Hacker Club Publishes German Official's Fingerprint

A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.

In future news...

We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously

Re:In future news...

One can only hope.

What better way than a senior official to be convicted of crimes as a result of identity theft because officials such as him decided that privacy didn't really matter anymore?

Personally, I sincerely wish that this happens in all the countries which have fingerprinting in place. Enough already.

Re:In future news...

We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously

17 One-fingered crimes at that...

Re:In future news...

On the other hand - no pun intended - this might actually work out in his favor, since he _could_ go out and commit a crime, and they'd have to wonder whether the fingerprint evidence was valid or not.

Good for them

High officials often seem to think the consequences of privacy-invading legislation will only occur to other (read: little) people. It's good to remind people in those positions that they do not have absolute power, and that they need to think about second order consequences.

Re:Good for them

Maybe this is what you meant, but I just think this is the perfect example to illustrate to all how biometrics are just NOT the be-all and end-all. If only for the one simple fact that he cannot change his fingerprint like he could a password that got compromised!

Re:Good for them

All three easily solved via a security by-pass incentive in a form of a pistol to the head or a kidnapped lover/child/dog etc which will "get it" if you do not cooperate or some poison with time release and the antidote delivered upon your succesful authentication, etc and so on and on and on and on.

"Ironclad security" does not exist.

Re:Good for them

Two words.

Duress codes.

Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.

Not quite ironclad, but an extra level of safety.

Re:Good for them

Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.

Then they'd have to keep TWO post-it notes under their keyboard.

Re:Good for them

Ironclad Security only exists when you have Chuck Norris on the shift. Do we really have to discuss this?

Biometrics: lamest of all security protocols

At least until extreme body modification is commonplace, biometrics suck for identification. It's the only modern "security" mechanism that lacks revocation. Without revocation, a security model is eternally broken as soon as one chink is found.

A person only has 20 digits, 2 palms, 2 soles, 2 retinas, and one genome. All of the biometric properties of those can easily be duplicated with noninvasive methods (simply enrolling in a biometric system requires the same access as duplication would). When one of those 27 properties is compromised, how do you revoke its use? I guess start with the fingers and palms and as people get older they have to start using their feet for identification, and at the very last make them get pricked for each identification. When all the biometric identifiers are used up, the now useless (at least in a Secure(TM) society) people can be recycled in the soylent green program or something.

Re:Biometrics: lamest of all security protocols

When one of those 27 properties is compromised, how do you revoke its use?

Cut it off?

No better thant he status quo?

This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. It's not very easy to hide your fingerprints (or even your DNA, for that matter) from people who really want to find them, and to rely on them for definite identification has the same problems as a social security number. Plus, anyone with a police record would be somewhat compromised from the get go here in the U.S.

I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?

Major flaw of biometrics

This event highlights one of the major flaw of biometrics. This official had his fingerprint copied. There is nothing he can do. He can't change it. He can't prevent people from using it. No fingerprint reader will ever be able to determine with 100% certainty whether a particular fingerprint is real or fake. Bottom line: when one of your biometric traits gets stolen, you get screwed. For life.

I hope this convinces governments that using biometrics for anything is a bad idea (other than perhaps criminal investigations, although what if this german official's fingerprint was found on a murder scene ?).

Re:Major flaw of biometrics

The whole point of the parent poster is apparently lost to you.

The point being that my biometric data is mine. It is private. It is not the government's business to have my blood samples, or DNA, or finger print. I am not a criminal, and therefore I expect to be entitled to some privacy from the BigBrother.

Once some retarded government bureaucrat decides to leave a laptop inside a taxi or something, my private data is lost, and I can never get a new fingerprint, or iris scan. I can get a new social security number, I can get a new passport, a new bank account number, but I **cannot** get a new DNA.

Legal action?

The article says a ministry spokesman alluded to possible legal action against the club.
 
To what ends? You can't deter it as it's already happened, and you can't suppress it, as even the method for tricking the security system is widely known. If the security system is broken, you can't legalize it into working again. The security system was built in order to keep things safe, and now we have to keep other things safe from the security system itself.

Perfect alibi

Mister Schauble can enjoy an easy career as burglar when he's out of office. With 4000 copies of your fingerprint circulating, it cannot be used as evidence any more.

The only thing dumb thing he could get caught with is when he leaves wheelchair tracks [wordpress.com] at the scene of the crime.

Re:Brave defenders of freedom

At least they get off their asses unlike American's who cry about the Constitution but do fuck all about it.

Bush was right, it is JUST a piece of PAPER. Why? Because American's do NOTHING about it and do not believe in it.

This is plain to see by their inactions.

Re:couldn't possibly have negative consequences

Hardly. The CCC is a highly prolific club and is very likely keen on some legal "retaliation", as it would generate even more public attention on that matter.
Since the Home Secretary stated, that storing fingerprints is no privacy concern, he would be hard pressed to explain his stance.

Re:couldn't possibly have negative consequences

It likely is. In just the same way that sinking the Titanic before any passengers boarded would have been grounds for criminal action.

Re:couldn't possibly have negative consequences

>> Oh all the people to humiliate... a senior public official who sets policy for something you directly care about. This couldn't possibly turn out badly.

I love the idea that the way to make politicians do what you want is to be nice to them.

so apparently Monica Lewinsky was probably about a week away from getting us all free national healthcare, too. Curse you, mainstream media!

Re:Respect, respect maan!

Yeah if someone tried this with a high ranking government official in America, China or somewhere, they would indeed mysteriously 'disappear' in 60 seconds.

There, fixed that for you. I guess now it's Germany, Land of the Free, Home of the Brave (WTF?)

Re:Respect, respect maan!

WTF does china have to do with this?

Re:Has anyone tried this on a fingerprint reader?

I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

As a matter of fact, Yes. [slashdot.org]

Re:Has anyone tried this on a fingerprint reader?

It doesn't seem hard at all at a 'normal' reader (see Mythbusters [youtube.com] episode.

The high-end, ridicilously expensive fingerprint readers are a lot harder to crack though; But I wouldn't say uncrackable.