Biometrics: Prepare to be Scanned 284
npistentis writes "From an
article in the Economist: It has been a long time coming. But after years of false starts, security systems based on biometrics--human characteristics such as faces, hand shapes and fingerprints--are finally taking off. Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen, like a key or an identity card, they are an ideal way to control access to computer networks, airport service-areas and bank vaults. But biometrics have not yet spread beyond such niche markets, for two main reasons. The first is the unease they can inspire among users. Many people would prefer not to have to submit their eyes for scanning in order to withdraw money from a cash dispenser. The second reason is cost: biometric systems are expensive compared with other security measures, such as passwords and personal identification numbers. So while biometrics may provide extra security, the costs currently outweigh the benefits in most cases."
Fingers (Score:4, Funny)
Re:Fingers (Score:3, Interesting)
Re:Fingers (Score:5, Interesting)
And what about classical hacking using the binary data your biometric details will eventually become once scanned?
Biometrics may sound futuristic and secure, but unlike a password or card, you can't replace your fingerprints or retina with a few keystokes, or have the bank send you a new one.
Re:Fingers (Score:3, Funny)
Re:Fingers (Score:2)
Re:Fingers (Score:3, Insightful)
Re:Fingers (Score:3, Interesting)
Re:Fingers (Score:5, Informative)
Temperature (Score:3, Funny)
Re:Fingers (Score:2, Funny)
Re:Fingers (Score:2)
right to be uneasy (Score:3, Interesting)
Re:right to be uneasy (Score:3, Interesting)
-Some people have a right to be uneasy.
Jeez - just fo
At least... (Score:5, Funny)
Here you'll be treated with dignity. Now strip naked and get on the probulator!
The main problem in my eyes... (Score:5, Insightful)
Re:The main problem in my eyes... (Score:4, Insightful)
The point of the scanner is to tie the binary string to a particular physical object, such as your finger or eye. For instance, suppose that you are visiting store X. If you scan in your finger and the fingerprint matches the one on file, the store is reasonably certain that you are the person who you claim to be.
Of course, this is vulnerable both to compromises of the scanning hardware, and, more importantly, of the central server that would store the biometric data. If, however, we assume a certain level of trust in someone and have them sign all the fingerprints, and also assume that the scanning device correctly produces a print matching that of the person putting their finger on it, then we can prevent most cases of things like identity theft.
Re:The main problem in my eyes... (Score:5, Insightful)
Would you be happy carrying no id cards, credit cards, library cards, employee cards etc but instead everywhere type in a pin or similar secret?
Re:The main problem in my eyes... (Score:3, Insightful)
Yes, and with a little gelatin, you can then produce something that can be used to fool other fingerprint scanners.
If you scan in your finger and the fingerprint matches the one on file, the store is reasonably certain that you are the person who you claim to be.
That just means that someone pressed some object with roughly the right pattern against the scanner.
Human beings weren't designed to be difficult to forg
Re:The main problem in my eyes... (Score:4, Insightful)
And just take a look at the ATM thread a couple of articles below this to see how ATMs have been comprimised. Cracking counter-point devices will be childs play in comparison.
Re:The main problem in my eyes... (Score:3, Interesting)
Re:The main problem in my eyes... (Score:3)
Re:The main problem in my eyes... (Score:2)
Re:The main problem in my eyes... (Score:3, Insightful)
Re:The main problem in my eyes... (Score:5, Funny)
Common misconception (Score:5, Insightful)
- biometric data is not stored as a simple image. It's not stored as a compressed image, or a md5 of the image. It is most often stored as a series one-way-hash values, each of which is derived from some characteristic inherint in the scan. Someone could steal this data, but creating the original image is near impossible, like breaking a 100 kilobyte rsa key.
- biometric data is stored in a different format by every manufacturer. There is no standard - heck, they can barely get a standard API for how to interface with the hardware and drivers (www.bioapi.org), let alone agree on a standard format. Thus, if visa were to start using scanners, and your fingerprint scan were stolen, only visa systems would be affected.
- most authentication systems (other than the implied example of logging onto a computer) use multiple pieces of information, usualy two or more of the following type:
- something remembered ( a password or pin)
- something kept (a security card, a credit card)
- somethign intrinsic (a biometric)
Now, how useful is that fingerprint scan if the visa card it's associated with is not in the theif's hands? How useful is it if you cancel your card and get a new one?
- if someone did manage to steal an image of your fingerprint or retina, it won't do much good: systems these days are able to tell the difference between a dead/living finger, a photo, and even a plastic mold (many systems look for temperature of what is scanned, and can even look for capilary blood flow).
- if someone gets access to a computer system where they can use the information stolen and bypass the scanning device, well, you have much bigger problems: such a breakin would probably compromise things to the point where they can simulate a positive authentication from the driver/hardware, for any user.
- (this one only applies to fingerprints): you have ten fingers, use a different one. For eyes, switch eyes.
Having said all of that, please realize that biometrics are intended to enhance security by adding another layer to the authentication systems in place, not to replace them. A bankcard+pin+fingerprint is more secure than a bankcard+pin.
Anytime you hear/read the mass media promoting the death fo passwords via biometrics, realize that either A) the reporter doesn't get it or B) they have talked to a marketing person at one of the manufacturers who is (most likely in my experience) pandering to the media in an attempt to grow the market and get sales, despite the falsehoods involved.
By the same token, anyone who tells you a password by itself is secure, is also wrong.
Is it worth the cost? (Score:5, Insightful)
I find it hard to justify the cost of using biometrics, at least in this airport example. The airlines in are in decline, the government has just bailed them out with a couple billion, and revenues are still falling. Does the TSA really need to scan my finger before I step onto a plane? Like the quote says, biometrics wouldn't have made a difference on 9/11.
Re:Is it worth the cost? (Score:3, Interesting)
Worse than that - visas being outsourced (Score:3, Interesting)
Even worse than that is the fact that much of the process for obtaining a US visa is being outsourced. As with a lot of the post 9/11 measures, there is little real effect other than to reduce overall security and allow some more port
False claim (Score:5, Insightful)
Re:False claim (Score:2)
ROI (Score:3, Funny)
Re:False claim (Score:5, Interesting)
Besides that, your numbers are wrong... facial recognition systems can actually have failure rates higher than that under less than ideal ircumstances, and when put into use as identification, not verification systems.
First, definitions, for those who didn't read the article:
Identification: determin from a scan who someone is, searching over a list of possibilities.
Authentication: determin with reasonable confidence that the user is who they claim they are.
Authentication is much much easier to get right, since you can always ask for a rescan if you are unsure. Authentication systems are designed so that the device (hardware and software) return a confidence level - sometimes a percentage. It is up to the application developer to determin just how high a confidence level you want. If you set it too low, people with similar faces might be abel to authenticate for each other - borthers for example. If set to high, then slight (natural) variations in a person's face can cause rejections. Generaly, you must strike a balance between false positives and rejections. Such a compromise is acceptable, if you have other security measures in place (see note at end of post).
Identification is much, much harder. First of all, it is very cpu intensive - one can model identification as a low-confidence-level authentication against every listed person in the database. If you have 40,000 people in the database, this can take awhile. Hashing doesn't help much, and is illadvised, since we are looking for a close match, not an exact. Biometric data isn't the kind where you can take the first 5 bytes and dump into hash buckets either - but I digress. So, how do you speed it up? You reduce the dataset by reducing the detail in the data you store for each person.
Then you run into the problems with how these systems have been rolled out - using low resolution security cameras is not a good way to get an accurate scan of a person's face - especially when the people being scanned a re small enough (in relation to the scene) to be only 10s of pixels wide.
So, now we know the technical difficulties - but why the bum rap, and why would a police force choose to roll something like this out anyway? This is several fold, but the main thing it comes down to is misconceptions about what these systems are doing, and badly written systems. Due to the limitations mentioned above, these systems can only provide possible matches, like 'Person X is a 20% match against Osama Bin Laden'. the system isn't claiming that the person IS Osama, only that the face appears somewhat similar. As such, the system is supposed to be used as a guide - if it picks someone out, that person deserves more attention - that attention could be a remote-controled security cam singling them oout for a better scan, or for officers in the area to walk over for a better look. Unfortunatly, just because that is how the system is supposed to work does not mean it is used that way - all too often these are rolled out as a way to 'increase security while retaining a minimal police/secuity force'. You get officers who think of a potential match as a authentication, and they send officers running down at high speed only to find it's not Osama... The next potential match they are more hesitent about, and so on, until they mistrust the system completely. Is the system doing anything wrong? No, its that the users don't understand what it is doing. Better training would help, but so would the people making the purchasing descisions understanding the technology, and staffing accordingly.
In the sort of rollouts described above, facial recognition has a success rate of less than 30%, much lowe r than what you describe. With rates that low, people complain, and stories get published. Used properly, the data these sy
Re:False claim (Score:4, Insightful)
Even if a system were your fabled 5-nines accuracy (1 wrong answer per 100,000 questions) it would still be unsuitable for the applications it's being suggested for. It's almost too easy to remind you that the very best biometrics is about 60% accurate.
It's not just about biometrics, although their dismal rate of failure, combined with the unattainable promises of their salesmen should be suspicious enough. It's about the statistics of large numbers. If you have a million people per day going through an airport, and a biometric machine with 99.999% accuracy, you've falsely accused 100 people of being terrorists. Every day.
And, to quote Schneier, it decreases security. Biometrics can be fooled. Easily. Trivially. If you depend on biometrics, then the terrorists will waltz past your scanners undetected, even as the innocent people queue to be strip-searched. Biometrics fail in a predictable way, and anybody who realises that can game the system. Vendors and terrorists alike.
Of course, it's a rosy future for people who sell such failed systems. Look at "lie detectors" for example. Still in use long after it was proven that you could toss a coin for better accuracy. Does it increase security? No. Does it make people think we're doing something? Yes. Sold!
this cannot be rushed (Score:5, Insightful)
Even if you have the best biometric system, but it is not monitored for tampering (and its database) regularly, who is to say a malicious person didn't add or change a users information. And because biometrics are supposed to be so good, who will the people in charge believe, someone saying they are john smith the computer tech, or the computer that reported them being as being some criminal?
Disabled people? (Score:5, Interesting)
Eek! (Score:4, Funny)
Well, that gives the mob/bookies/dealers/etc a real way to get you back. "Pay up or we'll take your eyes/fingers." Not only do you experience major pain/permanent disability, but you lose your identity and they can clean out your bank account.
Re:Disabled people? (Score:2)
The burn victim would have to have his face rescanned, but after that I don't really see what difference it makes whether the face is disfigured from burns or not.
The third reason... (Score:4, Insightful)
That means, once your identity is compromised, it stays compromised... and there is little to nothing that you can do about it.
That is why I don't like biometrics...
Re:The third reason... (Score:3, Insightful)
minority report (Score:2)
Now imagine walking into a store, like in the movie, and the computer hologram instantly recognizes you and greets you and ta
Re:minority report (Score:5, Insightful)
but realistically, the government would never spend the insane amount of money to install cameras all over the public area of America, especially not high-tech eye-scanning ones.
Agreed. But don't estimate the money-spending abilities of corporate marketing departments as they attempt to identify and target consumers. (Which, by and large, was what was scanning whatshisname in Minority Report.)
If you're not happy being paranoid about marketing departments, consider that once the cameras are there, it's real easy for whatever random government organization to use PATRIOT IX to get that data without a warrant, but with a gag order that prevents your being told they got the data.
-Rob
Re:minority report (Score:2)
Chopping of your Nose despite your Face (Score:5, Funny)
Re:Chopping of your Nose despite your Face (Score:2)
the most important aspect (Score:2, Insightful)
This of course, next to waisting huge amounts of money, can create a false sense of security or even lower security as in the example they cite: on an airport, if every 10000th passenger is screened for second testing, the odds are high that guards will not be very optimistic about the system and make mistakes, diss the system, etc.
in the mean time, terrorist
Biometrics are bad because.... (Score:5, Insightful)
The flip side of not being able to lose or forget your biometrics is that you can't change it when it gets stolen. And, yes, people will find ways to spoof biometric authentication schemes into believing that they have your data. Whether it's fake fingerprints, or (more likely) some sort of data hack that sendst the computer the right bitstream for a given person's biometric data, once yours is gone, you're just hosed forever.
If your password or PIN gets stolen, you can make a new password, or get a new ATM card and a new PIN, and cancel the old ones. Once your biometric info is stolen or spoofed, you have the choice of cancelling it and not being able to authenticate anywhere, or just accpeting that your identity is stolen and will stay stolen.
Biometrics are great if *combined* with a password. But by themselves, they're foolish for strong authentication. Just because your fingerprints are on your hand doesn't mean that there isn't a pattern there that could be stolen and stored somewhere by bad actors.
-Rob
Re:Biometrics are bad because.... (Score:5, Informative)
- something intrinsic (a biometric, dna scan, etc)
- somethign known (a password)
- somethign kept (a security card)
By having more than one step involved, the system is much more secure than any individual part. Somesteals your backcard - but do they have your pin? Or, someone sees your pin - but do they have your card or account number? PINs are actually very simple and easy to break (thoeretically), but are pains to break in reality because of the Other required piece of the puzzle, the bankcard, and how false authentications lead to the removal of the card (most ATMs shred your card after a few false PINs are entered).
similarly: Just because someone steals your face, how will they get ahold of your new bankcard?
After that fact comes the fact that most biometrics are hard to fake - fingerprint scanners these days can be made smart enough to check the temperature of the item placed on them - and some are even smart enough to look for normal temperature differences and gradients within the skin surface, and refuse authentication to 'fingers' that are too regularly or irregularly warm. Some very high end systems look for capilary blood flow... Most facial systems are smart enough to refuse a photo held up of your face, and carrying around a stiff 3d mask of someone's face is kind of obvious.
Also, the fact that every type of scanning device on the market practially has a different data format for the biometric data (which is all one-way, you can get the data from a fingerprint, but not the other way around), and spoofing the data becomes more restrictive - a spoof of, say, visa's system wouldn't work against mastercard's (unless they were using the same equipment).
Having said all that, I'd still like it to be pin+card+face/fingerprint rather than card+biomtric. Biometrics should be used to Enhance security, not replace known or kept-item security methods.
Re:Biometrics are bad because.... (Score:5, Insightful)
Subscribe to Cryptogram from Bruce Schneier. Read some of the news, widely diseminated here on Slashdot and other tech sites. Systems like most finger print scanners and facial recognition systems are easy to fool.
For instance, while there are fingerprint systems that act as you indicate, the vast majority do not. They are the cheap readers in my iPaq or on some smart-card readers or those you can buy at Radio Shack. And since the famous gelatin exploit has the hacker wearing the stolen fingerprint gelatin mold over their own finger , even advanced machines will see 'normal temperature differences and gradients' or 'capilary blood flow' since it is seeing a real fingers. These systems are also prohibitively expensive, which means they can only be used for securing VERY sensitive assets. No use spending $10K on a fingerprint scanner to secure my $1k bank account, when this can be demonstably defeated for about $100 in materials and a few hours of work.
The same with facial recognition systems. In the new recently, one of the most widely used systems was fooled by a person holding up a picture or wearing a picture over a face like a mask nearly 100% of the time (I don't have the link handy, but I'm sure I read it on Cryptogram and here at \.). Again, while it may be possible to overcome these technical issues, the cost of such a system would restict it to acting as part of an authentication system for military bases and very large organizations with sensitive data, but no the general public. Most facial recognition systems CAN be fooled by holding up a picture.
However, if you are correct in your original assumption, that even using these easily foolable systems as one step in the authentication process is a much better way than relying on them alone.
And using them as part of an authentication system, not as an identification system, as some US airports have tried... There is a vast difference between comparing a person standing at the right distance from the camera or pressing the right digit into the read with re-tries allowed, that to pick a face out of a crowd of unknowns nad try to say "Unknown identified as Osama bin Looben, please arrest"...
Something known, something you have. That's all. (Score:3, Interesting)
`Something instrinsic' is a biometric sellers way to tell you that that
Re:Biometrics are bad because.... (Score:3, Insightful)
Biometrics are bad because people believe they're perfectly accurate. Just look at the people who support killing suspects if a biometric test "proves" them guilty. The public at large believe that such systems cannot fail.
And it just brings us back to the ID card problem. The harder something is to fake, the more valuable a counterfeit one is. So banks "increase" their security by requiring my fi
can't be stolen? (Score:2, Interesting)
I heard a rumor that the CIA used to use finger print scanners as a security measure. The problem was that their agents were being killed and their hands cut off to gain access to secure areas/information. Whether or not the rumor is true, the problem is still real. Biometrics can be stolen, it's just a bit more gruesome.
Real-world biometrics (Score:2, Informative)
Real-world baloney (Score:3, Interesting)
I don't care if it's fingerprints, voice print, retinal scan, or even DNA. What technology gives wi
Can't be changed, either. (Score:2, Redundant)
However, if anyone ever *does* compromise your biometrics, what then?
You could have a society where access to so much is based on it (because it worked so well) and then all of a sudden, all the passwords are out in the open. Except that unlike a password list disclosure, you can't change your password!
Sure, probably no one will ever compromise your reti
You cannot change your biometrics. (Score:4, Insightful)
The Problem is that if somebody menace at pinpoint you can give a password or a pin and they will go on statisfied. You loose money but after you can change the in or apssword and that's it.
With biometric you CANNOT change those data. Meaning once you are compromised this is over. For ever.
Furthermore criminal aren't exactly known to be Sissy which would repugn or be afraid of , let us say, chopping a handor an arm. Or getting an eye out of that socket. Even worst it was proved that for many system with caoutchouc , rubber or high res photo scan , you can foolsome of those system. And I bet that you could hack you way thru if you have physical access like any password system.
The only way to go would be a DOUBLE system. password *and* biometric. Biometric cannot replace the password system with more security. On the contrary it has too many disadvantage.
So what is my point ? Seeing biometric as more than an extension of the password system will bring a lot of problem as well as a false sense of security. And a false sense of security is far worst than anything weak security.
Re:You cannot change your biometrics. (Score:2)
If your forefinger is compromised, have it use your middle instead.
If they take your whole hand off, have it switch to retina scanning.
If they take your eyes, have it switch to face recognition.
If they take your head, well, I don't think you'll need to be too concerned about how you will authenticate anymore ;).
Re:You cannot change your biometrics. (Score:3, Insightful)
- a stolen biometric isn't useful except agaisnt the same sort of scanning system - as in, the same manufacturer. No standard data format exists.
- the pin example is a bad one - the theif needs your card as well (as it is the other layer of security in the system). Anyone who gets the biometric d
Error rates? (Score:3, Interesting)
I suppose it depends how large your access list needs to be. It would be pretty good for a server room inside a secure building with 2 staff members on the access list, but with 10,000 on site (such as some places have) a false positive would be almost assured unless they had to carry a token of some kind. (Physical or otherwise, eg pin or swipe card.)
Biometric passphrases (Score:5, Insightful)
That article was more or less product placement. Biometric passwords, while looking very cool in sci-fi flicks, have the following misfeatures:
I would say these are the real reasons no one else than gadgeteer type bosses would ever consider using biometric passphrases.
great (Score:3, Offtopic)
Can't be stolen? Are they on crack? (Score:5, Insightful)
Don't get me wrong, biometrics has its place but that place is part of a multi-factor security system. I predict that we will eventually see ATMs that require a card, password and biometrics. Three factors: something you have, something you know and something you are.
Biometrics by itself is useless for security.
Re:Can't be stolen? Are they on crack? (Score:3, Informative)
I don't, because ATM fraud is fairly low, and there is simply no justification for the investment in new ATM security infrastructure. (If anything, phony machines caching card numbers is far more a concern.)
It is unlikely for a criminal to get both the card, the password, and a time to use the card before it gets cancelled. The current system works well.
Having said that, the introductions of biometrics with ATMs has
Ob. h2g2 (Douglas Adam predition) (Score:5, Funny)
Thus defeating the entire purpose, and a stunning testament to human nature.
HSV (Score:2)
detecting forgeries is quite a difficult task, but most human experts don't have any temporal data to work with: they have to infer it all from the off-line data. the
Re:HSV (Score:2)
A more pressing fear (Score:2)
A third reason... (Score:2, Redundant)
A third main reason that biometrics haven't taken off is irrevocability. Bad guys can forge your fingerprints, and you can't counter this by changing fingers. DNA is particularly noxious in this regard: there's a lot one can do with stray hairs from a hat and some PCR.
The oldest biometric still in widespread use is the signature. Ironically, we are moving away from signatures because of the problems with biometrics. IMHO it is unlikely that newer biometrics will be better. The best seems to be the int
body part security (Score:5, Interesting)
A few scenarios come to mind. I'm walking in a city late at night near an ATM. A thief puts a gun to my head and tells me to go to my ATM and withdraw funds for him. I can refuse, but if he kills me he will get no money. With a fingerprint, retina, or facial scan, he can shoot me first and just drag my body to the ATM.
Another scenario is private data on my computer that I want to be kept safe from everyone including governments. A government can physically coerce a citizen into using his fingerprint scanner to retrieve the data that they want. They can do nothing about a strong password, and, again, if they kill you they lose any chance of getting the data.
Of course, this is where torture comes in, but I'd rather have the choice of being tortured or even dying to protect sensitive data. Biometrics take away that choice.
Having said all this, voice print ID avoids many of these pitfalls. It seems the most promising since no one can physically force you to speak your password, and if you die the data remains protected.
Re:body part security (Score:3, Insightful)
What about when one has a cold? or laryngitis? How does one then get normal access? The good thing about passwords and PIN numbers is that nothing prevents me from gaining my access. If I lose both of my arms, I can still type a password with my toes. Hell, if I lose my legs, I can type (alphanumerically) wit
Re:body part security (Score:3, Interesting)
Biometrics will not take away that choice. They will force it upon you.
Very soon, you will be required to have either your fingerprints (right hand) or retinal scan (forehead) [gospelcom.net] "on file" or in the form of a smartcard in order to make financial transactions of any sort. Common sense leads one to this conclusion: my state requires a fingerprint for a driver's licen
Your password will expire in 3 days... (Score:2, Funny)
Creepy.
I would be willing (Score:2)
The other reason (Score:5, Interesting)
Or, I should say, the Lack of it.
Each fingerprint device on the market uses its own format for storing it's data - making each device incompatible. At first, this would seem to be an easily surmountable problem - but then you must realize that until recently, Every device on the market had its own API for development.
Let me give you an example to illustrate this issue: company X has 2000 employees, and it goes to look at biometric systems - they are either faced with the choice of paying for very expensive equipment from 'long time players' in the industry - who would be around in 2-5 years when the devices start failing due to wear and tear - or choose from some of the 'upstarts', and risk being out in the cold if the company they choose isn't around in several years. a hardware switch down the line not only would incur the cost of re scanning everyone, but the application itself would need to be modified to work with the API for the new device.
Enter the BioAPI (www.bioapi.org) - which proposed a standard api - now widely adopted. You may notice that the Bioapi page mentions it was founded in 1998. It has taken several years for this standard to come to the foreground and there are still roadblocks - not all manufacturers participate freely.
As an example: one rather large manufacturer, Identix (www.identix.com) seems to have been stonewalling for years. Why would a manufacturer do such a thing against what is good for the industry? Because they were leading the industry. When you have all of the high end government contracts coming your way, a standard the opens the doors for the little guy is a Bad Thing for your business - or so they thought.
Take a look at the members list on the bioapi site - identix is listed - then take a look at the supported devices list... not a single identix product.
In 1999 I witnessed this stonewalling firsthand at a meeting in washinton DC. This meeting had manufacturers and interested parties from all over the globe in attendance, including representatives from the US military. The whole agenda for the meeting was how to promote/define standards so that the industry could grow.
I had the unfortunate luck to be seated next to the Identix representative. He had apparently flown in just so he could stonewall - every opportunity he got, he grabbed the microphone and ranted about how we should let the free market dictate standards - that they would come about naturally in the free market (he loved the term free market).
Meanwhile the rest of the group was discussing issues about how to resolve device inter operability - even so far as to discuss how data could be shared between devices. No concrete decisions were made at the meeting, but it did get people talking.
Anyway, my whole point is, one of the major reasons the biometric security industry hasn't grown (as fast as has been predicted for the past 8 years) is because without standards no one wanted to invest in writing applications. It was just too risky.
Note: I am flipping a coin as to wether to post this anonymously or not, since Identix could decide to try and silence this sort of talk...
Re:The other reason (Score:2)
What we found was telling in several ways:
- Device manufacturers saw their SDK
from the article (Score:2, Funny)
So let me get this straight, an industry expert whose job is to sell these things, thinks its
Las Vegas already uses something like this... (Score:3, Funny)
Having said that, if someone is taking my picture and storing it in a database, there should be a sign by the entrance warning people of that.
Something else from the link that I find disturbing:
In the wake of the terrorist attacks of September 11th 2001, however, these objections have been swept aside. After all, if you are already being forced to remove your shoes at the airport, and submit your laptop for explosives testing, surely you will not object to having your fingers scanned too?
I think this is really dangerous that every law that takes away civil liberties is linked to September 11th. And they give those laws such nice names, like "the patriot act".
American citizens will also be affected, as new passports with a chip that contains biometric data are issued from next year.
This is something that will be too easy to abuse. Remember, our government illegally bugged black panther offices, and did all sorts of illegal crap. I wonder if our government will use this kind of data to track private groups, such as those that protest the WTO. Could it be that if you show up to protest the WTO, then you will get audited by the IRS the next year?
another false start (Score:3, Funny)
Sanitation (Score:5, Interesting)
Lastly, our new biometric overlords (The US Govt) will undoubtedly put 1,000,001 policies and procedures in place creating a huge barrier to market entry, unless of course you're the gov't approved contractor. None of which will be followed by the unscrupulous, thus continuing the tradition of fucking the honest and awarding (by default) the sketchy.
Identification: YES Authentication: NO (Score:2, Funny)
The article claims to address the authentication step, briefly mentioning "one-to-one comparison" but fails to define what that would mean for a
Follow the money... (Score:2)
Someone is getting rich, and I bet it is someone affiliated with a politician. Could it be politicians see this as the goose that laid the golden egg? We already know some of the ways George Bush is connected to the oil industry and how he helped his friends. We remember how he was giv
obvious downfull (Score:3, Interesting)
airports etc will be made unusable because there will be more candidates for a intensive search and id check than can be dealt with in a day.
But the real killer will be the problem of persistant false positives. How many times will someone who looks a bit like a known terrorist have to be taken out of queue and subjected to intensive questioning and searches before the lawyers and courts get involved?
Retinal Scanners (Score:2)
And my good eye, my right eye, is very dear to me. I will not be letting anyones laser or scanner look into it other than my Dr. The risk of the laser power being out of spec, etc is just too great for me to risk.
If the data is stolen, get an eye transplant? (Score:2, Insightful)
If you haven't read this book, rush out and do so now. It explains a lot of things very clearly, though it does make you sick to your stomach when you
what if you lose a finger? (Score:2, Insightful)
Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen, like a key or an identity card, they are an ideal way to control access
From what I have read and understood about security, it is inherently insecure to rely on a sin
Oh, great... (Score:2)
A password I can't change? (Score:4, Insightful)
Also, I'd rather give a mugger my wallet & pin, than my wallet & thumb...
The end on anonymity (Score:2, Interesting)
The first has been pretty well covered. The second less so. Whenever I register for something (NYT for example) that has no business knowing my personal information (name, address, phone number, email, etc.) I lie. I don't want their marketing junk. I don't trust what they'll do with my personal information. What they are offering is not so valuable that I'll overcome my reluctance. I
Biometric security should not store bio-signature. (Score:2)
Not a great solution, but better than just holding the original biometric signature.
Forget Biometrics (Score:3, Interesting)
Biometrics != infallible (Score:2, Interesting)
Shit, you can strip a print off a pint glass and use that to make a copy...
Ben Elton indicated a perfectly feasible way to fool DNA testing in This Other Eden, one would imagine a variation on coloured contact lense could be used to dupe a retina scanner.
Nevermind the obvious issue of chopping off bod
Finally... (Score:3, Funny)
This is another case of... (Score:3, Interesting)
another creepy-ass thought
Retinal scanners: Remember that Tom Cruise sci-fi flick where everyone was constantly getting retinally scanned wherever they went? You guys think DoubleClick are a bunch of scumbags now, just wait 'till they link up with RetinAll Marketing.
Coming out of a big speaker in the near future:
"Welcome to Blockbuster, Mr Slappyjack. You may be interested in the Jenna Jameson collection we have in the back room. We did notice you were looking at internet porn about her all day while your wife was out. We do not, however, have any Ass-Reaming-Mature-Tranny-Bukkake videos, which we know you enjoy. If you like we'd be glad to order one for you. Have a nice day."
yeah. nice.
Remember when we all thought RadioShack asking for our addresses just becasue we needed a couple of AA batteries was high annoyance? NOTHING compared to what the future holds.
UNIX login support lacked (Score:2, Interesting)
Strange; I never did figure it all out.
heh (Score:2)
All Together Now (Score:5, Interesting)
Biometrics are unique but not secret.
Faking fingerprints trivial (Score:5, Informative)
The time it takes to make a perfect duplicate is about 15 minutes (with special material it can be reduced to less than 10 minutes). To make a duplicate of a lifted fingerprint took me several days in 1992 and I had to do a lot of experiments to find the right process/technique. Now it takes me half an hour and the material costs are $20 (also sufficient for about 20 duplicates), the only equipment you need is a digital camera and an UV lamp. Not only do I now make the duplicates in a fraction of the time, but also the quality is better.
I wonder how I lived without it (Score:2, Interesting)
Unlike everyone else who needs to wait up to 30 minutes to get through passport control to leave and sometimes even longer when arriving, its so nice to know that it only takes two minutes. (Two minutes bec you have to try so many times until it authenticates you, even though it knows ahead of time who you should be).
The only thing is, now instead of worying about loosin
biometrics is a joke (Score:3, Insightful)
and your fingerprints CAN be duplicated.
so biometrics is an expensive technology with too many vulnerabilities
now.. for the common home user, who wants it for the hell of it... or medium level security.. yeah...
but for bank vaults, and other things.. murder would be on the rise.. and theft would be more successful.
Retina Scan Prank (Score:2)
The problem I see with retina scan is that enterprising criminals may pop out your eyes with a grapefruit spoon.
MY EYES!!! (Score:4, Funny)
Pfffft whatever.
The reason I don't want to press my baby blues up against a retinal scanner is because I'm relatively sure a needle will pop out and pierce my eyes.
I don't think I'm alone in feeling this way.
Knunov