Slashdot Mirror
Iris Scanners in Canadian Airports
Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."
As far as I know, schiphol airport has had irisscans for a while now. See for example this article
If I take them out, they'll Xray those too, and I never had to look for a lost contact on an Xray belt before, the floor is bad enough.
Schiphol has been using iris-scanners for a couple of months now. Check it out: http://houns54.clearlake.ibm.com/solutions/travel/ trapub.nsf/detailcontacts/ibm_signs_agreement_with _schiphol_group
The glass is half-full. With poison. And there are cracks in the glass. The dirty, dirty glass.
"We've used the latest in biometric technology to confirm that the passenger manifest is accurate. You are cleared for takeoff."
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
The next thing we'll see are precogs preventing violent crimes.
There's never enough when you have too little
As long as Security measures have to take second place to privacy concerns, the terrorists will win.
Go ahead and flame me, I'm wearing a +2,+2 asbestos suit.
they are completely voluntary
yes, until more and more people have gotten used to do it. When the majority is doing it, I'll bet it will be mandatory for every passenger.
Its called the boiled frog syndrome.
Personally I've no experience with this scanner. Can anyone who tried share thie experience? BTW, could they be beaten by wearing some hacked contact lens (as in cheap action movies)?
This is the funniest signature I could ever think of.
Biometrical systems are hard to fool, but it is not impossible.
I hope that they have a proper system with personal digital (hard to hack) ID cards and such to make sure that it is foolproof.
My friend contracted an eye-disease when he used a telescope, one of those peek-a-minute-for-a-quarter machine. We suspected that his eye-lash came in contact with the bacteria left by the previous patient.
His red-eye recovered in a week after medication.
So long as it's a voluntary system, that's a great system and I applaud it.
One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:
(1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.
(2) [More recent] To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.
Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.
Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister.
My concern with all of these schemes is that if someone gets hold of your biometric data it may be passible to spoof the device in some way. At least with a password you can change your password if someone gets hold of it, but with these schemes, if someone gets hold of your data there is nothing you can do about it. Probably not an issue for this application, but I see it suggested for things like ATM machines or access to building (where swipe cards are used now) where they are used unattended. I expect that if these devices become widespread then someone will build a device to spoof them. and once someone has got hold of your data there is nothing you can do about it
Sig is taking a break!
Apparently, people could fool face-scanning systems (yes, I know they're different) with photos or video images. It doesn't actually say how to fool iris-scanners - but suggests that the trial wasn't convinced of their greatness.
Still, at least they're not going to use fingerprint scanners at the airport as they think they're too easily fooled - the BBC article reckons you can fool those by breathing on them.
I'm not sure whether this kind of security is best placed in an airport - fine for lower-risk security such as getting into your office block, or maybe even for your home burglar alarm - but at an airport with (potentially) massive numbers of subscribers to the system - sounds like a poor idea.
Everyone who has seen the "Demolition Man" knows how to bypass these things...
-- Reality checks don't bounce.
The machine flashes an LED to make the pupil of the eye expand and contract. It then takes two readings of the iris and compares them to the records on file.
Dead eyes don't have working pupils.
... Well we've only got an SGI Indigo2 in our office. If I needed to take it on a trip to and from Canada, would it be compatible with their Iris scanners? ;-)
My source is found right here.
N/T
s200.org - visit it (me), love it (me).
And what happens when people realize that all they have to do to get around this is pluck out someone's eyeball?
Puts the phrase 'an eye for an eye' in a renewed perspective, now doesn't it...
-1, Disagree is not a valid option. Troll, Flamebait and Offtopic are not a substitute.
Sure we are using the irisscan program on schiphol airport to bypass customs.
There is however an security risk with this system that can not be solved by placing the scan equipment next to a security officer.
The scan of the iris is kept on personal digital medium and not on a central server due to privacy laws in holland. When a visitor arives he presents the machine with his card, look into the camera and the machine verifys that the presented iris is the same as stored on the card.
The problem with this is obvious. Hack the card, upload youre own scan and you can get access while using the name of someone else.
Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.
Greetz,
Bas
Real programmers don't document.
It was hard to write so it should be hard to understand.
Anyone got an email address or fax number for this Iris Scanners bitch so we can tell her where to go?
The site goatse.cx is running WebSTAR/4.4(SSL) ID/75348 on MacOS.
I wonder why they think that same principles as with system security for example don't apply to airport security. If Iris scan, or anything targeted for only a single group, prooves less secure than the strongest practise in use, then the ones who want to break the security will go trough the weakest policy. Or?
I can hardly believe this... Presumably the machine uses some private key, but once that is hacked, people could create their own cards... it would be as secure as a black&white passport on plain paper: everyone could print their own on their laserprinter at home.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
... most iris scanners are configured only to work on living eyes. Primarily because its harder to fake a living one (rather than just using a very good glass eye), and also because it removes the temptation to do what you suggested.
How is scanning an ugly plant going to make things more secure?
Geez. What will they think of next?
Hrm.. wait.. maybe I shouldn't ask that. They might just go straight for the anal probe.
These things can be spoofed pretty easily because they generally do not verify very well what they ought to verify: that they are looking at a live iris, not a contact lens. Worse, such contact lenses can be manufactured from photographs taken without a person's knowledge.
And "being completely voluntary" doesn't mean something doesn't invade someone's privacy. If you are being tracked, your privacy is being invaded--the only question is whether the invasion has other bad consequences, now or in the future. A lot of these mechanisms are well-intentioned when they start out, but future politicians figure out how to abuse them.
Furthermore, putting unreliable biometrics somewhere greatly increases my risk that my identity is being stolen (see above), and I certainly consider that an invasion of my privacy. I'd much rather have a hard-to-duplicate physical token--if I lose that, I know it, and I only have myself to blame.
Linus Torvalds is once quoted as saying, 'Iris scanners in airports are a really bad idea because people's privacy will be invaded and that is not good.'
I, for one, agree. I don't think iris scanners are a good idea in airports because the invasion of the right to privacy of people in the airport is not good.
One of the major problems with iris scanners is light refraction. The way iris scanners work is that they send out dense beams of infrared, and when they reflect back a pattern that can be recognized as an 'iris', this pattern is then stored and can be compared against a database of iris patterns.
Few quiche eating Pascal programmers and Mac users would realize just how inaccurate this is. Everyone's eye has a different surface, and if the IR ray enters from different angles, different distorted iris patterns can be reported. This is why scanning the material that controls the entry of light to the eye would be more accurate, since this is not affected by these scientific properties.
mogorific carpentry experiments
so how far away from minority report scanners are we ?
I can't imagine having to do that. Why should I have to tell a government how much money I spent whilst out of their country? ...even if I am one of their citizens.
I'm from the UK and have travelled quite a bit, but never have I been sugjected to such a stupid idea.
Just store a hash instead of the "real" data.
Free as in mason.
What if someone doesn't want to use the retina scanner, wouldn't that look suspicious in itself? And they already know which flights I take and can register that to their hearts content. So why would I want to refuse to use the easier way of a scan?
I can't help it, but it gives me the fealing that only those who are dishonest for one reason or another would fear a system like that. I hardly think that it would make us pawns or something like that. Then go worry over the goverment instead.
Hack the card, upload youre own scan and you can get access while using the name of someone else.
:) You do have a good point in your post :)
:)
When unsure about whether it's your or you're, make dead certain you get it wrong by combining the two =)
Sorry
oh.. it's your btw
May we live long and die out
It only matters if you are bring back the products that said money was spent on.
It isn't about how much you spent, it is about how much stuff you are importing.
Michael
"they are completely voluntary and cannot be used to scan without a person's knowledge" ..So is the brethalyzer test, but go ahead and try to NOT take one.
Don't Tread on Me
... would I have it? Are you kidding! I would give my right eye for one of this babies! ;>
The Sig, the sig
[quote]People who sign up are expected to obey the law, as they have in the past," said National Revenue Minister Elinor Caplan, after unveiling one of the kiosks at Pearson's Terminal 3[/quote] What about people that have no intention whatsoever of obeying the law? What about the crafty people with the $5 biometric lens that lets them get around such fancy systems?
Now the terrorists can just become frequent fliers first. That way the eye-scanner approves them they can breeze through security when they DO carry a bomb on board.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I use the iris scanner at the front door at one of our sites. It's kinda cool, but it always bugs me that the voice just says "Identification successful"; it doesn't say who it identified me to be.
There's also a camera so the "hold up a disembodied eyeball" trick would probably be noticed, but I wonder how much attention the camera will get now that the responsibility for access control lies with the iris scanner. I think the main purpose of the camera is for confirmation after the fact. If the iris scanner says I entered the building at a certain time and I say I didn't, Security can check the video to see who actually had their eyeball there at that time, so someone who wanted to fool it would not only have to duplicate my iris, but also my physical appearance.
The iris scanners are replacing fingerprint scanners which drive people nuts with their low reliability. So far I have never need to be iris-scanned more than once, but with the fingerprint scanner, people often had to try twice.
Also, the fingerprint scanners are two-factor authentication methods (punch in a code, scan your fingerprint) and at some doors the list of codes is conveniently printed on a sheet taped up beside the scanner. The ability of users to turn two-factor authentication into one-factor authentication never ceases to amaze me.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
See why.
Making biometric checks at airports voluntary has two fatal and related problems: 1. As long measures such as iris scanning are voluntary, they won't actually do anything useful for security (is a terrorist really likely to voluntarily submit?). 2. If it starts out as a voluntary scheme, how long before airlines begin charging more for passengers who do not submit to voluntary checks? Or maybe they will lay on discounted 'biometric checked-passengers only' flights - cheaper to insure surely? When it comes to a choice of cheap flights, the refuseniks will be in a tiny minority, and the technology will become effectively compulsory.
What are the "Background Checks"?
Those, who give up liberty for safety,
will lose both and deserve niether.
Real security, have Bowie knives next to the
oxygen masks. If the pilot feels threatened,
the knives pop out.
Then EVERYONE IS ARMED!!
I would rather be in a pack of wolves than
a herd of sheep.
Are you a sheep?
There are 2 things about this that worry me:
1. As someone already posted, these devices are very unaccurate. And I am not worried about people who are wrongly detected to be terrorists - I am worried about the opposite case. And from the current research it appears that there are a high percentage of false positives. In the range of tens of percents.
2. The other thing that worries me is that it's a dangerous trend. Using biometric data is much worse than passwords because
a) you can change passwords freely, but you can't change you face, iris or fingerprints. If someone spoofes or achieves these (mask-copy of face, holographic copy of iris, silicon stamp of your fingerprint) you're fucked for life.
b) The people who would want access to your biometric data are likely to be unscrupulous and highly motivated, and a very simple way of accessing your biometric data is by - killing you! Or crippling you significanlty, at least: cut finger(s), gouge eye(s), severe head off to make mask copy of face later on. I definitely don't want to become a person who has access to important things AND uses biometric access systems!
Sigged!
I think it's terrible that Canadian airports are scanning Irish people. Why don't they scan Scottish people? What? Oh, I'm sorry, never mind.
The technology has been in testing in Thunder Bay for a little more than a year now. (yes, before sept. 11)
For those of you who don't know, Thunder Bay is about half way between Sudbury and Winnipeg, on the northern shore of Lake Superior. (5-ish hours North of Duluth)
When your or I have to share pieces of our body, be they for scanning, probing, whatever for reasons other than things like an X-Ray by Doctor Bob for your broken toe, the place in which you live is no longer free.
Would William Wallace say, "Aye, you can scan me eyes all ya like" if he were alive today?
This is a country that has only 50,000 people in their armed services, maybe they should spend more money on that as opposed to iris scanners.
---- Berlin Brown http://www.newspiritcompany.
When a "voluntary" option becomes required for a necessary service or feature, it becomes a de facto "required". We aren't talking voluntary like signing up for frequent flier miles, here, but for getting on a plane (quickly). How long before the tech gets good enough and fast enough that everyone has to do it?
and once someone has got hold of your data there is nothing you can do about it
Well they can poke you in the eye with a stick...
I imagine that if your retinal scan becomes comprimised, you would just spend alot of time at the airport having extra checks done. Seems like smart cards might be a better way to go.
I am not a number! I am a man! And don't you
Unfortuanely biometric scanning (including iris scanning) is much better at invading the privacy of the law-abiding then it is at confirming the identity of those who seek to defeat it. Here is a VERY EASY way to fool an iris scanner.
-- The reader anything less than completely failing to not misunderstand this sig is cursed.
Bostons Logan airport is using some sort of facial recognition system. Its mandatory. The have a camera pointed through the metal detector. And their is new booth nearby with computers...
And this is a bad thing because...? Verification that airport staff aren't impostors, and making sure there's no outsiders there seems like a good thing to me. How is this an invasion of privacy or such?
Love many, trust a few, do harm to none.
..more than one of them had expired Visas or work permits, or whatever various document(s) let them into the country. So, in that sense, the scanner would detect that in the database, and the person(s) could be pulled aside, and detained, to eventually be extradited back to their home country(s).
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Good morning Mr. Yamamoto
Now, to prove you are who you say you are you swipe the card. You private key is compaired to your public key and verified.
Every six months, your key pair becomes invalid and you generate a new pair.
UNIX/Linux Consulting
We are taking our eyes off the ball. For example, after 9/11 the airspace over Camp David, the White House, and Crawford, TX, was restricted by new rules. This week, we learn that the new rules are being broken very often. What is the government's reaction to the rule-breaking? To say that they will fine pilots or suspend licenses when the rules are broken. Do fines and license suspensions have anything to do with stopping anything resembling 9/11? What does this system accomplish? Why can't the government do anything to increase security instead of simply increasing rules?
The United States Immigration and Naturalization Service (INS) has a system called INSPASS for speeding up immigration processing at airports. It is used for frequent business travellers. This isn't exactly the same security problem, since the people are coming off the airplane, not getting on, but it is similar enough that I thought I would post it.
From the INS site How Do I Apply For INSPASS:
How Does INSPASS Work?
Arriving at a Port-of-Entry, the traveler proceeds to an INSPASS inspection queue. There, the person inserts a card issued to them at enrollment to an INSPASS kiosk, similar to an automated bank teller machine. Automated inspection kiosks are not staffed, and INSPASS is only available at airports. Responding to messages on the kiosk's touch-screen display, the traveler is prompted to enter their flight number (certain persons only) and to place their hand in a hand geometry reader. Screen prompts are used to achieve correct alignment of the hand with the hand reader. The kiosk software automatically compares the live scan of the traveler's hand geometry biometric to the image captured at enrollment.
If the traveler's identity is validated by this comparison, an I-94/receipt of his inspection is printed by the kiosk that directs the traveler to proceed to U.S. Customs inspection. If this check is not successful, a screen message refers the traveler to an Immigration Inspector in a nearby inspection booth. Processing times of 15-20 seconds are typical, and times as low as 11 seconds have been observed at existing INSPASS kiosks.
As a note to those people suggesting that biometrics information, although difficult to forge, is not impossible (and subsequently your security system breaks down),
bear in mind that any good security system should require THREE things:
1. something you have
2. something you know
3. something you are
Think of a bank machine.. you have a card (1) and you know your PIN (2). To make such systems better, consider also adding an iris/hand/voice scan (3).
Using less than three criteria and you weaken the system. (people regularly defraud automated bank machines).
In fact many systems nowadays only require one criteria be met... a swipe card (1).
scary
This would have prevented the 9/11 attacks, how? Atta and his fellow terrorists made plenty of trial runs flying around the United States before their attacks. That's the sad part about a lot of the 9/11 aftermath is it would have done nothing to prevent the attacks yet it's being used as an excuse to implement all kinds of screwy privacy invasions.
Why should Canada defend your country? You're perfectly capable of stopping people at the border, so why don't you?
God save our Queen, and Heaven bless The Maple Leaf Forever!
What happens when you've been smokin some KB from BC?, Dude. You'll be busted for fuckin' red eye!
Ben Gurion airport (TLV*) has biometric passport control for Israeli citizens, but it scans fingerprints instead of the iris.
(* It's called TLV, but actually it's 30 minutes drive from Tel Aviv)
Slashdot community, please notice: I am looking for a girlfriend.
Nave H. Weiss
As long as you act like terrorists will strike at any time, the terrorists have won. Once burned, twice shy.
The simple thing is to not let terrorism get you down. Don't let people hijack planes, and be aware of what's going on. If people act suspicios, treat them with suspicion. But don't compromise the basic rights. People who sacrifice liberty for safety deserve neither.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
An iris scanner (or most any other biometric check) is flawed in a major way I think: It can only prove that the same person is at the scanner as was there to initially be recorded.
If I were to walk up to a ticket counter with forged documents (passport, driver's license, etc) and then be allowed to use the iris scanner, the scanner would associate me with the claimed identity. In the future, as I became a frequent traveller it would be even faster and less risky for me to board a plane with my false credentials, as they would no longer be needed. If I have to show my fordged documents to a person each time, there is a chance that nervousness, or some problem with the documents may be caught and I could be questioned. Iris scanning s
Will a 'frequent traveller' be put through a more elaborate background check before being allowed to board via the scnners?
Article X: The powers not delegated... by the Constitution...are reserved...to the people
PINK EYE
If Slashdot is where the spelling-challenged go when they die, I'm in heaven.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Ct (german magazine), in an older article from May has proven with simple but effective tools that all existing biometry systems can be fooled ! Here is the article in German and here a google translation. I would not trust airports using that procedure. A human identifying you is always much safer...
(And don't try to tell me that your .nu domain means that you're a native Niuean! :)
We all know that the 9/11 terrorists did not show thier ID or used fake ID information to board those planes, right? Right? Oh wait, that's right, they used thier real names. What a great way to make airports safer, solving problems you don't have.
"Your superior intellect is no match for our puny weapons!"
It's better to keep your mouth shut and be thought a drunk then to open it (and blow) and remove all doubt.
Cheers,
Backov
In the law there is no overlap between theft and copyright infringement whatsoever.
... Linux und seine Programme sind damit
so etwas wie ein real existierender Sozialismus der besseren Art...
-- Christian Seel in der Berliner Morgenpost v. 9.3.1997
- this post brought to you by the Automated Last Post Generator...