Germany Begins Iris Scans at Frankfurt Airport

← Back to Stories (view on slashdot.org)

Germany Begins Iris Scans at Frankfurt Airport

Posted by michael on Friday February 20, 2004 @10:31AM from the visine-not-included dept.

securitas writes "Deutsche Welle reports that at Germany's Frankfurt airport biometric iris scans of airline passengers have begun. The German government says that the six-month pilot project is part of Europe's 18-country Automated and Biometrics-based Border Checks initiative to improve 'border control routines' and domestic security, with a full-scale system to follow. The system uses an iris scan embedded in a passenger's machine-readable passport, which is compared to the passenger's iris with an onsite scan. Travelers must 'sign a data security document' and agree to be checked by border guards. The article also references the capability of an iris scan to determine drug and alcohol consumption. The European Parliament is considering replacing all of its traditional passports with a new European biometric passport by 2005. The IRISPASS system (press release) was built by Byometric systems, Iridian and Oki Electric Industry. More coverage at CNet/ZDNet, AP/USA Today and mirrors at AJC, and CNN."

6 of 322 comments (clear)

Min score:

Reason:

Sort:

On the one hand... by nacturation · 2004-02-20 10:43 · Score: 4, Informative

This is rather invasive and doesn't bode well for privacy. Not to mention the issues of being able to get the same scan every time (eye damage, anyone?). On the other hand, it does make an attempt to solve the authentication problem -- how do you know that the person holding the passport is the person the password was issued to? Take a sample of data points from the scan at the time of application which are guaranteed to be reproducible (the signature) and sign it against a government-held private key. Barring changes in the eye structure, this should be easily reproducible.

Still, all these methods do nothing to prevent terrorism. They only validate that the person shoving their eye into the reader, terrorist or innocent, matches with the passport. Done properly, it should be incredibly difficult to forge a passport without having someone high up on the inside with access to the private encryption key. But it won't stop terrorists.

--
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
1. Re:On the one hand... by m0rph3us0 · 2004-02-20 11:17 · Score: 4, Informative
  
  The problem is these IDs are based on a non-biometric data source. (ie. birth certificate). As long as the root of the document chain is comprimisable the whole system is. If I am the same age and gender as another person they can become me if I can get their birth certificate.
As one who's actually worked with iris scanners... by jskiff · 2004-02-20 10:53 · Score: 5, Informative

I actually worked with Iridian back when they were called "Iriscan" a few years ago. The technology was pretty cool; unlike fingerprint or voiceprints, which can only verify someone's identity after they tell you (via a username, prox card, etc) who they are, an iris scan can actually identify a user based off of their iris pattern.

A typical fingerprint has about 10 points that can be uniquely identified, and on a thumbprint scanner you're lucky to get 5 or 6 of them reliably. The iris has roughly 26 unique points that can be picked up every time. Back when I was working with Iridian's stuff they used a low light video camera to basically take a picture of your eye...no funky lasers or anything like that. Additionally, and perhaps morbidly so, they had built technology to help identify if the eye was live or not, so not only could you not just hold up a picture of an eye, but you couldn't take someone else's eye (a la Demolition Man, I believe) and hold it up to the scanner.

Additionally, the iris pattern (and thumbprint or voiceprint in other applications) is never held as an actual pattern; it's just a hash based off of what comes off the scanner, so privacy was not much of a concern.

--
It's "no one," not "noone." Who the hell is noone anyway?
Re:Iris changes by BWJones · 2004-02-20 11:05 · Score: 4, Informative

but the iris never changes from the eighth month of gestation until death.

This is absolutely wrong. Especially with pathological changes.

And yes, I am a vision scientist.

--
Visit Jonesblog and say hello.
Obtention of "lost" passport? by SysKoll · 2004-02-20 11:21 · Score: 4, Informative

Did the EU countries tighten their passport renewal procedures? Because right now, anyone can obtain a renewal for a lost passport by providing extremely low-tech documents that are a breeze to forge.
In France and Belgium, for example, you can walk into a police station and declare you have lost your passports (the prevalence of muggers and pickpockets makes it an easily believable story). You have to provide a birth certificate. What is it? An ordinary piece of paper, incredibly easy to counterfeit. Once your ID has been "established" by this "proof", the authorities will issue a new set of ID documents: forgery-proof ID and biometric passport. With your supplied name and photo on it.
If at least, they keep a database of iris scans, forgers would be able to do it only once. The article doesn't say anything about such a database.
So this is a nice strong link in the othewise very weak security chain in Europe.

--
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
It's optional! by kju · 2004-02-20 11:47 · Score: 4, Informative

As it seems, most of you might have missed the fact, that the system is optional. You don't have to use it, you don't have to own a special passport if you don't want to use it.

It's setup as a convenience for frequent travellers. Its opt-in, if you would like to call it that way.