Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years (nextgov.com) 112
Long-time Slashdot reader Zorro quotes Nextgov:
The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.
Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"
Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"
Giving up on the pretense of "meta-data" (Score:5, Insightful)
Re:Giving up on the pretense of "meta-data" (Score:4, Interesting)
That's a false dichotomy. The point of metadata collection has always been to identify the parties to a conversation. The point of collecting the content is to find it whether the parties are talking about weddings and grandchildren or about compromised email servers and collusion with foreign governments.
Re:Giving up on the pretense of "meta-data" (Score:5, Informative)
To my understanding, the 4th amendment is still supposed to be a thing. Skipping the need for probable cause for each search, and not requiring a warrant to specify appropriately narrow limits for each search, by requiring businesses to conduct a continuous broad search seems to violate the letter and the spirit of the law. Privatization of corruption doesn't stop the practice from being corrupt.
Re: (Score:2)
Re: (Score:1)
That's nice. Would you like a cookie? You sound upset. Triggered, even.
If you wanted to talk about objections to third party collection of information, maybe you should have mentioned that in the first place. Instead you made a comment that suggests you misunderstand both the primary purposes of metadata and the fact that US law currently protects metadata less than it protects communications content.
Carriers generate metadata so that they know where to ship contents, how much to charge, and who to bill
Avoid American-made chipsets and phones (Score:5, Insightful)
Eventually it will come down to Google being forced to demand that these features are in phones, in order to license the Android mark and access to Google Play.
In the extension this means Qualcomm and other American manufacturers will get to take in heavy licensing fees, because it will all be patented.
It's a drive to both sell more American products and collect more information on people at the same time.
One scary aspect of this is that the data will obviously be collectable to U.S. government and manufacturers. Three-letter agencies could literally replay the signals and have a water-proof case against anyone, by claiming the data shows that "they were there".
My old rule: (Score:1)
In China, use an American phone.
In the US, use a Chinese phone.
And pray that it isn't a double spy phone.
P.S.: There are dopant-level hardware trojans now: https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html
Re: (Score:2)
A good lawyer would argue that all that proves is that your phone was there, not that you were. And, as the prosecution wouldn't need to use this if they had a witness to your presence, that in itself might be enough for reasonable doubt. Of course, IANAL, and could easily be wrong.
Re: (Score:1)
Re: (Score:2)
No it will eventually come down to the cheapest phones with the least number of features will be the most secure and reliable. High end phones will be insecure by design, have many routes of failure (any of the security features fail and you phone is a brick), and lack all measure of privacy. Every feature missing from a phone makes it cheaper, so which phone will win, cheaper and private or expensive and whores you privacy out to all and sundry.
Re: (Score:1)
Re: (Score:2)
Incompatible (Score:4, Interesting)
I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.
Re: (Score:2)
I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.
The data gathered would likely spike to higher risk only in incidences when individual behavior is uncorrelated with baseline activity.
In your case, consistent pressure changes in your grip may be used as a lower risk score, and your risk of being misidentified would only increase during the rare(r) days when your grip is constant and firm.
Re: (Score:3)
Or more likely I'll go to use some service and the computer will say no. If there even is a human being available they won't be able to do anything.
More us might develop that.. (Score:2)
For anyone with any sense of paranoia is likely to try to develop some arthritis like this. In fact, it'll have also include how we walk.. Maybe it'll be voice characteristics, too.
I used to think people walking around talking to invisible others was weird. I discovered it's this new thing called a "bluetooth" earpiece. Now I image we'll see people holding their phones in weird ways, walking, and talking in funny ways... It'll be interesting.
The next James Bond movie will need its villains to do the sam
Re: (Score:2)
Now I image we'll see people holding their phones in weird ways, walking, and talking in funny ways... It'll be interesting.
Well if we all start doing Monty Python's Silly Walks it will definitely be amusing.
Re: (Score:3, Insightful)
Re: (Score:2)
This isn't about paying for lunch, it's about eliminating burner phones. Once all phones are legally required to have this, they can ensure nobody has anonimity.
That and it's a perfect tool for moving to a cashless society where government knows everything you buy, sell, or pay for and can add it to their dossier database and also be able to track and tax individual transactions at the micro-payment level in real-time.
Strat
Re: (Score:2)
Re: (Score:2)
Oh no... new technology to make things easier for most people may not work for you sometimes, you may have to use the existing channels.
Although, you have no idea, but apparently you just feel like saying "it wont work for me (but it might, I literally have no idea what I'm talking about) so it must be flawed!"
GDPR (Score:1)
Sure it will identify people. However, it will also be hackable (Spectre, anyone) and then the black hats will have unassailable proof they are who they are not.
Seriously, who ever proposed this is either a black hat or has not the least idea about security.
Disclosure: I rarely wear hats.
Re: (Score:1)
However, these legal fees only apply if they are being prosecuted for not complying with the law (when, and more importantly, if they are). Hiding "we're tracking you... (20 pages later) ... and if you agree, click this button" in a EULA / click-through isn't going to fly, particularly if there is no opting out.
Re: GDPR (Score:5, Informative)
However, these legal fees only apply if they are being prosecuted for not complying with the law (when, and more importantly, if they are). Hiding "we're tracking you... (20 pages later) ... and if you agree, click this button" in a EULA / click-through isn't going to fly, particularly if there is no opting out.
Bullshit.
It requires keeping teams of specialist lawyers on retainer and an entire new department in the company that does nothing towards generating revenue, only monitor compliance and deal with GDPR-related issues with users and government. Regulatory compliance costs are a real thing and hurt smaller enterprises far more than some megacorp.
Strat
Re: (Score:1)
The law is pretty clear, so specialist lawyers aren't required, along with their overinflated hourly charges, no matter how much they say they are. It's only when the big companies try to sidestep it that they might be needed. There's onerous bookkeeping, but that's been the case for a few years with DPA, only now there has to be more emphasis.
What gets me is the sudden flurry of activity. It has been known this was coming into force for nearly two years and the amount of burying heads in sand with a "this
Re: (Score:2)
GDPR only helped big companies ...
It is your big companies that are the most stressed by it.
Smaller companies that actually make things should have less problems. Yes there are rules but anywhere where production is more important than lawyers and accountants may even find that they are on the right track anyway.
I helped a small voluntary organisation become compliant recently. The most complicated thing was the form that was handed to all members that asked them if we could hold their data etc.
Translation (Score:5, Insightful)
... will be available in the vast majority of mobile devices
... will be mandated for every phone sold in North America
Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.
Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.
Re: (Score:3)
Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc.
So, sort of like WeChat in China then. Oh, it might not be technically required, but good luck getting very far without it. And don't forget your social credit score!
Re: Translation (Score:2)
Social credit score - or "Earned Public Reputation", as domestic totalitarians are calling the version they plan for America.
Re: (Score:2)
Re: (Score:2)
.. will be available in the vast majority of mobile devices ... will be mandated for every phone sold in North America
Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.
Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.
I'll just leave this here.
https://youtu.be/s2NNZdigSXg [youtu.be]
They're already working on essentially that very technology.
No population has ever regretted being extremely cautious about allowing government to expand it's powers & scope, whether directly or by using private sector resources to accomplish their goals.
Strat
Re: (Score:2)
Thanks for the link. I've never heard of that movie before - and I'm old enough to have seen Coburn's 'Flint' movies in first run at the local theatre. Now all I have to do is find a copy...
Re: (Score:2)
Google (Score:3)
Great (Score:3)
Re: (Score:3)
When it stops being profitable for the carriers (i.e. never).
Re: (Score:2)
What do you mean "when"? You don't think they already verify robocaller IDs against the list of campaign contributors? It's just like why physical mail is 95% spam by weight.
Guidance system for drone stikes included? (Score:1)
Great idea (Score:4, Insightful)
*shaking* I've been in a car accident and am pretty badly hurt, can you send help?
Sir, I'm not sure who you are but placing a false call to 911 is a crime *click*
Hello? Hello?
Re: (Score:2)
It is definitely not "English as spoken in England"
Pressure? Gait? (Score:1)
So my smartphone would send data about my gait, my gesture characteristics, etc. to someplace I don't control?
Guess that's why I don't have any smartphone.
Re: (Score:2)
Re: (Score:2)
Fly in the ointment... (Score:2)
Re: (Score:2)
Commerical suicide? (Score:2)
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project
Very wise. It sounds like an ideal way to completely kill-off the sales of any manufacturer who gives in and installs this.
Apart from all the drawbacks listed, any phone that did this would essentially be spying on its user. Not just with trying to identify the user, but with the record of encrypted (yeah .... right) positioning data to know where that person had been.
The only people I can see who would ever use one of these would be government employees and I doubt that they would do so freely.
Fantastic (Score:2)
So if I go on a weekend bender in Vegas I can't call a cab.
Good luck with that (Score:2)
Re: (Score:2)
Re: (Score:2)
I put my phone in a surplus centrifuge affected by Stuxnet. That adds extra randomization to the signal.
Sorry, I don't hold my phone (Score:1)
Was hoping this was about spam calls (Score:1)