Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy

Iris Scanners in Canadian Airports 186

Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."
This discussion has been archived. No new comments can be posted.

Iris Scanners in Canadian Airports

Comments Filter:
  • by VladDrac ( 15111 ) on Friday September 27, 2002 @03:31AM (#4342551) Homepage
    As far as I know, schiphol airport [schiphol.com] has had irisscans for a while now. See for example this article [accessexcellence.org]
    • by JaredOfEuropa ( 526365 ) on Friday September 27, 2002 @03:50AM (#4342596) Journal
      The article does mention Schiphol. The interesting thing to note is that Schiphol uses these devices to speed up passport control, not check-in or customs. For a fee, travellers can sign up for this program and bypass passport control completely. The scanner is placed next to the passport control booth so the officers can keep an eye on it, to help people resist the temptation to just hop over the barrier.
    • Sure we are using the irisscan program on schiphol airport to bypass customs.

      There is however an security risk with this system that can not be solved by placing the scan equipment next to a security officer.

      The scan of the iris is kept on personal digital medium and not on a central server due to privacy laws in holland. When a visitor arives he presents the machine with his card, look into the camera and the machine verifys that the presented iris is the same as stored on the card.

      The problem with this is obvious. Hack the card, upload youre own scan and you can get access while using the name of someone else.

      Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.

      Greetz,
      Bas
      • Uhhhhhhhhh?!? (Score:4, Interesting)

        by JaredOfEuropa ( 526365 ) on Friday September 27, 2002 @05:03AM (#4342732) Journal
        I can hardly believe this... Presumably the machine uses some private key, but once that is hacked, people could create their own cards... it would be as secure as a black&white passport on plain paper: everyone could print their own on their laserprinter at home.
      • Just store a hash instead of the "real" data.

        • Doesn't work if you're thinking of a general-purpose hash. The problem is that no two scans of the same part of your body will come out exactly the same. Biometric template matching is never exact, it's just "close enough". How close is "close enough" depends on the application. How close is achievable depends on the biometric technology.
      • Hack the card, upload youre own scan and you can get access while using the name of someone else.

        When unsure about whether it's your or you're, make dead certain you get it wrong by combining the two =)

        Sorry :) You do have a good point in your post :)

        oh.. it's your btw :)
      • he problem with this is obvious. Hack the card, upload youre own scan

        Unless they are complete morons I'd assume they use a cryptographic signature, or encrypt the whole thing.

        Oops, easy to be wrong when assuming people aren't complete morons.

        Anyway, if designed properly it would be extremely difficult to crack the encryption. At a very minimum they would need to snatch a machine. A really smart system could even revoke all scans associated with the snatched machine.

        -
      • And unfortunately, it is only available for citizens of the EU--as a US expat, I'm stuck in line watching with envy those lucky enough to have 5 second processing times going through customs. This is not a small problem when you're passing through Schipol at least once a week.

        These devices, in conjunction with the automated checkin kiosks make flight travel almost tolerable again...
      • Hacking the card depends on a couple of things.

        Yes, some smart cards are easily hackable. But there do exist methods of coating the card to prevent even access to modification of the data (look up FIP Encryption Standards Level 4).

        But also, if the smart cards are not changeable (IE not RAM style cards.) So, you can only put an ID and iris on there once, and not replace or change it. Then hacking the card directly will be meaningless since there is no way to change it. Since it is all hardcoded.

        Yet, there is the possibility of someone making their own cards. The only real way around this is to include some form of authentication on the card (perhaps a quick encryption algorithm where each card has their own encryption key). Then all that would need to be done is have some random signal sent to the card, and then the key will encrypt it returning an answer that can be tested against what should be expected for that card from the system.

        Now, even then hypothetically the card can still be created (if someone can figure out the key). But, I think it would start to become more a matter of hacking the main servers to get the key then just stealing a card and changing the iris from it.

        Just some thoughts.
        • But there do exist methods of coating the card to prevent even access to modification of the data (look up FIP Encryption Standards Level 4).

          You're referring to level 4 of the FIPS 140-1, right? No smart card has ever been certified as a level 4 device, or even level 3 (as of a while ago, none was certified to level 2, either, but that may have changed -- level 1 is meaningless), and there's good reason to think that none ever will as long as they're dependent on an external power source.

          But also, if the smart cards are not changeable (IE not RAM style cards.) So, you can only put an ID and iris on there once, and not replace or change it.

          "RAM" cards? Never seen one. Anyway, smart cards have basically three technologies for data storage: EEPROM, Flash and ROM. EEPROM and Flash are both rewritable. ROM is not, but must be masked onto the silicon during production of the chip. Creating a new mask costs huge amounts of money, so you're not going to put iris templates in ROM.

          What you're suggesting can't be done with typical smart cards. What can be done is to put the iris data in EEPROM and then write the softare on the card such that the card will refuse to ever replace that data. Keep in mind that smart cards are little computers, and you talk to them via a serial port, sending them commands to say "Do this", or "tell me that". Software interprets these commands and decides (a) what they mean and (b) if they should be acted upon. So, you write the "Load Iris" command such that it refuses if there's already a template loaded.

          Yet, there is the possibility of someone making their own cards. The only real way around this is to include some form of authentication on the card (perhaps a quick encryption algorithm where each card has their own encryption key). Then all that would need to be done is have some random signal sent to the card, and then the key will encrypt it returning an answer that can be tested against what should be expected for that card from the system.

          Yes, cryptographic challenge-response authentication is a staple (and you really can give each card its own key without requiring the reader to have a big database of keys).

          Unfortunately, there are well-known attacks that can extract keys from cards fairly easily if you can get the card to use the key. Most of those attacks no longer work, because card manufacturers have implemented defenses against them. There are at least two attacks right now, however, that are thought to work against all fielded cards.

          That doesn't mean cards are useless as security tokens, however, it just means that additional precautions must be taken. I won't bother going into those here, but, trust me, it can be done.

          Now, even then hypothetically the card can still be created (if someone can figure out the key). But, I think it would start to become more a matter of hacking the main servers to get the key then just stealing a card and changing the iris from it.

          Good show! Now you're on the right track. For this particular application, the simplest and best solution is to use PK to digitally sign the iris scan that is loaded on the card. For this case you don't really even need a smart card -- a 2D barcode with adequate storage, or a floppy diskette would work as well. But a smart card is a good idea because it's more durable than those. The scanner scans the persons eye, retrieves the signed template from the storage device (e.g. smart card), verifies the signature (using a public key, no secrets required) and matches the scans.

          The part that has to be carefully secured is the enrollment process. Besides making sure you only enroll the right people, you also have to secure the private key used by the enrollment system to ensure it stays secret. Here would be an ideal place to use a really secure cryptographic device, one certified to level 4 of FIPS 140-1. Something like this one [ibm.com].

      • What makes you think a central server cannot be hacked? The same thing that makes a central server hackproof can prolly make the card hackproof too.

        Anyway, the way things have gone in the past any and all systems will prolly be implemented with security flaws for a few years.
      • Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.

        Nope. There are other ways to secure the system. Central databases are not only a privacy problem, they also reduce flexibility. What about when you want to deploy an authentication station to some location without network connectivity?

        In this particular case, the solution is very simple: at the enrollment station, acquire the iris scans that will be used as the template and digitally-sign the scans and the identification information with a private key (or MAC them with a symmetric key). Then load the data and signature on to the card. At the authentication station, the signature (or MAC) would be verified. If you use PK crypto, the verification station doesn't even have to store any secrets.

        One advantage of a central database is the ability to revoke an individual's access at will. This can be achieved in this scenario by adding the revoked card's ID to a blacklist, which is distributed to all authorization stations (which is a simpler problem than distributing the database of templates because the blacklist is smaller and changes less frequently).

        There are other (secure) ways to skin this cat as well.

  • by Crazieeman ( 610662 ) on Friday September 27, 2002 @03:34AM (#4342558) Journal
    If I take them out, they'll Xray those too, and I never had to look for a lost contact on an Xray belt before, the floor is bad enough.
  • Okay, I'll bite. (Score:5, Insightful)

    by Fat Casper ( 260409 ) on Friday September 27, 2002 @03:40AM (#4342570) Homepage
    And this makes things safer how?

    "We've used the latest in biometric technology to confirm that the passenger manifest is accurate. You are cleared for takeoff."

    • by Ripplet ( 591094 )
      Yeah right. Presumably all the terrorists on the 9/11 flights would have passed this with flying colours, all having perfectly valid documentation and no criminal records? It might help jump the queues though, for those that don't mind being on YAGD (yet another government database), and also don't mind having to prove every year that they're still one of the good guys! Waddaya mean OffTopic? It was a joke dammit!
      • by kcelery ( 410487 )
        Glass with sharp edges can cut throat, but we still use X-ray. Well everyone understands this gadget does not hold water. It could only give those who are boarding the plane a fake sense of security. And so everyone is happy.
        If there is an high-tech invention to due with the 9/11 incident, I wish someone can invention a hate-meter to measure that amount of hatred those guy are bringing onboard.
    • Their reasoning, from the artice

      The machines are meant to ensure that costly post-Sept. 11 security at Canada's airports is focused on "people we don't know instead of those that we trust," she added.

      So they screen people they know not to be terrorists and issue them passes for this scanner. That means that security people will not waste time with these passengers, and focus on the unknown ones.

      Three questions:
      - How do you know someone is not a terrorist. A background check will only reveal so much
      - Suppose half the passengers get a pass for the scanner, so the customs officers can stare twice as long at the faces of the remaining passengers, will that help them uncover more terrorists in the crowd? It might at that, but the effect is not very large I suspect.
      - The sentence about security being "costly" made me wary. If they can get half of the passengers to use the scanner, will they not just fire half of the security checkpoint staff?
    • It doesn't make things safer, it just is trying to replace outdated and unreliable technology - the passport.
      • And this makes things safer how?

      It lets them re-assign security staff from lazily eyeballing baby-Jesus lovin' white folks to their number one priority, "random" stop-and-searches of shifty moon-god worshipping Arabiac [whitehouse.org]-looking types.

      That's the best case scenario. The real world scenario is that they just sack some staff and return to business as usual... until the next hijacking.

    • And this makes things safer how?

      I'll give you two answers. Here's the first: Only people who can be shown to be extremely low risks for terrorism will be enrolled. All others still have to pass through regular security.

      It would be interesting to know what, precisely, the standard is for allowing someone to enroll, but it can be as high as you care to set it.

      One obvious standard: Require enrollees to pass a background check of the rigor and thoroughness required of people who want to obtain government security clearances. I received a Top Secret clearance a few years back, and I'm still surprised from time to time when I run into people who I hadn't seen for years, but who had received a visit from an investigator asking about me. In my case, I was almost denied a clearance, merely because I had lived outside of the U.S. for a couple of years, and the investigators couldn't effectively check on my activities during that period (I was on a church mission). To fill in the gap they subjected me to a polygraph test and contacted some of the church members I was working with.

      I'm sure if you wanted to you could tighten the background check even further.

      For that matter, you could only enroll people who are authorized to carry weapons on planes anyway. That wouldn't ease the general congestion problem at the security checkpoints much, but it certainly wouldn't pose a risk.

      The point is, a large percentage of the population is an almost zero risk for terrorism. It's expensive and difficult to verify that a person falls into this category, but it can be done and for people who travel a lot (like me) it would be worth a couple thousand dollars to have a thorough background check done to pre-emptively clear us. The problem is that only works if you then have a very strong way to rapidly authenticate the identities of the already-cleared.

      Oh, I said I'd give you two answers to the question about how this makes things safer. Here's the second: It doesn't. Terrorists wouldn't be able to get cleared, and wouldn't try. Most of the population, who only travel occasionally, likewise wouldn't bother getting cleared. So, we still need to run all of those people through some sort of an at-the-airport security check.

      Unfortunately, the checks that we have are known not to work very well.

      Plus, the simple fact of the matter is that terrorists are not going to hijack another plane. They won't if I'm on it, anyway, and there are millions of travelers who feel the same way. Since the presumption is now that being on a hijacked plane means you will die, you might as well die trying to kill the hijackers.

  • The next thing we'll see are precogs preventing violent crimes.
  • by surprise_audit ( 575743 ) on Friday September 27, 2002 @03:45AM (#4342579)
    It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff.

    As long as Security measures have to take second place to privacy concerns, the terrorists will win.

    Go ahead and flame me, I'm wearing a +2,+2 asbestos suit.

    • And as soon as privacy concerns get chucked out the window in a knee jerk reaction the terrorists have already won.
    • "As long as Security measures have to take second place to privacy concerns, the terrorists will win."

      Wrong, privacy and security do not equate in the way you think. The terrorists win when the rulers use security as an excuse to monitor their subjects. Then the whole point of security is lost. Actual security should just prevent people from carrying dangerous weapons on board, and sadly confiscating nail clippers does not serve the purpose.
      • But actual security has already taken second place to privacy, as in "you can't search my kid's bags at the school gate". OK, this is not yer actual hijack-an-airplane security, but even so...

        Parents have blocked moves to have airport-style x-ray and/or metal detectors at schools. How many school massacres could have been averted/prevented by scanners? I don't know, but I'll tell you this - if any of my kids are injured because of some lame-brained privacy nut's anti-inspection crusade, I will take action. And that includes the idiot that didn't keep proper control of a dangerous weapon...

      • The terrorists win when the rulers use security as an excuse to monitor their subjects.


        Actually, the terrorists win when they knock down your office building on your head, or blow up the bus you are riding in, and you DIE. That's how the terrorists win.

    • I have no qualms about giving up some privacy for real security--something that will stop hijackers & such. I do have qualms if the measures are ineffective wastes of money capable of doing little more than reassuring us with a false sense of security, however.

      I'm not sure how these mitigate any potential threats to the airport. I want *real* security to stop terrorists, not another gizmo to reassure people. Honestly, if they just want that, they should go the route of the fake security cameras & not waste so much money... I didn't think airports had that much to waste nowadays...

      Until someone can give me a good reason as to why this will make the airport more secure (do we even HAVE retinal scans of likely terrorists???) I'd like to keep my privacy, please.
      • Actually, upon rereading the actual article, it seems more likely that this device is a liability, not any added security...

        I mean, if all I have to do is fly a bunch of times to get a little less security attention... I'm sure that it doesn't take much thought to see why that could be bad, given well-funded terrorists. :[

        I knew I should've just put out the DNFTT sign, instead...
    • As long as you act like terrorists will strike at any time, the terrorists have won. Once burned, twice shy.

      The simple thing is to not let terrorism get you down. Don't let people hijack planes, and be aware of what's going on. If people act suspicios, treat them with suspicion. But don't compromise the basic rights. People who sacrifice liberty for safety deserve neither.
    • The old Soviet Union didn't have much of a terrorist problem, so I suppose you're right.
  • boiling the frog (Score:3, Insightful)

    by ard ( 115977 ) on Friday September 27, 2002 @03:45AM (#4342580)
    they are completely voluntary

    yes, until more and more people have gotten used to do it. When the majority is doing it, I'll bet it will be mandatory for every passenger.

    Its called the boiled frog syndrome.
    • Re:boiling the frog (Score:2, Interesting)

      by baudbarf ( 451398 )
      Precisely my thought. Allow me to attempt to say the same thing in a different way:

      Driving is a privilige, not a right. Therefore, living without a car should be a perfectly viable situation to be in. Yet think of it, who doesn't have a car? Few people. Cars have become a necessity, and the government can now use our dependency on them to manipulate us.

      Do you have taxes due? No problem, we'll just take away your license until you pay up! Back around the early 20th century; if they did that, you'd be a little bummed, but you'd live, because society hadn't yet come to "assume" that everyone owned a car. You could still walk anywhere you needed to go.

      But now, try living without a car. It's the same with credit cards. Checking accounts. Try living without a checking account, I have for the last few years (ChexSystems sucks!), and it's damn hard!!! Try it yourself, for a month, try living without a checking account. Pay $50 each paycheck just to cash it! Buy money orders to pay your bills. No more card-swiping at the pump, you hafta go INSIDE to pay for your gas (and then inside again, to collect your change).

      The "completely voluntary" excuse is an excellent way to sneak something in, in plain view of everybody, without raising many objections. Then, make it easier and easier for people to use the offending system, and make it harder and hard to use the older system. The only drawback for the government is that it takes a bit longer to solidify into "completely involuntary".
  • Accuracy (Score:2, Interesting)

    by clemens ( 188721 )
    Personally I've no experience with this scanner. Can anyone who tried share thie experience? BTW, could they be beaten by wearing some hacked contact lens (as in cheap action movies)?
    • Or beaten by using a fork to remove the eyeball of some unsuspecting victim.
      • ... most iris scanners are configured only to work on living eyes. Primarily because its harder to fake a living one (rather than just using a very good glass eye), and also because it removes the temptation to do what you suggested.
    • The ones I us to use were a pain. You had to stare into the machine, then it flashed you with a green light. If you blinked or moved, try again. Kind of neat the first couple of times, after that just give me a badge.
      As for fooling them, I read an article were they said they were getting an 80% fool rate on the best machine by taking a really good picture of the eye of the person, current the pupil from the picture, and putting that over your eye. On the low end machine, the picture itself was all that was needed
      On the higher end machines they check that your pupil reacts to the light so you need a living pupil for that to interact with.
  • Foolable (Score:3, Informative)

    by e8johan ( 605347 ) on Friday September 27, 2002 @03:49AM (#4342595) Homepage Journal
    Biometrical systems are hard to fool, but it is not impossible.
    I hope that they have a proper system with personal digital (hard to hack) ID cards and such to make sure that it is foolproof.
    • Actually they are fairly easy to fool. Check the web, also infoworld had an article a while ago about how to fool all types.
      The biggest problem is the fingerprint, picture,etc of the person you want to impersonate.
      In the places that I have worked that required biometric access to get into an area they just used the biomentric check as a portion. You still needed a numeric key or a passkey.
      While eyes, fingerprint, palmprint was used infrequently, the biggest biometric system that they used at almost every entry was your weight. To open a door you had to enter a code, use your access badge, and be standing on a certain square so that your weight could be check against previous averages.
    • Blanket statements like that are unsupported by the evidence. The field is littered with supposedly "unbreakable" systems where all it took was a gummy finger cast or some other simple hack to fool it.
  • by kcelery ( 410487 ) on Friday September 27, 2002 @03:50AM (#4342599)
    My friend contracted an eye-disease when he used a telescope, one of those peek-a-minute-for-a-quarter machine. We suspected that his eye-lash came in contact with the bacteria left by the previous patient.

    His red-eye recovered in a week after medication.
    • that's not how iris scanning works. you still stand in front of something and have a scan done, but you dont put your eye up to the scanner like you would a telescope. However, there is an eye scan that does require placing yourself up to the machine where what you describe could happen, but at the moment i cant recall what scan that is. Unfortunately, someone might say that the chances of a disease transmission happening on an eye scanner or pay-per-peek machines are the same as diseases transmitted over public toilets. (IOW, very low)
    • My friend contracted an eye-disease when he used a telescope, one of those peek-a-minute-for-a-quarter machine. We suspected that his eye-lash came in contact with the bacteria left by the previous patient.

      Man, what kind of dirty place was that? Every one of those places I go to has a big window, not a telescope. I put my face on the glass too, but they usually have someone come in and mop up the "bacteria" after someone has used the booth. I would advise him to pick a slightly higher-class joint the next time he feels the need to do things like that!

      Mark
  • by Anonymous Coward on Friday September 27, 2002 @03:51AM (#4342604)
    So long as it's a voluntary system, that's a great system and I applaud it.

    One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:

    (1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.

    (2) [More recent] To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.

    Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.

    Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister.
  • by johnburton ( 21870 ) <johnb@jbmail.com> on Friday September 27, 2002 @03:58AM (#4342621) Homepage
    My concern with all of these schemes is that if someone gets hold of your biometric data it may be passible to spoof the device in some way. At least with a password you can change your password if someone gets hold of it, but with these schemes, if someone gets hold of your data there is nothing you can do about it. Probably not an issue for this application, but I see it suggested for things like ATM machines or access to building (where swipe cards are used now) where they are used unattended. I expect that if these devices become widespread then someone will build a device to spoof them. and once someone has got hold of your data there is nothing you can do about it
    • I expect that if these devices become widespread then someone will build a device to spoof them. and once someone has got hold of your data there is nothing you can do about it

      Dont worry by the time somebody is able to do it, you will also be able to change your retinal signature.... and Minority report is still far away... wait a minute the russian doc is just outside my door, ...hmmm

    • Airport officials: Be on the lookout for a man carrying an eyeball in a zip-lock bag.
      • The iris scanning devices detect if the eyeball is dead or not, thwarting would be immitators.
        • That's why you put a picture of the iris you want to fake in front of your own eye. The machine will scan the temperature on your eye and accept the iris from the picture. Worked like a charm for c't I believe it was who tested it.

          Anyone saying biometrics by itself is secure is a liar and trying to defraud you into paying loads of money for a worthless easily tricked system.

          At least a live guard ought to be able to tell wether you're holding a picture of someone else in front of your face or not while he's checking your passport.
    • and once someone has got hold of your data there is nothing you can do about it

      Well they can poke you in the eye with a stick...

      I imagine that if your retinal scan becomes comprimised, you would just spend alot of time at the airport having extra checks done. Seems like smart cards might be a better way to go.
    • by Neil Watson ( 60859 ) on Friday September 27, 2002 @09:20AM (#4343844) Homepage
      I'm no expert on cryptography. What if you had a smart card. You program that smart card generating an expirable key pair. You get the private key (burned onto the card) and the government gets the public key. Your private key has a "passphrase": your retina print (which never needs to be stored).

      Now, to prove you are who you say you are you swipe the card. You private key is compaired to your public key and verified.

      Every six months, your key pair becomes invalid and you generate a new pair.

  • by potcrackpot ( 245556 ) on Friday September 27, 2002 @04:00AM (#4342624) Homepage
    Biometric eye-scanners are notoriously bad at recognising people, and very inaccurate. This article [bbc.co.uk] (about a trial of fingerprint-, iris- and face- scanning technology) quotes such figures as 47% accuracy!
    The system struggled to identify people if there were wearing spectacles, if the lighting was wrong or if they moved their heads too much.

    Apparently, people could fool face-scanning systems (yes, I know they're different) with photos or video images. It doesn't actually say how to fool iris-scanners - but suggests that the trial wasn't convinced of their greatness.

    Still, at least they're not going to use fingerprint scanners at the airport as they think they're too easily fooled - the BBC article reckons you can fool those by breathing on them.

    I'm not sure whether this kind of security is best placed in an airport - fine for lower-risk security such as getting into your office block, or maybe even for your home burglar alarm - but at an airport with (potentially) massive numbers of subscribers to the system - sounds like a poor idea.

    • I generally dislike biometrics. In general most biometrics suffer from very poor false-positive and false-negative accuracy. However iris and retina scanners are the exception. Iris scanners in particular are excellent. Read this paper from IEEE: An Iris Biometric System for Public and Personal Use (pdf) [upenn.edu] That particular paper was published in Feb 2000, however I have seen similar results presented in mid 1998. I suspect that the state of the art has been advanced in those 4 years.

      Regarding the accuracy. You cannot quote one accuracy figure for biometrics. There are always two: False positives, and false negatives. False positives are when a biometric is misenterpreted for another persons biometric. The system thinks that person A is person B. False negatives are when a person is not accepted by the system as being that person. The purpose of the system will dictate which false reading is worst. In general you can inmprove one error at the cost of the other error. That 47% accuracy is meaningless.

      The important thing to remember about any biometric system is that you must back it up with a second piece of id such as a card (swipe or smart), or a pin. This is true for most forms of strong identification.
  • by huge ( 52607 ) on Friday September 27, 2002 @04:02AM (#4342629)
    Everyone who has seen the "Demolition Man" knows how to bypass these things...
  • by N Monkey ( 313423 ) on Friday September 27, 2002 @04:17AM (#4342653)
    ... Well we've only got an SGI Indigo2 [obsolyte.com] in our office. If I needed to take it on a trip to and from Canada, would it be compatible with their Iris scanners? ;-)
  • And what happens when people realize that all they have to do to get around this is pluck out someone's eyeball?

    Puts the phrase 'an eye for an eye' in a renewed perspective, now doesn't it...
    • When eyeball is not 'inside' the skull, the iris will lose its color. After some time (this is like a day or two) it will become completely white.

      So, no worries about this one. fingerprint however will stay 'on' the finger for quite some time. :)
  • Anyone got an email address or fax number for this Iris Scanners bitch so we can tell her where to go?
  • I wonder why they think that same principles as with system security for example don't apply to airport security. If Iris scan, or anything targeted for only a single group, prooves less secure than the strongest practise in use, then the ones who want to break the security will go trough the weakest policy. Or?
  • How is scanning an ugly plant going to make things more secure?

    Geez. What will they think of next?
    Hrm.. wait.. maybe I shouldn't ask that. They might just go straight for the anal probe.
  • You can perform iris scans without a person's knowledge--all you need is a reasonably high resolution camera or a pan/tilt/zoom camera.

    These things can be spoofed pretty easily because they generally do not verify very well what they ought to verify: that they are looking at a live iris, not a contact lens. Worse, such contact lenses can be manufactured from photographs taken without a person's knowledge.

    And "being completely voluntary" doesn't mean something doesn't invade someone's privacy. If you are being tracked, your privacy is being invaded--the only question is whether the invasion has other bad consequences, now or in the future. A lot of these mechanisms are well-intentioned when they start out, but future politicians figure out how to abuse them.

    Furthermore, putting unreliable biometrics somewhere greatly increases my risk that my identity is being stolen (see above), and I certainly consider that an invasion of my privacy. I'd much rather have a hard-to-duplicate physical token--if I lose that, I know it, and I only have myself to blame.

  • by wackybrit ( 321117 ) on Friday September 27, 2002 @05:30AM (#4342770) Homepage Journal
    Linus Torvalds is once quoted as saying, 'Iris scanners in airports are a really bad idea because people's privacy will be invaded and that is not good.'

    I, for one, agree. I don't think iris scanners are a good idea in airports because the invasion of the right to privacy of people in the airport is not good.

    One of the major problems with iris scanners is light refraction. The way iris scanners work is that they send out dense beams of infrared, and when they reflect back a pattern that can be recognized as an 'iris', this pattern is then stored and can be compared against a database of iris patterns.

    Few quiche eating Pascal programmers and Mac users would realize just how inaccurate this is. Everyone's eye has a different surface, and if the IR ray enters from different angles, different distorted iris patterns can be reported. This is why scanning the material that controls the entry of light to the eye would be more accurate, since this is not affected by these scientific properties.

    • by xant ( 99438 )
      You can't just make shit up.
      Linus Torvalds is once quoted as saying, 'Iris scanners in airports are a really bad idea because people's privacy will be invaded and that is not good.'
      Google disagrees with you. [google.com]
    • "... this pattern is then stored and can be compared against a database of iris patterns."

      Wrong, pattern is compared against pattern stored in your own card. In this case the CANPASS-air card. Less secure, but no invasion of privacy in that sense .

  • Like other travellers entering the country, participants will still have to fill out declaration cards on the plane, detailing how much they spent while out of the country.

    I can't imagine having to do that. Why should I have to tell a government how much money I spent whilst out of their country? ...even if I am one of their citizens. I'm from the UK and have travelled quite a bit, but never have I been sugjected to such a stupid idea.

    • It only matters if you are bring back the products that said money was spent on.

      It isn't about how much you spent, it is about how much stuff you are importing.

      Michael
    • I can't imagine having to do that. Why should I have to tell a government how much money I spent whilst out of their country? ...even if I am one of their citizens.

      Seeing as Canada and the US have different economic systems and 90% of Canadians live with 100 km of the American border, the Canadian government is always trying to keep Canadians from driving over the border and buying big things without paying the government its taxes. They don't really care how much you spent; they just care what you bought.

      I don't know how it works in Europe, where there are so many physically small countries with so much traffic between them all. Are the sales tax rates equivalent, so it's not worth driving across a border to make a large purchase? Aren't there import duties?

      • Offtopic I know, but: In Europe, there's generally an 'open border' thing going on - you just go between different countries with no customs.

        EC members have the same taxes - and sales taxes all sort of go into one big fund which gets divvied up according to some set of rules - I think.

        The thing is though, is that the UK doesn't subscribe to this. Mainly because there are a lot of things on mainland Europe which the UK doesn't want - Rabies being the main one. So there are very tight restrictions about what you can bring in, and how much of other stuff which you can bring in.

        The UK government has a large tax on cigarettes for example - and so people go to Europe to buy things because of the lower rate of duty. There are restrictions in place which amount to "personal use" - you can go to France from the UK and buy cigarettes but if you buy so many that they think you are going to sell them instead of smoking them all yourself - in effect, smuggling - they get very upset.

        The only difference really is the way the question is asked: "show me what you are importing" rather than "how much did you spend".
  • What if someone doesn't want to use the retina scanner, wouldn't that look suspicious in itself? And they already know which flights I take and can register that to their hearts content. So why would I want to refuse to use the easier way of a scan?

    I can't help it, but it gives me the fealing that only those who are dishonest for one reason or another would fear a system like that. I hardly think that it would make us pawns or something like that. Then go worry over the goverment instead.
  • "they are completely voluntary and cannot be used to scan without a person's knowledge" ..So is the brethalyzer test, but go ahead and try to NOT take one.
    • >So is the brethalyzer test, but go ahead and try to NOT take one.

      The drunk Mayor of Kitchener-Waterloo (or it could be Guelph -- hard to find stories on the 'net from the mid 90s sometimes), Ontario told the police flat out he wasn't going to to take one.

      They didn't make him. They just reported that fact, plus their observations to the judge. I believe he was virtually convicted on the spot in court for drunken driving, and IIRC, had his license revoked

      So yes, you can decide not to take it, but you'll almost certainly lose your license, and probably will end up losing any fight in court about it (since you have no evidence to show you didn't do it, and the police have all the evidence they need).
  • ... would I have it? Are you kidding! I would give my right eye for one of this babies! ;>

  • by Konster ( 252488 )
    [quote]People who sign up are expected to obey the law, as they have in the past," said National Revenue Minister Elinor Caplan, after unveiling one of the kiosks at Pearson's Terminal 3[/quote] What about people that have no intention whatsoever of obeying the law? What about the crafty people with the $5 biometric lens that lets them get around such fancy systems?
  • Now the terrorists can just become frequent fliers first. That way the eye-scanner approves them they can breeze through security when they DO carry a bomb on board.

    -
  • I use the iris scanner at the front door at one of our sites. It's kinda cool, but it always bugs me that the voice just says "Identification successful"; it doesn't say who it identified me to be.

    There's also a camera so the "hold up a disembodied eyeball" trick would probably be noticed, but I wonder how much attention the camera will get now that the responsibility for access control lies with the iris scanner. I think the main purpose of the camera is for confirmation after the fact. If the iris scanner says I entered the building at a certain time and I say I didn't, Security can check the video to see who actually had their eyeball there at that time, so someone who wanted to fool it would not only have to duplicate my iris, but also my physical appearance.

    The iris scanners are replacing fingerprint scanners which drive people nuts with their low reliability. So far I have never need to be iris-scanned more than once, but with the fingerprint scanner, people often had to try twice.

    Also, the fingerprint scanners are two-factor authentication methods (punch in a code, scan your fingerprint) and at some doors the list of codes is conveniently printed on a sheet taped up beside the scanner. The ability of users to turn two-factor authentication into one-factor authentication never ceases to amaze me.
  • There are 2 things about this that worry me:

    1. As someone already posted, these devices are very unaccurate. And I am not worried about people who are wrongly detected to be terrorists - I am worried about the opposite case. And from the current research it appears that there are a high percentage of false positives. In the range of tens of percents.

    2. The other thing that worries me is that it's a dangerous trend. Using biometric data is much worse than passwords because
    a) you can change passwords freely, but you can't change you face, iris or fingerprints. If someone spoofes or achieves these (mask-copy of face, holographic copy of iris, silicon stamp of your fingerprint) you're fucked for life.
    b) The people who would want access to your biometric data are likely to be unscrupulous and highly motivated, and a very simple way of accessing your biometric data is by - killing you! Or crippling you significanlty, at least: cut finger(s), gouge eye(s), severe head off to make mask copy of face later on. I definitely don't want to become a person who has access to important things AND uses biometric access systems!

  • but there is a brief note about using it in the future for staff

    And this is a bad thing because...? Verification that airport staff aren't impostors, and making sure there's no outsiders there seems like a good thing to me. How is this an invasion of privacy or such?

  • TLV has that too (Score:2, Informative)

    by NaveWeiss ( 567082 )
    Ben Gurion airport (TLV*) has biometric passport control for Israeli citizens, but it scans fingerprints instead of the iris.

    (* It's called TLV, but actually it's 30 minutes drive from Tel Aviv)
  • An iris scanner (or most any other biometric check) is flawed in a major way I think: It can only prove that the same person is at the scanner as was there to initially be recorded.
    If I were to walk up to a ticket counter with forged documents (passport, driver's license, etc) and then be allowed to use the iris scanner, the scanner would associate me with the claimed identity. In the future, as I became a frequent traveller it would be even faster and less risky for me to board a plane with my false credentials, as they would no longer be needed. If I have to show my fordged documents to a person each time, there is a chance that nervousness, or some problem with the documents may be caught and I could be questioned. Iris scanning s
    Will a 'frequent traveller' be put through a more elaborate background check before being allowed to board via the scnners?
  • We all know that the 9/11 terrorists did not show thier ID or used fake ID information to board those planes, right? Right? Oh wait, that's right, they used thier real names. What a great way to make airports safer, solving problems you don't have.

Bus error -- please leave by the rear door.

Working...