The German Chaos Computer Club, the oldest and largest hacker group of Europe, made available to the public the fingerprint of the German Minister Schäuble for the Interior. They wanted to show how easy it is to obtain someone's identity when identity is based on fingerprints.
The German government is preparing to build a national database containing the fingerprints of all its citizens for the purposes of fraud-prevention and national security. Minister Schäuble is very angry about the release of his fingerprints and has stated he will take legal measures against the CCC. Dutch hacker Rop Gongrijp pointed out that the Minister's anger was curious since it was the minister after all who wanted to collect the fingerprints of over 82 million Germans and the CCC only collected one.
The CCC has been demonstrating for several years how easy it is to 'steal' someone's fingerprint and use is to fool all kinds of security measures such as payment systems, physical access controls and computer security systems. As with the doomed RFID cards these demonstrations need to be very 'in your face' before media and governments take notice. Worldwide there are over 200 million devices in use of the 20 different types that were fooled by the CCC experts. As with the 100 million RFID cards they are all essentially worthless as serious methods for securing transactions or granting access.
It is curious how we as citizens are constantly required to trust governments to handle our most private data when these governments often are not that trustworthy themselves and also not very technically competent in guarding our information. Passports are easy to fake, RFID cards are easy to copy, fingerprint readers can be fooled. Before we base our entire lives on these technologies we'd better make sure they actually provide a minimum level of security. For now I'm sticking to encrypted mail and strong passwords.
German TV broadcast an item about the possibility of stealing a fingerprint and using it to go shopping at someone else's expense at a large German supermarket chain.
Since the TV piece did not include the entire method for making your own fingerprints I include it here. As with the RFID cards, these vulnerabilities have been known for several years, it's just that some companies and governments are a bit slow in picking up on them. If you want to go shopping as Minister Schäuble, just click on the picture at the top and follow the procedure from the movie.
A friend and IT security expert pointed out that since anyone can now pretend to be Minister Schäuble, that pretty much makes his fingerprint useless as evidence in court. Maybe we should all publish our fingerprints (and retina scans and DNA profiles) to gain plausible deniability on future accusations of anything ...