Is Germany paving the way to a surveillance country?

, 3 min read

Recently the German government is pushing the rollout of new identity cards for citizens as well as an alien-card for foreigners. While those new identity cards come along with a whole set of new security features, German privacy advocates criticize that those new identity cards are a further step into the direction of a surveillance country.

With the introduction of the new identity cards it will be possible to store the fingerprint on the identity card. While this feature is optional, it can be used as identity verification. Fingerprints are a good way to identify a person. In fact, they are unique to each individual. This feature could be used in a variety of applications. For instance, it could be used as an additional key for online banking, aside from a username and a password.

In addition to the optional fingerprint, all identity cards can optionally be loaded with a digital signature which is more secure. This signature can be used online to sign legally binding contracts. Currently many websites that require age verification will ask the visitor s to send-in a copy of their identity card. The new signature will make it possible to just “plug-in” your identity card and send the signature to the provider.

Furthermore the new identity cards are smaller. While the old identity cards are twice as big, the new ones are of the size of a credit card or a driver’s license. This makes it possible to put them into the purse easily.

Although it is true that the new identity card contains new security features, this has some downsides as well.

Firstly, the new identity cards are more expensive than the old ones. While the fee for old identity cards was 8€, the new cards will cost 28,80€.

Another significant point is that the new identity cards were said to be secure, while they aren’t anymore. White-hat hackers have already proven the insecurity of the new identity cards. They were able to completely erase the data that is stored on the electronic chip. For instance, this could be a problem when you don’t notice that someone has erased the data on your card. You would be charged the fee for a new one and eventually get in trouble with the law.

Finally, the new cards are vulnerable to identity theft. The data that is send to the computer is usually cryptographically secured. But some parts of the connection aren’t encrypted. White-hat hackers have been able to read the data, when the card was used in conjunction with a computer that was not running up-to-date anti-virus software. For instance, think of a situation where fraudsters would replace the card reader at a bank with an insecure one. They would be able to read all the sent data.

In summing up it can be said that the new identity cards were meant to be more secure but turned out to contain a host of vulnerabilities. I am most concerned about how it will look like in 10 years, when people will still use the new identity card. Eventually there will be a dozen of publicly known security vulnerabilities. Data theft will probably occur every day.


Philipp Hansch

Full Stack Developer

Philipp is a full stack developer currently heavily involved with Rust. Most notably he's a member of the Clippy team where he helps with bugfixing and documentation. You can follow him on Mastodon and find him on GitHub as well as Patreon.