Germany Begins Iris Scans at Frankfurt Airport 322
securitas writes "Deutsche Welle reports that at Germany's Frankfurt airport biometric iris scans of airline passengers have begun. The German government says that the six-month pilot project is part of Europe's 18-country Automated and Biometrics-based Border Checks initiative to improve 'border control routines' and domestic security, with a full-scale system to follow. The system uses an iris scan embedded in a passenger's machine-readable passport, which is compared to the passenger's iris with an onsite scan. Travelers must 'sign a data security document' and agree to be checked by border guards. The article also references the capability of an iris scan to determine drug and alcohol consumption. The European Parliament is considering replacing all of its traditional passports with a new European biometric passport by 2005. The IRISPASS system (press release) was built by Byometric systems, Iridian and Oki Electric Industry. More coverage at CNet/ZDNet, AP/USA Today and mirrors at AJC, and CNN."
Amsterdam Airport Schiphol introduced this in 2002 (Score:2, Informative)
http://www.cnn.com/2002/WORLD/europe/03/27/schiph
On the one hand... (Score:5, Informative)
Still, all these methods do nothing to prevent terrorism. They only validate that the person shoving their eye into the reader, terrorist or innocent, matches with the passport. Done properly, it should be incredibly difficult to forge a passport without having someone high up on the inside with access to the private encryption key. But it won't stop terrorists.
As one who's actually worked with iris scanners... (Score:5, Informative)
A typical fingerprint has about 10 points that can be uniquely identified, and on a thumbprint scanner you're lucky to get 5 or 6 of them reliably. The iris has roughly 26 unique points that can be picked up every time. Back when I was working with Iridian's stuff they used a low light video camera to basically take a picture of your eye...no funky lasers or anything like that. Additionally, and perhaps morbidly so, they had built technology to help identify if the eye was live or not, so not only could you not just hold up a picture of an eye, but you couldn't take someone else's eye (a la Demolition Man, I believe) and hold it up to the scanner.
Additionally, the iris pattern (and thumbprint or voiceprint in other applications) is never held as an actual pattern; it's just a hash based off of what comes off the scanner, so privacy was not much of a concern.
Re:Iris changes (Score:4, Informative)
So, their irises do change, certainly in colour. There aren't many 6-12 month-old terrorists running around, so maybe that's not an issue. But what Lockridge said is clearly wrong.
What if.. (Score:4, Informative)
Also, Keratoconus is a disease that causes the cornea to deform. This would cause scans of your iris to change. Also, people with this often have cornea transplants. The stitches (which are sometimes left in "forever") are right over the iris.
Re:Iris changes (Score:5, Informative)
This is absolutely wrong. Especially with pathological changes.
And yes, I am a vision scientist.
We tested them at work (Score:2, Informative)
They seem to work quite well. There is one "drawback" though: you can only use them to identify people who are already in your database. So it can only be used to authorize personel and not to identify visitors for example. This will remain like this until governements start keeping databases of biometric records.
Ofcourse this isn't very evident because the TTEI-resolution of 2001 specifically forbids practices like this on grounds of techfear I suppose.
Re:On the one hand... (Score:5, Informative)
Obtention of "lost" passport? (Score:5, Informative)
In France and Belgium, for example, you can walk into a police station and declare you have lost your passports (the prevalence of muggers and pickpockets makes it an easily believable story). You have to provide a birth certificate. What is it? An ordinary piece of paper, incredibly easy to counterfeit. Once your ID has been "established" by this "proof", the authorities will issue a new set of ID documents: forgery-proof ID and biometric passport. With your supplied name and photo on it.
If at least, they keep a database of iris scans, forgers would be able to do it only once. The article doesn't say anything about such a database.
So this is a nice strong link in the othewise very weak security chain in Europe.
Big Brother State (Score:4, Informative)
Does having an "arresting station" in one's own dwelling-place not sound a bit more chilling that eye-scanning?
Re:Iris changes (Score:3, Informative)
This isn't quite right - while the passport is scanned, this isn't for iris data, merely to ascertain who you claim to be. The iris code corresponding to this identity is then retrieved from a central database and compared with the results obtained by the security terminal. From the press release:
"First, passport data is captured by a passport scanner and checked against a database. The iris recognition system then identifies the individual's iris to verify a match between the individual and the legal passport holder."
Re:Iris changes (Score:3, Informative)
Re:Oh fer crying out loud. (Score:3, Informative)
No, but the whole rush towards biometric data in passports was triggered not least by the US, as pointed out in the USAtoday article linked in the story:
"Germany passed laws after Sept. 11 attacks that provide for biometric features to be added to passports and personal identity papers. Post-Sept. 11 U.S. legislation also requires 27 countries, mostly in Europe, to add biometrics to passports they issue after Oct. 26, 2004, or else have their citizens apply for visas. "
It's optional! (Score:5, Informative)
It's setup as a convenience for frequent travellers. Its opt-in, if you would like to call it that way.
Re:Colored contact lenses (Score:3, Informative)
I've got the non-opaque ones, which is basically a colored transparent circle in the middle of the lens. It does tint my vision a little, but the brain gets used to it. I don't use them for photography. This type does not lighten dark eyes. I'm pretty sure you could easily get an iris print through these.
The opaque kind has a printed fake iris-like pattern on them, and are clear in the middle (and they don't tint your vision) I didn't like this kind because they use a half-tone dot pattern that I noticed very easily and looked especially fake. I doubt you could get an actual iris print with these. These are newer and are being pushed harder (example: the non-opaque kind are not available for astigmatic lenses). Manufacturers claim they look better, but for light-colored eyes, I disagree. For dark colored eyes, they are the only solution.
"Der Grosse Bruder" (Score:4, Informative)
The German authorities will not be able to enforce this system for a long time, as it is impossible to force all other countries to provide such data.
Besides, did you ever notice that Europeans have to provide biometric information when applying for a US visa?
Sebastian
Re:Obtention of "lost" passport? (Score:3, Informative)
Looking up "security" and "stolen passport" in Google leads to interesting stories. Looks like some EU countries have "misplaced" tens of thousands of blank passports, which got stolen right from the storage rooms of passport offices. What good is it to have holographic imprints in the paper if you put the blanks it in a badly protected drawer? And remember, boys and girls, such a passport gives you access to all the EU, 'cuz Europeans don't need no big bad borders no more. You cannot more clearly proclaim "Scum of all Earth, come deal and traffic in our countries!"
In this story [askmk.com], British journalists demonstrated how easy it is to claim your passport has been stolen and to get a new one issued to a fake identity. And still in sunny UK, another story shows that about 3000 passports a year, sent through 1st class mail, get lost or stolen in the mail [guardian.co.uk]. And there are tons more.
So before they start retina-scanning people in public places, maybe the EU gummints could tighten their abysmally unsecure procedures just a tad?
Re:Open Biometrics for the home? (Score:2, Informative)
(a) Nevermind the authentication -- unless you're still using cylinder locks, the weakest link will be the physical bolt itself. Get something which can withstand a battering ram before you worry too much about lockpicks.
(b) Get one of those coded safes that they use in hotel rooms -- cement it into your garage floor, set a long code on it, and put a spare set of house keys inside.
(c) If you have cylinder locks, then anyone with a pick set already has a universal key to your house.