Slashdot Mirror
Biometrics, Ownership and Privacy?
symbolic asks: "I just finished watching a small segment of World Business Review on PBS, where the topic of discussion the use of biometrics by employers to not only provide confirmation of identity, but as something to drive other parts of the operation - like tracking employee time. Briefly mentioned were face and iris scans, but as I was watching a picture of someone's iris, I realized that once an employer has captured a scan of your iris (or any biometric data), who has control over it? Does it become part of the cesspool of information trading that occurs between business and government entities? Will trading of someone's biometric information become as ubiquitous as their address or phone number. Is there any reason we should be concerned about this? I'd like to hear what others think about this." Ask Slashdot has previously approached the Biometrics topic for technical
issues, but the privacy issue of such data has yet to be addressed. How do you feel about biometric data (or any data derived from your physical makeup, like your genome) being used as another commodity (like your address) in the corporate data exchange?
Of course we should be concerned about this! You can change your phone number, your email address, your name, and even your social security number if you work hard enough. But you can't change your biometric data, so once it's in the wild marketplace or personal information, it's out there for good...
:wq
I think it's great. Instead of sending me spam via mail, fax and email -- now they can engineer ads based on my DNA.
ad: pizza -- you have an 18% chance of getting colon cancer and only 32.34 years left to live, wouldn't you like to spend some of it drinking a nice, cold, refreshing Pepsi?
Looks like someone went to see Minority Report this weekend. Iris scans everywhere people went, used for access and advertising.
Hopefully with the increase in biometric scanning will come an increase in black market body-part replacement.
Seeing as they already have much of your personal information (SSN, anyone?), is this really an issue? I mean.... if you're going to have to use Biometrics for your job, you think that by that time the government isn't already going to have your iris or whatever on file? I would guess that they would make it a requirement to get a drivers license or something similar.
Everyone who is legally employed has given lots of personal information to their employer already... and I don't know about you but I haven't had any problems with ethical/nonethical use of my information yet.
-kwishot
While I'm sure that there will be a massive puscht to trade and sell biometrics about employees (and, looking down the road, consumers, should the technology be adapted for things like credit cards and ABMS), it sets off giant, giant alarm bells for me. I mean, while we have things like addresses and phone numbers being traded and sold by large companies, such details about a person are easily changed. The basic structure of your retina or your fingerprints, however, are things you're stuck with. I really can't see any technology coming along that will rewrite your retinal signature outside of expensive surgery. That leaves fingerprint and retinal data, at the least, even more personal and, to my mind, private than your name. You can change just about everything about yourself, statisticwise; eye color, hair colour, weight, musculature, name, address, phone number, SIN number, credit card number, employer, and so on But you're stuck with your body. Barring six-million-dollar-man bionics, the one you've got is the only one you're ever going to get. Having unique bodily markers floating about on an advertiser's list, or worse, a blacklist for potential hires or borrowers, in the case of employers or credit companies, seems....alarming I'd rather be anonymous than tracked for my own safety. Anonymity is a risk I'm willing to take.
With today's current politcal/corporate climate in regard to privacy, it seems fairly obvious that pretty much any information collected on someone (be it biometric or otherwise) will invariably end up being shared in one form or another. As soon as one entity decides a particular pieces of information is handy for keeping track of someone, others will follow; and where others follow, sharing begins. I expect to see an Iris.Net module out soon for Passport and I think my dog's pant pattern has been captured by bugged pellet in his dogfood which authorizes only him to eat that bowl of food.
The book, Database Nation by Simson Garfinkle delves into this little considered topic. He asserts that biometric information is not owned by the individual, but by the organization that collects your information. Similar to the fact that you do not own your name, you do not own your retinal pattern information.
Quite scary, if you ask me.
Yes it sounds scary, and yes we've all seen the science ficition movies where one's idenity is stolen, but most of our employers ALREADY have tons of "private" info on us. (SSI# for example) If someone REALLY wants to screw you over, they will. Fact is, no one really cares about your life that much.
Secondly, biometric equipment is still too expensive to put into use for lower level employees.
Coloured contact lenses.
It's not farfetched to think that some idiot in the wake of 9/11 might push a law making it illegal to wear them. Oh yeah, only after the law's been passed will things like this come to light...
Just think, a DMCA for identity-circumvention devices. No more anonymity, because, it's good for you!
... because you can't change or revoke them. What if someone manages to get a copy of the binary data that characterize your iris? What if it gets circulated in some crackers circle? Will you change your iris? Or will you change your job? Or will you simply loose your work, since your iris is now unusable by your company?
Myself, I wouldn't like it. But the company should like it even less. Think about something here: what's your company's policy on employees giving out the keys to restricted areas? It's probably a termination offense. Now, suppose the company uses biometric data to control access to restricted areas. Isn't giving out that data exactly giving out the keys to those restricted areas?
And if that biometric data is also required by law to be used for things like controlling access to bank accounts, where there's legal penalties for third parties who mishandle the access-control information, the company could face some nasty legal LARTs from employees if the company gives out access-control information for their bank accounts, Social Security accounts, driver's license records and such.
This should give the company legal people migraines for a while. :)
In Minority Report, when Tom Cruise's character was running away, he was bombarded by ads that would scan his eyes.
"Hello, John Anderton, you look like you could use a Guinness right about now."
"John Anderton, wouldn't you rather be driving a Lexus?"
After a little bit, all you heard was "John Anderton" over and over in many different voices. Spooky.
I for one feel safer knowing that all the people working at my bank have at least been through a fingerprint check with the FBI. And if a vault is broken into, and they find someones fingerprints, they have a bunch to check.
Now, I certainly hope they don't start selling the information for profit. That seems like it'd be a little harder to do with employee information. However, maybe a customer of a big store? Maybe a window shopper? It certainly has potential to be exploited in other areas.
-- these are only opinions and they might not be mine.
Same principles apply as if someone snapped a photo of you. Does the photographer or the model own the rights to the created image? The photograph is owned by the artist. The image of the model belongs to the model, and the photographer must get permission to publish. Permission is usually, "I wave all rights in regards to my image in this photo for the some quantity of cash." Once such permisssion is granted, the photographer is free to do as they like with the photo.
A steaming cup of soykaf would be real wiz right now.
It has the benefit of: If you iris print gets out, sue your employer for copyright infringement. If multiple people try using, call it piracy.
Accentuate the positive, don't waste your mod points on the negative.
Recently I watched a presentation by a biometrics group, so this is a bit familiar to me. By far the biggest problem, the question unanswered, is what to do when your information is compromised.
See, you can change your credit card number, or your email address. You can even move someplace else. But you can't change your biometrics. Hopefully movies like Minority Report will provide some Good FUD about biometrics, so people realize that this information should be kept as private and closely-guarded as their own life.
It's funny how people seem more willing to give out their fingerprint or retina than they are a number on their credit card. It may be hard to hack. It may be very hard to hack. It may be almost impossible to use. But as those in the security business know, nothing is impossible. And with biometrics, once you're compromised, that's it.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
While there may be plenty of other reasons in the world to be concerned about privacy, iris scans and other biometrics DO have a baseline protection built in to the method by which they are implemented: Your actual iris image is NOT supposed to be stored and sent to some central computer. Instead, a code (like a hash function but usually referred to as a "template") is derived from your iris that is useless by itself and connot be inverted to produce an image of your iris. Therefore, you don't have to worry about your "biometric password" being compromised once and never being able to be used subsequently....
If you give anything out without legal guarantees to it's dissemination you can bet it will be distributed.
Even with legal guarantees they have to be on your terms otherwise they will just change the rules on you, i.e. Yahoo and your privacy settings...
Just give a retinal scan to your bank with their standard contract for a checking account and the next time you try to fly on a plane using a retinal scan you can bet with almost 100 percent certainty that you will be bombarded with offers especially tailored to how much cash (and or credit line available, etc.) you have in your checking.
The only way to get around this crap is for everyone to draw a line in the sand and refuse to give it.
Mankind has survived thousands of years without the need for this invasive type of "security" and I hope I never see this biometrics thing happen in my lifetime because I certainly feel as though my privacy has already been abused to no end.
I don't need another ad for another of ACME Inc.s crap.
Caution: Contents under pressure
Fact:
- Most of us leave finger prints all over the dishes each and every time we dine out.
- I'll bet almost every US citizen here had their fingerprints taken as grade schoolers as part of some Community Enrolement program under the auspices of "help us find your child if they're ever lost or kidnapped."
- Until there is some standard for data exchange between biometric devices, does it matter all that much who "owns" the data?
I do not dispute that the author has a point; I do dispute the question that is asked. In my mind the "who owns the data" discussion should be prefaced by a discussion of how biometric devices will interoperate between the users (you and I) and the Real World (gas pumps, VISA card readers and the like). It just doesn't make a lot of sense to discuss ownership issues utnil we have some idea the scope of the playing field.
After all, I'm not going to waltz down to the local Italian eatery and demand they wipe my finger residue off the glass before they clear the table as a means of respecting my "Biometric Personally Identifiable Property," now am I?
Cheers,
-- RLJ
Well, we shouldn't have much trouble making fake lenses to wear for work, and then a different pair for each activity we engage in - multiple identities. Make 'em look like this this perhaps, ha!
In all seriousness, /. posted a link to a good article recently (the author's name escapes me) where he said that the big difference is that once someone has your physical/molecular data, they've got it forever. passwords, combinations, cc#'s and phone numbers expire. ss#s can even change. but your fingerprint and your dna won't. once someone gets your fingerprint data in an electric format, how do you ever recover from that? how will it ever be known whether the user is legitimate or not?
The trick here is not to try in vain to protect the privacy of our data, but instead to flood the system with false/contradictory/misleading data. Breaking the reliability of such an intrusive database will be less challenging than trying to stop it from existing altogether.
If anyone happened to catch an Opera doing a segment on Minority Report a while back while flipping through the channels, she is actually a proponent of this type of technology and such usage. She would infact like to see it used everywhere to stop all the evil terrorist and criminals. I imagine since like many things she has said her viewers would second this opnion. Unfortunatly, their are many of those viewers out there. Infact, many people around the world are for such technologies. I assume it is because they are not yet enlightened enough to see any of the dark sides of the technology. Or perhaps, I'm just being nieve, and its natural for humans to want to be monitered 24/7 with constant streams of advertisements, etc into there eyes.
Reserved Word.
As long as the checking of an iris requires the use of a computer, who cares! Anything digital can always be faked. If it ever became an issue, I am sure digital glasses that can fake iris scans will be out not long after. Plus, there will always be the elite, out to destroy such things... j/k
No, I'm sorry, you can't DNA test me. Why not? I own the copyright on my DNA and it'd be an infringement for you to copy it on to your systems. Iris scan instead? No, I'm sorry, I own the rights to that too. Would you like to discuss licensing?
Do you own your finger prints? Do you own your signature?
No, you do not. Both can be digitized, misused, used against you.
I expect the same is true of iris scans.
The courts will probably mis-apply 17th century property laws to the issue. Oh, brave new world.
=brian
The storage of this information, as with simple things such as fingerprints, leads to the question of what information is really to be gleaned from it.
Years ago, we knew that DNA was the building material for humans, but had no idea why or how. Now, we've mapped the human genome, at least in part, and can provide some insight into life expectancy, diseases, and many other facets of life. Given that everyone's retina is unique -- as much so as DNA -- I wonder whether we will find out in a few years that fingerprints and retina scans provide as much insight into our lives as those grocery store mini-books having been trying to tell us for years.
We had a meeting recently to discuss high level issues about HIPA and how it will effect the lives of sysadmins here. What I have heard sounds like it would be reasonable for biometrics. Basically... HIPA will require that personally identifying health care information be protected, it has to be encrypted such that every feild in the database can be individually encrypted (possibly to prevent someone with DBA access from just dumping the DB and stealing the data) for starters...
then there has to be ACLs for who can access the data... AND all acesses of the data make an audit trail so it can be seen who accessed it.
(when princess di came to MGH many years back, a number of employees were slapped by management because they accessed her medical records to satisfy their own personal curiosity - this was before HIPA regulations even! the software recorded who accessed the data)
I think when it comes to personally identifying information these types fo requirements are perfectly reasonable and should be encouraged - never mind restrictions preventing the sale or unauthorized transfer of such information - thats pretty much agiven IMNSHO. (no point in any other restrictions on access if you don't have that now is there?)
-Steve
"I opened my eyes, and everything went dark again"
It is the person who is (or, perhaps, should be) most sacred. Kant reminds us that people cannot be used as means to any end, but only always as ends unto themselves; Rousseau points out that liberty cannot be given away, even if one wants to do so. Liberty::Human as Attraction::Gravity. You can no more separate the tendency of masses to attract one another from the masses themselves than you can remove freedom of the individual person from the individual person.
With that in mind, it seems pretty clear that my iris, my fingerprints, my voice patterns, are mine. The FBI or state police may have a compelling interest to keep a database of criminals, and how to identify them, but it's pretty well established that these are pretty limited-use activities, and not available to the general business population. It is also pretty well established that those fingerprint records are not the property of the FBI, or any other agency, but that the FBI and other agencies can collect them as part of their routine criminal investigation activities. The FBI certainly doesn't own the fingerprints. Why would private companies be able to "own" retinal or iris scans?
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
C'mon, you meant this as a rhetorical question, right?
What do you *think* the slashdot crowd will respond to a question like that, when we overwhelmingly loathe even having companies able to correlate such trivalities as our names and email addresses?
Offensive... I think that makes a good word. I find it offensive in the extreme that anyone but me profit from my personal information (and by that, I don't mean I would agree to it even if I *could* profit from it). Selling information about me violates an absolute of the idea of posessions in general - If I don't "posess" my own information, what the hell *do* I own?
we allow people to patent genome and segments of DNA because we believe that they can protect their interests and then sell their product. this is why herbal remedies aren't the billion dollar industry pharmeceuticals are, because you can't patent something that exists in nature. but shouldn't our biometric data be encrypted so that you could only verify, not reconstruct? biometric security is something we cannot mess up. the repercussions for identity theft with biometric data is scary. but maybe I'm just an idiot.
As far as I am aware, there is no database that contains my fingerprints, which is something I am quite happy about. Fingerprints are EASILY fakable. I'd like it to be more difficult for the bad guys to frame me.
Well, it's kind of like this article that was up here a few months ago about bars that require licenses, and how they scan the barcodes on your license to collect demographic information.
Just because this information has always been available, that doesn't mean that the situation isn't changing. Until now, all that information was useless because there was no way to extract any value from it.
It's like, imagine I use a car service fairly often. I don't give my name when I call, but they have to come pick me up at my house. Well imagine I often go from A to B, and from B to C and from C to D and from D to B, etc. A, B, C and D all being fairly unique places. Until now, no car service could mine all that data to get anything meaningful from it. But imagine this car service company can now see that there is a person who often goes to and from a certain residence, and to and from a certain store. They also see that there is a person who goes to and from that store, often, and to and from a third place.
It's not too hard to imagine that it would be possible to figure out who is going where.
Just because it wasn't "secret" that you were going to a Gay and Lesbian meeting, you called up a public car service, and you didn't keep it a secret, that doesn't mean it's not dangerous that now all of a sudden people have the ability to extract meaningful information from all that data, information that until we would never have been able to mine.
Even though the data source is the same public information that was always available, the end result is still bad: people will know things about you that you don't want them to know, and you won't be able to keep anything secret.
Even though the method that they use to invade our privacy is legitimate and "legal" that doesn't change the end result: you will no longer have any secrets. Everyone will know.
sPh
If you have no secrets, people who do will be happy to give you theirs... just because you didn't do it won't help you prove that the system was faked by someone with your info.
In my area, those "Community Enrolement" fingerprints are specificly for the FBI. The local police don't get them. (I don't know if the schools have access.)
I don't want any of my personal biological information in the hands of anyone but my doctor. He's the only person who actually needs the information, not an employer. Frankly, employers know too much about me already.
AWK AWK BAUDDY
Biometrics is based off the trust that the machine that is doing the scanning of said body part is trusted. what happens when someone sticks a packet sniffer or similar between said trusted device and the box that handles the processing? could you take the packets that you captured, run them into the box at a later time and bypass the system (or empty an account). I know you could make this more difficult by encrypting the data before it hits the wire with a time based algorythem, but once again these are justs bits , and once you have a device that lets you emulate the signals given by a good box doesn't this make it trivial to break the system?
I used to have a cool sig, back when I cared
I'm wary of any entity that controls the rights to that data, since there is a precedent being set by companies like Verisign and Yahoo that do not value your right to privacy. Corporate entities have little fear of the law since the penalties they face for abusing their customer's privacy usually only affect the people who run them indirectly, and seldom result in more than fines to the company. Concurrently, allowing the government to outright control this system provides them with a means to abuse the power similar to corporations, but for different ends.
I think the only way to ensure protection for yourself and for those that need to use it is to setup some sort of government-funded clearinghouse whose sole purpose is to store the information and provide access to it to others who have been explicitly granted permission by those that provide the biometric data. This would not be unlike an authentication system like Kerberos which innately distrusts everything and will only grant limited-use tickets to use its data when properly authorized to. Then and only then, would I feel safe in providing this information.
Rule #1 -- Politics always trumps technology.
This just seems to be the most sensible extension of current patent/copyright law. These things (iris profile, genetic code, personality, interests, hobbies) are all an outgrowth of my initial programming (genitic), a certain ammount of random chance and the environment within which I was raised. My body's code is it's own!....The artistic pattern of my blue eyes is my own!...any trading of that information should be at my discression.
Considering that copyright has been extended automaticly to the artist of almost anything else(without necessarily having to label something directly as such), I deserve to hold these rights on my body too.
If I choose to "auction" off this information, that should be my legal right, but the default state should be "protected."
Moving away from this simply shows the hypocritical nature of "Intellectual Property." Seems that enforcing this right for the individual would help all those IP flakes make their claims consistant.
Either it applies to everyone, or they gotta come up with a better claim for why I shouldn't be swapping their information.
is to wear dark glasses.
View Here
There's a number of great lines in there, like the one where CmdrTaco says that Slashdot 'breaks stories' that MSNBC will later pick up!! Hah hah. What stories has Slashdot ever "broken"? Note: Linking to a page where a story has "broken" doesn't make you the "braker".
But wait, this is the kicker:
"Malda, who goes by the alias "CmdrTaco," today oversees a must-read Web site for anyone trying to read the collective pulse of the tech industry."
Hahah hahahah!! Yeah Slashdot is the collective pulse of the tech industry... I repeat, hahah hahahah!
Employment in todays high tech companies usually (always?) requires the employee to give up some of his rights. For example, the security guard at the front desk might ask an employee who is leaving late in the evening if he would mind a quick look in his brief case. The employee can allow the unreasonable search or not, but to say no means termination. The employee agreed when he was hired, to allow the security guards to search his bags when they saw fit. Saying "no" translates to "I don't want to work here anymore".
No one 'stole' the protection from unreasonable searches from the employee, he GAVE that right away, in exchange for a pay check.
Biometric information and a company's use of said information will fair no better than the constitutional rights of it's employees.
Above comment is personal opinion. Poster is not a spokesperson.
I don't know about you but this sounds a lot like the "mark of the beast" mentioned in the bible. I know the bible mentions the mark of the beast being something like a tatoo; but who knows?
On the upside it might be harder to conduct identity theft if personal authentication is based on biometrics.
This story is a "red herring". Suppose a breakthrough law is passed, allowing all U.N. citizens to own their own biometric data. All of the sudden, consent forms appear everywhere, and you are required to consent to the ownership of your personal data. Persons rejecting this deal would not be able to do business with any of the institutions required in daily life (banks, drivers licenses, etc). Nothing would change.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
If you have done nothing wrong, you having nothing to fear from the gestapo. The gestapo are just doing their jobs as instructed by the fuherer, and the fuherer is just trying to make the country more secure. And if you don't care for the fuherer, you probably don't care about the homeland, and should find somewhere else to live.
In the recent film, "Minority Report", to stop authorities from tracking him, Tom Cruise has back alley surgery done to replace his eyes. This is the perfect anecdote to explain the paradoxical nature of this question. First of all, since this is not possible, your biological data is with you forever, and so the tossing around of your biometric data is something to be concerned about. On the other hand, for exactly the same reason, this means that, unlike data such as Social Security and credit card numbers, biometric data can't be used for identity theft. Although it is scary to have another person own your personal data, there's not much they can do with it.
Today's Sesame Street was brought to you by the number e.
Unlike physical evidence... evidence based on biometric data can be introduced into the system AFTER the scanner itself. For example... as long as someone knows your iris or fingerprint, they could offer a digital file directly into the system, bypassing the sensor, that would make it look like you had used that system.
It will be difficult for courts to find people innocent, if computers *record* your iris, fingerprint, etc... and show you accessed something illegally... even if there is no physical evidence.
Guilt based on data is not a good solution to me.... and quite frankly scares me.
I'm wondering if this harvesting and collation of data about our public identities (telephone number, SSN, iris pattern) will actually devalue the worth of any individual's data, making it worthwhile to actually make sure your personal data are widely disseminated rather than kept secret.
:)
First off, the information that makes up your public identity is becoming so commoditized and per-person value so low, I'm wondering if the (so far) sci-fi concept of "micro-marketing" (individually tailored ads that know your name and your tastes, etc.) will actually be cost effective. When you take into account the inevitable transcription errors (how many times has a telemarketer gotten your name wrong because it was misspelled on her list?), the cost of programming individualized ads, etc., versus the actual return on that investment in the form of your purchase of advertised goods/services, will it work out to be a money-making proposition? Or will classic advertising techniques, brand identity, and so forth, continue to be the most cost-effective?
Second, as your public data becomes ever more commoditized, will identity theft, or simply mistaken identity, become more commonplace? It seems to me that as it becomes easier to acquire and use someone else's public identity data, the reliability and hence the value of any given individual's public identity data goes down.
Am I way off base here? Or rather, just how far off base am I?
See the film Gattaca. It's an intriguing story of what could happen to society when biometrics is ubiquitous and cheap.
One thing that deeply concerns me is that fact that unlike an Email address, a physical address, or a P.O.Box, one cannot simply change one's retina, fingerprint, or DNA (well, maybe in the future, but not for some time).
This means that once someone gets a hold of my biometric data, that there is nothing I can do but receive spam, sales calls, and god knows what else FOR THE REST OF MY LIFE!!!
This obviously is not a good thing from whichever point of view one decides to look at it.
So what is my proposed solution: Everyone I give my biometric data to has the right to use it for a specific purpose I have to agree to (i.e.: track my working hours and let me in into the building) and NOTHING ELSE. A law has to be passed and heavy fines should be given to those that break this simple rule.
In other words, you use my data for ANYTHING and you have to prove that *I* gave you permission to use it for such specific purpose.
Addressed to where? Directly to your brain,
localized via GPS based solely on your
biometrics?
Considered harmful.
One thing to keeo in mind about this is that biometrics are already used, in the workplace and society, and have been for decades. I refer, of course to fingerprints. As an employee, your fingerprints generally only come into play if you work in a secure field (government, police, security) so you choose to give up you data in order to work in the field.
The difference between fingerprints and retinal scans is one of resolution and number of useable data points, not one of scope. This topic cleverly combines two issues and suggests that they are the same.
Issue one: Should biometrics data use become more common? Right now, only secure fields use these technologies. There's no rational reason for less secure businesses to employ such technologies, but that doesn't mean that they won't.
Issue two: Should biometrics data be transferred, traded, made publicly available, etc.? Again, there's no reason why it should. In fact, disseminating biometrics data reduces its usefulness for security, as it opens the possibility of the data being compromised or copied. However, again, that doesn't mean it won't as the modern economic model has a feed of itself mentality.
The important point I'm trying to make, though, is that these two points have to be dealt with separately. It's not enough to say "Biometrics bad. Open source good.", the issues have to actually be dealt with.
Frankly, I don't think a lot of people, even here, would have a problem with the issue had the question been phrased: "Do you think that those industries who currently use use fingerprint data should migrate to retinal scans for increased security?". Or perhaps the original question should have been "Do you think that the use of fingerprint indentification should become more commonplace, and how should it be regulated?".
As always, language dervives thought, and misuse of language sends the wrong idea.
"Omnia quia sunt, umbra sunt."
See this article. If someone can get your fingerprint, he can make a "fake finger" out of gelatin with your fingerprint on it, put it over his own finger, and then eat the evidence.
Mostly I read the garbled rantings of my fellow slashdot comrades secretly shouting at idiotic comments and hoping they will not reproduce as well as ghost high-fiving those deserving a happy meal at Mc-E-D's. Not so this time - I felt obligated to speak out on anything type of information that can be collected that has to do with my finger prints, eye retina, or DNA:
How can anyone endorse this type of technology when the political and corporate powers to be have no moral boundaries in regards to personal information. Who will control the data? who will guarantee that the data is correct? Who will enforce laws concerning this type of technology? Who has the moral leadership to protect their power from their own organization. We as a society and as a species discriminate against each other based on our skin, religion, sex, weight, height - so how can we be responsible enough to handle this type of data? We can't - not at this stage...
And as for those of you who endorse a government-funded clearing house to store the information and then provide access to who ever they choose, I can't find a better reason for you to stick your head under the wheel of a Ben and Jerry's Ice Cream delivery truck other than the comment that the government can be trusted.
His magic box will steal your soul.
--Blair
It's HIPAA (Health Insurance Portability and Accountability Act), just so you know.
Finkployd
Teh only full of themselves is you from the simple fact that after all of your ranting you missed the basic and simple point of my argument - which is that we live in a system where the only real input any of us has is a single punch in a card once every four years!. That means that over a lifetime (say 60 adult years), we have only 15 punches of input that determines (if at all) our entire political climate. I and just about everyone I know had absolutely no say in the Patriot Act, the DMCA, the suspension of Habeus Corpus, the errosion of privacy rights, the copyright extension act, and thousands of other laws now on our books. To put it simply I'm living under a set of rules I an infinitesimal choice in. That's tyranny brother.
www.enthea.org
When....
.. My point is simple: It could be a whole hell of a lot worse than it is. If you feel strangled now, might I suggest a trip to the far east? China is a nice destination. So is North Korea. Perhaps even a little closer to home, try the near east, and almost westernized Turkey. Try Nigeria or any of a number of central American countries where the public is oppressed by multiple factions, including the police force.
When we have police check points every 20 miles and are required to have the correct paperwork to cross the checkpoints, it's a police state.
When we no longer have any say in anything, it is a police state. (We still get to vote on politicians and referendums, and no, just because the guy you want to vote for lost, doesn't mean it's an unfair system.)
When we are told at the tender age of 6 or 7 what our life long career will be, it's a police state.
When we are told what we will buy with what little money we have, it's a police state.
I, too, am concerned about our privacy and my bio-data influencing insurance decisions, job decisions, etc. That don't make it a police state. Why does everything have to be extremes on both sides of any issue?
GP
Disclaimer: IANAL, but I do take the trouble to read all the fine print.
NDA means "Non-Disclosure Agreement". These are common when corporations do business with each other, but rarely used by individuals. So far. We should change that.
What you can put in it is an agreement where the corporation agrees that all your personal information - name, address, biometric info, the details of the business you choose to do with the corporation, the name of your dog, etc. - explicitly remains your property. You can also say that the corporation has no right to sell, trade or otherwise disclose this information to any third party without your prior written consent except where such disclosure is required by law.
So what happens if the corporation breaches this agreement? Here's where your lawyer can get really nasty. You can set penalties in the agreement. You can set the minimum amount of money they must pay you as damages - $10,000 to $25,000 is a good figure - and stipulate that if actual damages are higher they must pay the higher figure. You can require the corporation to undo the damage at their expense, with more penalties if they don't comply within a certain fixed time. You know how hard it is to get off a list once you're on it? Make it THEIR problem - they do the damage, they fix it.
Muhahaha.
To save on legal bills, get your lawyer to draft a single standard agreement that you can use everywhere - your employer, the bank, anywhere you do business. Take back control of your personal information.
Of course, there's no guarantee that this will work - corporations think they have the right to sell your personal information for whatever they can get for it - but there's no harm trying. You might even make some money off it.
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Was watching a National Geographic Explorer show this weekend about how they used a photograph taken twenty years ago to prove whether or not a woman was the same person as the girl in the famous Afghan Girl photograph. The article is here. One of the interesting aspects was how they used iris scans to determine if the women they had found was actually the same person as the original girl.
While I'm not a big fan of giving out even more identifying info, it'd really depend on how the info is used as to whether I'd object or not. Think of it this way:
Scenario 1: Your employer uses your social security number (or employee number or whatever number) to track you, so you're already a number. They don't use your identifying number (I hope) for much of anything other than keeping John A. Smith's records separate from John S. Smith's. In this manner, your personal, individual number is strictly an identifier, not to be shared with other parties.
Scenario 2: Your address and phone number was sent from your university (via your student financial aid, FAFSA, forms) to various telemarketers aimed at young college students (who are already in debt up to their ears so why would they need a a credit card thankyouverymuch?!) This kind of information sharing (your FAFSA form, which contains your address, social security, income, etc.) is, I think, highly questionable.
Yes, I realize that the retina scans aren't as easy to change or to fake as a social security number (which can't be easy to change either), but most people keep a single social security number for their whole lives. What's really the difference?
"Two things are infinite: the universe and human stupidity, and I'm not sure about the former." -- Albert Einstein
I think eyefish has a point. You don't need a GPS device wired to someone's brain to track him. Remember that in the future if biometrics become commonplace you will use your retina (for example) to pay for your food, make money transfers, enter concerts, and rent your apartment. And once someone has got your biometrics, all they need from anyone to track you down is your biometric information and nothing else. In other words, if they get a hold of my biometric information from my landlord, then they will inmediatelly know who I am, and should they follow similar strategies to find out what I shop, what I eat, etc, then eventually, little by little, they will get a whole lot of information about myself. And then there is no way (like the eyefisah says) for you to "go back" and start all over, since information will simply accumulate, without you being able to "swap identity" and start again with a fresh and spam-free life.
Insurance companies will say "you have the cancer gene, so we can't insure you". Employers will say "he has the lazy gene, so we'd better offer him a low salary." Statisically they may have a point, but I think this would be unfair discrimination. People can overcome genetic tendencies with lifestyle changes.
Someone else mentioned it, but I think it's worth another post. How does this differ from fingerprints? I'm not saying you should get over it because fingerprint information is already some common. I'm saying that we don't have to wait before biometric data becomes common enough to worry about. It has been a common means of identification for hundreds of years. It's only recently however, that the methods used to store, catalog, and compare fingerprints has advanced enough to make it a concern to large groups of normally law abiding citizens. So, let's put aside the "We'll deal with that when it gets here" attitude and let's discusss the problem that we have already.
THIS SPACE FOR RENT
Who modded this down as flamebait?
I'll have your balls in a vice when this comes around in metamod!
Mirrored glasses. :)
Once you're no longer employed, they MUST toss it out. It makes no sense otherwise.
And if I was running a bank or other enterprise that needed security, I wouldn't buy somebody else's assurance that the data in the ID file was REALLY the individual's unless I could trust them even more than my own eyes, ears, sense of smell and research.
Okay, maybe AFIS system
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Biometrics are data. Any data can be compromised. If your password is compromised, you can change it. If your credit card number is compromised they can give you a new one.
What do you do if your eyeball pattern becomes compromised?
A few years ago, someone where I worked had "photosensitive" glasses, that became dark when exposed to sunlight. His boss came in and noticed the glasses were dark. At 10:30 in the morning, this meant he had just came in from somewhere he shouldn't have gone to...
Hey, I haven't received any of those! Please, forward them to my e-address: billg@microsoft.com!
They have had your fingerprints for years now.
Great Linux Site
If you're wondering what will be done when MORE information is collected, just look at how much is collected now and what happens with it.
Granted, "they" blew it with the terrorists (or did they? 'nother story...), but how much info did they dump into the public media within days of the event?
What about the guy in Utah who was parked down the street from the house where the 14-year-old girl was kidnapped recently?
If ever there is a situation where you or someone with similar characteristics has done something to warrent attention, you better believe your prints, your iris scans, your blood samples, your dental records, all of your emails, the contents of your web cache, any deleted files on your hard drive, and every dirty little secret you ever had will be open for review.
And that's just if you're "not a suspect."
Things are just now getting interesting...
Nobody wears gloves to prevent their fingerprints from being recorded without their permission.
Then again - there's no way to perform that cheaply and easily.
But Mega-Corp, with its 100,000 employees could probably very easily have another company score its employees on likelihood of having smoked, used drugs, etc - all based on changes to retina images.
Why should you care if you're innocent? Hmmm, where have we heard that before.
"Certainly, sir. I hope you didn't need that credit card, car loan, job, health insurance... etc." .sig file, a LOT of sacrifices must be made, to the point of being unbearable. That's the way the system is designed. More power to you if you can fight it.
In such ways do they steal our freedom, one "need" at a time... In order to follow the philosophy in my
Freedom: "I won't!"
how much does a fingerprint cost? cool if I can punch my thumb everywhere and get a few bucks each time!!
This is a serious problem. If word ever got out about my enormous shlong then the amount of envy caused could wreak havoc.
Of course they will use it otherwise. Your bank
will get your biometric data which includes your
DNA and that will be shared with their insurance
co "for a better rate". They might already have
your DNA; were you in the military?
Sooner or later, they will check
it BEFORE you get hired. Sorry, you don't fit
the profile for the "benefit package".
Your data will be in the big Homeland Security
engines. See here, it says your are a terrorist
and this is YOUR eye scan. No, they won't be
able to cross reference it to your email, cc
purchases and cell phone locator. Where did
I put that swamp?
Or maybe your local supermarket will start using
it for checkout. Now your local police can pull
up a list of people who bought beer and cross
reference it with accidents that day. It's all
good, right?
Not necessarily. In dealing with companies/local governments with unions, it would have to be "in the contract".
Secondly, my employer's office is on an upper floor of a public building....so in the almost-impossble event I would leave work at 7PM one night & the building security guard asked to look thru my briefcase, a refusal wouldn't mean anything.
The biometrics (so far) are all based on optical recordings or measurements on your body, so why not do what models and actors do? Claim copyright on everything, from fingerprints to retina patterns. Then no one can make copies for business record keeping or enhancing the business of other companies without yur permission. And think about copyrighting your DNA too.
I have three problems with this: (1) Why use Iris scanning? Your Iris is the colored part, easily changed by contacts. Your RETINA - which good old fasioned Sci-Fi always scans - would be much harder to fake. (2) You people who don't think this is a big deal. Well it is. When you make a new UserID at some site, lets say www.disney.com, you enter your name, your email, etc. Then you click over to www.pr0n.com and what? Your name and email change? Oh well, guess the advertisers can't track you. Well if you emptied your cookies they can't. Anyway, with retinal scans, they could have one ubiqitous ID system for everyone. Everywhere you go, your can be tracked by your unchangable retina. They would know about everything you use your credit card/retina card for. (3) But, if this were to actually happen, why has it not happened already? Fingerprints are almost as unchangeable, plus the technology is already there, the databases are there, it's cheap, and you can't get pink eye from the finger scanner (unless you like to stick your thumb in your eye). Just my 3,000,000 rubles.
http://www.mistersampo.com
Hrm... it seems to me that if my iris code is publicly available, it won't be that difficult to make an iris scanner *think* it's seen my iris. Just a bit of creative recabling, a couple of breakout boxes, and a dumb terminal, and you should be able to make the security system think the scanner just sent in your iris code. This wouldn't be too hard, unless the system has good security.
Riiiight.... who wants to bet Microsoft will be in this business before long? No takers? Well there goes our security.
The only way to stop this would be something I saw mentioned QUITE a while back, with digital signatures - pen-based that is. Supposedly, if the system ever saw the exact same signature data, it'd immediately ignore it. It's not possible for a human to PRECISELY duplicate their signature, at least not in a way that looks the same to the scanner; the only possibility then would be that the signature data had been stolen and re-used.
As far as the privacy concerns, it's too late. We lost. Get over it. Your address is already long since out there, and personally I think it's more trouble to have my phone number out there than my fingerprint. It's not too easy to make telemarketing calls by knowing your iris pattern now is it?
Save time now so you can waste it later
I know what you're thinking, biometrics CAN'T change. Well, mine are changing. Specificly my retinal scan. If you look in to my posting history far enough, you'll learn that I have a retinal eye disease. As part of my disease, as the retina degenerates, the way it looks changes. As more areas get pigmented, I'd imagin that my retinal scan would be different.
Now, at the moment, I can still drive. If I were to have gotten a retinal scan when my license was issued, and a cop pulls me over now, I don't know if my ID would match up to my retina. What happens then? Do I get ticketed for having a fake ID? Do I get charged with a fellony? Do I get branded a terrorist? So perhaps, I have to go to court, and prove that I have Retinitus Pigmentosa. I don't mind having people know that, but some people don't want that information in the public record. What do people like me do in a situation like that?
There are exactly 42,935,718 letter sized sheets in a square mile.
If you think that crooks cannot cheat banks using finger prints you're naive.
... out there.)
If you think biometric info will deter hard core criiminals you're ignorant.
What all these measures do is prevent petty crooks and inconvenience ordinary folks. The kind of criminal everyone fears will actually find life easier as we will all get complacent under this illusion of better security.
Ever wondered whether there is a trojan in your computer system that no one knows about?
(this is my greatest fear not the copy-cat virii, worms
Just imagine a comptuer user without an AV product (BTW they don't protect you but that's another story) that user always has this nervous feeling of vulnerability and takes more careful steps when accessing email..e.t.c.
When he/she finally gets an AV product installed they get more daring, start using Outlook e.t.c since they are protected. That is until they find out they have to update it periodically.
All this increased security is a waste of time b'se the guys who we all want to stop are actually gonna have an easier time.
Yes, I know that a lot of you seem to dislike the idea of unionism, but when employers start to pull this kind of crap wouldn't having the employees organised so that they can put pressure on employers to change policy (if they refuse to listen to common sense) be a good thing?
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Well, in high tech, 'it aint that way son'.
You say no, there's a big stink, and in the end...
you loose your job. You see, you have a right to say 'no' and your employer has a right not to require your services any longer. And yes, it's 'in the contract'.
Above comment is personal opinion. Poster is not a spokesperson.
I supprised when the guy at the gate to the magic kingdom in florida would not let me in even after a bag search and my ticket going through the machine.
I had to place two fingers apart in a device above the ticket machine and then, following an LED patteren, open and close my fingers.
When I quized a useful chap at Epcot he noted that it was a finger print system to track individuals in differnent parks (so kids do not wonder off etc), but in turn they were tracking employees.
After ringing in ill one morning said bloke had to travel to work to pick up a pay check to purchase drugs, but security was called and he was dragged to the boss's office to explain why he was in the park on a day he reported ill.
I still do not like they have all these finger prints !!
p.s. he also noted that Disney has its own imergration center !!!!!
Welcome to Gatacca!
Welcome to the Voight-Kampff test.
Identity Theft just became a hell of a lot more difficult to disprove.
What ever happend to good, old-fashioned Trust?
Have things degraded to the point that everyone is assumed to be lying until proven innocent by a Biometric test?
Retina scans? What about the Blind? How do biometrics work vs. the handicapped? Retina scans may not work vs the blind? Hard to look at the dot if you cant see it.
Facial recognition?
What about your Evil Twin? (to the tune of TMBG)
Keyboard / Handwriting biometrics?
Sucks if you cut your finger. Significantly changes both
Voice recognition? Being hoarse is enough to throw those off.
One thing to always bear in mind. Unless you've committed a crime in the United States your fingerprints should not be on file.
Why not just go ahead and 'chip' everyone? Heck, lets just tattoo everyone's social-security number on their right hand or forehead?
"Those willing to trade Freedom for Security deserve neither security nor freedom" -- supposedly Benjamin Franklin
Did anyone went and figured out whether it's possible to restore the fingerprint/iris image from their features stored in some authentication DB? I guess not, so that's the point. Or you think that they match your fingerpints as simple images?
You could also look at this from the other side. If data become compromised, they will become useless. If a company uses iris scans as a security measure, and it becomes public knowledge how to by pass this security scan, the company losses this way of protection. In this case it will remain in the companies best interest to keep data secure.
Biometrics is difficult (close to impossible) to fake today, that's why they are used. But even fingerprints may be bypassed today. Some fingerprint scanners can be bypassed if old fingerprints may become attached to the plate. This is often seen in science fiction movies, but its not only fiction. Some scanners may be fooled. Iris scans can only be fooled in fiction today, but what about the future. Others talk about breaking into the database holding the data, and that's definitely not fiction.
The issue raised here is not the technical aspects, but the aspects of selling or compromising registrated data. As I stated first data become worthless if they are compromised. The more these data becomes a commodity the higher the risk of them loosing their value. And unlike addresses, phones etc. these are unique data. So it's like our nature resources, once they are used (compromised) they are no more. When we have drilled up (and compromised) all biometric values, we have no more a way to ensure a positive identification. This may not happen today (DNA biometrics will probably be secure for a long time), but in the future it may not...
But just as with the nature, just think about oil, we will se exploitation of this resource, and in time it will become invalided. That's capitalism! Now I sound like a "tree lover" but I'm not. I'm just focused on mechanisms in human behaviour.
We need a way of positively identifying people in certain cases. Now we have this unique resource and we should take care not to exploit it. This require "intelligence" over "human behaviour".
-:) Oh no - not again.
www.rednebula.com
What if you line up a 737 planeload of passengers, and demand a retina scan prior to boarding , people breathing , sneezing on something that is going to stuck near yor eye (and ENT), lor help you if the previous person was infectious. Adding a plastic sanitry sleve over the eyepiece, will add another hour to check in times, more if people fumble removing contact lenses - or the lense needs de-snotting. Palmprints are bad enough, when you consider how many do not wash their hands after...
Privacy wont be an issue when people en mass reject slow, dodgey toyish gimmicks, that are a conduit for exotic germs.
Wonder if the scanner at the other side will match alcohol bloodshot eyes after pigging out on the duty free.
First of all, the article said "Iris Scans". The iris is that part of the eye that has the color. It can easily be fooled by colored contacts, which many people wear. How is this any kind of security. Second, even if the article had stated "retinal scans", I think this likely will never catch on, as it requires one to place their eye against some sort of reader. This is not only inconvenient, but it is also a relatively slow process (at least at present, as there are alot of variables involved). All-in-all, I think that these sort of recognition systems are quite a way off, if they are implemented at all. I tend to believe that the more likely options are face, fingerprint, and body chemistry recognition systems for business security, but expect that even those will be less likely than the old standby of a simple key system or something akin to SecurID (see the DOD HPCMP page).
I used to be a teacher & you have to go get your fingerprints taken & a check run before you can begin. I think this is a good thing. The thing I thought was funny was when the report comes back, instead of just saying "We found no convictions" or something, it goes down a long list of infractions saying "So-and-so has never been convicted of running a house of ill repute" etc. There were about 4 pages of these, some of which sounded pretty obscure.
Unfortunately, everyone mentions the use of fingerprints and other biometrics in order to gain services. Some states require fingerprints to be stored for physicians. I honestly do not remember if it was South Carolina or Minnesota since I was licensed in both states at one time (I let my MN license lapse because I never go there). Biometric data are being required to even allow you to obtain certain licenses under the guise of protecting the public by providing a means to identify the license holder. Fingerprints are required for concealed weapons permits as well How much longer do you think it will be before you need to be fingerprinted or submit to a retina scan to get a drivers' license or a marriage license (don't even get me started on the idea of a 'marriage license')?
"Iris Scans", which is what the article stated, are scans of the colored part of the eye, not the retina. These can be easily fooled by contacts, and are therefore an unlikely security mechanism. But none of this is even an issue.
The point is that there will not be stored images of your iris, retina, face, or even your DNA, at least not for the purpose of identification. That's not the way that security systems work. Security systems will only store enough information to uniquely identify you. Here's what I mean with regards to the particular systems currently in development:
Retinal scans are difficult and presently relatively slow and cumbersome processes. I expect that if any sort of retinal scan technology is ever implemented, it is a long way off, if ever. Retinal scanning presently requires you to immobilize your head in a fixture so that the system can take a picture of the INSIDE of your eye. Only then can it match that based on identifying points to a record of those key points. It is not likely to store a complete image of your retina, just those identifying structures, which means that it would likely only be useful for ID purposes. For instance it might store the image of a reference point as a "key", and then indentifying structures would be referenced from that. For example, ref #1 is 240 pixels from KEY at 270 degrees (compass direction).
The same is true for face recognition, which only stores data-points in regards to facial feature locations. In the future, I suspect that these would be further reduced as an algorithm which can be used to recreate those features. These will not be actually images of your face, as that would be entirely inefficient. No system will likely store all of the information needed to recreate the owner even in a general sense.
Even if we develop a "DNA scanner", it would be ridiculous to store the gigabytes of genomic data for a single individual, just for the purpose of security. Those systems would work just like every other system, storing only the combination of points necessary to identify the specific user. And as I stated before, these would likely be reduced even further to an algorithm of some sort.
The other particular aspect of this is that many systems will need to work remotely. That means that unless you want to install these systems in remote locations, then the process is pointless.
With that said, I suspect that any sort of future security system will likely incorporate some sort of simple key system, perhaps combined with one of the above technologies (I tend to think biometrics is the likely candidate at present). Even the DOD HPMC uses SecurID and is satisfied. My personal suspicion is that we will likely have some sort of biometric-keyed SecurID card with the scanner in the card. The card will use the features of the scan to create an algorithn used to encode a password, and the controling system will use it's stored user id algorithm to decode that password to use for access. If the algorithm or password don't match that of the user, then access cannot be granted.
my finger prints get scared alot, but i suppose if they were to be scarred, people would have to identify me by my iris
|---------------|
practically an AC
Face it we own NOTHING! Not even our names, genes or biological info--and it's getting WORSE! I'm starting to fit out my sailboat and git while the gittin's good!
If we are truly moving into an age of intellectual property, why shouldn't individuals be able to copyright and license their biometric data? After all, who else should own the rights to your DNA, or products thereof, other than... you?
They can trade my iris print all they want, as soon as we settle on a price. How much are they offering me for my biometric data?
:-}
Wait, I guess that my parents are the ones who hold the copyright on my phenotype, assuming they haven't assigned it. If e.g. my bank copies the data without a license, can it be sued under the DMCA?
Western societies have used the signature as a mark of personal acceptance or identification on legal documents for centuries. I see today's discussion of biometric information ownership akin to discussing the ownership of the signature before establishing the fact that the signature is legally binding. Cart before horse, if you will.
Cheers,
-- RLJ
Newsflash: TechXNY, supposedly a technology show, requires attendees who pay for their admission to supply the last 4 digits of their social security number to verify their credit card info during the online signup.
Combined with info located on other sites on how to breakdown social security numbers (beginning numbers are social security offices and area locators), and the info supplied during signup, crackers now have all the tools they need not only to steal your credit card info, but your identity as well.
God bless technology and TechXNY!