Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iris Scanners in Canadian Airports

Posted by Hemos on from the minority-report-where-are-you dept.

Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."

21 of 186 comments (clear)

  1. Canada is not the first? by VladDrac · · Score: 5, Interesting

    As far as I know, schiphol airport has had irisscans for a while now. See for example this article

    1. Re:Canada is not the first? by JaredOfEuropa · · Score: 4, Informative

      The article does mention Schiphol. The interesting thing to note is that Schiphol uses these devices to speed up passport control, not check-in or customs. For a fee, travellers can sign up for this program and bypass passport control completely. The scanner is placed next to the passport control booth so the officers can keep an eye on it, to help people resist the temptation to just hop over the barrier.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  2. But I wear contacts! by Crazieeman · · Score: 5, Funny

    If I take them out, they'll Xray those too, and I never had to look for a lost contact on an Xray belt before, the floor is bad enough.

  3. Okay, I'll bite. by Fat+Casper · · Score: 5, Insightful
    And this makes things safer how?

    "We've used the latest in biometric technology to confirm that the passenger manifest is accurate. You are cleared for takeoff."

    --
    I spent a year in Iraq looking for WMD and all I found was this lousy sig.
    1. Re:Okay, I'll bite. by Ripplet · · Score: 3, Insightful

      Yeah right. Presumably all the terrorists on the 9/11 flights would have passed this with flying colours, all having perfectly valid documentation and no criminal records? It might help jump the queues though, for those that don't mind being on YAGD (yet another government database), and also don't mind having to prove every year that they're still one of the good guys! Waddaya mean OffTopic? It was a joke dammit!

      --

      Skiing? Check out The Independant Skiers Portal

  4. Privacy or Security - pick one by surprise_audit · · Score: 3, Insightful
    It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff.

    As long as Security measures have to take second place to privacy concerns, the terrorists will win.

    Go ahead and flame me, I'm wearing a +2,+2 asbestos suit.

  5. boiling the frog by ard · · Score: 3, Insightful

    they are completely voluntary

    yes, until more and more people have gotten used to do it. When the majority is doing it, I'll bet it will be mandatory for every passenger.

    Its called the boiled frog syndrome.

    1. Re:boiling the frog by Anonymous Coward · · Score: 3, Insightful

      > Come off it.
      >
      > WE NEED WAYS TO IDENTIFY PEOPLE WHO ARE
      > BOARDING PLANES.
      >
      > If iris scanning makes this more accurate
      > versus a driver's license or passport, they can
      > go right ahead. I'll even sign up.

      There are so many ways to attack this argument, so I'll only pursue two:

      (1) Far, far more people are killed on highways every year than have ever been killed by terrorist attacks.

      Why don't we make everyone buy a tank and drive at 5 mph on the highways. That way ~no one~ would die in a traffic accident.

      You dismiss this argument as absurd? I agree, but I think you just put a price on life.

      (2) How would we have had the iris scans of these people who boarded the various terrorist flights? HOW?

      That quickly, you have seemed to convert a voluntary system, which appears to be a great idea, into a mandatory identification system that will promote "safety".

      Take a look at history. Then tell me who you should really be afraid of: random acts of violence or central promoters of identification and other "safety" acts. Remember the "gold star"?

  6. Foolable by e8johan · · Score: 3, Informative

    Biometrical systems are hard to fool, but it is not impossible.
    I hope that they have a proper system with personal digital (hard to hack) ID cards and such to make sure that it is foolproof.

  7. Transmission of eye disease by kcelery · · Score: 4, Interesting

    My friend contracted an eye-disease when he used a telescope, one of those peek-a-minute-for-a-quarter machine. We suspected that his eye-lash came in contact with the bacteria left by the previous patient.

    His red-eye recovered in a week after medication.

  8. Thanks Goodness for Privacy Advocates... by Anonymous Coward · · Score: 5, Insightful

    So long as it's a voluntary system, that's a great system and I applaud it.

    One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:

    (1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.

    (2) [More recent] To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.

    Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.

    Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister.

  9. My concerns with biometric "passwords" by johnburton · · Score: 5, Insightful

    My concern with all of these schemes is that if someone gets hold of your biometric data it may be passible to spoof the device in some way. At least with a password you can change your password if someone gets hold of it, but with these schemes, if someone gets hold of your data there is nothing you can do about it. Probably not an issue for this application, but I see it suggested for things like ATM machines or access to building (where swipe cards are used now) where they are used unattended. I expect that if these devices become widespread then someone will build a device to spoof them. and once someone has got hold of your data there is nothing you can do about it

    --
    Sig is taking a break!
  10. These things are notoriously poor by potcrackpot · · Score: 4, Informative
    Biometric eye-scanners are notoriously bad at recognising people, and very inaccurate. This article (about a trial of fingerprint-, iris- and face- scanning technology) quotes such figures as 47% accuracy!
    The system struggled to identify people if there were wearing spectacles, if the lighting was wrong or if they moved their heads too much.

    Apparently, people could fool face-scanning systems (yes, I know they're different) with photos or video images. It doesn't actually say how to fool iris-scanners - but suggests that the trial wasn't convinced of their greatness.

    Still, at least they're not going to use fingerprint scanners at the airport as they think they're too easily fooled - the BBC article reckons you can fool those by breathing on them.

    I'm not sure whether this kind of security is best placed in an airport - fine for lower-risk security such as getting into your office block, or maybe even for your home burglar alarm - but at an airport with (potentially) massive numbers of subscribers to the system - sounds like a poor idea.

  11. let's see... by huge · · Score: 4, Funny

    Everyone who has seen the "Demolition Man" knows how to bypass these things...

    --
    -- Reality checks don't bounce.
  12. Iris Scanners..... by N+Monkey · · Score: 3, Funny

    ... Well we've only got an SGI Indigo2 in our office. If I needed to take it on a trip to and from Canada, would it be compatible with their Iris scanners? ;-)

  13. Schiphol system works but it�s unsafe by ginkelb · · Score: 5, Informative

    Sure we are using the irisscan program on schiphol airport to bypass customs.

    There is however an security risk with this system that can not be solved by placing the scan equipment next to a security officer.

    The scan of the iris is kept on personal digital medium and not on a central server due to privacy laws in holland. When a visitor arives he presents the machine with his card, look into the camera and the machine verifys that the presented iris is the same as stored on the card.

    The problem with this is obvious. Hack the card, upload youre own scan and you can get access while using the name of someone else.

    Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.

    Greetz,
    Bas

    --
    Real programmers don't document.
    It was hard to write so it should be hard to understand.
    1. Re:Schiphol system works but it�s unsafe by Alsee · · Score: 3, Informative

      he problem with this is obvious. Hack the card, upload youre own scan

      Unless they are complete morons I'd assume they use a cryptographic signature, or encrypt the whole thing.

      Oops, easy to be wrong when assuming people aren't complete morons.

      Anyway, if designed properly it would be extremely difficult to crack the encryption. At a very minimum they would need to snatch a machine. A really smart system could even revoke all scans associated with the snatched machine.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    2. Re:Schiphol system works but it�s unsafe by MarvinMouse · · Score: 3, Informative

      Hacking the card depends on a couple of things.

      Yes, some smart cards are easily hackable. But there do exist methods of coating the card to prevent even access to modification of the data (look up FIP Encryption Standards Level 4).

      But also, if the smart cards are not changeable (IE not RAM style cards.) So, you can only put an ID and iris on there once, and not replace or change it. Then hacking the card directly will be meaningless since there is no way to change it. Since it is all hardcoded.

      Yet, there is the possibility of someone making their own cards. The only real way around this is to include some form of authentication on the card (perhaps a quick encryption algorithm where each card has their own encryption key). Then all that would need to be done is have some random signal sent to the card, and then the key will encrypt it returning an answer that can be tested against what should be expected for that card from the system.

      Now, even then hypothetically the card can still be created (if someone can figure out the key). But, I think it would start to become more a matter of hacking the main servers to get the key then just stealing a card and changing the iris from it.

      Just some thoughts.

      --
      ~ kjrose
  14. Uhhhhhhhhh?!? by JaredOfEuropa · · Score: 4, Interesting

    I can hardly believe this... Presumably the machine uses some private key, but once that is hacked, people could create their own cards... it would be as secure as a black&white passport on plain paper: everyone could print their own on their laserprinter at home.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  15. Linus predicted these problems years ago by wackybrit · · Score: 3, Informative

    Linus Torvalds is once quoted as saying, 'Iris scanners in airports are a really bad idea because people's privacy will be invaded and that is not good.'

    I, for one, agree. I don't think iris scanners are a good idea in airports because the invasion of the right to privacy of people in the airport is not good.

    One of the major problems with iris scanners is light refraction. The way iris scanners work is that they send out dense beams of infrared, and when they reflect back a pattern that can be recognized as an 'iris', this pattern is then stored and can be compared against a database of iris patterns.

    Few quiche eating Pascal programmers and Mac users would realize just how inaccurate this is. Everyone's eye has a different surface, and if the IR ray enters from different angles, different distorted iris patterns can be reported. This is why scanning the material that controls the entry of light to the eye would be more accurate, since this is not affected by these scientific properties.

    --
    mogorific carpentry experiments
  16. Are smart cards and key pairs the answer? by Neil+Watson · · Score: 5, Insightful
    I'm no expert on cryptography. What if you had a smart card. You program that smart card generating an expirable key pair. You get the private key (burned onto the card) and the government gets the public key. Your private key has a "passphrase": your retina print (which never needs to be stored).

    Now, to prove you are who you say you are you swipe the card. You private key is compaired to your public key and verified.

    Every six months, your key pair becomes invalid and you generate a new pair.

    --
    UNIX/Linux Consulting