Slashdot Mirror
Germany Begins Iris Scans at Frankfurt Airport
securitas writes "Deutsche Welle reports that at Germany's Frankfurt airport biometric iris scans of airline passengers have begun. The German government says that the six-month pilot project is part of Europe's 18-country Automated and Biometrics-based Border Checks initiative to improve 'border control routines' and domestic security, with a full-scale system to follow. The system uses an iris scan embedded in a passenger's machine-readable passport, which is compared to the passenger's iris with an onsite scan. Travelers must 'sign a data security document' and agree to be checked by border guards. The article also references the capability of an iris scan to determine drug and alcohol consumption. The European Parliament is considering replacing all of its traditional passports with a new European biometric passport by 2005. The IRISPASS system (press release) was built by Byometric systems, Iridian and Oki Electric Industry. More coverage at CNet/ZDNet, AP/USA Today and mirrors at AJC, and CNN."
Amsterdam Airport Schiphol introduced iris scanning in 2002
o l.security/
http://www.cnn.com/2002/WORLD/europe/03/27/schiph
This is rather invasive and doesn't bode well for privacy. Not to mention the issues of being able to get the same scan every time (eye damage, anyone?). On the other hand, it does make an attempt to solve the authentication problem -- how do you know that the person holding the passport is the person the password was issued to? Take a sample of data points from the scan at the time of application which are guaranteed to be reproducible (the signature) and sign it against a government-held private key. Barring changes in the eye structure, this should be easily reproducible.
Still, all these methods do nothing to prevent terrorism. They only validate that the person shoving their eye into the reader, terrorist or innocent, matches with the passport. Done properly, it should be incredibly difficult to forge a passport without having someone high up on the inside with access to the private encryption key. But it won't stop terrorists.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I actually worked with Iridian back when they were called "Iriscan" a few years ago. The technology was pretty cool; unlike fingerprint or voiceprints, which can only verify someone's identity after they tell you (via a username, prox card, etc) who they are, an iris scan can actually identify a user based off of their iris pattern.
A typical fingerprint has about 10 points that can be uniquely identified, and on a thumbprint scanner you're lucky to get 5 or 6 of them reliably. The iris has roughly 26 unique points that can be picked up every time. Back when I was working with Iridian's stuff they used a low light video camera to basically take a picture of your eye...no funky lasers or anything like that. Additionally, and perhaps morbidly so, they had built technology to help identify if the eye was live or not, so not only could you not just hold up a picture of an eye, but you couldn't take someone else's eye (a la Demolition Man, I believe) and hold it up to the scanner.
Additionally, the iris pattern (and thumbprint or voiceprint in other applications) is never held as an actual pattern; it's just a hash based off of what comes off the scanner, so privacy was not much of a concern.
It's "no one," not "noone." Who the hell is noone anyway?
Babies eyes don't settle down to their final colour until sometime bewteen 6 and 12 months (source, another).
So, their irises do change, certainly in colour. There aren't many 6-12 month-old terrorists running around, so maybe that's not an issue. But what Lockridge said is clearly wrong.
Tuus crepidae innexilis sunt.
Also, Keratoconus is a disease that causes the cornea to deform. This would cause scans of your iris to change. Also, people with this often have cornea transplants. The stitches (which are sometimes left in "forever") are right over the iris.
If Chaos Theory has taught us anything, it's that we must kill all the butterflies.
but the iris never changes from the eighth month of gestation until death.
This is absolutely wrong. Especially with pathological changes.
And yes, I am a vision scientist.
Visit Jonesblog and say hello.
I work for a private security company (can't give you the name) and we are looking into biometrics too.
They seem to work quite well. There is one "drawback" though: you can only use them to identify people who are already in your database. So it can only be used to authorize personel and not to identify visitors for example. This will remain like this until governements start keeping databases of biometric records.
Ofcourse this isn't very evident because the TTEI-resolution of 2001 specifically forbids practices like this on grounds of techfear I suppose.
In France and Belgium, for example, you can walk into a police station and declare you have lost your passports (the prevalence of muggers and pickpockets makes it an easily believable story). You have to provide a birth certificate. What is it? An ordinary piece of paper, incredibly easy to counterfeit. Once your ID has been "established" by this "proof", the authorities will issue a new set of ID documents: forgery-proof ID and biometric passport. With your supplied name and photo on it.
If at least, they keep a database of iris scans, forgers would be able to do it only once. The article doesn't say anything about such a database.
So this is a nice strong link in the othewise very weak security chain in Europe.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Does having an "arresting station" in one's own dwelling-place not sound a bit more chilling that eye-scanning?
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
This isn't quite right - while the passport is scanned, this isn't for iris data, merely to ascertain who you claim to be. The iris code corresponding to this identity is then retrieved from a central database and compared with the results obtained by the security terminal. From the press release:
"First, passport data is captured by a passport scanner and checked against a database. The iris recognition system then identifies the individual's iris to verify a match between the individual and the legal passport holder."
Bugger - I could have sworn I put links in that post. John Daugman's website, and the list of results from a variety of sources.
Ah! I was wondering why those Germans in Germany were scanning passengers in a German airport as part of a European initiative. Turns out it's to secure the United States!
No, but the whole rush towards biometric data in passports was triggered not least by the US, as pointed out in the USAtoday article linked in the story:
"Germany passed laws after Sept. 11 attacks that provide for biometric features to be added to passports and personal identity papers. Post-Sept. 11 U.S. legislation also requires 27 countries, mostly in Europe, to add biometrics to passports they issue after Oct. 26, 2004, or else have their citizens apply for visas. "
As it seems, most of you might have missed the fact, that the system is optional. You don't have to use it, you don't have to own a special passport if you don't want to use it.
It's setup as a convenience for frequent travellers. Its opt-in, if you would like to call it that way.
There are two types of colored contact lenses - opaque and non-opaque.
I've got the non-opaque ones, which is basically a colored transparent circle in the middle of the lens. It does tint my vision a little, but the brain gets used to it. I don't use them for photography. This type does not lighten dark eyes. I'm pretty sure you could easily get an iris print through these.
The opaque kind has a printed fake iris-like pattern on them, and are clear in the middle (and they don't tint your vision) I didn't like this kind because they use a half-tone dot pattern that I noticed very easily and looked especially fake. I doubt you could get an actual iris print with these. These are newer and are being pushed harder (example: the non-opaque kind are not available for astigmatic lenses). Manufacturers claim they look better, but for light-colored eyes, I disagree. For dark colored eyes, they are the only solution.
HIV Crosses Species Barrier... into Muppets
The German authorities will not be able to enforce this system for a long time, as it is impossible to force all other countries to provide such data.
Besides, did you ever notice that Europeans have to provide biometric information when applying for a US visa?
Sebastian
"I've always had a geeky dreamproject of supplementing my traditional lock and key entry to my house with biometric security devices. The idea being that in the event of a systems failure, instead of being locked out of the house I could fall back to the old lock-n-key method."
(a) Nevermind the authentication -- unless you're still using cylinder locks, the weakest link will be the physical bolt itself. Get something which can withstand a battering ram before you worry too much about lockpicks.
(b) Get one of those coded safes that they use in hotel rooms -- cement it into your garage floor, set a long code on it, and put a spare set of house keys inside.
(c) If you have cylinder locks, then anyone with a pick set already has a universal key to your house.