Slashdot Mirror
Cry To Beat Iris Scanners
Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"
For the 123rd time. *How* does biometric data prevent terrorism or halt illegal immigration or any of the things it's meant to do?|
Terrorists: Is any (known) terrorist worth his/her salt going to fly on their own passport. What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
Stopping Criminals: Yes because criminals are moral enough not to have fakes!
The trade off isn't worth it. The only person this effects is you: the law abiding honest citizen. Life is no harder for any of the above groups.
Simon.
Sure, there's a problem with it correctly identifying the real people. But is this really "beating" the scanner?
Just a thought...
Or just the opposite: cry; don't get IDed; be considered an illegal alien; get deported to Antartica; get eaten by an icebear.
I think if anyone would cry to prevent this thing to work, they'll give him/her a nice chair at the police office and let them try again later.
It's designed to make contractors money.
This sort of things happen all the time when you're using a new technology. Nothing just works as expected the first time round, and it's precisely because of such issues that people innovate.
And, IIRC, the UK is just doing a trial run of this biometric ID card thingy, and the purpose of such trial runs are to catch "gotchas" like this.
I'm not going to rant on the "privacy issues"... heck, my country uses an ID card system as well, and as far as I'm concerned, it eases a lot of trivial processes (loan applications, etc. etc.) and in case something happens to me, at least people will know who I am.
Welley Corporation - SLM Scammers
It's only even effective against peopole who have been smuggled into the country without ID, which already happens, if people are routinely expected to produce ID in their daily lives. Is this the sort of world we want to live in? Blunket neds to be forced to admit exactly what his plan is and how it works. At the moment it's just smoke and mirrors.
What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Well, in the Bush/Ashcroft 1984 utopia, the biometric identifiers are not only stored on your passport, but also in centralized databases. They aren't only used to tie you to your passport, but they are also used to retrieve possibly matching identities from those centralized databases.
Furthermore, the same centralized databases contain assessments of how much of a threat you likely pose, based on detailed information about where you have traveled, what kinds of political views you have stated in public forums (and maybe in private), the results of surveillance, contacts, purchasing history, insurance history, habits, and interests.
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
That one's even easier. The general idea is that all US citizens would have their biometric identifiers registered in central databases with an indication that they may enter the country. Furthermore, the biometric identifiers of everybody who has ever been denied entry would also be registered. When you appear at the border and your biometric identifiers fall into the first category, you are permitted in. If they fall into the second category, you won't be let in, no matter what your (probably fake) passport says. And if you fall in between--well, prepare for a long wait.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
I'm not saying that any of this will work. I'm just saying that, if you assume that biometric identifiers actually work reliably and/or that you can produce ids that are difficult to fake, you can concoct scenarios in which they would be useful for the intended purpose.
I think those are big "ifs", but if you are going to attack these policies, I think you need to dig a little deeper to do so.
from Pondexter (yes the evil big brother guy) where he said "in a lot of ways we have the worst of both worlds: no security and no privacy".
x te r.html
http://www.wired.com/wired/archive/12.05/poinde
(It was in this past wired, good article)
Im glad
The title of the post is poorly worded. Crying doesn't BEAT iris scanners -- that seems to imply that by crying, the iris scanner goes "okay, you're good." Instead, the iris scanner FAILS if you cry. That means, if your eyes water, the iris scanner may not recognise you.
Needless to say, this makes a lot more sense, and is actually more acceptable. After all, (and here's my layman's view coming in) iris scanners are essentially cameras with some pretty cool-dude computer vision algorithms in the back. If your eyes are teary, the CV algorithms get messed up -- it's kind of like having a distortion lens (like an oddly shaped magnifying lens) on the front of the camera.
haha.. Lesson 2 in security. Authenticating a person doesn't tell you their motive.
Simon.
Who knows if it will flop or fly for what you've described it for, but I can think of a lot of good uses for it in the private sector.
Current time clock systems allow for a lot of cheating. "Here's my timecard, I'm going home early. Please clock me out". Timecard fraud becomes much easier to prevent when you can't just give someone your card to clock you out.
Most people HATE remembering passwords. If given the choice, most people would gladly trade in all their pins and passwords for the ability to have an iris scan identify them. Even if told it's not perfect.
What about cars? I'd love to be able to just open my door and while my hand is in contact with the handle scan my fingerprint and remember how I like my seat, mirrors, etc. adjusted.
I remember when Netscape first introduced cookies everyone was up and arms about the privacy issues. People were PISSED. And yes, plenty of people have abused cookies. But the benefits far outweigh the drawbacks. Almost all current web login systems use cookies. If we didn't have cookies we'd have to use a dirty work around like putting cookie data in the url for GET requests (which is incredibly insecure).
Biometrics are a good thing for day to day life. Very rarely does anything that sets out to change the world actually do; but it can definatly make the world a little easier to live in and help the average person immensely.
Given that the integrity, honesty, competence and trustworthiness of those at the top of the political power-pyramid has been well and truly drawn into question by recent events related to the treatment of prisoners in Iraq, am I the only one worried that these centralized databases of personal ID and info represent a *huge* potential for abuse?
:-(
It really scares me that what was frightening science fiction yesterday, looks like becoming reality tomorrow.
Looks as if one of our most important rights (the right to privacy and anonmymity) is about to be exponged forever -- with narry a whimper from the general population.
When *used* only as promised, modern sophisticated ID and tracking systems may pose no threat to the general public -- but what happens when (and that is *when*, not "if") they are abused?
What protection mechanisms are incorporated to stop some bureaucrat or politician (ab)using such a system to track a foe and use that information for their own means?
Isn't about time we told our politicians to back off and mind their own business?
While I'm most certainly not anti-American, I think the simplest and most effective way that the USA could reduce the risk of terrorist attacks is by getting out of Iraq and stop trying to expand its empire and the reach of its military muscle.
I can imagine how much better life would be for US citizens if the US government spent as much on the health, welfare and education of its own people as it has on war in the past 60 years or so -- and ultimately, what have they got to show for their involvement in Vietnam, Granada, Somalia, Iraq, etc?
Yeah, we all know that Saddam was a despot -- but I'd wager that there are just about as many people who regard Bush as a despot. Surely that gives them no more right to attack the USA than the USA had to attack Iraq. All sides in this battle are completely and utterly mad.
Uh-oh, off topic
Comment removed based on user account deletion
How in the hell you got modded up is beyond me.
What specific evidence or even real reasons do you cite that "If you then scale up to 1 million people, you will find that a MUCH larger percentage of people will be misidentified".
Do you have anything real to cite?
If it stops working from a few tears, you can bet the machine will meltdown when i have a hayfever attack.
Think I'll win a free trip to Cuba in the X-ray resort.
42
Ask yourself this: How much do you recon they pay their staff at the passport issuing office? Now ask yourself how much that passport could be worth to someone! The math does itself.
In Bush's mindset, any staff person that would do such a thing should probably be considered a terrorist and can just be shipped off to Guantanamo without a trial, where they can be raped and tortured courtesy of the US government. Given that downside, faking ids for a few bucks probably seems a lot less appealing to the staff.
ID cards are flawed because you can't secure a system that large.
You can't in a freewheeling democracy with normal legal protections. But if you make the state sufficiently totalitarian and the punishments sufficiently severe, as history has shown, that sort of thing does actually work, at least for a while. And that's where Bush and Ashcroft are heading; they just aren't aware of the historical precedents they are following.
In practice, this is a nonsense argument. For example, most people here know that WinXP copy protection can be broken with the help of a few google searches that lead to a few russian websites. there are trivial ways to defeat masterlocks and the ordinary sort of locks that 'secure' house doors. modern money *can*, with enough patience and technical skill, be counterfeited.
And yet microsoft continues to have a keycode unlock to winxp, houses continue to have locks, and treasury departments still spend quite a bit per bill to give them 'security features.' why?
Because as anybody who would rather think about this for two seconds (rather than just whoring up for +5 insightful, as you have) could see, protection in a real and complex world is not about *absolute* protection, it's about decreasing the *rate* of violation/infringement.
I know several people who have bought XP where they pirated 95/98/whatever because of their fear of the online activation system. People continue to have locks on their houses because it will make their house less likely to be burgled, and the counterfeit protection on money stops all but the most determined counterfeiters.
Likewise, biometric data will NOT "prevent" or "halt" illegal immgrigration in an absolute sesns and it is unreasonable to claim that's what it's "meant to do." Rather, it will SLOW THE RATE of illegal immigration (if not terrorism--that is obviously less of a statistical process because of the smaller data set). What is stopping them from getting a *real* passport with teh correct biometrics in a different name? have you ever tried getting an illegal passport of the regular kind? it's not easy! now, try finding somebody who provides an illegal passport with an embedded chip in it! not easy at ALL, especially given that for example, you know, when a UK passport is scanned at a US border, the US queries (or can query) the UK systems to vouch for the authenticity of the passport.
To claim that anybody who wants to "immigrate enough" is bullshit. Sure, there will always be the top n% who are determined, clever, and connected enough to beat any system. But with inceased smart security such as biometrics in concert with other ideas, this n% becomes smaller and smaller.
MOD PARENT DOWN as he has provided NO INSIGHT
Anyway, surely the system is only for authentification and not identification? I.e. they have your iris on record, you input your name and give them the iris scan. If the two match, you are who you say you are. I seriously doubt they will just scan your iris and search a database for a match. The only reason they would do this is for identifying criminals, but they would only need to scan the database if they did not have your name on the system already.
This is speculation, but I expect in those 4% of cases, if the people blink a few times and wipe their eyes, it would work a second time.
"crying beats iris scanners"
This report is patently false. Why? This news comes from a politician. We all know that they void of human emotion therefore they cannot cry.
...not "it falsely validated him."
Both the register and this slashdot article act as if crying or eyelashes will 'authorize you' when in fact, it just ensures that you fail.
Nice reporting.
Loading...
Except, of course, that it was the policies of the Clinton and early Bush administration, which weren't all that different from each other, that allowed 9/11 to happen in the first place. I fail to see how a return to those polices will have a different result. At least Bush is now making completely different mistakes rather than repeating the old. Keep in mind that not only did countries hate us, they also thought we would roll over and play dead if they attacked us. Plus, when you look at history, the PATRIOT Act is completely benign compared to what has come before in times of war, and don't fool yourself into thinking that Kerry would repeal it. He will move to strengthen it. I don't see Kerry as the lesser of two evils, I see him as offering the worst of both worlds.
common sense: noun
What those who are ignorant of the subject matter think; usually wrong.
That's a good point. Your bouncer friend learned to spot nervous 19 year olds because he sees dozens of them every night. How many terrorists have been caught in US airports? Not many. Also, nobody over 21 is nervous about going into a bar. Millions of people get nervous about boarding a plane.
-B
I hate to feed the troll, but I suppose once it hits +5 insightful no more harm can be done.
If you don't like bush but don't think kerry is any better vote for a third party. It isn't wasting your vote nearly as much as voting for a person you dislike. Personally I think the best thing for the presidency is for us to have a series of 1 termers. Then they might realize that they can't just play to special interests.