Iris Scanners in Canadian Airports 186
Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."
Canada is not the first? (Score:5, Interesting)
Re:Canada is not the first? (Score:4, Informative)
BIG MOUNTY IS WATCHING YOU (Score:1)
Schiphol system works but it´s unsafe (Score:5, Informative)
There is however an security risk with this system that can not be solved by placing the scan equipment next to a security officer.
The scan of the iris is kept on personal digital medium and not on a central server due to privacy laws in holland. When a visitor arives he presents the machine with his card, look into the camera and the machine verifys that the presented iris is the same as stored on the card.
The problem with this is obvious. Hack the card, upload youre own scan and you can get access while using the name of someone else.
Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.
Greetz,
Bas
Uhhhhhhhhh?!? (Score:4, Interesting)
Re:Uhhhhhhhhh?!? (Score:1)
"Users enrolling in the ABC-system receive a smartcard containing their unique IrisCode, a data file based on 247 independent variables that are measured for each iris."
link: article at www.infosecnews.com [infosecnews.com]
Easy to solve (Score:1)
Re:Easy to solve (Score:2)
Re:Easy to solve (Score:2)
Well, if you don't want to buy that 320GB harddisk to store the templates, you could also encrypt the template and store it (w/o the key) on the smart card and have a key for each user in the database
The issue isn't having storage space, the issue is making the data available to the authentication points. Not a problem if the system is *only* used in an airport, where it's probably reasonable to get network access from any location, but if you wanted a more flexible system that could be used elsewhere, maintaining a database, whether of keys or of templates or both, is problematic. Much simpler to put all of the authentication data on the card, digitally-signed for security, and only have to manage maintenance and distribution of a blacklist.
Also, rather than storing keys in a database, you can use a single master key and generate card-unique derived keys from it.
Might be a problem though because this gives the user the encrypted template as well as something rather close to the plaintext (his eye), which could be used for some half-known-plaintext attack.
Why? Would you be using your own cipher? Use a good cipher and don't sweat that stuff. Realistic attacks are always against key management processes, not ciphers.
Grammar nazi alert... (Score:1, Offtopic)
When unsure about whether it's your or you're, make dead certain you get it wrong by combining the two =)
Sorry
oh.. it's your btw
Re:Politeness nazi alert (Score:2)
But point taken.
Re:Schiphol system works but it´s unsafe (Score:3, Informative)
Unless they are complete morons I'd assume they use a cryptographic signature, or encrypt the whole thing.
Oops, easy to be wrong when assuming people aren't complete morons.
Anyway, if designed properly it would be extremely difficult to crack the encryption. At a very minimum they would need to snatch a machine. A really smart system could even revoke all scans associated with the snatched machine.
-
Re:Schiphol system works but it´s unsafe (Score:2, Interesting)
These devices, in conjunction with the automated checkin kiosks make flight travel almost tolerable again...
Re:Schiphol system works but it´s unsafe (Score:3, Informative)
Yes, some smart cards are easily hackable. But there do exist methods of coating the card to prevent even access to modification of the data (look up FIP Encryption Standards Level 4).
But also, if the smart cards are not changeable (IE not RAM style cards.) So, you can only put an ID and iris on there once, and not replace or change it. Then hacking the card directly will be meaningless since there is no way to change it. Since it is all hardcoded.
Yet, there is the possibility of someone making their own cards. The only real way around this is to include some form of authentication on the card (perhaps a quick encryption algorithm where each card has their own encryption key). Then all that would need to be done is have some random signal sent to the card, and then the key will encrypt it returning an answer that can be tested against what should be expected for that card from the system.
Now, even then hypothetically the card can still be created (if someone can figure out the key). But, I think it would start to become more a matter of hacking the main servers to get the key then just stealing a card and changing the iris from it.
Just some thoughts.
Re:Schiphol system works but it´s unsafe (Score:2)
But there do exist methods of coating the card to prevent even access to modification of the data (look up FIP Encryption Standards Level 4).
You're referring to level 4 of the FIPS 140-1, right? No smart card has ever been certified as a level 4 device, or even level 3 (as of a while ago, none was certified to level 2, either, but that may have changed -- level 1 is meaningless), and there's good reason to think that none ever will as long as they're dependent on an external power source.
But also, if the smart cards are not changeable (IE not RAM style cards.) So, you can only put an ID and iris on there once, and not replace or change it.
"RAM" cards? Never seen one. Anyway, smart cards have basically three technologies for data storage: EEPROM, Flash and ROM. EEPROM and Flash are both rewritable. ROM is not, but must be masked onto the silicon during production of the chip. Creating a new mask costs huge amounts of money, so you're not going to put iris templates in ROM.
What you're suggesting can't be done with typical smart cards. What can be done is to put the iris data in EEPROM and then write the softare on the card such that the card will refuse to ever replace that data. Keep in mind that smart cards are little computers, and you talk to them via a serial port, sending them commands to say "Do this", or "tell me that". Software interprets these commands and decides (a) what they mean and (b) if they should be acted upon. So, you write the "Load Iris" command such that it refuses if there's already a template loaded.
Yet, there is the possibility of someone making their own cards. The only real way around this is to include some form of authentication on the card (perhaps a quick encryption algorithm where each card has their own encryption key). Then all that would need to be done is have some random signal sent to the card, and then the key will encrypt it returning an answer that can be tested against what should be expected for that card from the system.
Yes, cryptographic challenge-response authentication is a staple (and you really can give each card its own key without requiring the reader to have a big database of keys).
Unfortunately, there are well-known attacks that can extract keys from cards fairly easily if you can get the card to use the key. Most of those attacks no longer work, because card manufacturers have implemented defenses against them. There are at least two attacks right now, however, that are thought to work against all fielded cards.
That doesn't mean cards are useless as security tokens, however, it just means that additional precautions must be taken. I won't bother going into those here, but, trust me, it can be done.
Now, even then hypothetically the card can still be created (if someone can figure out the key). But, I think it would start to become more a matter of hacking the main servers to get the key then just stealing a card and changing the iris from it.
Good show! Now you're on the right track. For this particular application, the simplest and best solution is to use PK to digitally sign the iris scan that is loaded on the card. For this case you don't really even need a smart card -- a 2D barcode with adequate storage, or a floppy diskette would work as well. But a smart card is a good idea because it's more durable than those. The scanner scans the persons eye, retrieves the signed template from the storage device (e.g. smart card), verifies the signature (using a public key, no secrets required) and matches the scans.
The part that has to be carefully secured is the enrollment process. Besides making sure you only enroll the right people, you also have to secure the private key used by the enrollment system to ensure it stays secret. Here would be an ideal place to use a really secure cryptographic device, one certified to level 4 of FIPS 140-1. Something like this one [ibm.com].
Re:Schiphol system works but it´s unsafe (Score:2)
Anyway, the way things have gone in the past any and all systems will prolly be implemented with security flaws for a few years.
Re:Schiphol system works but it´s unsafe (Score:2)
Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.
Nope. There are other ways to secure the system. Central databases are not only a privacy problem, they also reduce flexibility. What about when you want to deploy an authentication station to some location without network connectivity?
In this particular case, the solution is very simple: at the enrollment station, acquire the iris scans that will be used as the template and digitally-sign the scans and the identification information with a private key (or MAC them with a symmetric key). Then load the data and signature on to the card. At the authentication station, the signature (or MAC) would be verified. If you use PK crypto, the verification station doesn't even have to store any secrets.
One advantage of a central database is the ability to revoke an individual's access at will. This can be achieved in this scenario by adding the revoked card's ID to a blacklist, which is distributed to all authorization stations (which is a simpler problem than distributing the database of templates because the blacklist is smaller and changes less frequently).
There are other (secure) ways to skin this cat as well.
Re:Canada is not the first? (Score:1)
You're visit to Amsterdam was obviously limited to an On-Line Red-Light district visit.
But I wear contacts! (Score:5, Funny)
Okay, I'll bite. (Score:5, Insightful)
"We've used the latest in biometric technology to confirm that the passenger manifest is accurate. You are cleared for takeoff."
Re:Okay, I'll bite. (Score:3, Insightful)
Re:Okay, I'll bite. (Score:2, Insightful)
If there is an high-tech invention to due with the 9/11 incident, I wish someone can invention a hate-meter to measure that amount of hatred those guy are bringing onboard.
Re:Okay, I'll bite. (Score:2)
The machines are meant to ensure that costly post-Sept. 11 security at Canada's airports is focused on "people we don't know instead of those that we trust," she added.
So they screen people they know not to be terrorists and issue them passes for this scanner. That means that security people will not waste time with these passengers, and focus on the unknown ones.
Three questions:
- How do you know someone is not a terrorist. A background check will only reveal so much
- Suppose half the passengers get a pass for the scanner, so the customs officers can stare twice as long at the faces of the remaining passengers, will that help them uncover more terrorists in the crowd? It might at that, but the effect is not very large I suspect.
- The sentence about security being "costly" made me wary. If they can get half of the passengers to use the scanner, will they not just fire half of the security checkpoint staff?
Re:Okay, I'll bite. (Score:1)
Re:Okay, I'll bite. (Score:2, Insightful)
With state of the art, un reliable technology.
Re:Okay, I'll bite. (Score:2, Funny)
It lets them re-assign security staff from lazily eyeballing baby-Jesus lovin' white folks to their number one priority, "random" stop-and-searches of shifty moon-god worshipping Arabiac [whitehouse.org]-looking types.
That's the best case scenario. The real world scenario is that they just sack some staff and return to business as usual... until the next hijacking.
Re:Okay, I'll bite. (Score:2)
And this makes things safer how?
I'll give you two answers. Here's the first: Only people who can be shown to be extremely low risks for terrorism will be enrolled. All others still have to pass through regular security.
It would be interesting to know what, precisely, the standard is for allowing someone to enroll, but it can be as high as you care to set it.
One obvious standard: Require enrollees to pass a background check of the rigor and thoroughness required of people who want to obtain government security clearances. I received a Top Secret clearance a few years back, and I'm still surprised from time to time when I run into people who I hadn't seen for years, but who had received a visit from an investigator asking about me. In my case, I was almost denied a clearance, merely because I had lived outside of the U.S. for a couple of years, and the investigators couldn't effectively check on my activities during that period (I was on a church mission). To fill in the gap they subjected me to a polygraph test and contacted some of the church members I was working with.
I'm sure if you wanted to you could tighten the background check even further.
For that matter, you could only enroll people who are authorized to carry weapons on planes anyway. That wouldn't ease the general congestion problem at the security checkpoints much, but it certainly wouldn't pose a risk.
The point is, a large percentage of the population is an almost zero risk for terrorism. It's expensive and difficult to verify that a person falls into this category, but it can be done and for people who travel a lot (like me) it would be worth a couple thousand dollars to have a thorough background check done to pre-emptively clear us. The problem is that only works if you then have a very strong way to rapidly authenticate the identities of the already-cleared.
Oh, I said I'd give you two answers to the question about how this makes things safer. Here's the second: It doesn't. Terrorists wouldn't be able to get cleared, and wouldn't try. Most of the population, who only travel occasionally, likewise wouldn't bother getting cleared. So, we still need to run all of those people through some sort of an at-the-airport security check.
Unfortunately, the checks that we have are known not to work very well.
Plus, the simple fact of the matter is that terrorists are not going to hijack another plane. They won't if I'm on it, anyway, and there are millions of travelers who feel the same way. Since the presumption is now that being on a hijacked plane means you will die, you might as well die trying to kill the hijackers.
Re:Okay, I'll bite. (Score:2)
Re:Okay, I'll bite. (Score:2)
I have never seen a cop on a plane, at least not in uniform.
They generally don't travel in uniform.
And it's not just cops, either. Sometimes soldiers travel armed, when they're escorting sensitive or dangerous materials. My brother has traveled armed when he was escorting a couple cases of M-16A2 rifles. The rifles were in the cargo hold, but he to be physically present when they were loaded and unloaded, and armed the entire time.
If it were up to me, there would be no guns on board. Not even for Air Marshalls. If security is done properly, there is very little risk of any weapons being smuggled aboard. Note that I said properly, which certainly isn't the case right now.
I'm afraid the kind of security you consider "proper" is pretty much impossible to achieve in practice.
If I thought there was any risk of another hijacking, I would go the opposite way, and try to increase the number of guns carried by responsible, trustworthy people. Although I did really like one alternative suggestion I saw -- arm _all_ of the passengers with half-size baseball bats ;-)
So I guess.... (Score:1, Funny)
Re:So I guess.... (Score:2)
Privacy or Security - pick one (Score:3, Insightful)
As long as Security measures have to take second place to privacy concerns, the terrorists will win.
Go ahead and flame me, I'm wearing a +2,+2 asbestos suit.
Re:Privacy or Security - pick one (Score:1)
Re:Privacy or Security - pick one (Score:2, Insightful)
"As long as Security measures have to take second place to privacy concerns, the terrorists will win."
Wrong, privacy and security do not equate in the way you think. The terrorists win when the rulers use security as an excuse to monitor their subjects. Then the whole point of security is lost. Actual security should just prevent people from carrying dangerous weapons on board, and sadly confiscating nail clippers does not serve the purpose.Re:Privacy or Security - pick one (Score:1)
Parents have blocked moves to have airport-style x-ray and/or metal detectors at schools. How many school massacres could have been averted/prevented by scanners? I don't know, but I'll tell you this - if any of my kids are injured because of some lame-brained privacy nut's anti-inspection crusade, I will take action. And that includes the idiot that didn't keep proper control of a dangerous weapon...
Re:Privacy or Security - pick one (Score:1, Insightful)
Actually, the terrorists win when they knock down your office building on your head, or blow up the bus you are riding in, and you DIE. That's how the terrorists win.
Re:Privacy or Security - pick one (Score:1)
I'm not sure how these mitigate any potential threats to the airport. I want *real* security to stop terrorists, not another gizmo to reassure people. Honestly, if they just want that, they should go the route of the fake security cameras & not waste so much money... I didn't think airports had that much to waste nowadays...
Until someone can give me a good reason as to why this will make the airport more secure (do we even HAVE retinal scans of likely terrorists???) I'd like to keep my privacy, please.
Re:Privacy or Security - pick one (Score:1)
I mean, if all I have to do is fly a bunch of times to get a little less security attention... I'm sure that it doesn't take much thought to see why that could be bad, given well-funded terrorists.
I knew I should've just put out the DNFTT sign, instead...
Not quite. (Score:2)
The simple thing is to not let terrorism get you down. Don't let people hijack planes, and be aware of what's going on. If people act suspicios, treat them with suspicion. But don't compromise the basic rights. People who sacrifice liberty for safety deserve neither.
Re:Privacy or Security - pick one (Score:2)
boiling the frog (Score:3, Insightful)
yes, until more and more people have gotten used to do it. When the majority is doing it, I'll bet it will be mandatory for every passenger.
Its called the boiled frog syndrome.
Re:boiling the frog (Score:2, Interesting)
Driving is a privilige, not a right. Therefore, living without a car should be a perfectly viable situation to be in. Yet think of it, who doesn't have a car? Few people. Cars have become a necessity, and the government can now use our dependency on them to manipulate us.
Do you have taxes due? No problem, we'll just take away your license until you pay up! Back around the early 20th century; if they did that, you'd be a little bummed, but you'd live, because society hadn't yet come to "assume" that everyone owned a car. You could still walk anywhere you needed to go.
But now, try living without a car. It's the same with credit cards. Checking accounts. Try living without a checking account, I have for the last few years (ChexSystems sucks!), and it's damn hard!!! Try it yourself, for a month, try living without a checking account. Pay $50 each paycheck just to cash it! Buy money orders to pay your bills. No more card-swiping at the pump, you hafta go INSIDE to pay for your gas (and then inside again, to collect your change).
The "completely voluntary" excuse is an excellent way to sneak something in, in plain view of everybody, without raising many objections. Then, make it easier and easier for people to use the offending system, and make it harder and hard to use the older system. The only drawback for the government is that it takes a bit longer to solidify into "completely involuntary".
Re:boiling the frog (Score:3, Insightful)
>
> WE NEED WAYS TO IDENTIFY PEOPLE WHO ARE
> BOARDING PLANES.
>
> If iris scanning makes this more accurate
> versus a driver's license or passport, they can
> go right ahead. I'll even sign up.
There are so many ways to attack this argument, so I'll only pursue two:
(1) Far, far more people are killed on highways every year than have ever been killed by terrorist attacks.
Why don't we make everyone buy a tank and drive at 5 mph on the highways. That way ~no one~ would die in a traffic accident.
You dismiss this argument as absurd? I agree, but I think you just put a price on life.
(2) How would we have had the iris scans of these people who boarded the various terrorist flights? HOW?
That quickly, you have seemed to convert a voluntary system, which appears to be a great idea, into a mandatory identification system that will promote "safety".
Take a look at history. Then tell me who you should really be afraid of: random acts of violence or central promoters of identification and other "safety" acts. Remember the "gold star"?
Re:boiling the frog (Score:2, Funny)
Except pedestrians and cyclists...
Accuracy (Score:2, Interesting)
Re:Accuracy (Score:2)
Thankfully ... (Score:1)
Re:Accuracy (Score:1)
As for fooling them, I read an article were they said they were getting an 80% fool rate on the best machine by taking a really good picture of the eye of the person, current the pupil from the picture, and putting that over your eye. On the low end machine, the picture itself was all that was needed
On the higher end machines they check that your pupil reacts to the light so you need a living pupil for that to interact with.
Foolable (Score:3, Informative)
I hope that they have a proper system with personal digital (hard to hack) ID cards and such to make sure that it is foolproof.
Re:Foolable (Score:1)
The biggest problem is the fingerprint, picture,etc of the person you want to impersonate.
In the places that I have worked that required biometric access to get into an area they just used the biomentric check as a portion. You still needed a numeric key or a passkey.
While eyes, fingerprint, palmprint was used infrequently, the biggest biometric system that they used at almost every entry was your weight. To open a door you had to enter a code, use your access badge, and be standing on a certain square so that your weight could be check against previous averages.
Re:Foolable (Score:1)
The problem that you run into is when you are carring computers, books or other stuff then it would sound off the alarm and the guards would have to check you with a camera or come over to see you.
Re:Foolable (Score:2)
Transmission of eye disease (Score:4, Interesting)
His red-eye recovered in a week after medication.
Re:Transmission of eye disease (Score:1)
Re:Transmission of eye disease (Score:2)
Man, what kind of dirty place was that? Every one of those places I go to has a big window, not a telescope. I put my face on the glass too, but they usually have someone come in and mop up the "bacteria" after someone has used the booth. I would advise him to pick a slightly higher-class joint the next time he feels the need to do things like that!
Mark
Thanks Goodness for Privacy Advocates... (Score:5, Insightful)
One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:
(1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.
(2) [More recent] To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.
Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.
Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister.
Re:Thanks Goodness for Privacy Advocates... (Score:2)
That is what a governement official (on the federal payroll) is quoted as saying. It is the privacy commisioner's job to oppose "Big Brother" schemes. That is one thing that we here is Canada have that ensure we retain more freedoms than our southern neighbours are tossing away.
While part of the government is ready to record our every move, another part is ready to stop that in the interests of citizens rights.
-----
Re:Thanks Goodness for Privacy Advocates... (Score:1)
I believe that there is nothing wrong with the government being able to know who you are.
americans have this peculiar attitude
-on one hand you want the goverment to protect you against any possible hazard (terrorists, enironmental hazards
-but on the other hand you freak out at the idea that the government can know your identity and address.
i mean: how can they do their job without being able to track wherabouts of people that they think worth investigating
oh wait: they only should track the right peole, and leave you alone.
the right people to track would probably be
-anyone not catholic.
-anyone with non hetero sexual preferences.
-anyone not with coloured skin
-....
My concerns with biometric "passwords" (Score:5, Insightful)
Re:My concerns with biometric "passwords" (Score:1)
Dont worry by the time somebody is able to do it, you will also be able to change your retinal signature.... and Minority report is still far away... wait a minute the russian doc is just outside my door, ...hmmm
Re:My concerns with biometric "passwords" (Score:2)
Re:My concerns with biometric "passwords" (Score:1)
Re:My concerns with biometric "passwords" (Score:2)
Anyone saying biometrics by itself is secure is a liar and trying to defraud you into paying loads of money for a worthless easily tricked system.
At least a live guard ought to be able to tell wether you're holding a picture of someone else in front of your face or not while he's checking your passport.
A valid concern (Score:2)
Well they can poke you in the eye with a stick...
I imagine that if your retinal scan becomes comprimised, you would just spend alot of time at the airport having extra checks done. Seems like smart cards might be a better way to go.
Re:A valid concern (Score:2)
Are smart cards and key pairs the answer? (Score:5, Insightful)
Now, to prove you are who you say you are you swipe the card. You private key is compaired to your public key and verified.
Every six months, your key pair becomes invalid and you generate a new pair.
Re:Are smart cards and key pairs the answer? (Score:2)
These things are notoriously poor (Score:4, Informative)
Apparently, people could fool face-scanning systems (yes, I know they're different) with photos or video images. It doesn't actually say how to fool iris-scanners - but suggests that the trial wasn't convinced of their greatness.
Still, at least they're not going to use fingerprint scanners at the airport as they think they're too easily fooled - the BBC article reckons you can fool those by breathing on them.
I'm not sure whether this kind of security is best placed in an airport - fine for lower-risk security such as getting into your office block, or maybe even for your home burglar alarm - but at an airport with (potentially) massive numbers of subscribers to the system - sounds like a poor idea.
Re:These things are notoriously poor (Score:2)
Regarding the accuracy. You cannot quote one accuracy figure for biometrics. There are always two: False positives, and false negatives. False positives are when a biometric is misenterpreted for another persons biometric. The system thinks that person A is person B. False negatives are when a person is not accepted by the system as being that person. The purpose of the system will dictate which false reading is worst. In general you can inmprove one error at the cost of the other error. That 47% accuracy is meaningless.
The important thing to remember about any biometric system is that you must back it up with a second piece of id such as a card (swipe or smart), or a pin. This is true for most forms of strong identification.
let's see... (Score:4, Funny)
Re:No (Score:2, Insightful)
The picture gets the blood viens which are check, and when the pupil test is done your eye passes that.
Iris Scanners..... (Score:3, Funny)
Scary. (Score:1)
Puts the phrase 'an eye for an eye' in a renewed perspective, now doesn't it...
Re:Scary. (Score:1)
So, no worries about this one. fingerprint however will stay 'on' the finger for quite some time.
Protest (Score:1)
Different policies for different travellers? (Score:2)
scanning flowers? (Score:2)
Geez. What will they think of next?
Hrm.. wait.. maybe I shouldn't ask that. They might just go straight for the anal probe.
all inaccurate (Score:2)
These things can be spoofed pretty easily because they generally do not verify very well what they ought to verify: that they are looking at a live iris, not a contact lens. Worse, such contact lenses can be manufactured from photographs taken without a person's knowledge.
And "being completely voluntary" doesn't mean something doesn't invade someone's privacy. If you are being tracked, your privacy is being invaded--the only question is whether the invasion has other bad consequences, now or in the future. A lot of these mechanisms are well-intentioned when they start out, but future politicians figure out how to abuse them.
Furthermore, putting unreliable biometrics somewhere greatly increases my risk that my identity is being stolen (see above), and I certainly consider that an invasion of my privacy. I'd much rather have a hard-to-duplicate physical token--if I lose that, I know it, and I only have myself to blame.
Linus predicted these problems years ago (Score:3, Informative)
I, for one, agree. I don't think iris scanners are a good idea in airports because the invasion of the right to privacy of people in the airport is not good.
One of the major problems with iris scanners is light refraction. The way iris scanners work is that they send out dense beams of infrared, and when they reflect back a pattern that can be recognized as an 'iris', this pattern is then stored and can be compared against a database of iris patterns.
Few quiche eating Pascal programmers and Mac users would realize just how inaccurate this is. Everyone's eye has a different surface, and if the IR ray enters from different angles, different distorted iris patterns can be reported. This is why scanning the material that controls the entry of light to the eye would be more accurate, since this is not affected by these scientific properties.
*Ahem* (Score:2)
Re:Linus predicted these problems years ago (Score:2)
Wrong, pattern is compared against pattern stored in your own card. In this case the CANPASS-air card. Less secure, but no invasion of privacy in that sense
you have to do that? (Score:1)
I can't imagine having to do that. Why should I have to tell a government how much money I spent whilst out of their country? ...even if I am one of their citizens.
I'm from the UK and have travelled quite a bit, but never have I been sugjected to such a stupid idea.
Money spent out of country (Score:1)
It isn't about how much you spent, it is about how much stuff you are importing.
Michael
Re:you have to do that? (Score:1)
Seeing as Canada and the US have different economic systems and 90% of Canadians live with 100 km of the American border, the Canadian government is always trying to keep Canadians from driving over the border and buying big things without paying the government its taxes. They don't really care how much you spent; they just care what you bought.
I don't know how it works in Europe, where there are so many physically small countries with so much traffic between them all. Are the sales tax rates equivalent, so it's not worth driving across a border to make a large purchase? Aren't there import duties?
Re:you have to do that? (Score:1)
EC members have the same taxes - and sales taxes all sort of go into one big fund which gets divvied up according to some set of rules - I think.
The thing is though, is that the UK doesn't subscribe to this. Mainly because there are a lot of things on mainland Europe which the UK doesn't want - Rabies being the main one. So there are very tight restrictions about what you can bring in, and how much of other stuff which you can bring in.
The UK government has a large tax on cigarettes for example - and so people go to Europe to buy things because of the lower rate of duty. There are restrictions in place which amount to "personal use" - you can go to France from the UK and buy cigarettes but if you buy so many that they think you are going to sell them instead of smoking them all yourself - in effect, smuggling - they get very upset.
The only difference really is the way the question is asked: "show me what you are importing" rather than "how much did you spend".
One thing that would make me wonder... (Score:2)
I can't help it, but it gives me the fealing that only those who are dishonest for one reason or another would fear a system like that. I hardly think that it would make us pawns or something like that. Then go worry over the goverment instead.
Voluntary eh? (Score:1)
Re:Voluntary eh? (Score:1)
The drunk Mayor of Kitchener-Waterloo (or it could be Guelph -- hard to find stories on the 'net from the mid 90s sometimes), Ontario told the police flat out he wasn't going to to take one.
They didn't make him. They just reported that fact, plus their observations to the judge. I believe he was virtually convicted on the spot in court for drunken driving, and IIRC, had his license revoked
So yes, you can decide not to take it, but you'll almost certainly lose your license, and probably will end up losing any fight in court about it (since you have no evidence to show you didn't do it, and the police have all the evidence they need).
Iris scanner... (Score:1)
Hmm (Score:2)
Oh, wonderful... (Score:2)
-
We have iris scanners at work (Score:1)
There's also a camera so the "hold up a disembodied eyeball" trick would probably be noticed, but I wonder how much attention the camera will get now that the responsibility for access control lies with the iris scanner. I think the main purpose of the camera is for confirmation after the fact. If the iris scanner says I entered the building at a certain time and I say I didn't, Security can check the video to see who actually had their eyeball there at that time, so someone who wanted to fool it would not only have to duplicate my iris, but also my physical appearance.
The iris scanners are replacing fingerprint scanners which drive people nuts with their low reliability. So far I have never need to be iris-scanned more than once, but with the fingerprint scanner, people often had to try twice.
Also, the fingerprint scanners are two-factor authentication methods (punch in a code, scan your fingerprint) and at some doors the list of codes is conveniently printed on a sheet taped up beside the scanner. The ability of users to turn two-factor authentication into one-factor authentication never ceases to amaze me.
Worrying! (Score:2)
1. As someone already posted, these devices are very unaccurate. And I am not worried about people who are wrongly detected to be terrorists - I am worried about the opposite case. And from the current research it appears that there are a high percentage of false positives. In the range of tens of percents.
2. The other thing that worries me is that it's a dangerous trend. Using biometric data is much worse than passwords because
a) you can change passwords freely, but you can't change you face, iris or fingerprints. If someone spoofes or achieves these (mask-copy of face, holographic copy of iris, silicon stamp of your fingerprint) you're fucked for life.
b) The people who would want access to your biometric data are likely to be unscrupulous and highly motivated, and a very simple way of accessing your biometric data is by - killing you! Or crippling you significanlty, at least: cut finger(s), gouge eye(s), severe head off to make mask copy of face later on. I definitely don't want to become a person who has access to important things AND uses biometric access systems!
Ummm, and this is a bad thing because...? (Score:2)
And this is a bad thing because...? Verification that airport staff aren't impostors, and making sure there's no outsiders there seems like a good thing to me. How is this an invasion of privacy or such?
TLV has that too (Score:2, Informative)
(* It's called TLV, but actually it's 30 minutes drive from Tel Aviv)
Proves what? (Score:2)
If I were to walk up to a ticket counter with forged documents (passport, driver's license, etc) and then be allowed to use the iris scanner, the scanner would associate me with the claimed identity. In the future, as I became a frequent traveller it would be even faster and less risky for me to board a plane with my false credentials, as they would no longer be needed. If I have to show my fordged documents to a person each time, there is a chance that nervousness, or some problem with the documents may be caught and I could be questioned. Iris scanning s
Will a 'frequent traveller' be put through a more elaborate background check before being allowed to board via the scnners?
Once again... (Score:2)
Re:It's up to the Americans. (Score:2)
If it did involve America somehow, "stopping people at the border" would involving shooting down Canadian planes entering American airspace. Based on your post, I'm not so sure that's a bad idea.
(Note: I am neither American nor Canadian. I am, however, against stupidity.)
Re:It's up to the Americans. (Score:2)
Maybe now Canada will secure its fucking borders and keep terrorists away from American soil. Stupid frostbacks. Oh... and Chretien is a socialist pussy.
My post had absoloutly nothing to do with the iris scanners in the airports. The top poster said something stupid, so I pointed out his stupidity. Should we ask people "Welcome to Canada. Do you plan on committing atrocities in America? No? Good. Business or Pleasure?"
(Note: I am neither American nor Canadian. I am, however, against stupidity.)
I am Canadian, and I'm against people taking a post out of context. I'm just going to give you the benefit of the doubt and assume that you're reading at a threshold above -1 or 0, and didn't see the parent of my reply.
Re:It's up to the Americans. (Score:2)
I simply don't think that Canada should (have to) protect America from people entering their country from Canada. I also don't think that Americans should (have to) protect Canada from people entering our country from America.