Slashdot Mirror
Biometrics: Prepare to be Scanned
npistentis writes "From an
article in the Economist: It has been a long time coming. But after years of false starts, security systems based on biometrics--human characteristics such as faces, hand shapes and fingerprints--are finally taking off. Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen, like a key or an identity card, they are an ideal way to control access to computer networks, airport service-areas and bank vaults. But biometrics have not yet spread beyond such niche markets, for two main reasons. The first is the unease they can inspire among users. Many people would prefer not to have to submit their eyes for scanning in order to withdraw money from a cash dispenser. The second reason is cost: biometric systems are expensive compared with other security measures, such as passwords and personal identification numbers. So while biometrics may provide extra security, the costs currently outweigh the benefits in most cases."
i'm all in favor of it, but it still does bring my mind back to minority report. Some people have a right to be uneasy.
So what happens when someone who has lost one or both eyes tries to withdraw money from their bank account? Or when a burn victim passes through a face recognition checkpoint?
There are safeguards to prevent this, such as methods to determine body heat and pulse being necessary for a positive ID.
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen...
I heard a rumor that the CIA used to use finger print scanners as a security measure. The problem was that their agents were being killed and their hands cut off to gain access to secure areas/information. Whether or not the rumor is true, the problem is still real. Biometrics can be stolen, it's just a bit more gruesome.
47% of all statistics are made up on the spot.
Bioscrypt now claim an error rate of 0.1% on fingerprint IDs.
I suppose it depends how large your access list needs to be. It would be pretty good for a server room inside a secure building with 2 staff members on the access list, but with 10,000 on site (such as some places have) a false positive would be almost assured unless they had to carry a token of some kind. (Physical or otherwise, eg pin or swipe card.)
Beep beep.
The movie "Gattaca" comes to mind - people may well start SELLING their biometrics to others - sure, losing your hand is a bitch, but wouldn't you do it for ten million dollars? I honestly don't know if I could say 'no' to that, if I needed the money badly enough.
The problem with using body parts like fingers, retinas, or faces for access control security is that one's physical body can be coerced. No one can force me to reveal my secure password. I can choose to die rather than reveal it, and if I die, the protected data will die with me.
A few scenarios come to mind. I'm walking in a city late at night near an ATM. A thief puts a gun to my head and tells me to go to my ATM and withdraw funds for him. I can refuse, but if he kills me he will get no money. With a fingerprint, retina, or facial scan, he can shoot me first and just drag my body to the ATM.
Another scenario is private data on my computer that I want to be kept safe from everyone including governments. A government can physically coerce a citizen into using his fingerprint scanner to retrieve the data that they want. They can do nothing about a strong password, and, again, if they kill you they lose any chance of getting the data.
Of course, this is where torture comes in, but I'd rather have the choice of being tortured or even dying to protect sensitive data. Biometrics take away that choice.
Having said all this, voice print ID avoids many of these pitfalls. It seems the most promising since no one can physically force you to speak your password, and if you die the data remains protected.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
The economist article fails to mention the other major reason these systems have not taken off - comparability.
Or, I should say, the Lack of it.
Each fingerprint device on the market uses its own format for storing it's data - making each device incompatible. At first, this would seem to be an easily surmountable problem - but then you must realize that until recently, Every device on the market had its own API for development.
Let me give you an example to illustrate this issue: company X has 2000 employees, and it goes to look at biometric systems - they are either faced with the choice of paying for very expensive equipment from 'long time players' in the industry - who would be around in 2-5 years when the devices start failing due to wear and tear - or choose from some of the 'upstarts', and risk being out in the cold if the company they choose isn't around in several years. a hardware switch down the line not only would incur the cost of re scanning everyone, but the application itself would need to be modified to work with the API for the new device.
Enter the BioAPI (www.bioapi.org) - which proposed a standard api - now widely adopted. You may notice that the Bioapi page mentions it was founded in 1998. It has taken several years for this standard to come to the foreground and there are still roadblocks - not all manufacturers participate freely.
As an example: one rather large manufacturer, Identix (www.identix.com) seems to have been stonewalling for years. Why would a manufacturer do such a thing against what is good for the industry? Because they were leading the industry. When you have all of the high end government contracts coming your way, a standard the opens the doors for the little guy is a Bad Thing for your business - or so they thought.
Take a look at the members list on the bioapi site - identix is listed - then take a look at the supported devices list... not a single identix product.
In 1999 I witnessed this stonewalling firsthand at a meeting in washinton DC. This meeting had manufacturers and interested parties from all over the globe in attendance, including representatives from the US military. The whole agenda for the meeting was how to promote/define standards so that the industry could grow.
I had the unfortunate luck to be seated next to the Identix representative. He had apparently flown in just so he could stonewall - every opportunity he got, he grabbed the microphone and ranted about how we should let the free market dictate standards - that they would come about naturally in the free market (he loved the term free market).
Meanwhile the rest of the group was discussing issues about how to resolve device inter operability - even so far as to discuss how data could be shared between devices. No concrete decisions were made at the meeting, but it did get people talking.
Anyway, my whole point is, one of the major reasons the biometric security industry hasn't grown (as fast as has been predicted for the past 8 years) is because without standards no one wanted to invest in writing applications. It was just too risky.
Note: I am flipping a coin as to wether to post this anonymously or not, since Identix could decide to try and silence this sort of talk...
man is machine
is a big problem, partially real and partially imagined. The real issue is transmission of viruses and bacteria through body fluids - what if I have an eye infection when I peer into the retina scanner? What if I pick my nose, then scan my fingerprint? The imagined issue is the 'cootie factor', where you wont want to touch something that 1,000,000 other people touched (think toilet seat).
Lastly, our new biometric overlords (The US Govt) will undoubtedly put 1,000,001 policies and procedures in place creating a huge barrier to market entry, unless of course you're the gov't approved contractor. None of which will be followed by the unscrupulous, thus continuing the tradition of fucking the honest and awarding (by default) the sketchy.
I want to delete my account but Slashdot doesn't allow it.
Even if you can get the technology to the point where false positives occur less than 1% of the time
airports etc will be made unusable because there will be more candidates for a intensive search and id check than can be dealt with in a day.
But the real killer will be the problem of persistant false positives. How many times will someone who looks a bit like a known terrorist have to be taken out of queue and subjected to intensive questioning and searches before the lawyers and courts get involved?
Will just cut off your hand instead of demanding your wallet.
Or maybe head too- for facial scans.
Would you want it raised to that level?
Two big problems with biometrics are (1) the inability to change passwords, and (2) the inability to use a pseudonym.
The first has been pretty well covered. The second less so. Whenever I register for something (NYT for example) that has no business knowing my personal information (name, address, phone number, email, etc.) I lie. I don't want their marketing junk. I don't trust what they'll do with my personal information. What they are offering is not so valuable that I'll overcome my reluctance. I am not giving anything to them.
And, I can be a different person on Monday than I was on Tuesday.
Eh, I am tried of writing...
All who are familiar with the ATM scams know why it is inherently insecure. The more likely scenario is that eventually you will all be tagged like cattle. GPS tracking will ensure security by monitoring to make sure you are never in two places at the same time, or making quantum leaps through space-time.
Facial recognition is only 1 of the technologies involved in biometrics... To claim that the whole industry has failed to grow because one Type of biometric does not function well is untrue.
Besides that, your numbers are wrong... facial recognition systems can actually have failure rates higher than that under less than ideal ircumstances, and when put into use as identification, not verification systems.
First, definitions, for those who didn't read the article:
Identification: determin from a scan who someone is, searching over a list of possibilities.
Authentication: determin with reasonable confidence that the user is who they claim they are.
Authentication is much much easier to get right, since you can always ask for a rescan if you are unsure. Authentication systems are designed so that the device (hardware and software) return a confidence level - sometimes a percentage. It is up to the application developer to determin just how high a confidence level you want. If you set it too low, people with similar faces might be abel to authenticate for each other - borthers for example. If set to high, then slight (natural) variations in a person's face can cause rejections. Generaly, you must strike a balance between false positives and rejections. Such a compromise is acceptable, if you have other security measures in place (see note at end of post).
Identification is much, much harder. First of all, it is very cpu intensive - one can model identification as a low-confidence-level authentication against every listed person in the database. If you have 40,000 people in the database, this can take awhile. Hashing doesn't help much, and is illadvised, since we are looking for a close match, not an exact. Biometric data isn't the kind where you can take the first 5 bytes and dump into hash buckets either - but I digress. So, how do you speed it up? You reduce the dataset by reducing the detail in the data you store for each person.
Then you run into the problems with how these systems have been rolled out - using low resolution security cameras is not a good way to get an accurate scan of a person's face - especially when the people being scanned a re small enough (in relation to the scene) to be only 10s of pixels wide.
So, now we know the technical difficulties - but why the bum rap, and why would a police force choose to roll something like this out anyway? This is several fold, but the main thing it comes down to is misconceptions about what these systems are doing, and badly written systems. Due to the limitations mentioned above, these systems can only provide possible matches, like 'Person X is a 20% match against Osama Bin Laden'. the system isn't claiming that the person IS Osama, only that the face appears somewhat similar. As such, the system is supposed to be used as a guide - if it picks someone out, that person deserves more attention - that attention could be a remote-controled security cam singling them oout for a better scan, or for officers in the area to walk over for a better look. Unfortunatly, just because that is how the system is supposed to work does not mean it is used that way - all too often these are rolled out as a way to 'increase security while retaining a minimal police/secuity force'. You get officers who think of a potential match as a authentication, and they send officers running down at high speed only to find it's not Osama... The next potential match they are more hesitent about, and so on, until they mistrust the system completely. Is the system doing anything wrong? No, its that the users don't understand what it is doing. Better training would help, but so would the people making the purchasing descisions understanding the technology, and staffing accordingly.
In the sort of rollouts described above, facial recognition has a success rate of less than 30%, much lowe r than what you describe. With rates that low, people complain, and stories get published. Used properly, the data these sy
man is machine
Funny that nobody else has pointed this out - its well known that fingerorint scanners are fairly easily foolable - in fact if one has the finger available, leaf gelatine and a paperclip are all you need.
Shit, you can strip a print off a pint glass and use that to make a copy...
Ben Elton indicated a perfectly feasible way to fool DNA testing in This Other Eden, one would imagine a variation on coloured contact lense could be used to dupe a retina scanner.
Nevermind the obvious issue of chopping off body parts, and sticking pens in eyes, if I can forge a fingerprint right now and it can fool 80% of scanners, for under $5?
Yeah. Sounds infallible to me.
fortune -o
...just becasue you HAVE the technology, and COULD use it... ...doesn't mean you necessarialy SHOULD.
another creepy-ass thought
Retinal scanners: Remember that Tom Cruise sci-fi flick where everyone was constantly getting retinally scanned wherever they went? You guys think DoubleClick are a bunch of scumbags now, just wait 'till they link up with RetinAll Marketing.
Coming out of a big speaker in the near future:
"Welcome to Blockbuster, Mr Slappyjack. You may be interested in the Jenna Jameson collection we have in the back room. We did notice you were looking at internet porn about her all day while your wife was out. We do not, however, have any Ass-Reaming-Mature-Tranny-Bukkake videos, which we know you enjoy. If you like we'd be glad to order one for you. Have a nice day."
yeah. nice.
Remember when we all thought RadioShack asking for our addresses just becasue we needed a couple of AA batteries was high annoyance? NOTHING compared to what the future holds.
s'wut i sed.
Several years ago login (PAM) support was seemingly unavailable under *nix. All the Biometric vendors did have a proprietary Windows implementation, but no *nix. The closest was a U. of Michigan project; it then trailed off. Sun, other *nix vendors either had no solution or were unwilling to make info available. It appeared that the US Gov. was such a huge potential customer, that giving info, code, etc. was not in their best interest.
Strange; I never did figure it all out.
As far as I know most of the systems actually measure the temperature of the 'thumb', so that would make it a bit more difficult to fake (I'm not saying it would be hard, though).
Repeat after me....
Biometrics are unique but not secret.
Israel has had it at its Airport for a few years now. As like everyone else who had to do the army, the Govt already has my fingerprints.
Unlike everyone else who needs to wait up to 30 minutes to get through passport control to leave and sometimes even longer when arriving, its so nice to know that it only takes two minutes. (Two minutes bec you have to try so many times until it authenticates you, even though it knows ahead of time who you should be).
The only thing is, now instead of worying about loosing your passport, you need to worry about loosing you credit card, otherwise its time to join the queue with everyone else. (2 factor authentication ?)
Cost is not always measured in dollars and cents, and these days time is money.
The funny thing is that when you live in a society where the Govt is supposed to know everything about you (but is so inept that it takes them 4 years to update your address), you end up realizing that its not what they have on you, but rather who is incharge of the information. When someone bad is incharge, a little is more then enough [think Southern Hemisphere].
[This is not a troll, just a different perspective]
And what about classical hacking using the binary data your biometric details will eventually become once scanned?
Biometrics may sound futuristic and secure, but unlike a password or card, you can't replace your fingerprints or retina with a few keystokes, or have the bank send you a new one.
Looks can be deceiving. Or CAN they?
OK, but does your average criminal know that?
I don't care if it's fingerprints, voice print, retinal scan, or even DNA. What technology gives with one hand it takes away with the other. Before "big" ID systems are even fully deployed you can bet there's going to be a bit weenie somewhere thinking, "I wonder if...." Enough of them doing that and one of them will think of something you didn't.
One of these days we'll wake up to the fact there is no magic technology we'll ever be able to trust. But we always seem to want push-button solutions.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Are there safeguards to prevent germs? Do you really want to stick your finger where thousands of other fingers have been before? Do you know that some people pick their ass? And thats not the worst of it.
While biometrics methods may help to increase security, they are certainly not foolproof by any means. Any determined hacker/criminal can fake actual results without too much difficulty (if they have the proper equipment/tools). However, by far the most secure (as in hardest to fool) biometrics device is the faceprint scanner (sorry, I can't seem to remember the actual real name). In any event, it does an infrared scan of the human face and maps the network of blood vessels under the surface of the skin. While it is quite secure, it is also probably ridiculously expensive (can someone verify that?)
# fuser -v
#
Great, now what if I'm a manual labourer suffering from vibratin white finger, or just one of the many people afflicted with poor circulation in the fingers? No/weak pulse and room-temperature fingers.
Games Workshop Petition
I work in the security business, and while biometric devices has been all the rage for years and many companies manufacture them, the truth of the matter is that no one really wants them.
They have a very high error-rate, often requiring multiple scans if you want to be secure. They are also not very resilient to things like weather. Remember, many of these devices need to work outsice, in temperature ranges from -50 to +50 degrees. Things like fingerprint scanners simply don't work in these environments.
Also, as has been mentioned in other posts, they are just too expensive when comapred to what you get. In fact, if you judge by the customers who actually buy security hardware, you probably need to see the price of biometric devices drop below the price of traditional magnetic or proximity readers before they become any popular.
Yes, everybody talks about them but very few customers actually ask for them.
I believe that part of the article was commenting on using biometrics at border-crossings not airports (yes, it still would not stop most terrorists). So the airlines don't get financially affected, the US government does. At airports, biometrics are used to control access to secure areas, fair enough. At border-crossings, biometrics are used to verify the ID of people with special visas like INSPASS. I suppose even for internal flights the INS will check foreigners' visas (to find visa overstays), but that's still up to the government, not the airlines.
The future plan is to incorporate biometrics into all US-issued visas and passports. That's where the problem lies:
The cost of the new system will not just be financial. All visas will now have to be issued face to face, so that scanning can take place.
I'd guess the increased cost will be added to the price of US visas. For me, the scary part is this:
And the new rules specify that by October 26th 2004, all countries whose nationals can enter America without a visa--including western European countries, Japan and Australia--must begin issuing passports that contain biometric data too.
Basically, the US is making other countries add biometrics to their passports. If you live outside US, you might want to contact your government rep and urge them to cut the reciprocal agreement with US for not needing visas. If US wants everybody who visits them to carry biometric data, let them make their own copy.
You raise an interesting point, the solution is actually simple, you use a series of biometrics and create a composite biometric. Something perhaps like a fingerprint and a retinal scan. Besides the obvious logistical problems with the composite I mentioned this is how you could make situations like demolition man more difficult to acheive.
There will always be ways to circumvent any security system. Text based security is OK, but it is being abused and raped by naive users and crackers. Biometrics is just the next level in digital personal security it is certainly not the end all solution.
All your database are belong to us
`Something instrinsic' is a biometric sellers way to tell you that that
Even worse than that is the fact that much of the process for obtaining a US visa is being outsourced. As with a lot of the post 9/11 measures, there is little real effect other than to reduce overall security and allow some more port to be distributed.
See my journal, I write things there