Slashdot Mirror


Cry To Beat Iris Scanners

Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"

11 of 373 comments (clear)

  1. Please.. Mr Blunket/Random authority.. Get a clue! by Ckwop · · Score: 5, Insightful

    For the 123rd time. *How* does biometric data prevent terrorism or halt illegal immigration or any of the things it's meant to do?|

    Terrorists: Is any (known) terrorist worth his/her salt going to fly on their own passport. What's stopping them getting a *real* passport with the correct Biometerics on a different name?

    Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!

    Stopping Criminals: Yes because criminals are moral enough not to have fakes!

    The trade off isn't worth it. The only person this effects is you: the law abiding honest citizen. Life is no harder for any of the above groups.

    Simon.

  2. "beats the iris scanner" by scubacuda · · Score: 5, Insightful
    When I hear "beats iris scanners," I think of an iris scanner giving some sort of false positive.

    Sure, there's a problem with it correctly identifying the real people. But is this really "beating" the scanner?

    Just a thought...

    1. Re:"beats the iris scanner" by Vellmont · · Score: 4, Insightful


      But is this really "beating" the scanner?


      If 7% of the time the scanner can't ID you, those people will probbably just routinely be let in. If all you have to do is tear up a little, have long eyelashes, or whatever then anyone that'd be caught be this system will do just that. A system where it's easy to become incorrectly identified is a useless one.

      --
      AccountKiller
  3. Re:Tech meet Typical by Patrik_AKA_RedX · · Score: 5, Insightful

    Or just the opposite: cry; don't get IDed; be considered an illegal alien; get deported to Antartica; get eaten by an icebear.

    I think if anyone would cry to prevent this thing to work, they'll give him/her a nice chair at the police office and let them try again later.

  4. Re:Please.. Mr Blunket/Random authority.. Get a cl by hak1du · · Score: 5, Insightful

    What's stopping them getting a *real* passport with the correct Biometerics on a different name?

    Well, in the Bush/Ashcroft 1984 utopia, the biometric identifiers are not only stored on your passport, but also in centralized databases. They aren't only used to tie you to your passport, but they are also used to retrieve possibly matching identities from those centralized databases.

    Furthermore, the same centralized databases contain assessments of how much of a threat you likely pose, based on detailed information about where you have traveled, what kinds of political views you have stated in public forums (and maybe in private), the results of surveillance, contacts, purchasing history, insurance history, habits, and interests.

    Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!

    That one's even easier. The general idea is that all US citizens would have their biometric identifiers registered in central databases with an indication that they may enter the country. Furthermore, the biometric identifiers of everybody who has ever been denied entry would also be registered. When you appear at the border and your biometric identifiers fall into the first category, you are permitted in. If they fall into the second category, you won't be let in, no matter what your (probably fake) passport says. And if you fall in between--well, prepare for a long wait.

    Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.

    I'm not saying that any of this will work. I'm just saying that, if you assume that biometric identifiers actually work reliably and/or that you can produce ids that are difficult to fake, you can concoct scenarios in which they would be useful for the intended purpose.

    I think those are big "ifs", but if you are going to attack these policies, I think you need to dig a little deeper to do so.

  5. Crying doesn't BEAT iris scanners by Tony.Tang · · Score: 4, Insightful

    The title of the post is poorly worded. Crying doesn't BEAT iris scanners -- that seems to imply that by crying, the iris scanner goes "okay, you're good." Instead, the iris scanner FAILS if you cry. That means, if your eyes water, the iris scanner may not recognise you.

    Needless to say, this makes a lot more sense, and is actually more acceptable. After all, (and here's my layman's view coming in) iris scanners are essentially cameras with some pretty cool-dude computer vision algorithms in the back. If your eyes are teary, the CV algorithms get messed up -- it's kind of like having a distortion lens (like an oddly shaped magnifying lens) on the front of the camera.

  6. Re:Please.. Mr Blunket/Random authority.. Get a cl by Ckwop · · Score: 5, Insightful

    haha.. Lesson 2 in security. Authenticating a person doesn't tell you their motive.

    Simon.

  7. From tactical to practical by bangular · · Score: 4, Insightful

    Who knows if it will flop or fly for what you've described it for, but I can think of a lot of good uses for it in the private sector.

    Current time clock systems allow for a lot of cheating. "Here's my timecard, I'm going home early. Please clock me out". Timecard fraud becomes much easier to prevent when you can't just give someone your card to clock you out.

    Most people HATE remembering passwords. If given the choice, most people would gladly trade in all their pins and passwords for the ability to have an iris scan identify them. Even if told it's not perfect.

    What about cars? I'd love to be able to just open my door and while my hand is in contact with the handle scan my fingerprint and remember how I like my seat, mirrors, etc. adjusted.

    I remember when Netscape first introduced cookies everyone was up and arms about the privacy issues. People were PISSED. And yes, plenty of people have abused cookies. But the benefits far outweigh the drawbacks. Almost all current web login systems use cookies. If we didn't have cookies we'd have to use a dirty work around like putting cookie data in the url for GET requests (which is incredibly insecure).

    Biometrics are a good thing for day to day life. Very rarely does anything that sets out to change the world actually do; but it can definatly make the world a little easier to live in and help the average person immensely.

    1. Re:From tactical to practical by ezzzD55J · · Score: 5, Insightful
      It's an interesting idea, but it's too dangerous, because the whole point of biometrics is that they are tied to your person. You can't change them (eyes, fingers), you can't get new ones if your old ones are lost (eyes, fingers) or their information stolen (iris pattern, fingerprint), not everybody has them (eyes, fingers), and all scanners can probably be fooled with a little or much effort.

      Another reason I don't like biometrics, however, is that you cannot compartmentalise your authentication information any more. If, say, the tax people, phone company, bank and the police all use your biometric information to authenticate you, then that provides for a massive spillover in (authentication) information that you can't control - for the same reason that it is a bad idea to have the same PIN code on your ATM card and your GSM phone PIN, it's a bad idea for everybody using the same info to authenticate you. Nowadays, if somebody can impersonate you to the phone company, all they can do is run up high bills or get you disconnected or something. But if you're a phone company employee with access to someone's biometric info, you're a small step away from being able to impersonate that person to their bank, passport authority, etc., and take over their life.

      Even worse, as above, you can't change your info if it's compromised. Remember that biometric info is just a fancy password, with all the password weaknesses, with the advantage that you don't have to remember it, and the disadvantage that you can't change it or get a new one. People can intercept and replay your password (biometric info) to scanners, it's just very simple symmetric and unreliable information in the end, relying on the trustworthiness of biometric scanners to be trustworthy. And of course the path from the scanners to the device interested in your identity..

      Biometrics aren't a silver bullet.

  8. Am I the only one worried by all this? by NewtonsLaw · · Score: 4, Insightful

    Given that the integrity, honesty, competence and trustworthiness of those at the top of the political power-pyramid has been well and truly drawn into question by recent events related to the treatment of prisoners in Iraq, am I the only one worried that these centralized databases of personal ID and info represent a *huge* potential for abuse?

    It really scares me that what was frightening science fiction yesterday, looks like becoming reality tomorrow.

    Looks as if one of our most important rights (the right to privacy and anonmymity) is about to be exponged forever -- with narry a whimper from the general population.

    When *used* only as promised, modern sophisticated ID and tracking systems may pose no threat to the general public -- but what happens when (and that is *when*, not "if") they are abused?

    What protection mechanisms are incorporated to stop some bureaucrat or politician (ab)using such a system to track a foe and use that information for their own means?

    Isn't about time we told our politicians to back off and mind their own business?

    While I'm most certainly not anti-American, I think the simplest and most effective way that the USA could reduce the risk of terrorist attacks is by getting out of Iraq and stop trying to expand its empire and the reach of its military muscle.

    I can imagine how much better life would be for US citizens if the US government spent as much on the health, welfare and education of its own people as it has on war in the past 60 years or so -- and ultimately, what have they got to show for their involvement in Vietnam, Granada, Somalia, Iraq, etc?

    Yeah, we all know that Saddam was a despot -- but I'd wager that there are just about as many people who regard Bush as a despot. Surely that gives them no more right to attack the USA than the USA had to attack Iraq. All sides in this battle are completely and utterly mad.

    Uh-oh, off topic :-(

  9. Re:Tech meet Typical by CrowScape · · Score: 4, Insightful

    Except, of course, that it was the policies of the Clinton and early Bush administration, which weren't all that different from each other, that allowed 9/11 to happen in the first place. I fail to see how a return to those polices will have a different result. At least Bush is now making completely different mistakes rather than repeating the old. Keep in mind that not only did countries hate us, they also thought we would roll over and play dead if they attacked us. Plus, when you look at history, the PATRIOT Act is completely benign compared to what has come before in times of war, and don't fool yourself into thinking that Kerry would repeal it. He will move to strengthen it. I don't see Kerry as the lesser of two evils, I see him as offering the worst of both worlds.

    --
    common sense: noun
    What those who are ignorant of the subject matter think; usually wrong.