Slashdot Mirror


Biometric ID Cards Ready For Trial In UK

0ctal writes "Looks like us lucky Brits are getting ID cards no matter what... A 10,000 user trial starts next week. There's been a fair amount of debate on this recently, and it's been coming for some time, but live trials are sooner than expected. The trial is set up to evaluate three competing biometric products. Qinetiq, quoted by the story, are a government backed company set up to use MoD tech in civilian apps."

8 of 416 comments (clear)

  1. Re:A good Q&A on this from the BBC too... by Sexy+Bern · · Score: 5, Insightful
    I'm more concerned about the long-term implications.

    Today, NI number and basic details.

    Next decade, criminal convictions get added.

    Next decade, genetic abnormalities get added.

    Next decade, political stance gets added (gotta get those anti-terrorism measures in there somewhere).

    Paranoid? Maybe. Look back to what happened Germany in the 1930s and we should be very, very concerned about how this kind of "information" could be abused.

  2. Join the campaign by Albanach · · Score: 5, Informative
    stand.org.uk has a wealth of information on the plans. It's kept up to date and lets you know what you can do to help the campaign against these cards.

    Visit the site, write a letter then Fax your MP.

  3. Re:What's the problem? by Anonymous Coward · · Score: 5, Informative

    "Are you realistically worried that our (free world) goverments are gonna show their true face and prune out all those with less than blue eyes? "

    Aschroft recently sought information on doctors who perform abortions using his new found anti-terrorist powers.

    He also sought information on Anti-war protesters again using his new terrorist powers.

    http://www.alternet.org/story.html?StoryID=17909

    Thats just two incidents we know about because they were leaked. Now (under Patriot 2) its a crime to leak what he's using his terrorist subpoenas for.

    A republican senator is equating voting for Kerry with being anti-American.

    The problem as ever is not: "If you are doing nothing wrong you have nothing to fear." but rather "if your government never does anything wrong you have nothing to fear".

  4. Re:Blunkett scares the... by gnu-generation-one · · Score: 5, Insightful
    Among other things we still don't know:
    • The actual reason for the introduction of ID cards;
    • What ID cards can and cannot do;
    • Who will be able to demand an ID card and under what circumstances;
    • If ownership of ID cards will be compulsory;
    • If the carrying of ID cards will be compulsory;
    • Whether all parties asking for ID cards will be able to see all of the information held on the card;
    • The security of the ID cards and the centralised database;
    • The form of any biometric data to be held on ID cards;
    • How any biometric data might be collected and how much time and effort would be required of that process;
    • The ability of the cardholding citizen to view personal data held on ID cards;
    • The accessibility of such information to people using minority computer systems, to those without computers and those requiring assistive technologies;
    • The ability of the citizen to demand the correction of misleading data held on the ID card;
    • The supervision of the centralised database necessary to operate the ID card system;
    • Whether there will be data on the ID card to which the citizen does not have access;
    • The ability of a citizen to track the usage of their ID card and by whom;
    • The ability of the government to track ID card usage;
    • If centralised data will be shared between government departments, researchers or commercial organisations;
    • If personal data will be exported from the country and hence out of the remit of the Data Protection Acts;
    • What protections will be put in place to prevent "function creep";
    • What protections will be put in place to prevent abuse of the ID card system by future administrations;
    • What protections will be put in place to prevent official abuse of the ID card system;
    • How the ID card system will not discriminate against ethnic minorities;
    • If the ID card scheme violates the Data Protection Acts;
    • If the ID card scheme violates the European Convention on Human Rights (as incorporated into UK law by the Human Rights Act 1998), especially as legal opinions suggest it will
  5. Politics/slashdot joke by bcmm · · Score: 5, Funny

    I for one welcome our New Labour overlords...

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  6. Re:A good Q&A on this from the BBC too... by LoocSiMit · · Score: 5, Funny
    I'm constantly astounded at how badly some 2nd and 3rd generation immigrants speak English.

    I'm constantly astounded at how badly some 20th and 30th generation immigrants speak English.

    --
    Intellectual Property
    Intellectual: of the mind
    Property: that over which one has control
  7. ID cards don't work against illegal immigrants. by Moderation+abuser · · Score: 5, Interesting

    Go ask the Spanish government about the 800,000 illegal immigrants from Morocco living in Spain *without* national ID cards. ID cards are compulsory in Spain.

    They *also* don't make a blind bit of difference against terrorist organisations, as Spain also found out to their cost.

    It's pure myth that ID cards are effective tools against illegal immigration and terrorism.

    --
    Government of the people, by corporate executives, for corporate profits.
  8. If you think this is Funny by Pan+T.+Hose · · Score: 5, Informative

    "Good morning Doctor, this evil genius Tsutomu Matsumoto has compromised the great security of my biometric ID card again... I really think that this so called 'gelatin' circumvention substance should be outlawed! Anyway, could you please transplant me a new set of fingers?"

    If you think this is Funny, then you should read Fun with Fingerprint Readers from May 2002 issue of Crypto-Gram Newsletter by Bruce Schneier:

    Tsutomu Matsumoto, a Japanese cryptographer, recently decided to look at biometric fingerprint devices. These are security systems that attempt to identify people based on their fingerprint. For years the companies selling these devices have claimed that they are very secure, and that it is almost impossible to fool them into accepting a fake finger as genuine. Matsumoto, along with his students at the Yokohama National University, showed that they can be reliably fooled with a little ingenuity and $10 worth of household supplies.

    Matsumoto uses gelatin, the stuff that Gummi Bears are made out of. First he takes a live finger and makes a plastic mold. (He uses a free-molding plastic used to make plastic molds, and is sold at hobby shops.) Then he pours liquid gelatin into the mold and lets it harden. (The gelatin comes in solid sheets, and is used to make jellied meats, soups, and candies, and is sold in grocery stores.) This gelatin fake finger fools fingerprint detectors about 80% of the time.

    His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time.

    Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.

    Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them. The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing. Impressive is an understatement.

    There's both a specific and a general moral to take away from this result. Matsumoto is not a professional fake-finger scientist; he's a mathematician. He didn't use expensive equipment or a specialized laboratory. He used $10 of ingredients you could buy, and whipped up his gummy fingers in the equivalent of a home kitchen. And he defeated eleven different commercial fingerprint readers, with both optical and capacitive sensors, and some with "live finger detection" features. (Moistening the gummy finger helps defeat sensors that measure moisture or electrical resistance; it takes some practice to get it right.) If he could do this, then any semi-professional can almost certainly do much much more.

    More generally, be very careful before believing claims from security companies. All the fingerprint companies have claimed for years that this kind of thing is impossible. When they read Matsumoto's results, they're going to claim that they don't really work, or that they don't apply to them, or that they've fixed the problem. Think twice before believing them.

    Interesting, isn't it? See also: T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, "Impact of Artificial Gummy Fingers on Fingerprint Systems," Proceedings of SPIE Vol. #4

    --
    Sincerely,
    Pan Tarhei Hosé, PhD.
    "Homo sum et cogito ergo odi profanum vulgus et libido."