Portuguese "Citizen Card" aprooved
Wow, I wasn't counting on this one: aprooved the Portuguese "Citizen Card" too soon, giving no time for contestation on the solution presented.
To give you some understanding about what I'm talking about, just take into consideration that there are already some countries with similar solutions (in concept, some better in design) and last year we saw those all cracked in What The Hack. I would guess that after the new Portuguese digital passport issues (the first fake one was used one day after the system was up) the Portuguese goverment would be more careful about thins kind of stuff, mainly security-wise. But they didn't: the Pegasus Project clearly has several flaws security-wise. And this is no passport - this is a card that aggregates info on five now-existent cards and info about yourself. Your live is going to be recorded there, and being naive about security in a system as this just scares me.
So (and this question is most directed to those who attended to BarCamp Portugal, but I really expect to get more people acknoledge this issue), what can we still do about this?
To give you some understanding about what I'm talking about, just take into consideration that there are already some countries with similar solutions (in concept, some better in design) and last year we saw those all cracked in What The Hack. I would guess that after the new Portuguese digital passport issues (the first fake one was used one day after the system was up) the Portuguese goverment would be more careful about thins kind of stuff, mainly security-wise. But they didn't: the Pegasus Project clearly has several flaws security-wise. And this is no passport - this is a card that aggregates info on five now-existent cards and info about yourself. Your live is going to be recorded there, and being naive about security in a system as this just scares me.
So (and this question is most directed to those who attended to BarCamp Portugal, but I really expect to get more people acknoledge this issue), what can we still do about this?
Well, it seems that, considering this, only the existence of a card was aprooved, not it's implementation. Oh well, I wish they were more transparent about this (like having a news section explaining this stuff in the card's website)...
ReplyDeleteAnyway, thanks to Adriano for the enlightment.