{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:02:20Z","timestamp":1754157740410,"version":"3.41.2"},"reference-count":56,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2012,5,11]],"date-time":"2012-05-11T00:00:00Z","timestamp":1336694400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,5,11]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>The purpose of this paper is to show that most, if not all RFID\/biometric passports have clear technical and social problems in their intended use and that there are clear problems with the databases into which biometric data are being collected, due to use of this data for other (publicly), non\u2010intended uses.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The approach of this paper is both a meta\u2010study of the flaws in the technological specifications as well as the social implementation of RFID\/biometric passports. Finland is used as a case, but the results extend beyond Finland in most, if not all the topics presented \u2013 not necessarily all results to all implementations, but all to some others.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>The current implementations of RFID\/biometric passports are lacking in both technical and social implementations and pose clear risks to their use, both due to lax implementation of the technology itself but specifically due to the social changes brought about. These problems cause both erosion of privacy and trust.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>Further research into other potential social implications on a national level is required. The authors fear that the cases presented do not necessarily reflect all the potential problems, but just the most evident ones.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>The problems with the technological implications can be averted by using the best technological solutions, and thus the best technological solutions should be used instead of the ones proven to be lacking.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Social implications<\/jats:title><jats:p>The social implications should at least be brought forth for public discourse and acknowledged, which currently does not seem to happen.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>The paper contributes to the understanding of problems with current RFID\/biometric passport implementations as well as inherent social problems that are hard, if not impossible to avoid. The problems belong under the category of critical eGovernment applications, and similar issues are visible in other eGovernment applications.<\/jats:p><\/jats:sec>","DOI":"10.1108\/14779961211226985","type":"journal-article","created":{"date-parts":[[2012,5,20]],"date-time":"2012-05-20T10:29:03Z","timestamp":1337509743000},"page":"68-81","source":"Crossref","is-referenced-by-count":4,"title":["How to abuse biometric passport systems"],"prefix":"10.1108","volume":"10","author":[{"given":"Olli I.","family":"Heimo","sequence":"first","affiliation":[]},{"given":"Antti","family":"Hakkala","sequence":"additional","affiliation":[]},{"given":"Kai K.","family":"Kimppa","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022022020412582300_b1","doi-asserted-by":"crossref","unstructured":"Alterman, A. (2003), \u201c\u2018A piece of yourself\u2019: ethical issues in biometric identification\u201d, Ethics and Information Technology, Vol. 5, pp. 139\u201050.","DOI":"10.1023\/B:ETIN.0000006918.22060.1f"},{"key":"key2022022020412582300_b4","unstructured":"BBC (2011a), \u201cSony network suffers hack attack by Lulz network\u201d, 3 June, available at: www.bbc.co.uk\/news\/technology\u201013639836 (accessed 15 June)."},{"key":"key2022022020412582300_b3","unstructured":"BBC (2011b), \u201cSony warns of almost 25 million extra user detail theft\u201d, 3 May, available at: www.bbc.co.uk\/news\/technology\u201013639836 (accessed 15June)."},{"key":"key2022022020412582300_b2","unstructured":"BBC (2011c), \u201cUS defence firm Lockheed Martin hit by cyber\u2010attack\u201d, 30 May, available at: www.bbc.co.uk\/news\/world\u2010us\u2010canada\u201013587785 (accessed 15 June)."},{"key":"key2022022020412582300_b5","unstructured":"BSI (2010), \u201cAdvanced security mechanisms for machine readable travel documents\u201d, Technical Guideline TR\u201003110, Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI, German Federal Office for Information Security)."},{"key":"key2022022020412582300_b6","unstructured":"Chaabouni, R. and Vaudenay, S. (2009), \u201cThe extended access control for machine readable travel documents\u201d, BIOSIG 2009, Biometrics and Electronic Signatures, LNI, Gesellschaft f\u00fcr Informatik (GI), Bonn, Germany, pp. 93\u2010103."},{"key":"key2022022020412582300_b7","unstructured":"Cherry, M. and Imwinkelried, E. (2006), \u201cCautionary note about fingerprint analysis and Reliance on digital technology\u201d, Judicature, Vol. 89 No. 6, pp. 334\u20108, available at: www.ajs.org\/ajs\/publications\/Judicature_PDFs\/896\/Cherry_896.pdf (accessed 20 June 2011)."},{"key":"key2022022020412582300_b8","doi-asserted-by":"crossref","unstructured":"Chothia, T. and Smirnov, V. (2010), \u201cA traceability attack against e\u2010passports\u201d, Financial Cryptography and Data Security, Lecture Notes in Computer Science, Vol. 6052, Springer, Berlin, pp. 20\u201034.","DOI":"10.1007\/978-3-642-14577-3_5"},{"key":"key2022022020412582300_b9","doi-asserted-by":"crossref","unstructured":"Daly, E. (2010), Personal Autonomy in the Travel Panopticon. Ethics and Information Technology, Vol. 12, Springer, Berlin, pp. 97\u2010108.","DOI":"10.1007\/s10676-009-9203-0"},{"key":"key2022022020412582300_b10","unstructured":"Danev, B., Heydt\u2010Benjamin, T.S. and \u010capkun, S. (2009), \u201cPhysical\u2010layer identification of RFID devices\u201d, Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09), USENIX Association, Berkeley, CA, USA, pp. 199\u2010214."},{"key":"key2022022020412582300_b11","doi-asserted-by":"crossref","unstructured":"Daugman, J. (2006), \u201cProbing the uniqueness and randomness of IrisCodes: results from 200 billion iris pair comparisons\u201d, Proceedings of the IEEE, Vol. 94 No. 11, pp. 1927\u201035.","DOI":"10.1109\/JPROC.2006.884092"},{"key":"key2022022020412582300_b47","unstructured":"EC (2004), Council Regulation No. 2252\/2004, The Council of the European Union, available at: http:\/\/eur\u2010lex.europa.eu\/LexUriServ\/LexUriServ.do?uri=OJ:L:2004:385:0001:0006:EN:PDF (accessed 11 April 2011)."},{"key":"key2022022020412582300_b48","unstructured":"(The) Epoch Times (2011), \u201cA move to add fingerprints to Chinese ID cards\u201d, 30 October, available at: http:\/\/m.theepochtimes.com\/n2\/china\u2010news\/a\u2010move\u2010to\u2010add\u2010fingerprints\u2010to\u2010chinese\u2010id\u2010cards\u201063477.html (accessed 20 January 2012)."},{"key":"key2022022020412582300_b12","unstructured":"(The) Financial Times (2009), \u201cKremlin\u2010backed group behind Estonia cyber blitz\u201d, 11 March, available at: www.ft.com\/cms\/s\/57536d5a\u20100ddc\u201011de\u20108ea3\u20100000779fd2ac,Authorised=false.html?_i_location=http%3A%2F%2Fwww.ft.com%2Fcms%2Fs%2F0%2F57536d5a\u20100ddc\u201011de\u20108ea3\u20100000779fd2ac.html&_i_referer=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2F2007_cyberattacks_on_Estonia (accessed 24 November 2010)."},{"key":"key2022022020412582300_b13","unstructured":"Fleischman, W.M. (2010), \u201cElectronic voting systems and the Therac\u201025: what have we learned?\u201d, Ethicomp 2010, Tarragona, Spain, 14\u201016 April."},{"key":"key2022022020412582300_b14","unstructured":"Gillam, L. and Salmasi, A.V. (2008), \u201cA database for fighting crimes that haven't been rCommitted yet\u201d, Ethicomp 2008, Mantua, Italy, 24\u201026 September."},{"key":"key2022022020412582300_b15","unstructured":"Grunwald, L. (2007), \u201cSecurity by politics \u2013 why it will never work\u201d, Presentation in the DEFCON15 Conference, Riviera Hotel and Casino, Las Vegas, NV, USA, 3\u20105 August."},{"key":"key2022022020412582300_b49","unstructured":"(The) Guardian (2007), \u201cRussia accused of unleashing cyberwar to disable Estonia\u201d, 17 May, available at: www.guardian.co.uk\/world\/2007\/may\/17\/topstories3.russia (accessed 24 November 2010)."},{"key":"key2022022020412582300_b16","unstructured":"Heimo, O.I., Fairweather, N.B. and Kimppa, K.K. (2010), \u201cThe Finnish eVoting experiment: what went wrong?\u201d, Ethicomp 2010, Tarragona, Spain, 14\u201016 April."},{"key":"key2022022020412582300_b21","unstructured":"Hlavac, M. and Rosa, T. (2007), \u201cA note on the relay attacks on e\u2010passports: the case of Czech e\u2010passports\u201d, Cryptology ePrint Archive, Report 2007\/244."},{"key":"key2022022020412582300_b22","doi-asserted-by":"crossref","unstructured":"Hoepman, J.\u2010H., Hubbers, E., Jacobs, B., Oostdijk, M. and Schreur, R.W. (2006), \u201cCrossing borders: security and privacy issues of the European e\u2010Passport\u201d, Advances in Information and Computer Security, Lecture Notes in Computer Science, Vol. 4266\/2006, pp. 152\u201067.","DOI":"10.1007\/11908739_11"},{"key":"key2022022020412582300_b17","unstructured":"HS (2008a), Poliisi haluaa passien sormenj\u00e4ljet rikostutkijoille (Police Request Passport Fingerprints to Criminal Investigation), 1st ed., Helsingin Sanomat, Finland, 22 February."},{"key":"key2022022020412582300_b18","unstructured":"HS (2008b), Rikostutkijat eiv\u00e4t saa viel\u00e4 passien sormenj\u00e4lki\u00e4 k\u00e4ytt\u00f6\u00f6ns\u00e4 (Criminal Investigators do not Acquire Passport Fingerprints Yet), 1st ed., Helsingin Sanomat, Finland, 27 November."},{"key":"key2022022020412582300_b20","unstructured":"HS (2010a), Sunnuntaisuomalainen: Passien sormenj\u00e4lkirekisteri voi avautua poliisille (Fingerprint Registry may be Opened to the Police), Helsingin Sanomat, Finland, 15 August, available at: www.hs.fi\/kotimaa\/artikkeli\/Sunnuntaisuomalainen+Passien+sormenj%C3%A4lkirekisteri+voi+avautua+poliisille\/1135259348892 (accessed 11 April 2011)."},{"key":"key2022022020412582300_b19","unstructured":"HS (2010b), Vesipiipputupakan tuonnista vankeutta ja 400 000 euron lasku (Prison Sentence and 400 000 \u20ac Fine from Illegal Import of Waterpipe Tobacco), Helsingin Sanomat, Finland, 2 August, available at: http:\/\/omakaupunki.hs.fi\/paakaupunkiseutu\/uutiset\/vesipiipputupakan_tuonnista_vankeutta_ja_400_000_euron_lasku\/ (accessed 18 June 2011)."},{"key":"key2022022020412582300_b23","doi-asserted-by":"crossref","unstructured":"Hornung, G. (2007), \u201cThe European regulation on biometric passports: legislative procedures, political interactions, legal framework and technical safeguards\u201d, SCRIPT\u2010ed 246, Vol. 4 No. 3, available at: www.law.ed.ac.uk\/ahrc\/script\u2010ed\/vol4\u20103\/hornung.asp (accessed 9 June 2011).","DOI":"10.2966\/scrip.040307.246"},{"key":"key2022022020412582300_b27","unstructured":"ICAO (2006), \u201cMachine readable travel documents\u201d, ICAO\/Doc 9303, Part 1, Vol. 2, available at: www2.icao.int\/en\/MRTD\/Downloads\/Doc%209303\/Doc%209303%20English\/Doc%209303%20Part%201%20Vol%202.pdf (accessed 17 June 2011)."},{"key":"key2022022020412582300_b24","unstructured":"ICAO MRTD (2011), ICAO MRTD Documentation, available at: www2.icao.int\/en\/MRTD\/Pages\/Downloads.aspx (accessed 11 April 2011)."},{"key":"key2022022020412582300_b25","unstructured":"Intermin (2011), (Finnish Ministry of Internal Affairs) Miksi tarvitaan biometrinen passi? (Why biometric passport is needed?) available at: www.intermin.fi\/intermin\/hankkeet\/biometria\/home.nsf\/pages\/BE9BF3243D995FF5C2256EB7003B014B?opendocument (accessed 11 April)."},{"key":"key2022022020412582300_b28","unstructured":"Juels, A., Molnar, D. and Wagner, D. (2005), \u201cSecurity and privacy issues in E\u2010passports, security and privacy for emerging areas in communications networks\u201d, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05), pp. 74\u201088."},{"key":"key2022022020412582300_b29","unstructured":"Kc, G.S. and Karger, P.A. (2005), \u201cSecurity and privacy issues in machine readable travel documents (MRTDs)\u201d, IBM Technical Report RC 23575."},{"key":"key2022022020412582300_b30","unstructured":"KELA (2009), \u201cLaw service \u2013 Hallituksen esitys laiksi passilain ja er\u00e4iden siihen liittyvien lakien muuttamisesta (Government's proposal for changing passport act and certain other related laws)\u201d, Finnish Social Insurance Institution, 9 June, available at: www.edilex.fi\/kela\/fi\/mt\/havm20090009 (accessed 11 April 2011)."},{"key":"key2022022020412582300_b31","doi-asserted-by":"crossref","unstructured":"Larsen, E. and Elligsen, G. (2010), \u201cFacing the Lernaean Hydra: the nature of large\u2010scale integration projects in healthcare\u201d, in Kautz, K. and Nielsen, P. (Eds), Proceedings of the First Scandinavian Conference of Information Systems, SCIS 2010, Rebild, Denmark.","DOI":"10.1007\/978-3-642-14874-3_7"},{"key":"key2022022020412582300_b32","doi-asserted-by":"crossref","unstructured":"Lockton, V. and Rosenberg, R.S. (2005), \u201cRFID: the next serious threat to privacy\u201d, Ethics and Information Technology, Vol. 7, pp. 221\u201031.","DOI":"10.1007\/s10676-006-0014-2"},{"key":"key2022022020412582300_b33","doi-asserted-by":"crossref","unstructured":"Matsumoto, T., Matsumoto, H., Yamada, K. and Hoshino, S. (2002), \u201cImpact of arti\ufb01cial gummy \ufb01ngers on \ufb01ngerprint systems\u201d, Proceedings of SPIE #4677, Optical Security and Counterfeit Deterrence Techniques IV.","DOI":"10.1117\/12.462719"},{"key":"key2022022020412582300_b34","unstructured":"Mercuri, R. (2001), \u201cElectronic vote tabulation checks and balances\u201d, PhD thesis, University of Pennsylvania, St Bloomsburg, PA."},{"key":"key2022022020412582300_b35","doi-asserted-by":"crossref","unstructured":"Monnerat, J., Vaudenay, S. and Vuagnoux, M. (2007), \u201cAbout machine\u2010readable travel documents: privacy enhancement using (weakly) non\u2010transferrable data authentication\u201d, International Conference on RFID Security, pp. 15\u201028.","DOI":"10.1088\/1742-6596\/77\/1\/012006"},{"key":"key2022022020412582300_b36","unstructured":"Mostowski, W. and Poll, E. (2010), \u201cElectronic passports in a Nutshell\u201d, Technical Report ICIS\u2010R10004, Radboud University Nijmegen, The Netherlands, available at: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.167.2807&rep=rep1&type=pdf (accessed 9 June 2011)."},{"key":"key2022022020412582300_b37","unstructured":"MTV3 (2009), \u201cAutomaattinen passintarkastus alkoi vaalimaalla (Automatic passport control has begun at Vaalimaa)\u201d, 9 December, available at: www.mtv3.fi\/uutiset\/kotimaa.shtml\/2009\/12\/1014243\/automaattinen\u2010passintarkastus\u2010alkoi\u2010vaalimaalla (accessed 7 June 2011)."},{"key":"key2022022020412582300_b38","unstructured":"Newsweek (2008), \u201cYou've Got Malice, Russian nationalist waged a cyber war against Georgia. fighting back is virtually impossible\u201d, 22 August, available at: www.newsweek.com\/2008\/08\/22\/you\u2010ve\u2010got\u2010malice.html (accessed 24 November 2010)."},{"key":"key2022022020412582300_b39","unstructured":"Nurminen, M.I. and Forsman, U. (1994), Reversed Quality Life Cycle Model, Elsevier, Amsterdam."},{"key":"key2022022020412582300_b40","unstructured":"Otakantaa.fi (2011), An Open Electronic Forum Provided by the Government for Polling Citizen Opinions about New Legislation, Finnish Ministry of Justice, available at: http:\/\/otakantaa.fi (accessed 11 April)."},{"key":"key2022022020412582300_b41","doi-asserted-by":"crossref","unstructured":"Ramos, A., Scott, W., Scott, W., Lloyd, D. and O'Leary, K. (2009), \u201cA threat analysis of RFID passports\u201d, Communications of the ACM, Vol. 52 No. 12, pp. 38\u201042.","DOI":"10.1145\/1610252.1610268"},{"key":"key2022022020412582300_b50","unstructured":"(The) Register (2006), \u201cHome office to register biometrics of foreign nationals in UK\u201d, 20 December, available at: www.theregister.co.uk\/2006\/12\/20\/home_office_foreign_nationals_biometrics\/ (accessed 19 January 2012)."},{"key":"key2022022020412582300_b42","unstructured":"Richter, H., Mostowski, W. and Poll, E. (2008), \u201cFingerprinting passports\u201d, Spring Conference on Security, pp. 21\u201030, CiteSeer."},{"key":"key2022022020412582300_b43","unstructured":"Schneier, B. (2003), Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Springer, Berlin."},{"key":"key2022022020412582300_b44","doi-asserted-by":"crossref","unstructured":"Schouten, B. and Jacobs, B. (2009), \u201cBiometrics and their use in e\u2010passports\u201d, Image and Vision Computing, Vol. 27 No. 3, Special Issue on Multimodal Biometrics \u2013 Multimodal Biometrics Special Issue, 2 February, 305\u201012.","DOI":"10.1016\/j.imavis.2008.05.008"},{"key":"key2022022020412582300_b45","unstructured":"Singel, R. (2004), \u201cAmerican passports to get chipped\u201d, Wired, available at: www.wired.com\/politics\/security\/news\/2004\/10\/65412 (accessed 20 January 2012)."},{"key":"key2022022020412582300_b46","unstructured":"Sunnuntaisuomalainen (2010) p. 14, 15 August, Passipoliisit."},{"key":"key2022022020412582300_b51","unstructured":"Tietokone (2010), \u201cPoliisi saattaa saada passien sormenj\u00e4ljet (Police may acquire the passport fingerprints)\u201d, 16 August, available at: www.tietokone.fi\/uutiset\/poliisi_saattaa_saada_passien_sormenjaljet (accessed 11 April 2011)."},{"key":"key2022022020412582300_b52","doi-asserted-by":"crossref","unstructured":"Vaudenay, S. (2007), \u201cE\u2010passport threats\u201d, IEEE Security & Privacy, Vol. 5 No. 6, pp. 61\u20104.","DOI":"10.1109\/MSP.2007.164"},{"key":"key2022022020412582300_b53","unstructured":"Wilde, G.J.S. (1994), Target Risk: Dealing with the Danger of Death, Disease and Damage in Everyday Decisions, 1st ed., available at: http:\/\/psyc.queensu.ca\/target\/ (accessed 11 April 2011)."},{"key":"key2022022020412582300_b54","unstructured":"Witteman, M. (2005), \u201cAttacks on biometric passports\u201d, Riscure, available at: www.riscure.com\/fileadmin\/images\/Docs\/WTH2005_pres.pdf (accessed 19 June 2011)."},{"key":"key2022022020412582300_b55","unstructured":"YLE (2010), \u201cPoliisi haluaa suomalaisten sormenj\u00e4ljet rikostutkintaansa (Police requests Finnish fingerprints to criminal investigation)\u201d, Finnish Public Service Broadcaster, 2 August at 06:03, updated 3 August at 09:06, available at: www.yle.fi\/uutiset\/kotimaa\/2010\/08\/poliisi_haluaa_suomalaisten_sormenjaljet_rikostutkintaansa_1870808.html (accessed 11 April 2011)."},{"key":"key2022022020412582300_b56","unstructured":"Zetter, K. (2006), \u201cHackers Clone E\u2010passports\u201d, Wired, 8 March, 8 March, available at: www.wired.com\/science\/discoveries\/news\/2006\/08\/71521 (accessed 20 January 2012)."},{"key":"key2022022020412582300_frd1","unstructured":"International Civil Aviation Organization (ICAO) (2011), available at: www.icao.int (accessed 11 April 2011)."}],"container-title":["Journal of Information, Communication and Ethics in Society"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/14779961211226985","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/14779961211226985\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/14779961211226985\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:13:19Z","timestamp":1753402399000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/jices\/article\/10\/2\/68-81\/218304"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,5,11]]},"references-count":56,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2012,5,11]]}},"alternative-id":["10.1108\/14779961211226985"],"URL":"https:\/\/doi.org\/10.1108\/14779961211226985","relation":{},"ISSN":["1477-996X"],"issn-type":[{"type":"print","value":"1477-996X"}],"subject":[],"published":{"date-parts":[[2012,5,11]]}}}