The human factor

One of the more prominent themes at CeBIT this year was the whole security/surveillance/biometric systems complex. hall 6 and 7 where full of companies demonstrating that you can stick an RFID chip on just about anything in order to then read it and know where just about everything comes from or goes to or belongs to or how much it costs. (only thing they did not show was that thanks to RFID you can now infect your cat with a computer virus).

On extremely popular sub-genre of things you can slap an RFID tag on are passports (interesting to think of what happens if your passport gets infected by an RFID virus transmitted by the cat of your host in a far away country, but i am getting distracted here…) and lots of countries showed their ePassport systems on the floor. The booth of Pakistan’s National Database & registration Authority (NARDA) was extremely entertaining not only because they had these wonderful multi identity passports to demonstrate their machines but also because they where extremely detailed in explaining their system and allowed me to take photographs of just about everything. As a good-bye present i got a bunch of brochures including one about the ‘Multi Biometric e-Passport Project’ currently being implemented in Pakistan:

The aim of this project is to create a highly secure integrated system encompassing immigration, Automated Border Control and passport issuance […] while ensuring the genuinenness of the holder as a valid Pakistani citizen. […] The system requires minimum human intervention that ensures transparency while maintaining ease of exit/entry of citizens without the ordinary people being harassed unnecessarily.

While i do not want to contribute to unnecessary harassment of the ordinary people (unnecessary harassment should be strictly reserved to criminals and terrorists who can easily be spotted because they have a beard? behave differently? will not get a passport because they are not ordinary? …??) i do have a slight suspicion that either the system minimizes human intervention so much that the operators get bored that the operators do not really regard security as their prime concern. otherwise it would be difficult to explain why a number of screen shots in the brochure reveal that next to the Pakistani passport system application the machine is running a anonymous web based chat client (see the and tabs in the task bar):

screenshot of pakistani passport system

I am not sure if it really makes sense to develop a highly secure system and then have the operators IM with unidentifiable others while having access to the sensible data in plain text. On the other hand being on IM is getting a more and more important part of the social fabric and why should one not use the connectivity provided by the employer for a chat or two?

Show Comments