Sven Slootweg's Blog

Quite a weird sight on my MSN account today. Someone I haven’t talked to in ages suddenly started talking to me. The conversation went somewhat like this:

(00:34:39) David: Hey are you there?
(00:42:46) Me: yus
(00:43:17) David: i just took an IQ quiz
(00:43:39) Me: what was the result then?
(00:44:04) David: I was smarter than I am! I scored 111
(00:44:13) Me: lol
(00:44:40) David: you gotta see if u can do better than me, <harmful link>
(00:45:47) Me: :S
(00:47:34) Me: are you a bot?
(00:48:10) David: im not a bot silly, its me

It actually took me until the (very suspicious) link to realize that it was a bot I was talking to, and not the person I thought was behind it.

And yes, I did click the link. Why? I was wondering what would happen, and since I’m running Linux anyway I didn’t expect anything bad to happen. After all, it’s most likely written for Windows. And I was right: nothing happened.

On another forum, I read an even more curious case. The following is a snippet from a forum post on http://rumtumblurpei.blogspot.com/2010/07/new-msn-virus.html?showComment=1281585428280#c5009037735819209825:

BIG says:
tell me something only noah would know
BIG says:
lol
NOAH says:
are you kidding? its me and not some bot, stop this

MSN worms are sure getting smarter, these days.

A new law has been accepted in the Netherlands. It states that any Dutch citizen that wants to renew his passport or identification card, will need to give his fingerprints upon request. While the European laws indicate that two fingerprints have to be made, and have to be stored on the proof of identification, the Dutch government has decided to not only take 4 fingerprints instead of the 2 fingerprints that will be stored on the chip, but also to store all four of them in a nation-wide database.

A video from privacymatters.nl illustrates really well why this is a serious threat. People will say “I don’t have anything to hide”. But how would it feel to be tracked 24/7? How would it feel to know that the government can check up on what you say to your wife over the phone, or even worse, how would it feel if you were put in with a group of suspects for a criminal act, based on your fingerprints?

As the margin for comparison mistakes of fingerprints will be about 3%, there is a huge risk of getting involved with cases you initially had nothing to do with. Imagine a database with 16 million people. 3% of 16 million is still 480.000 wrongly suspected victims.

There are some exceptions however. If, for some reason, you cannot give fingerprints (medical conditions and such) you will be granted a proof of identification that will have to be renewed after 5 years. If the medical condition is only temporary, you will be granted a proof of identification that is valid for one year, after which it will have to be re-evaluated.

The government is not allowed to use the fingerprints in the database to look for a suspect. At least, not according to current law. In the law, however, there is a loophole that might allow the government to do this later. Which means the exact scenario I just outlined is actually possible.

Vrijbit, a Dutch organization that fights the disappearing of privacy, filed a complaint with the European Court of Human Rights about the storage of all fingerprints in a central database. Maybe the court will take action, but I’m very afraid that we don’t actually have any say in this.

The worst thing is that you have to renew your identification in time. Which means you have to give your fingerprints, and you can’t complain. Simply because walking around without a valid ID can get you in trouble. And given the current level of security of the Dutch government’s IT business, I don’t trust this at all. Besides being watched by the government 24/7 (your fingerprints are stored on a remotely readable RFID chip), criminals might get access to the database and use it against you.

Technological advancements aren’t always a good thing.

Watch the privacymatters.nl video here with English subtitles: http://www.youtube.com/watch?v=fAq9ExbZFQQ

Sources used for this article:
The article on the new law by Wilmer Heck and Annemarie Kas in nrc.next, Friday September 18, 2009
http://www.onzeprivacy.nl/
http://www.privacymatters.nl/
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:142:0001:0004:EN:PDF