True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors.
The Copenhagen Post quoted Jonathan Jørgensen:
It’s difficult to imagine that this will give citizens much of a headache. It’s only the state police [Rigspolitiet] that has access to the encryption key to where the error is found, and many affected citizens have probably travelled with their passports without any problems.
According to the local news outlet, the fingerprint errors were discovered, by chance, in 2017 by a citizen. The mistake occurs in passports issued between 2014 and 2017.
Denmark introduced biometric passports in 2011, containing digital photos, fingerprints and signatures. The purpose is to fend off identity theft and passport forgery, as well as to fight a roster of other crimes:
The decision to introduce fingerprints in passports has been made at central level in the EU as part of the combat against terrorism, human trade, human trafficking, illegal immigration and other transnational crime. With the new biometric passport Danish citizens are secured the possibility to travel to countries which in the future will demand this type of passport for entry.
Police are looking into whether or not the quarter-million affected passports will need to be replaced. If they do, who’s going to pay for it? They’re discussing that with Kube Data, reportedly trying to make sure that the cost of passport replacement doesn’t come out of Danish citizens’ pockets.
We’ve heard from at least one think tank that has called the stuttering rollout of digital identity a mess. But aside from governments’ unsteady rollout, what about the security of the passports themselves?
As of mid-2018, e-passports had been rolled out in more than 150 countries, according to one vendor. Gemalto says that the future will bring e-passports that will soon store travel information such as eVisas and entry/exit stamps. Plus, with the upcoming version 2 of the logical data structure protocol (LDS2), they’ll move from read-only to read and write.
In other words, they’ll store even more than biometrics.
Let’s hope that Kube Data’s optimism about this left-to-right fingerprint swap is warranted. It’s a bit unnerving to think that errors can creep into encrypted data with the passport holder blissfully unaware – and unable to check – that something about their identity is wrongly recorded.
Anonymous
This doesn’t make a whole lot of sense. First of all, if only the Danish police can encrypt this, how did a citizen notice it? Also, it seems that putting in “if year between 2014 and 2017 then swap hands” logic would be cheaper than reissuing all the passports. The story is probably missing something.
Paul Ducklin
Maybe someone noticed because they were asked to present their fingerprints, used the wrong hand by mistake, realised it worked but when they used the correct hand it didn’t…
Assuming you weren’t being arrested and the mood were light enough, you might ask someone else in the vicinity to try their passport “backwards” and come up with a theory as to why.
Presuambly the fingerpints aren’t widely accessed if this took 3 years to emerge.
Tony Gore
Well the facial recognition on my passport only works about 20% of the time. So I have to queue up for the biometric gate, wait a long time whilst it fails, and then queue for one of the rare humans who can tell in a fraction of a second that it is me. I did hear that at one point, the threshold at one airport (which I won’t name) was set low and was really only getting a positive ID on 30% of the people to prevent the queues building up. Same airport has had times when all the electronic gates have been switched off and it backed up so much that people were being kept on buses for half an hour before they could even get into the airport.
Jan Boula
There can be multiple reasons why the success rate is so low. When your photo is taken (for passport, ID, drivers license), it is done in ideal conditions – perfect lightning, you stand/sit still etc. The photo is evaluated by the system as good when it passes ICAO checks (you can lookup ICAO standards). That being said, photo in your passport chip is near perfect.
On the other hand, at the airport, you don’t have the same conditions to take a photo. There is no flash, so shutter speed is slow (causing slight motion in photo), lightning is not uniform, person could have blinked with an eye, mount not closed etc. Those are little things that makes a big difference when it comes to comparing those photos. It is all matter of fine tuning the settings of the gate and software for facial comparison.
Don’t worry, your passport is totally fine.
Bryan
> who’s going to pay for it?
More importantly, who’s gonna replace my travel stamps?
anonymous coward
+1
Jan Boula
The encryption key is used to get to the data. Not that fingerprint is part of the data. Your misunderstanding of the statement, possibly translation, led you to wrong conclusion: “can creep into the encryption key”
Paul Ducklin
I edited that bit for clarity. Thanks for the comment.
Anonymous
Sir hello can i still get oassport even if my fingerprints arent readable?