The biometric passport (also known as electronic passport , or ePassport for short ) is a combination of a paper-based passport with electronic components (hence the preceding "e" for "electronic"). The ePassport contains biometric data that is used to identify a traveler. The worldwide introduction of biometric passports was requested by the US authorities after the terrorist attacks of September 11, 2001 .
History of origin
Since 1998, the international civil aviation authority International Civil Aviation Organization (ICAO), a specialized agency of the United Nations , has been dealing with electronically evaluable biometric features in machine-readable travel documents . 2003 this led to the idea of a (under the name "Blueprint" Engl. For " Plan ") became known recommendation. It calls on all members of the United Nations to electronically save biometric features of the holder on the travel document in future. Criteria for the selection of the technologies to be used are: worldwide interoperability , uniformity, technical reliability, practicability and durability. The four central points of the "Blueprint" are the use of contactless chips ( RFID ), the digital storage of the photo on these chips, with additional features such as fingerprints or iris patterns of the eyes , the use of a defined logical data structure , LDS) and a method for managing digital access keys ( public key infrastructure , PKI). The specifications were summarized in the further development of the ICAO standard 9303.
On December 13, 2004, the Council of the European Union decided, in response to political pressure from the United States, which threatened the loss of the visa-free regime for European travelers, to equip the passports of the member states with machine-readable biometric data of the holder in accordance with this standard. On June 22, 2005, the German Federal Cabinet approved a proposal by the then Federal Minister of the Interior, Otto Schily ( SPD ), to introduce such a passport, which described it as an “important step on the way to using the great advances in biometrics for internal security ”.
This reason is controversial. It is argued that the German passport was considered to be one of the most forgery-proof documents worldwide even before biometrics. For example, there is no known terrorist act in Europe that a forged German passport or identity card was used to carry out . This is countered by the fact that the RAF terrorists regularly misused false or falsified documents. It should be noted, however, that at the time of the RAF, the generations of identification documents (green passport, gray identity card) that were long outdated - at that time still handwritten in some cases - were state of the art.
The Council of the European Union made the recording of facial images and fingerprints in electronic form mandatory in Council Regulation No. 2252/2004 of 13 December 2004 on standards for security features and biometric data in passports and travel documents issued by the Member States . Since the EC regulation provides for the electronic storage of biometric data in the passport, the draft aims for a consistently electronic passport application process. This legal act does not apply to the EU countries Denmark , Ireland and the United Kingdom . However, it is used in the EU-associated countries Iceland , Liechtenstein , Norway and Switzerland .
Since November 1, 2005, travel documents with biometric data have been issued by the Federal Republic of Germany . The passports contain a chip that initially only saved a digital photo with the facial features of the passport holder. A biometric passport photo is required for this. Since November 1, 2007, two fingerprints have been digitally integrated, and a scan of the iris could be added later .
The child's passport does not contain a chip with biometric features, but the passport photo must be biometric.
On June 8, 2007, the Federal Council spread the idea in a message that biometric passports should be introduced in Switzerland.
The Swiss Parliament had on 12 March 2008, the introduction of the new biometric Swiss passport endorsed (Passport 10) facial image and fingerprints from the middle of 2009 with 102 to 50 votes. On June 13, 2008, it approved the federal decree. All Swiss are still entitled to an inexpensive, non-biometric identity card without a chip. Fingerprints are stored centrally - the council rejected all requests from the left-wing green party aimed at increased data protection. The minority demanded that fingerprints not be stored in the central database of the Federal Office of Police . The Swiss data protection officer, Hanspeter Thür , opposed the central storage of biometric data, but is not against the storage on the chip in the passport. An individual application demanded that fingerprints should not be stored at the request of individual citizens. Federal Councilor Widmer-Schlumpf and the majority of the Council opposed this with the argument that abuse should be prevented. The forgery of ID has given way to ID sneaking. Only the storage of fingerprints prevents that.
At the referendum on May 17, 2009 , it was decided whether biometric passports should now be finally introduced. Federal Councilor Eveline Widmer-Schlumpf and Government Councilor Hans-Jürg Käser clearly stated why Switzerland had to introduce biometric passports. However, data protection concerns divided the people, which is why only 50.1% were in favor and 49.9% were against. The turnout was 38.77%.
On March 1, 2010, the Federal Decree on the approval and implementation of the exchange of notes between Switzerland and the European Community regarding the adoption of Regulation (EC) No. 2252/2004 on biometric passports and travel documents came into force.
The Swiss passport contains the following data:
- Official name ( alliance name , if requested)
- First name / s
- Date of birth
- a home town (if more than one, the desired one)
- Size (for children up to the age of 14, three asterisks appear in the ID card [***])
- Issuing authority
- Date of issuance
- Date of expiry of the validity
- ID number and type of ID
- Data chip with facial image and fingerprints is only included in the passport (fingerprints only if the holder is over twelve years old)
- Signature according to application (for IDK only). The signature must be affixed by hand in the passport; The signature is not absolutely necessary for children under the age of seven and persons unable to write. Passports of children or guardians may not be signed by the parents or guardians
- Official additions (if available in the application, only possible in the passport)
- Machine-readable zone (MRZ)
The September 11, 2001 terrorist attacks in the United States had many political and economic consequences. So was u. a. greatly accelerated the adoption of biometric travel documents, which are seen as a key to more effectively fighting organized crime and illegal immigration.
"All states [...] will prevent the movement of terrorists or terrorist groups by carrying out effective border controls and controlling the issuance of identity documents and travel documents and taking measures to prevent the counterfeiting, forgery or fraudulent use of identity documents and travel documents."
At the beginning of 2002 there was a corresponding amendment of the passport law in Germany, which from then on allowed the introduction of biometric features ( Federal Law Gazette I p. 361 ).
Also in 2002, the USA passed the Enhanced Border Security Act as part of the US Visit Program and obliged the 36 nations participating in its Visa Waiver Program (VWP) to introduce passports with storage by October 26, 2004 of biometric data according to the ICAO standards if they want to stay in the visa waiver program. In the course of further developments, the USA postponed the mandatory date twice, each time by one year, to October 26, 2006.
The international civil aviation authority ICAO was commissioned to develop guidelines for this purpose. These guidelines require the use of an RFID chip in the passport. The RFID chip should enable the storage and wireless transmission of data. Up until this point in time, the guideline represented a de facto standard. In the future, it is expected that this form of identification will become established worldwide.
In October 2004, the United States began collecting fingerprints and photos from all visa-required and most non-visa-required travelers. Entrants must register their left and right index fingers with a fingerprint scanner and have their faces photographed. The system then compares the data with a list of wanted people. This procedure should not only serve the fight against terrorism, but also make it possible to better monitor compliance with the residence permits issued. From this point onwards, travelers should present a machine-readable passport with biometric features in order to be able to enter the USA without a visa by simply filling out a form.
Purpose of introducing the ePassport
The then Federal Minister of the Interior, Otto Schily, described the following advantages of the new ePassport at a press conference in Berlin on June 1, 2005.
Increased security of travel documents
German passports were previously considered very forgery-proof. But that was of little use, as there was already a large gap in safety standards within the European Union. The aim is to prevent forged European passports from being used to commit crimes. This is why the ePassport is based on the high German standards, supplemented by an additional hurdle for forgery - biometrics. This was intended to define a new, high, EU-wide standard. In this way, on the one hand, a higher level of protection against forgery was achieved, and on the other hand, it was possible to check whether a document belongs to the person using it or not using biometrics.
Improved traveler identification
In the case of visa applicants, a thorough check must be carried out at the time of application to determine whether there are any doubts about their identity. In the future, biometric identification of visa applicants prior to entry will be the norm. By the end of 2007 the EU will set up a central visa information system in which the photographs and fingerprints of all applicants will be stored. With the help of the fingerprints, it is then determined before entry whether an applicant has already received a visa at an earlier point in time or was refused. Little by little, devices are being installed at all border crossings with the help of which a biometric comparison is possible - either between the document and the person using it, or between the traveler and a biometric database. The document will be used for EU citizens and visa-free travelers, while the visa information system will be accessible for visa holders. The use of fake Schengen visas or real Schengen visas of other people is made considerably more difficult.
Use of biometric tools in the search for people
With the help of identification services, the federal and state police forces can already take fingerprints and photographs of suspects and compare them with the files in the Federal Criminal Police Office . With biometric technologies, providing biometric assistance to people tracking will be considerably easier. The desired technical expansion of the automated fingerprint identification system database to include the possibility of real-time searches in partial databases and the planned equipping of border crossings with fingerprint scanners will make it possible to carry out searches with fingerprints - in future also using mobile devices. To support cross-border searches, fingerprints and photos are also stored in the next generation of the Europe-wide police information system - Schengen Information System II (SIS). The aim here is to carry out search queries in the SIS on the basis of such biometric data in a future development stage of the SIS.
Easier travel through biometric-based controls
The technical support of border controls through biometrics can be used to facilitate the control of trustworthy persons - saving time for travelers and the federal police . However, currently (as of the end of 2015) the federal police do not collect fingerprints or biometric facial features as standard upon entry or compare them electronically with the biometric data stored in the travel documents. A time saving is in fact not so far.
Security features of the ePassport
Radio frequency identification
The new electronic passport is equipped with a radio frequency (RF) chip. This RF chip is a certified security chip with a cryptographic coprocessor, on which biometric features are stored in addition to the previously common passport data.
In the first stage of the EU passport, the following personal data were stored in the RF chip: the name, birthday, gender and facial image of the holder. Now all this data in machine-readable form in which are machine readable zone (Engl. Machine Readable Zone [MAR]) on the data page of the passport included (with the exception of the face image which, although printed on the data page, but only conditionally machine readable).
RFID (Radio Frequency Identification) is a method for the automatic identification of objects via radio. The use of RFID systems is basically suitable wherever automatic identification, recognition, registration, storage, monitoring or transport is required.
Every RFID system is defined by the following properties:
- Electronic identification - the system enables objects to be clearly identified using electronically stored data.
- Contactless data transmission - the data can be read out wirelessly via a radio frequency channel to identify the object.
- Send on demand - A marked object only sends its data if a reader device intended for it calls this process.
From a technological point of view, an RFID system consists of two components, a transponder and a reader:
- The transponder is the actual data carrier. It is integrated into an object (e.g. a chip card) and can be read out and rewritten without contact using radio technology. Basically, the transponder consists of an integrated circuit and a radio frequency module. An identification number and other data about the transponder itself or the object to which it is connected are stored on the transponder.
- Depending on the technology used, the reader consists of a reader or a write / read unit and an antenna. It reads data from the transponder and possibly instructs the transponder to save further data. The reader also controls the quality of the data transmission. The reading devices are typically equipped with an additional interface in order to forward the received data to another system (e.g. PC, machine control) and to process it there.
The mechanisms of access protection ensure that unauthorized reading of the data from the RF chip and eavesdropping on the communication are prevented. The term “unauthorized” must be differentiated more precisely: This primarily refers to access to the data in a passport book when it is closed, e.g. B. while the passport is in a travel bag (Basic Access Control) . For reading the fingerprint data from passports of the second level, this requirement is extended to the extent that access can only be made by authorized readers (Extended Access Control) .
Basic access control
This access protection is intended to reproduce exactly the properties of the previous passport for the data stored in the RF chip:
In order to be able to access the data stored in the RF chip, the reader must actually have optical access to the data page of the passport. Technically, this is implemented in that the reader has to authenticate itself to the RF chip. For this authentication, the reader needs a secret access key, which is calculated from the machine-readable zone of the passport. The reader must first optically read the machine-readable zone, calculate the access key from this and only then can authenticate itself to the RF chip. The MRZ fields, which are secured against reading errors by means of check digits, are used in the calculation of the access key: the passport number, the holder's date of birth and the expiry date of the passport. Based on the current passport, the passport number is a nine-digit number, which means there are 10 9 options. There are approximately 365 × 10 2 options for the date of birth and 365 × 10 options for the expiry date - if the passport is valid for ten years. Overall, the strength of the access key can therefore be rated at around 56 bits (365 2 × 10 12 ≈ 2 56 ) and thus corresponds to the strength of a normal Data Encryption Standard (DES) key.
Extended Access Control
In the second stage of the EU passport, fingerprints are also stored on the RF chip. Such sensitive data require particularly strong protection and, above all, the specification of a narrow purpose limitation. Therefore, the specification of an extended access protection took place within the working group for the technical standardization of the EU passport. This extended access protection specifies an additional public key authentication mechanism with which the reader identifies itself as authorized to read fingerprints. To do this, the reader must be equipped with its own key pair and a certificate that can be verified by the RF chip. The rights of the reader are then precisely defined in this certificate. The country that issued the passport always determines which data a reader can access.
The integrity and authenticity of the data stored in the RF chip is secured by a digital signature , so that any form of manipulated data can be recognized. It can thus be checked that the signed data has been generated by an authorized body and has not been changed since it was generated.
A globally interoperable public key infrastructure (PKI) is required to sign and verify the digital documents . Each participating country generates a two-stage PKI, which consists of exactly one Country Signing CA (CA - Certification Authority ) and at least one Document Signer:
- Country Signing CA : In the context of passports, the Country Signing CA is the highest certification authority in a country. Internationally, there is no higher-level certification authority, as this is the only way to guarantee that each country has full control over its own keys. The key pair generated by the Country Signing CA is used exclusively for the certification of document signers. The country signing CA's private key has been used for three to five years. Corresponding to the validity of the passport, which is currently ten years, the associated public key must be valid between 13 and 15 years.
- Document Signer : Document signers are authorized to sign the digital documents, for example the printing works that also produce the physical documents. Every Document Signer has at least one key pair it has generated. The private key is only used to sign the digital documents; the public key must be certified by the national Country Signing CA. The document signer's private key can be used for a maximum of three months, so that if the key is compromised, as few passports as possible are affected by the effects. Accordingly, the associated public key must be valid for ten years and three months.
Biometric features in the ePassport
The new ePassport will contain two biometric features that can be used to identify the owner. One is a picture of the face and the other is two fingerprint images.
Recognizing people using biometric features is one approach to authenticating people. Biometrics can be used in addition to or as a replacement for conventional methods such as PIN / password and card or other tokens because the physical characteristics, in contrast to knowledge and property elements, are directly personal. The aim of biometric recognition is always to determine the identity of a person (identification) or to confirm or refute an alleged identity (verification).
Process for recognizing the iris was only developed in the mid-1980s. They came close to meeting the demands for facial recognition automation that the US Department of Defense put out to tender in 1994, which triggered the first wave of commercialization of biometric systems, which was followed by the development of market competition for corresponding products.
Overview of biometric features
Biometric characteristics can be divided into two groups of characteristics: characteristics typical of behavior and physiological characteristics.
The behavioral characteristics are called dynamic characteristics, as these change depending on the environment or the constitution of the person. Characteristics typical of behavior are the creation of a personal signature, the movement of the lips when speaking, the sound character of the voice, the gait and the typing behavior on a keyboard.
The physiological characteristics are so-called "static characteristics"; this means that they have an almost unchangeable structure. Physiological characteristics are the fingerprint, the hand geometry, that means for example the shape and dimensions of the fingers and the ball of the hand, the face and the arrangement of the attributes such B. nose, mouth, the iris , whose tissue pattern can be measured, the veins of the hand or fingers, whose blood vessel pattern can be measured, as well as the smell, the DNA and the blood.
Use in the ePassport
In relation to the biometric passport (ePassport), no characteristics typical of behavior can be used to identify a person. The reason is that, as previously described, these depend on the condition of the person and the environment. In addition, some features, such as a signature, can be mimicked very well with practice.
In the case of the physiological characteristics, characteristics that require physical intervention cannot be used. This means that human DNA and blood cannot be used for biometric recognition.
As a result, the following characteristics remain as possible characteristics:
- The fingerprint,
- the geometry of the hand,
- the face,
- the iris and
- the blood vessel pattern.
Out of these possibilities, the European Union decided to include a photo of the face (to recognize the face geometry) and fingerprints in the new biometric passports. In Germany, the new biometric passports contain:
- Since November 1, 2005 a picture of the face and
- since November 1, 2007 two additional fingerprint images.
The facial image was selected based on the recommendation of the UN Civil Aviation Organization (ICAO).
“Fingerprints as a second feature spoke of the high practical suitability of the acceptance and recognition systems developed for this purpose. It was necessary to set the EU on two biometric features to allow flexibility in control. In places where face recognition is not practical (for example in poor lighting conditions or when there is a crowd), verification using fingerprints should be possible. "
Implementation of a biometric recognition
First of all, the required biometric features must be recorded for the first time in order to be able to compare and recognize them later. For example, facial features are recorded by a camera, fingerprints by a fingerprint scanner. The registration authorities collect the data for the ePassport. These so-called raw data, i.e. images of the face and fingerprints, are stored on the RFID chip of the ePassport and can be compared during a passport control with the characteristics of the person who presents the passport available on the spot.
So that computer-aided systems can also use this data, the raw data are abstracted using mathematical and statistical processes so that the essential, characteristic features are available as so-called reference patterns or templates. A fingerprint, for example, is prepared in such a way that, despite the dirt particles, the grooves on the fingertips can be easily recognized and compared with them. However, it is not such templates that are saved directly on the ePassport, but the raw data, because the calculation methods differ greatly from one country to another. As an alternative, template-free, so-called “anonymous processes” are also being developed, in which no templates are created from raw data, but cryptographic keys are calculated. However, this development is still in its infancy.
Comparison of biometric features
The comparison of biometric features is based on the comparison of current biometric data and reference data that are stored on the RFID chip of the ePassport, for example.
Carrying out a matching
With so-called “matching”, a comparison is made between the template saved on the ePassport and the template that is created when the feature is presented to the biometric system again. If they match, the device reports that the matching is being carried out, recognizing the person who presented their biometric feature.
Change of a biometric feature
If a biometric feature is changed, such as a change in the fingerprint by injuring a finger, the biometric systems are able to adapt the reference data in the database. It is also important that biometric features must be secured against unauthorized access, as they can no longer be used to authenticate a specific person if they are generally known. Appropriate systems must ensure this.
Automated comparison of biometric features
Since biometric features are recorded and compared in large quantities on a daily basis, only computer-aided systems can be used for this purpose, as they can be used to cope with them in an acceptable time. As an example, the passport handling at a major airport should be considered at this point. When checking a biometric characteristic with a reference database, the computer offers several advantages:
- Repetitive, monotonous work is carried out by computer-aided systems in consistently high quality,
- the speed at which the work is carried out by a computerized system is many times faster than when it is carried out by one person,
- the computer-aided system is, in comparison to a person, able to record the smallest differences in the biometric characteristics and
- Computerized systems, in conjunction with a database, offer the possibility of protecting the biometric features from being accessed by third parties.
Tolerance range during the adjustment
An exact data comparison between the feature recorded for the first time and a recording carried out at a later point in time cannot be achieved. This is due to the fact that, on the one hand, the characteristics can change over time. For example, an iris with and without a contact lens is not recognized as identical. Second, the characteristics are never presented in the same way. The angle of view of the face is always a little different with each measurement, since a person is not a rigid object.
The actual decision as to whether or not there is a match is based on previously set parameters that form a tolerance range in which the biometric data are recognized by the system as "the same". The biometric features are not checked for equality, but only for "approximate similarity".
The consequence of this is that biometric systems can only determine with a system-typical probability whether the person is concerned.
If the comparison values fall outside the applicable tolerance range, an error occurs: either a “false reject” or a “false accept”. The probability with which this happens is called the False Rejection Rate (FRR) or the False Acceptance Rate (FAR) or the False Acceptance Rate.
Assessment of biometric systems
Biometric methods have both advantages and disadvantages, which are explained below:
Advantages of biometric methods
- Biometric features are personal. This means that a person is recognized by their individuality. They are linked to the person's body and do not have to be artificially assigned like a name.
Completely new and simpler forms of the resulting authentication of persons can be created from this. Think of “paying by fingerprint” or “access control using the iris”.
- The need “In a world that is increasingly communicating electronically, the need for trustworthy and automated personal identification is growing” can be met by the new biometric passport, i.e. the ePassport, as it helps to automatically identify a person - with the help of information technology can.
Disadvantages of biometric methods
- For the practical mass use of biometric systems, it must be ensured that the error rate of such systems is relatively low.
- Data security must be guaranteed. Should the biometric data stored on the chip fall into the hands of third parties, they are compromised and - in contrast to cryptographic keys - cannot be declared invalid or recreated.
- Lack of information transparency. Many people are not or only insufficiently informed about what happens to the biometric data when the check is over. Specifically, this question arises, for example, when entering the USA.
Jammers can interfere with communication between the biometric passport and the reader, which could hinder or prevent the data from being read out.
The chip on the biometric passport can be destroyed mechanically by kinking the ePassport or by exerting strong pressure on it. It remains to be seen whether, for example, stamping the biometric passport is a bigger problem.
The chip can also be destroyed by non-mechanical means. For example, the chip surface can be destroyed by an electrostatic charge. However, the cost of this type of destruction is very high.
Biometric information in MRTDs cannot be revoked. Since physical features such as the face or fingertips cannot easily be changed, once stolen biometric features can be misused for a long time.
A form of civil disobedience to the use of biometric features is also conceivable: citizens could declare their biometric features such as fingerprints and iris scans as public domains and upload them to a public database. These features would then be "burned" and could no longer be used for unambiguous identification.
Several scenarios are conceivable to circumvent the security features of the biometric passport:
- Fake passports from countries that do not use an ePassport
Since there are still many countries that do not use an ePassport, their citizens cannot access the biometric passport features when they are checked. In these cases, a forged passport cannot be recognized with the help of the biometric data.
- Entry through poorly guarded borders
Illegal immigrants will continue to come through poorly guarded national borders. The ePassport will not be able to prevent this.
The political parties in the German Bundestag do not agree on the inclusion of biometric features in the ePassport. Since the opposition has reservations about the amendment to the passport law, it was passed by the grand coalition on May 24, 2007 without the opposition's votes. The amendment to the Passport Act includes the inclusion of fingerprints in passports as a second biometric feature.
Another problem is the exchange of data with other countries. In principle, it cannot be guaranteed that other countries will not save the biometric data of the ePassport centrally and continue to use it for other purposes after passport control. If the federal government wants to avoid tensions with other states, it will find it difficult to oppose the use of biometric data when German citizens enter other states. However, the same problem arises when foreigners enter the Federal Republic and have their biometric data checked at the border.
ePassport and data protection
Data protection regulations
Groups that require access to biometric data include: a. private companies (e.g. airport operators, airlines) and security authorities (e.g. for law enforcement). The use of biometric data for these purposes is legally legitimized. In the following, the currently valid legal framework for keeping biometric data in government ID cards, their use and data protection requirements are listed.
According to(3) PassG, the ePassport may contain other biometric features of fingers, hands or face in addition to the photo and signature of the passport holder. These may also be brought into the passport in encrypted form using security procedures. The information about the person listed in (1) sentence 2 PassG may also be included in the passport in encrypted form using security procedures.
The three alternative biometric features are intended to enable the passport holder to be identified unequivocally. The improvement of identity documents by recording biometric features compared to previous identity cards is seen in the fact that identification through a mere visual comparison of features depends on the subjective perception of the control person. The ability to perceive could be impaired by other factors (e.g. photo quality, difference between image and reality due to age and changes in appearance due to glasses, hairstyle, beard).
The types of biometric features, their details and the inclusion of features and information in encrypted form in accordance with(3) PassG as well as the type of storage, other processing and use are regulated by federal law. A nationwide file will not be set up.
In accordance with Federal Data Protection Act (BDSG), this biometric data is personal (personal data), which means that it is only permitted to collect, store and process it if either a legal basis (in this case the PassG) or a voluntary one and informed consent of the person concerned is available.(1) of the
According to information from the Federal Commissioner for Data Protection, there is the possibility of using biometric data in accordance with data protection regulations. In terms of data protection law, the following points should be taken into account when using biometric features in the ePassport: Only those procedures should be used that largely rule out any disadvantage to certain groups of people; only the characteristics necessary for the later comparison and no excess information are recorded and stored; Unless otherwise specified by the application, only templates of the characteristics are saved; a strict purpose limitation of the data must be ensured; the data records are only processed in a secure environment (network, database); If possible, a central storage of the data is dispensed with, e.g. B. by storing the data on a chip card or ID card; only cooperative biometric procedures are used (the person to be checked must be actively included in the check, no covert recording); Comprehensive information on the entire application has been made by the group of people involved and there are legal regulations for use; the biometrics are not used to create movement and behavior profiles using evaluation programs; The procedures and security mechanisms are transparent; The biometric data must be protected from unauthorized access (use of encryption) and the data will be deleted immediately as soon as a person concerned no longer takes part in the application.
According to(1) PassG, the serial number and the check digits must not contain any data about the person of the passport holder or any references to such data; each pass receives a new serial number.
The application, issuance and issue of passports may not be used as an opportunity to save the information required for this except with the competent passport authorities. The same applies to the application documents required to issue the passport and to personal photographic data carriers ((2) PassG).
According to Bundesdruckerei and exclusively to prove the whereabouts of the passports. However, this may not permanently save the other information listed under (1) PassG. These may only be saved temporarily and exclusively for the production of the pass by Bundesdruckerei GmbH and must then be deleted.(3) PassG, centralized storage of all serial numbers may only take place at the
In accordance with(4) PassG, the serial numbers may not be used in such a way that they can be used to retrieve personal data from files or to link files. However, the passport authorities are allowed to use the serial numbers to retrieve personal data from their files. In addition, federal and state police authorities and agencies may use the serial numbers to retrieve the serial numbers stored in files for passports that have been declared invalid, have been lost or that are suspected of being used by unauthorized persons.
The encrypted features and information contained in the passport may only be read out and used in accordance with(4) PassG to check the authenticity of the document and to verify the identity of the passport holder. At the request of the passport holder, the passport authority must provide information about the content of the encrypted features and information.
Use in public areas
Authorities and other public bodies may not use the passport to automatically retrieve personal data in accordance with(1) PassG. Exceptions are the federal and state police authorities and the customs authorities (insofar as they perform border control tasks). These are entitled to use the passport within the scope of their tasks and powers to automatically retrieve personal data. This authorization is earmarked and may be used for border control and search or residence determination for reasons of criminal prosecution, execution of sentences or the defense against dangers to public security.
Furthermore, unless otherwise stipulated by law, personal data may not be saved in files when the passport is automatically read ((2) PassG).
Use in non-public areas
In the non-public area, the serial numbers must not be used in such a way that they can be used to retrieve personal data from files or to link files ((2) PassG). Furthermore, the passport may neither be used for automatic retrieval of personal data nor for automatic storage of personal data ( (3) PassG).
Criticisms under data protection law
- The Federal Commissioner for Data Protection considers it necessary that the biometric data is only saved in the passport itself and not in external files. At the national level, this requirement is met by a corresponding statutory regulation ( (5) PassG). Furthermore, the Federal Commissioner for Data Protection points out that international regulations on this problem have so far been pending, which would make it possible for foreign countries to save the biometric information of travelers after reading out their passports (in files, databases).
- Another point of criticism from the point of view of data protection is that conclusions can be drawn from the facial image about ethnic origin and certain illnesses and living conditions, which can be automatically evaluated with the help of the new biometric passport photo.
- With regard to the unauthorized reading of the biometric data, the Federal Commissioner for Data Protection warns that the data stored in the chip can be read out if the machine-readable zone of the passport is known. For further security, the communication between the reading system and the chip should therefore also be encrypted.
- With regard to the endangerment of the basic rights of the individual, it should be noted with the ePass that biometrics are not used voluntarily, but involuntarily, since the use of biometrics in the ePassport is prescribed by the state / legislature and thus every citizen is obliged to use their biometric features hand in and have it checked.
- Basic Law deals with the protected human dignity and could restrict the use of new technologies. This right is intended to prevent all expressions of a person's life from being monitored by technical means. Thehuman dignity protectedin GG is only violated if a control technique is used extensively and intensively for surveillance.
- Another point is the compatibility of biometrics in the ePassport with the right to informational self-determination . This right was developed by the Federal Constitutional Court due to the risks of automatic data processing and is intended to preserve the free development of personality and human dignity. The right to informational self-determination should enable the individual to determine for himself how his personal data is used. A state order may only be included in this basic right in the form of a law (in this case the PassG).
- As the European Union established itself, the connection between the reader and the RFID chip can be eavesdropped and hacked by means of so-called "brute force attacks" using known cryptographic weaknesses.
Data protection issues
Without adequate security measures, RFID chips in the passport could lead to the stored data being read out covertly without the owner's willful and active action (such as showing the ID card). This unnoticed reading could take place, for example, by staying in an area equipped with RFID reading technology or by approaching a person with a mobile reading device at a short distance from the person concerned and their passport. The activation of the chip and thus the unnoticed reading of the electronically stored data via RFID technology can, however, be prevented quite easily by a shielding RFID protective cover for the passport.
In the case of European passports, however, the reading out by unauthorized persons should be prevented by the basic access control method . The chip can be read out if the machine-readable zone of the passport has been read optically beforehand, i.e. the document has been handed over to an officer or to a person in possession of a reader. Alternatively, the data of the machine-readable area can also come from a database, which enables a specific, expected document to be covertly detected. The reader must register with the data from the machine-readable zone on the RFID chip. If this registration fails, the chip does not reveal any details of its owner. Furthermore, only readers intended for this purpose should be able to read the chip; communication between the reader and the chip is encrypted. The procedure ensures that no personal data can be read that are not already known.
Some also perceive the intended use of the ePassport as a security risk for the protection of personal data. Every country that has purchased the appropriate reading devices can read, save and process the data on the passport that can be used with biometric technology without the user noticing. This can be prevented technically: The RFID chip can be destroyed in a commercially available microwave . To do this, the ePassport is inserted and the switch is only switched on for a fraction of a second. After that, the chip is usually destroyed. However, the passport can be destroyed by briefly flaming the RFID chip. In principle, the passport remains valid, as it still enables the person to be identified if the data is legible. This approach is countered by the fact that if the chip is destroyed, it is a matter of property damage, since the passport is the property of the issuing state. In Germany, changing official IDs can result in a fine or imprisonment. Countries that require biometric data upon entry can require the delivery of biometric features with appropriate sensors on site if the chip does not function. When entering the USA, for example, these are a digital photograph and at least two fingerprint images.
In 2007 the German lawyer Udo Vetter sued the city of Bochum for a passport without his fingerprints being recorded. In May 2012, the Administrative Court of Gelsenkirchen issued a ruling on this action, which submitted various questions to the European Court of Justice (ECJ) for a preliminary ruling , namely whether the legal basis for the fingerprint requirement was insufficient, a procedural error when the European Regulation No. 2252/2004 was amended Version available and / or whether there is a violation of Article 8 of the Charter of Fundamental Rights of the European Union. Following the Opinion of Advocate General Mengozzi, the European Court of Justice ruled in 2013 that the storage of digital fingerprints on EU passports is permitted.
In September 2011, the Dresden Administrative Court ruled that the obligation to store fingerprints in the passport was permissible. The lawyer and writer Juli Zeh , who sees her fundamental right to human dignity in particular being violated, filed a constitutional complaint against the introduction of biometric features in passports on January 28, 2008 with the request that the relevant regulations in the Passport Act be declared null and void. On December 30, 2012, the Federal Constitutional Court ruled that the submitted complaint lacks “sufficient grounds”, which is why it was “not to be accepted for formal reasons”.
Implementation of the second stage in Germany
Since November 1, 2007, the fingerprint images of two fingers have also been stored in the chips. Some diplomatic missions reported technical problems in this connection and did not accept any new applications for several months from mid-October 2007. During this time only temporary passports could be issued there. However, these technical problems did not relate to the chip or the document, but to the technical equipment of the embassies and consulates, which lacked the infrastructure (software and devices) necessary for issuing the documents. The background to this was the fact that a supplier, who was unsuccessful in the tender carried out by the Federal Foreign Office for the procurement of fingerprint scanners, had sued this award decision. Although the Federal Foreign Office - as was determined in the later court decision - handled the award correctly, this led to significant delays in the procurement of the devices.
At the same time, it was no longer possible to have children entered in the passport. The field name of the order or artist was omitted without substitution (due to pressure from the Catholic Church and artist associations on the Federal Ministry of the Interior, this field was reintroduced in the new version of the Identity Card Act 2008). The period of validity for passports for younger applicants under the age of 24 has been increased from five to six years. Applicants from the age of 24 (previously 26) now receive a passport that is valid for ten years. The EU official languages Romanian and Bulgarian have been included in the passport. "Instructions for use" have been inserted on the last front page. The serial numbers have been changed to randomly assigned alphanumeric serial numbers.
Alphanumeric serial numbers for the ePassport
Since November 1, 2007, the serial numbers contain alphanumeric serial numbers. These alphanumeric characters are made up of the four-digit authority code (alphanumeric), a random five-digit alphanumeric passport number (ZAP), followed by a check digit.
- The authority code (BHKZ) as part of the passport serial number must begin with a letter, namely with one of the characters C, F, G, H, J or K; initially only the C is used.
- The passport number (five digits) as part of the serial number is generated centrally by Bundesdruckerei .
- Only the digits 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9 as well as the letters C, F, G, H, J, K, L, M, N are permitted for the serial number of the passport , P, R, T, V, W, X, Y and Z. Confusing the number “0” with the letter “O” is therefore impossible.
- Alphanumeric serial numbers are used in the ePassport (also with 48 pages and in the express passport), in the service passport and in the diplomatic passport.
Countries with biometric passports
Official web links
- German passport and identity card (official website of the Federal Ministry of the Interior for the passport )
- schweizerpass.ch (official website of the Federal Department of Justice )
- Passport in Austria (official Austrian authorities website)
- Entry requirements (entry requirements in other countries)
- Entry Requirements for the United States ( United States Department of Homeland Security )
- Chaos Computer Club Collection of material and background information on the topic of electronic passports
- Protecting your passport while traveling Tips for protecting your passport and documents in unsafe areas and from the weather. May 23, 2007.
- GlobalTester - Open source tool for testing e-Passports and smart cards in general
- International Civil Aviation Organization
- Public key directory
- ICAO Document 9303, Part 1, Volume 1 ( Memento of November 23, 2012 in the Internet Archive ) (PDF; 1.1 MB)
- ICAO document 9303, part 1, volume 2 (PDF; 852 kB)
- ICAO document 9303, part 2 (PDF; 1.9 MB)
- ICAO Document 9303, Part 3, Volume 1 (PDF; 1.3 MB)
- Documentation of the ICAO ( Memento of the original dated September 26, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- Biometrics in travel documents ( Memento of September 27, 2004 in the Internet Archive ) (PDF)
- Addition of the ICAO standard 9303 ( Memento of the original of January 12, 2007 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- Enhanced Border Security and Visa Entry Reform Act of 2002 of the USA ( Memento of the original from June 1, 2013 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice.
- Answer of the European Commission to a written question about the use of biometrics in passports (PDF)
- Study on the negotiation of Regulation (EC) No. 2252/2004 of December 13, 2004 in the Council of Interior and Justice Ministers of the European Union with hyperlinks to the relevant primary sources (in English) University of Oslo: ARENA - Center for European Studies, Working Paper No. 11/2006, September 25, 2006.
- Electronic passports are a done deal. In: Handelsblatt .com of June 22, 2005.
- ePassport: Biometric passport costs 59 euros. In: Spiegel Online. Retrieved September 21, 2011 .
- Chronology. Swiss Federal Chancellery, accessed on September 20, 2011 .
- Federal Council message 07,039. (PDF; 621 kB) Swiss Federal Chancellery, accessed on September 20, 2011 .
- Biometric passports and travel documents. In: Vista Curia. The Federal Assembly, accessed on September 20, 2011 .
- "I will also have to apply for a passport with a chip". In: Basler Zeitung . Retrieved September 20, 2011 .
- Biometric passports definitely from mid-2009. In: Neue Zürcher Zeitung . Retrieved September 20, 2011 .
- Freedom to travel depends on the biometric passport. In: 20 minutes . Retrieved September 20, 2011 .
- Template No. 542 - overview. Swiss Federal Chancellery, accessed on September 20, 2011 .
- Schweizerpass.Admin.ch, ( Memento of the original dated November 22, 2013 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved October 15, 2012.
- Resolution 1373. (PDF) (No longer available online.) UN Security Council, archived from the original on December 13, 2011 ; Retrieved September 19, 2011 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- US Visit Program ( Memento of the original from August 20, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- Enhanced Border Security Act ( Memento of the original from June 1, 2013 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice.
- Visa Waiver Program (VWP) ( Memento of the original from July 16, 2012 in the Internet Archive ) Info: The archive link has been inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ICAO Document 9303 ( Memento of the original from May 19, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- "Fingerprints and photos when entering the USA"
- Federal Ministry of the Interior: Federal Interior Minister Otto Schily on the introduction of the ePassport and biometrics ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.
- Federal Office for Information Security: Risks and Chances of Using RFID Systems ( Memento of the original from January 24th, 2009 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- Federal Office for Information Security: Security mechanisms for contactless chips in the German passport (PDF; 76 kB)
- Federal Office for Information Security: Digital security features in the electronic passport ( Memento of the original dated June 9, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- biometrics . ( Memento of the original from February 8, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. - Federal Office for Information Security
- L. Meuth: Admissibility of identity determinations by means of biometric systems by public bodies . Duncker & Humblot, Berlin, p. 19.
- Bundesdruckerei: Passport and identity card ( Memento of the original from October 5, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- TELETRUST Germany e. V. Association for the promotion of the trustworthiness of information and communication technology: Catalog of criteria for the comparability of biometric procedures ( Memento of the original from August 4, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- Federal Ministry of the Interior: Questions and answers on the ePassport ( Memento of the original from June 7, 2008 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- From fingerprints to DNA analysis ( memento of the original from May 25, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF; 74 kB), leaflet from the data protection officers for Brandenburg and Berlin from August 2010, accessed on May 25, 2014.
- L. Meuth: Admissibility of identity determinations by means of biometric systems by public bodies . Duncker & Humblot, Berlin 2006, p. 24 (publisher's edition of the dissertation, Freiburg im Breisgau 2005).
- Jöran Beel & Béla Gipp: ePass - the new biometric passport . 2005, reservations about the ePassport ( beel.org [PDF; 1000 kB ]).
- Budapest Declaration on Machine Readable Travel Documents (MRTDs). Retrieved September 24, 2011 .
- Bundestag passes amendment to the Passport Act. In: Heise online. Retrieved September 24, 2011 .
- § 4 PassG. Retrieved September 4, 2013 .
- The Federal Commissioner for Data Protection and Freedom of Information: Biometrics and Data Protection ( Memento of the original dated August 20, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- The Federal Commissioner for Data Protection and Freedom of Information: The new biometric passport - the most important data protection issues ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF)
- The Federal Commissioner for Data Protection and Freedom of Information: Biometrics and Data Protection - The measured person ( Memento of the original from August 5, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF)
- dpa: Man heats ID card in microwave. faz.net, August 12, 2015, accessed May 10, 2016 .
- Download of Udo Vetter's application (PDF; 269 kB; accessed on May 10, 2016)
- Udo Vetter : But no fingerprints in your passport? In: law blog. May 31, 2012, accessed June 1, 2012 .
- , accessed on May 10, 2016
- Andreas Wilkens: EU judgment: Digital fingerprints can be stored on passports. In: heise online. October 17, 2013, accessed May 10, 2016 .
- Udo Vetter : Court: Fingerprints must be in the passport. In: law blog. October 5, 2011, accessed May 10, 2016 .
- Dr. Frank Selbmann, Dr. July Zeh: The storage of fingerprints in passports in the tense relationship between constitutional and Union law. In: Saxon administrative sheets. No. 4, 2012, pp. 77-82.
- Interview with Juli Zeh and download of the constitutional complaint in the internet magazine Humboldt Forum Recht 05/2008
- Federal Constitutional Court, decision of December 30, 2012 , file number 1 BvR 502/09
- Amendment to (4) PassG
- Note from the German embassy in Luxembourg about technical problems ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF)
- Bundesdruckerei: Information letter for registration authorities, No. 3 / July 2007.
- Bundesdruckerei: Information letter for registration authorities, No. 4 / September 2007.
- Federal Ministry of the Interior: Electronic passports in Germany: Introduction of alphanumeric serial numbers in Germany from November 1, 2007 ( Memento of the original from October 27, 2011 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF, accessed on May 11, 2009; 130 kB)