Electronic passports: join the world practice or get the risk of personal data leakage?

Greetings friends!

Recently I read the bill on electronic passports. He prompted me to a number of ambiguous conclusions. I want to share them with you. The main changes are that the identity document will now become plastic, and all information about the citizen will be transmitted from an electronic chip that runs on the basis of NFC technology. The new passport is actually a plastic card with a QR code.



Another electronic passport will have holographic protection. All data will be duplicated in a crypto-protected mobile application. It is supposed to use Mobile ID technology. It seems to be reliable!

The research institute Voskhod together with the Mikron and Goznak organizations will do all this. Who will develop the application has not yet been decided, but it is already known that the "big four" mobile operators are involved in the development. So, first things first.

When will plastic passports appear?

Electronic passports, or rather, identity cards and laws related to them, will begin to operate on January 1, 2021. This, of course, if the bill is passed. But they will start issuing them earlier - from July 2020. Six months is a transitional period when it will be possible to use both old and limited to new passports. It is provided so that there are no queues and service failures. After that, paper passports will be seized, destroyed and plastic ones issued instead. I’ll tell you more about the technologies of the new passport.

Mobile ID in plastic passports

Mobile ID technology will work throughout Russia, where it catches mobile communications, the Internet is not needed for this. Very interesting: even users of push-button phones, on which mobile applications are not installed, will be able to use the technology! These capabilities are implemented by the Big Four mobile operators. They are already connecting clients.

How does Mobile ID work?

Mobile ID is an addition to a plastic passport. It is assumed that with the help of the application it will be possible to authenticate and work on gosportals and other services. To do this, the Mobile ID will need to be identified. The operator of the SIM card will be responsible for this.

It seems like, this is a kind of two-factor protection: a citizen uses an electronic passport using confirmation from the application. If a plastic passport is lost - this protects the citizen from the actions of intruders or third parties: no one can use it without an application.

Disadvantages of innovations

Despite the "good intentions", the leak is not excluded, including abroad. And it's not just about crackers and scammers. Mobile ID technology is provided by Gemalto. This is a manufacturer of SIM cards from the USA, it is the property of the Thales military group, the main security of which comes from defense orders.

To summarize

If now all the information about the citizen will come from an electronic chip, and he will sign electronic documents with the help of EDS, it turns out that the citizen’s interaction with various organizations largely goes into the IT sphere. From here questions of information security follow. Everyone who likes to steal personal data and hack into databases will begin to actively attempt to read these chips and steal merged bases. But in the situation with Mobile ID and hackers do not need to wait - a leak is already possible in the development chain.

Source: https://habr.com/ru/post/undefined/