Slashdot Mirror
Iris Scanners in Canadian Airports
Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."
As far as I know, schiphol airport has had irisscans for a while now. See for example this article
If I take them out, they'll Xray those too, and I never had to look for a lost contact on an Xray belt before, the floor is bad enough.
"We've used the latest in biometric technology to confirm that the passenger manifest is accurate. You are cleared for takeoff."
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
So long as it's a voluntary system, that's a great system and I applaud it.
One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:
(1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.
(2) [More recent] To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.
Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.
Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister.
My concern with all of these schemes is that if someone gets hold of your biometric data it may be passible to spoof the device in some way. At least with a password you can change your password if someone gets hold of it, but with these schemes, if someone gets hold of your data there is nothing you can do about it. Probably not an issue for this application, but I see it suggested for things like ATM machines or access to building (where swipe cards are used now) where they are used unattended. I expect that if these devices become widespread then someone will build a device to spoof them. and once someone has got hold of your data there is nothing you can do about it
Sig is taking a break!
Sure we are using the irisscan program on schiphol airport to bypass customs.
There is however an security risk with this system that can not be solved by placing the scan equipment next to a security officer.
The scan of the iris is kept on personal digital medium and not on a central server due to privacy laws in holland. When a visitor arives he presents the machine with his card, look into the camera and the machine verifys that the presented iris is the same as stored on the card.
The problem with this is obvious. Hack the card, upload youre own scan and you can get access while using the name of someone else.
Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.
Greetz,
Bas
Real programmers don't document.
It was hard to write so it should be hard to understand.
Now, to prove you are who you say you are you swipe the card. You private key is compaired to your public key and verified.
Every six months, your key pair becomes invalid and you generate a new pair.
UNIX/Linux Consulting