Press release from the Berlin action group "Freiheit statt Angst e.V." - Freedom not Fear (registered association) about the hazards of the new German electronic identification card (ID) (6th of October. 2010)
German version here
The Risks - and the alternative: quickly apply for a new "old" ID
From the 1st of November 2010 on there will only be the new electronic identification card available (elektronischer Personalausweis or in short ePerso) when applying for a new ID in a citizen centre. But who wants one of those?
Oh well, at one point there is an undeniable advantage. It has the same size like a cheque card and therefore it easily fits into every purse or wallet. However would that be worth paying 28, 80 Euro instead of paying 8? Although that was it with the advantages, the inconvincible Secretary for the interior still wants it.
Even the data protection commissioner, whom should actually be asked in advance, warns :
- One of the main problems with the new ID card is the embedded chip which will contain the data. The chip is based on the RFID- system and therefore the information saved on the chip can be scanned and read-out even without any contact.
- The access to the stored data should only occur throughout secured networks and computers.
- From this it follows that the user needs actual antivirus programs and firewalls against spy software on his own computer.
- In future no owner of such a new ID card should be requested to deposit his or her card for whatever reason (§ 1 Abs. 1 S. 3 PAuswG).
- Furthermore it is seen as a very controversial issue that police authorities are allowed to read the information from the RFID-chip under certain circumstances (which are not accurately described in the text of the new law)( § 15 Abs. 1 PAuswG).
The electronic ID card: - Identity theft becomes much easier
But it’s going to be even worse! Of what we have warned from the beginning has happened now. The new ID card is insecure. The Chaos Computer Club (CCC) found out that strangers could be able to read along the data or the PIN code and even change the PIN code . All what one needs is a bit of criminal energy and a commercially available keylogger. The electronic reading devices for the electronic ID, sponsored from the federal ministry of the interior, have no own keyboard. This means that all the data is send over a possibly unsafe PC. Also in this point the Secretary for the interior is not willing to make any changes.
Sophie Behrendt; Spokeswoman of the Action group “Freiheit statt Angst e.V.” warns:
“When in former times an ID got stolen and misused, I could at least hope that differences towards my photograph or my signature will stand out and I could act against it, for example with graphologic certificates. This is impossible now. Now the hacker owns my "real" identity, my digital signature and my PIN-code and now I have to proof that I haven’t done a certain purchase. The burden of proof is on me now.
The secretary for the interior dismissed all claims for compensation for such damages. 
What do we claim from the German government?
- A delay of the introduction of the electronic ID until the problem with the lack of security is solved.
- No usage of RFID-chips when dealing with personal data.
- No use of electronic reading devices which don’t have an own keyboard.
- Clarification about the lacks of the new ID towards the people.
- Clarification about the safe usage of the new ID (for example no depositioning in hotels, or at car rentals).
Quickly apply for a new "old" ID
We can just appeal to everyone:
- Apply for a new ID card before the 1st of November so one will get the old model again. This one costs only 8 Euros instead of 28,80 and is valid for 10 more years.
- Whom who needs to apply for a new ID card after the 1st of November can at least refuse to give away his or her fingerprints. This is still voluntary.
- The new ID card comes with two more possible functions. "electronic proof of Identity"(elektronischer Identitätsnachweis) and "electronic signature"(elektronische Signatur). These two extra functions are as well voluntary. These functions also cost a certain amount of money and therefore should be refused if not necessarily needed.
- As long as it is not really declared safe one should avoid using the new ID card on the computer.
Links for further information:
Further links concerning the new ID:
Press contact for further questions: firstname.lastname@example.org
German version here
Kategorie: Pressemitteilungen Short-Link dieser Seite: a-fsa.de/d/1tk
Link im Tor-Netzwerk: nnksciarbrfsg3ud.onion/de/articles/1628-20101016-press-release-quickly-apply-for-a-new-old-id.htm
Tags: #Personalausweis #ePerso #ePA #nPA #Hack #Sicherheit #Missbrauch #Polizei #InnneministerRFID #english
Erstellt: 2010-10-16 08:55:54