Slashdot Mirror

← Back to Stories (view on slashdot.org)

Greece, UK Go Different Directions On Biometric ID

Posted by timothy on from the mmm-mandatory dept.

An anonymous reader submits "David Blunkett, the UK's labour Home Secretary, today announced plans to fingerprint and iris scan all British citizens by 2013 for a new compulsory ID card. The majority of negative feedback to government consultation on the scheme was discounted because it was sent via an online service." On the other hand, securitas writes "Greece's Data Protection Authority - the national privacy watchdog - 'banned Athens International Airport from checking and recording passengers' fingerprints and irises as part of a pilot security program saying it was in breach of local privacy laws.' (That's 'pilot' as in 'trial,' not the people who fly the planes). The scheme, funded by the European Union and the Swiss government, involved embedding the biometric data on smart cards issued to travelers on a voluntary basis."

1 of 43 comments (clear)

  1. No Contest by ratboy666 · · Score: 2, Interesting

    The main problem with biometric schemes is that it is (almost) impossible to contest.

    The card holds your biometric data (say finger-print and iris scan). If card production is cracked, the cards can then be forged -- making the biometric data useless. This is comparable to pasting in another picture on a drivers license.

    To prevent this, the biometric data can be stored elsewhere. One copy (the one that can't be repudiated) is on the person. One copy may be on the card (if the card is secure). Typically, one *more* copy is on a computer.

    The "client" is scanned, and biometric data is compared against the stored copy. Hack attempts portrayed on movies have the "bad guys" using cut off fingers, etc. to beat the system. But this isn't the attack point of choice.

    If the biometric data is modified in the stored computer file, we have a problem. Someone makes a change saying "this person is a terrorist". Or another identity change. You CAN'T change your biometric data, and governments aren't likely to reveal what is in the "secret" files.

    So, a hacker seeds data in a computer somewhere, and the next time you travel, BAM, you are arrested with no way of proving that it ISN'T you. Of course its you, the biometric data matches.

    Any compromise in the system is very bad. This is a very bad thing. The privacy thing is a canard -- not being able to repudiate the biometric data makes it almost impossible to correct records, and reclaim identity through government layers.

    Ratboy

    --
    Just another "Cubible(sic) Joe" 2 17 3061