Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Cellphones Government Privacy

Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years (nextgov.com) 112

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.

A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"
This discussion has been archived. No new comments can be posted.

Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years

Comments Filter:
  • by fibonacci8 ( 260615 ) on Sunday May 20, 2018 @07:40AM (#56642070)
    Just admit that with enough pieces of information it's all "personally identifying".
    • by Entrope ( 68843 ) on Sunday May 20, 2018 @08:19AM (#56642154) Homepage

      That's a false dichotomy. The point of metadata collection has always been to identify the parties to a conversation. The point of collecting the content is to find it whether the parties are talking about weddings and grandchildren or about compromised email servers and collusion with foreign governments.

      • by fibonacci8 ( 260615 ) on Sunday May 20, 2018 @10:31AM (#56642554)
        And that's a red herring. The contention of metadata collection has been whether or not it qualifies as unreasonable search and seizure, emphasis on the search part. Gathering such data within the limits of a warrant is legal. It's still a grey area whether requiring metadata gathering and retention on everyone is overreach. The "point" isn't relevant if it legally poisons evidence collected to where the rest becomes inadmissible in court.
        To my understanding, the 4th amendment is still supposed to be a thing. Skipping the need for probable cause for each search, and not requiring a warrant to specify appropriately narrow limits for each search, by requiring businesses to conduct a continuous broad search seems to violate the letter and the spirit of the law. Privatization of corruption doesn't stop the practice from being corrupt.
        • Or...or...or... maybe different people and different organizations have different ideas and goals for metadata collection and use-cases and insisting any one is somehow true and correct is like arguing about what a given formation of clouds most resembles, especially when the people arguing are from different cultures, viewing the clouds from different locations, seeing them from different angles, and maybe even looking at them on different days. On different planets. I suspect the best we can do is a agr
        • by Entrope ( 68843 )

          That's nice. Would you like a cookie? You sound upset. Triggered, even.

          If you wanted to talk about objections to third party collection of information, maybe you should have mentioned that in the first place. Instead you made a comment that suggests you misunderstand both the primary purposes of metadata and the fact that US law currently protects metadata less than it protects communications content.

          Carriers generate metadata so that they know where to ship contents, how much to charge, and who to bill

  • by Anonymous Coward on Sunday May 20, 2018 @07:44AM (#56642080)

    Eventually it will come down to Google being forced to demand that these features are in phones, in order to license the Android mark and access to Google Play.

    In the extension this means Qualcomm and other American manufacturers will get to take in heavy licensing fees, because it will all be patented.

    It's a drive to both sell more American products and collect more information on people at the same time.

    One scary aspect of this is that the data will obviously be collectable to U.S. government and manufacturers. Three-letter agencies could literally replay the signals and have a water-proof case against anyone, by claiming the data shows that "they were there".

    • by Anonymous Coward

      In China, use an American phone.
      In the US, use a Chinese phone.
      And pray that it isn't a double spy phone.

      P.S.: There are dopant-level hardware trojans now: https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html

    • ...claiming the data shows that "they were there".

      A good lawyer would argue that all that proves is that your phone was there, not that you were. And, as the prosecution wouldn't need to use this if they had a witness to your presence, that in itself might be enough for reasonable doubt. Of course, IANAL, and could easily be wrong.
      • Actually, no... The whole point is that you CAN prove ( in a court of law) that the GPS data in the phone is also tied by various bio-markers to the Person who owns the phone. With gyro-metric information about the person's gate ( yes, just like the scene from a Mission Impossible movie lately... it IS real tech) , and micro-measure pressure on keystrokes providing fingerprint-like confidence in identity. That's actually the WHOLE POINT of this technology. ( but full disclosure: I didn't read the article
    • by rtb61 ( 674572 )

      No it will eventually come down to the cheapest phones with the least number of features will be the most secure and reliable. High end phones will be insecure by design, have many routes of failure (any of the security features fail and you phone is a brick), and lack all measure of privacy. Every feature missing from a phone makes it cheaper, so which phone will win, cheaper and private or expensive and whores you privacy out to all and sundry.

    • o dear, the top five posts aren't on how n-ers and mexicans wrecked the berlin wall today ? has there been a coup led by cmdr Taco to take the power back ? lets hope it stays that way then ... i was more like how is this not why facebook has been on trial and also (ofcourse) "what could go wrong" with a failproof systems like that ? but what you just said here yea, totally fits the Trump agenda in the long run ... welcome to the soviet era Hahah , i still use an old €15 samsung for calling and i have
  • Incompatible (Score:4, Interesting)

    by AmiMoJo ( 196126 ) <mojo@wo[ ]3.net ['rld' in gap]> on Sunday May 20, 2018 @07:48AM (#56642086) Homepage Journal

    I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.

    • I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.

      The data gathered would likely spike to higher risk only in incidences when individual behavior is uncorrelated with baseline activity.

      In your case, consistent pressure changes in your grip may be used as a lower risk score, and your risk of being misidentified would only increase during the rare(r) days when your grip is constant and firm.

      • by AmiMoJo ( 196126 )

        Or more likely I'll go to use some service and the computer will say no. If there even is a human being available they won't be able to do anything.

    • For anyone with any sense of paranoia is likely to try to develop some arthritis like this. In fact, it'll have also include how we walk.. Maybe it'll be voice characteristics, too.

      I used to think people walking around talking to invisible others was weird. I discovered it's this new thing called a "bluetooth" earpiece. Now I image we'll see people holding their phones in weird ways, walking, and talking in funny ways... It'll be interesting.

      The next James Bond movie will need its villains to do the sam

      • Now I image we'll see people holding their phones in weird ways, walking, and talking in funny ways... It'll be interesting.

        Well if we all start doing Monty Python's Silly Walks it will definitely be amusing.

    • Re: (Score:3, Insightful)

      This isn't about paying for lunch, it's about eliminating burner phones. Once all phones are legally required to have this, they can ensure nobody has anonimity.
      • This isn't about paying for lunch, it's about eliminating burner phones. Once all phones are legally required to have this, they can ensure nobody has anonimity.

        That and it's a perfect tool for moving to a cashless society where government knows everything you buy, sell, or pay for and can add it to their dossier database and also be able to track and tax individual transactions at the micro-payment level in real-time.

        Strat

      • No, someone will just come up with phone movement randomizers. You know how people with more money than sense buy wristwatches that have to be worn to keep time, automatic or self-winding models, but they own a bunch and only have one pair of wrists, so they buy winders that use WAY more power than batteries to slowly turn them end over end? Theyâ(TM)ll have that but for phones, that randomly jiggle and bounce them around inside a case to randomize movement to defeat this system, and as for how people
    • Oh no... new technology to make things easier for most people may not work for you sometimes, you may have to use the existing channels.

      Although, you have no idea, but apparently you just feel like saying "it wont work for me (but it might, I literally have no idea what I'm talking about) so it must be flawed!"

  • by Anonymous Coward
    I hope the GDPR will make this illegal in Europe.

    Sure it will identify people. However, it will also be hackable (Spectre, anyone) and then the black hats will have unassailable proof they are who they are not.

    Seriously, who ever proposed this is either a black hat or has not the least idea about security.

    Disclosure: I rarely wear hats.

  • Translation (Score:5, Insightful)

    by jenningsthecat ( 1525947 ) on Sunday May 20, 2018 @08:03AM (#56642118)

    ... will be available in the vast majority of mobile devices

    ... will be mandated for every phone sold in North America

    Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.

    Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.

    • by lgw ( 121541 )

      Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc.

      So, sort of like WeChat in China then. Oh, it might not be technically required, but good luck getting very far without it. And don't forget your social credit score!

    • If the Government is getting such valuable benefits from my phone, they should be paying my bill.
    • .. will be available in the vast majority of mobile devices ... will be mandated for every phone sold in North America

      Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.

      Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.

      I'll just leave this here.

      https://youtu.be/s2NNZdigSXg [youtu.be]

      They're already working on essentially that very technology.

      No population has ever regretted being extremely cautious about allowing government to expand it's powers & scope, whether directly or by using private sector resources to accomplish their goals.

      Strat

      • Thanks for the link. I've never heard of that movie before - and I'm old enough to have seen Coburn's 'Flint' movies in first run at the local theatre. Now all I have to do is find a copy...

    • Doubt it. Religious wackos insisting that anything that MUST be carried is the MARK OF THE BEAST will be enough to ensure their representatives never force this on them. Religious insanity it turns out, is not ALL bad.
  • by AndyKron ( 937105 ) on Sunday May 20, 2018 @08:08AM (#56642132)
    Google: By your grip you're getting ready to throw your phone. Is there anything I can hel.....CRASH!
  • by Megane ( 129182 ) on Sunday May 20, 2018 @08:14AM (#56642144) Homepage
    Now when do they solve the robo-caller identity verification problem?
    • When it stops being profitable for the carriers (i.e. never).

    • by lgw ( 121541 )

      What do you mean "when"? You don't think they already verify robocaller IDs against the list of campaign contributors? It's just like why physical mail is 95% spam by weight.

  • So I guess once your risk score exceeds the "annoys POTUS"-level, the included guidance beacon for the upcoming drone strike is activated?
  • Great idea (Score:4, Insightful)

    by burtosis ( 1124179 ) on Sunday May 20, 2018 @08:58AM (#56642244)
    911 emergency, how can we help you?

    *shaking* I've been in a car accident and am pretty badly hurt, can you send help?

    Sir, I'm not sure who you are but placing a false call to 911 is a crime *click*

    Hello? Hello?
  • by Anonymous Coward

    So my smartphone would send data about my gait, my gesture characteristics, etc. to someplace I don't control?

    Guess that's why I don't have any smartphone.

    • ...and when you sprain your ankle, you get locked out of your own phone.
    • Bad news, bro. You dont need one. You have a computer and that is enough. If you think you can hide behind being an AC, again, bad news, bro. When you browse slash dot not only are there MAC and IP addresses, and cookies and persistent cookies and macromedia hidden super cookies, but the browser likely records not only what you typed, but a log of every keystroke and WHEN you made it, which may as well be a fingerprint for your typing style, what in ham radio I have read somewhere what they called a FIST
  • It appears to take a while to build the history required for the identity verification purposes, yet that verification is used for only a very short time. If someone else has my smartphone for a short time, they could pose as me based upon the history retained in the smartphone. imo, in order to be a secure verification, the timeline for building the history needs to be closer to the timeline of usage.
  • So if by chance you are having a bad day with external stress factors changing your daily rutine and behavior, you get locked out? I am sure that will help making an already bad day worse..
  • A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project

    Very wise. It sounds like an ideal way to completely kill-off the sales of any manufacturer who gives in and installs this.

    Apart from all the drawbacks listed, any phone that did this would essentially be spying on its user. Not just with trying to identify the user, but with the record of encrypted (yeah .... right) positioning data to know where that person had been.

    The only people I can see who would ever use one of these would be government employees and I doubt that they would do so freely.

  • So if I go on a weekend bender in Vegas I can't call a cab.

  • All of my calls are made using speakerphone mode, while the phone rests on a phonograph turntable. Mostly I run it at 33 1/3 RPM. If I don't like you, you get 'the 78 RPM' treatment.
  • If I'm in the car, it's hands free via the car radio. If I'm not in the car, I have borg implant (BT headset).
  • I was really hoping this would be about reducing the amount of spoofed/spam calls everyone gets.

Neutrinos have bad breadth.

Working...