New Dutch passport plan criticized as a “goldmine for hackers”
The Cabinet plans to create a central database with all the personal data citizens provide for a passport application, such as fingerprints, signatures, and passport photos. That is a terrible idea that would create a “goldmine for hackers,” the Dutch Data Protection Authority (AP) warned.
Currently, the municipality where someone applies for their passport or ID card stores the necessary personal data in its own decentralized database. The planned amendment to the Passport Act would change that to one central storage. Fingerprints will be kept until the passport is issued, and photos and signatures for longer.
“The passport photos and signature of almost all Dutch people together, and then also the fingerprints of the people waiting for a passport: that’s a goldmine for cybercriminals,” said AP chairman Aleid Wolfsen. “Instead of having to break into over 300 municipalities’ databases, criminals will soon be done with one hack.”
He stressed that this type of biometric data is extremely valuable to criminals, who can use it “to commit identity fraud or to discriminate against people.” Non-criminal data leaks would also be extra dangerous with such a central database because it could affect so much more people.
“This is a slippery slope,” Wolfsen said. “We can end up in very undesirable situations with very small steps. First, the police want to use those fingerprints to solve very serious crimes, then also for slightly less serious crimes… Where does it end? You have to think about that carefully before you opt for a central database.”
According to the AP, the government did not make sufficiently clear why the central database is really necessary. “It mainly mentions the advantages of a central system, but the disadvantages are not properly mapped out and weighed up.” Also, it is unclear who would be finally responsible for the data. “Then the government can hide behind each other if something goes wrong.”
“The Dutch Data Protection Authority advised the government to thoroughly amend the plans or otherwise withdraw them.”
