally or not) then we have truly had the wool pulled over our eyes.

I applaud the notion of an all-in-one identification card. If it means that my identity is secured just a little more than it is with the current system, isn't it worth trying?

They learned a lot (2)

Shotgun (30919) | more than 12 years ago | (#3148761)

This government learned nothing from the USA's abuse of the Social Security number

Pull your head out of your computer and look around for a while. The Hong Kong politicos learned a great deal from the US system. They learned that people are sheep and will take anything if you slip it in slow enough. They learned that if you promise bread and circuses that they will even help you insert the object. They learned that once a system has been in place a while that the people will accept the reduction of their citizenship to chattel as gospel and a requirement to efficient government. They learned that an overbearing central government can be made stronger and more power delivered to fewer people if the people are reduced to interchangeable numbers. But most of all, they learned that people are sheep and will respond well to an idiot smiling about being reduced to a statistic. ("See, I got my check. Isn't the government so nice to give me money for nothing. What do you mean the government had to take the money from someone else? The government doesn't have to do that, 'cause the government can MAKE money")

How can you begin to think that the other countries would not pick up on these valuable lessons that the US government has provided for the world.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?