8 mo. ago • 98%

EU top court upholds ruling on fingerprints for ID cards

www.dw.com EU top court upholds ruling on fingerprints for ID cards – DW – 03/21/2024

The European Court of Justice ruled having fingerprints on ID cards was legal under EU privacy laws. The benefits of having such a system were key to preventing identity theft, it said.

30 comments

privacy

Ultimately, there are too many databases with people's fingerprints out there, and my expectation is that they're gonna leak at some point.

So that means two things:

First, don't use biometrics to check identity unless you're in a position where a person forging them can actually be checked for forged biometrics and get in trouble if caught. Like, customs at an airport, where you could see if someone has fake caps on their fingers or something. Biometrics cannot normally be invalidated. If it leaks and you're using the fingerprints to authenticate yourself to, say, your laptop or your bank or something, you can never invalidate those credentials, and people will always be able to get into your bank account. Specifically in the case of fingerprints, it's often not even that hard to get ahold of a specific individual's biometrics -- you leave a record of them on any smooth surface that you touch.

Second, if you're in a position where you don't want to leave behind a signature, you might want to wear something that masks biometrics. If you have widely-leaked biometrics databases floating around that anyone can get access to, and you, say, put your hand on something, you've just left a signature that anyone can map to identity. Maybe bring back gloves, say. I don't think that we're at a point where there are systems that can do iris scans at a distance without someone knowing. Facial recognition is definitely doable at a distance, and that happens today. People at political protests who are worried about being identified, some military people, stuff like that, will mask their face. Maybe it makes sense to roll back anti-mask laws if facial databases are gonna be floating around. I dunno about gait recognition, whether that's sufficiently-unique to distinguish among a large number of people at a distance.
23
- A "database of fingerprints" would only contain checksums. They can be used to verify the result of a reading but not to get the whole print.
  
  Most of the time they don't even contain that. The primary checksum is stored only on the ID, which outputs a secondary one, which is matched against a verification checksum produced independently by a reader.
  
  The national database doesn't need any of those, it holds the person ID numbers and their civil status and stuff like that not how they are verified.
  
  18
  
  A “database of fingerprints” would only contain checksums
  
  that's the case for fingerprint readers in phones/laptops
  
  But does that also apply to prints collected for government ID cards?
  
  1
- Good to mention that (in the Netherlands) when you've provided fingerprints for a new identification card, the fingerprints are wiped from any system after you've received the card, remaining only on the card itself.
  
  16
  
  I didn't know that, but that's nice.
  
  Now how do I dispose of the card once it's expired? 🤔
  
  3
  
  Probably this is an EU-wide law, because my east-leaning country says this too
  
  2
  
  Same in Germany. But I wouldn't be surpised at all if wiretapping agencies like the NSA manages to get most of the data anyway. Then again, the same can be said for phones which are supposed to only keep the data on the device.
  
  1
- Last time I used my mandatory ID for a public transaction I actually had to use a webcam and held the card up to it and then my face so a human could check them.
  
  Turns out, in a country where these have been in use for decades some people have put some thought into it. Go figure.
  
  Of course now we have real time deepfakes and that is again obsolete, so we'll see where we go from here. I hope I don't have to bring my meatsuit to an actual office for routine tax transactions again, because that sucked and this is better.
  
  10
  
  Last time I used my mandatory ID for a public transaction I actually had to use a webcam and held the card up to it and then my face so a human could check them.
  
  Are you seriously unironically saying this is an example of "putting some thought into it"? That's literally this ludicrous idea that politicians had to verify the age of users visiting porn sites. It's nothing but invasive.
  
  -2
Europe mostly gets it right. Then this.

Again, 1984 was a warning, not a handbook!

10
- We've had fingerprints in our ID cards for decades.
  
  It's fine. Quite useful, really. Less of a totalitarian state now than when they were introduced, actually.
  
  I know in the anglo world the whole national ID card thing is seen as intrusive, but it's kinda fine. I just know my number, which is great for some transactions, and I can get right by airport security without interacting with any humans just by tapping my biometric ID on a reader. Plus it can be upgraded to a full on digital signature certificate, although the implementation is terrible and I hate it.
  
  16
  
  Yeah, totalitarianism is kept in check by society being vigilent, not by hiding your fingers. This stuff can be put to good use (like making identity theft impossible, which is a huge quality of life improvement).
  
  11
  
  Almost all the passports around the world include biometric as well.
  
  10
- Well, right now my government (Germany) doesnt have any of my fingerprints.
  
  But the US has all 10 fingers because i visited once.
  
  8
This is the best summary I could come up with:

The European Court of Justice (ECJ) said the 2019 regulation was in line with fundamental rights to respect for private life and the protection of personal data.

A German court in the western city of Wiesbaden asked ECJ to review the validity of an EU regulation calling for two fingerprints to be stored on an individual's identity card after a German challenged the city's decision to deny him a new identity card if he did not provide his fingerprints.

The ECJ justified its decision saying fingerprints on IDs were important in the prevention of identity theft and the interoperability of verification systems.

The court ruled that the benefits of such a system made it compatible with the right to respect for private life and the protection of personal data.

The court additionally said that a facial image can be inefficient, as a face can change due to illness, aging, lifestyle, and surgery.

Some civil rights activists were disappointed with the court's decision, arguing that other options could be explored to combat identity theft.

The original article contains 227 words, the summary contains 162 words. Saved 29%. I'm a bot and I'm open source!

7
This is a good ruling.

Now if only they'd scrap the ones against CCTV and facial recognition, we can build a safer society without street crime.

-11
- We've had biometic Id for ages, it hasn't impacted street crime much one way or the other.
  
  Lower inequality and a safety net, thought? Does wonders.
  
  9

You've viewed 30 comments.