PrivacyMatters/UnforgeableIdCards

You need to be sure that you can revoke signing keys, and hence all cards signed by them - since otherwise a single office could produce a billion fake cards.  More to the point, you need a good system for saying "Go away - you aren't granny smith, you're applying for a fake card."  The basic point is fair though - if we get a card system, it should be strong.  Otherwise, like, duh.  Best of all would be transferrable capabilities, and free identity.  My work identity and my social identity don't need to be the same.  And why not allow granny Smith to delegate someone else to collect her bus pass?  --Vitenka

• Master key
  

This could probably be protected. Precedent: VISA signing keys.

My favourite way to do this would be to have the key in three locations (one primary, two backup).  In each location the key is split into three parts, each held by a separate key holder.  The key holders only meet up every 6 months to sign the new branch keys.  Meaning to get the key you would have to steal from/blackmail/corrupt three seperate people simultaneously. --DR

• Branch keys
  

Lots of precedent in banking industry for branch keys being retrieved and/or abused by insiders, either by collusion or by exploting bugs in the crypto. What happens if someone gains access to branch equipment? Sure, you can revoke the key, but by that time they've bootstrapped new identities, borrowed lots of money and gone off to Jamaica.

Hmm, how long would it take from a fraudster using a faked ID to this being discovered?  If the benefit office hand held verifiers are updated regularly (say once a week when their batteries are recharged) this should not be too big a disaster.  --DR

Uh - you're missing the point. If they nick the branch keys, they can issue valid IDs. Because the IDs aren't faked, verifiers wouldn't help. As for how long it takes to discover someone's nicked the branch key - that's presumably not going to happen until an investigation starts, and an investigation isn't going to start while everything looks OK - that is, until they've made off with the cash. How long does it take to arrange a few loans these days? - MoonShadow

• Identity bootstrapping
  

How do you establish identity for issuing the card in the first place? Plenty of precedent for identity theft by bootstrapping "legal documents of identity" from things found in dumpsters in the US right now. ID card becomes just one more document at the top of the bootstrapping chain. It is a fallacy to assume this will only need to happen once. Suppose someone breaks into a branch office, steals equipment, waits for the keys to be revoked and mail sent to appropriate legitimate cardholders telling them to obtain new cards, then an accomplice presents themselves as a legitimate cardholder?

True.  Though it would be interesting if, after the first 6 months of the scheme, the two professionals (who are not family members) that you need as witnesses to your identity must also produce their ID cards, thus building a web.

• Biometrics
  

If they are in a central online database, that becomes a single point of attack. See online credit card databases vs Russian hackers for precedent. If they are in the cards, this does not render them exempt from tweaks - see the satellite set-top box subscription smartcard saga for details. They do not necessarily need tweaking - we still can't do reliable automatic biometrics at all, and humans comparing faces to photos has also been shown to be unreliable if the perp goes to some slight modicum of effort to nick the card from someone with similar colour skin, hair and face shape to them.

Can you expand on this?  I'm not sure I understand you.  I would think that the biometric data would be on the card, and would be signed by the issuing office (thus tampering would invalidate the signature).  The only thing on the central database is a list of the keys that have been revoked.  Everyone already has the public partner of the private master key, and all signatures are derivable from that. --DR

• voice recognition - mikes are cheaper than cameras
  

What happens in conditions with lots of background noise? What happens if a legitimate user gets a cold?

• signatures - have a person sign on one of those pads that lets you match not just the shape of the signature, but also pen pressure and velocity changes.
  

What happens if a legitimate user sprains their arm? Also, signatures change over time. Does this mean the data on your card will need to be regularly updated?

• display a picture - what with jpeg compression you could have a lot better (bigger) picture than passport photographs.
  

People aren't very good at matching faces, according to [studies] [2] and[anecdotal evidence]...

In general, they all have the same problem - they're hard to do reliably with current technology. Remember, you have to rarely reject legitimate users as well as rarely accept false ones, otherwise your users will force you to fall back to "the old way of doing things that at least worked" - studies sponsored by biometric equipment makers usually only quote the latter rates; and they have to work in real-world conditions. See the links elsewhere on the pages in this namespace for news reports on fiascos that inevitably occur whenever someone attempts to introduce biometric tech on a large scale. - MoonShadow

• General issues
  

• Face-from-a-crowd issues
  

On that note, the [latest government proposal] says the costs - and hence the amount UK-resident ToothyWikizens will be forced to pay to get their shiny ID cards - are even higher than previously estimated, while mentioning in passing that the best available technology for matching iris prints on an ID card to a person only has a 96% success rate and the rates for the other biometrics on the card are worse (and the Grauniad article doesn't mention whether that's false positives or false negatives; either way, imagine the usefulness of that in a check-in line at Heathrow.. Oh, and it takes an average of eight minutes to scan a person. Remind me what it is we're meant to be getting for our money again?) - MoonShadow