Slashdot Mirror
National Biometric IDs
Jester998 writes "I just came across this article about how two U.S. congressmen want biometric identification. They're trying to avoid the controversial 'national ID' issue by creating what would be new drivers licenses with biometric information embedded. What does the Slashdot community think about having your retinal pattern embedded on a smart card?"
i'd just like my retinas embedded on a smart card. then i could see if i have correct change before pulling out my wallet.
--
fight global cooling
What does the Slashdot community think about having your retinal pattern embedded on a smart card?"
The same as ALL THE OTHER attempts to remove our privacy...NO! NO! How often does this need to be repeated before people finally understand that "NO" really does mean "NO"?
It's not the method of privacy removal that we find disgusting. It's the removal of the privacy in the first place.
There's no sig like this sig anywhere near this sig, so this must be the sig.
Setting aside the privacy issues for a moment, how do these guys figure that $315 million will be enough money to create this system?
After all, with the current US population somewhere in the neighborhood of 270+ million (I'm too lazy to look up a more accurate estimate) they think they can create and implement this system for just over $1 per citizen?
Seems a little conservative to me.
Think For Yourself. Question Authority.
Nobody is asking what the problem is that this is supposed to address. Step 1) of implementing a security measure is to ask "What is the problem it addresses?"
So, what is the problem? Terrorism? The 9/11 terrorists HAD legal id. Having their DNS sequence on the card would not have stopped them.
Harder?!? Like when Arnie used an employee's dismembered thumb to gain unauthorized access in The Sixth Day, or when Wesley used a employee's eyeball to escape from prison in Demolition Man??? Oh no, biometric technology will simply cause violent crimes to increase. Identity theft will come to signify the loss of a finger or eyeball! We must rely on movies to provide the rationalization our policy makers lack : )
Part of an article by Bruce Schneier:
Biometrics don't handle failure well. Imagine that Alice is using her thumbprint as a biometric, and someone steals the digital file. Now what? This isn't a digital certificate, where some trusted third party can issue her another one. This is her thumb. She has only two. Once someone steals your biometric, it remains stolen for life; there's no getting back to a secure situation.
And biometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it's not hard to imagine some very unsecure situations arising.
Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. They are useful as a replacement for a PIN, or a replacement for a signature (which is also a biometric). They can sometimes be used as passwords: a user can't choose a weak biometric in the same way they choose a weak password.
Biometrics are useful in situations where the connection from the reader to the verifier is secure: a biometric unlocks a key stored locally on a PCM-CIA card, or unlocks a key used to secure a hard drive. In those cases, all you really need is a unique hard-to-forge identifier. But always keep in mind that biometrics are not secrets.
http://www.counterpane.com/insiderisks1.html
you contradicted yourself. you said SSN as a password is bad because you can't change it. but in the next sentence you go on to say retina is good? if someone does figure out my retinal patterns in practical resolution. what options do i have? change my eye? and link 'pwd' to extract my eye, extract the eye of a coworker down the hall with a mechanical arm and then interchange 'em?
i suppose you've been getting retina implants on a daily basis huh? and what happens when you do donate you eye (i have to plead ignorance here as i don't know which eye-part is actually transplantable.)?
Oh btw, just like 640k was sooo enough for everyone; and the world market only had demand for about a thousand (or a hundred, i forget which) computers (some IBM head-huncho back in the 60s) retinal scans are very difficult to replicate.
in the process of implementing this type of IDs, we will have figured out a cost effictive way to work with retina-scans. effectively, figuring out reproducing and or manipulating the scans. what seems difficult technologically will become trivially easy tomorrow. so don't bank your entire identity on the fact that today's technology can't crack it. because tomorrow, you may cease to exist.
A biometric ID won't make us less free. It probably won't make us more secure against terror, although reliable ID might have caught Ahmed Ressam, the guy who plotted to blow up LAX, then panicked at a routine border search. He had come and gone across the US border with different Canadian passports. Sure, half of his names were on watch lists, so he just switched identities. Had he not blown his cool, a lot of people could have died.
But that isn't what interests me.
Here is where a biometric ID can help:Identity Theft
It is trivially easy to impersonate someone and rack up credit card charges, commit crime with their identity, etc. Biometric IDs would put a stop to that.
A year ago, my wife's wallet was stolen from her gym locker. The usual credit card fraud ensued, which was stopped within a few hours.
Then the crook took her drivers license, somehow mangled it, and got the her picture on the front and my wife's name. Apparently, the Illinois DMV doesn't compare you to a file picture when you get an ID. This let them write checks on that identity, taking out loans (despite calls to every credit agency to put a watch on that sort of thing), culminating in the purchase (with a stolen check) and financing (naturally) of a used Ford Explorer at a sleazy car dealership too lazy to verify the bank balance or credit info.
Once the car check bounced, the dealer reported the theft, the cops came to us talking about grand theft auto. After some explaining, the license plate (in my wife's name, of course) was put into the police database. Amazingly, they actually caught this crook when she tried to pass one of the checks for a carton of smokes. The check came up bad (for once!), the store called the cops, who ran the plate of the SUV and got her. She naturally looks nothing like my wife, who is short, skinny, and white, not tall, obese, and black.
The moral of the story is that it is easy to impersonate someone, causing harm to that person because there is no biometric element at any point in the US ID system.
It doesn't make us more free because we have unreliable ID. Most of us never have a reason to fake an identity (save trivial stuff like faking your grocery club card). We don't get a privacy benefit from poor ID, we just have the risk of identity theft. How are you less free because your identity may be tied to your physical person? How are you more free because your identity is (at present) not 100% properly verified when you get a passport or drivers license?
We already leave data trails almost everywhere we go. These can be picked up by commercial concerns interested in selling you the exact type of extreme soda for your demographic. A biometric ID won't change that.
Your SSN will still be in 1000 poorly secured databases, ripe for the taking. The only thing a biometric ID will do is make it harder to impersonate someone else.
I say it is high time we get ID that works.
I've said it before and I'll say it again: a far better authentication system would be to have your biometric information, picture, and name on the card, but have it digitally signed by multiple private keys held by the government in different places. Duplication would be virtually impossible, since you would have to get access to the biometry (not that hard), then get it signed by all of the keys (very hard).
Anyone could validate that you are you by verifying the digital signatures and checking the picture or biometry. Since the name, picture and biometry are signed as a unit, there's no way to create a card with your biometry and another person's name and picture without cracking all of the keys.
Apparently the bill "directs that the chip [on the license] be capable of accepting software for other applications, including those of private companies".
This isn't about security, it's a taxpayer-funded giveaway of your privacy to big corporations. It'll save them a few bucks lost to fraud and make this even more of an electronic nanny state.
Luckily the EFF spokesman pointed out that "The real thrust... is so that the ID card or driver's license will be even more useful to commercial entities in terms of tracking consumers, doing consumer profiling, telemarketing -- all those kinds of things that people currently consider to be an invasion of privacy."
And the Center for Democracy and Technology calls it a "honeypot".
This has to be fought on the retail level. Hopefully Joe and Jane Public have enough love of freedom left to be skeptical of the government fingerprinting them at the DMV. If it turns out they don't, I'm ashamed of-- and afraid for-- my country.