Enhancing Privacy for Biometric Identification Cards

Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new system.

💡 Research Summary

The paper addresses the growing deployment of biometric electronic identification cards, especially e‑passports, in the European Union and the United States, and the privacy concerns that have arisen from the storage and handling of personal biometric data such as facial images and fingerprints. The author argues that the main source of public opposition is the lack of transparency from authorities and the reliance on centralized databases or insecure biometric processing models.

Three architectural models for integrating biometrics with smart cards are examined: Template‑On‑Card (TOC), Match‑On‑Card (MOC), and System‑On‑Card (SOC). TOC stores the biometric template on the card but performs acquisition, feature extraction, and matching on the external reader, exposing the template to potential interception. SOC embeds the sensor, processor, and matching algorithm entirely within the card, offering the highest privacy but suffering from current limitations in chip performance, power consumption, and cost, making it unsuitable for large‑scale rollout at present.

The paper advocates MOC as the optimal compromise. In MOC, the biometric template resides securely inside the smart card and cannot be extracted; the reader only captures the raw fingerprint image and extracts features, then sends a temporary template to the card for a secure internal comparison. The card returns a simple match/no‑match decision, preventing any biometric data leakage even in contactless operation.

To protect the integrity and authenticity of the data, the author proposes a full Public Key Infrastructure (PKI) built around the smart card. Each passport holder receives a digital identity certificate binding their public key to personal identifiers (including, optionally, a facial image). The issuing authority acts as a Certificate Authority (CA), signing certificates with its private key. Revocation mechanisms such as Certificate Revocation Lists (CRLs) are employed to invalidate certificates when a passport is lost, the holder dies, the private key is compromised, or the certificate is misused. Modern asymmetric algorithms (RSA and Elliptic Curve Cryptography) are recommended because they can be implemented on constrained smart‑card hardware while providing strong security guarantees.

Policy recommendations focus on privacy‑by‑design and data minimization. The paper calls for mandatory prior impact assessments for any biometric system, explicit exemptions for minors, the elderly, or individuals unable to provide fingerprints, and the prohibition of centralized biometric repositories. Instead, all biometric templates should be stored locally on the chip in a non‑reversible hashed form. The author also stresses that e‑passports are only one link in a broader identity‑verification chain; the security of underlying civil documents (birth certificates, citizenship papers, etc.) must be improved to avoid a “weakest‑link” scenario.

Finally, the paper outlines an implementation roadmap: adopt the MOC smart‑card model, integrate it with a distributed PKI aligned with ICAO Doc 9303 standards, enforce strict revocation and renewal procedures, and ensure cross‑border interoperability while preserving national sovereignty over certificate issuance. By combining technically sound biometric processing with robust cryptographic identity management and clear regulatory safeguards, the proposed solution aims to deliver the security benefits of modern e‑passports without sacrificing the privacy rights of citizens.