Slashdot Mirror


Cry To Beat Iris Scanners

Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"

20 of 373 comments (clear)

  1. There is no such thing by 0xC0FFEE · · Score: 4, Interesting
    There ain't no such thing as a technology that gets worst or doesn't improve. So in due time things will be perversely efficient and operate in a wide range of conditions. Yeah it takes time, but in this particular case, the more the better in my view.

    Anyway, when I go get my eyes examined, there's this machine taking a picture of my retina and blowing air into it so as to remove water. Oh and they ask me to remove my lens first, imagine!

    1. Re:There is no such thing by prockcore · · Score: 3, Interesting

      There ain't no such thing as a technology that gets worst or doesn't improve.

      True, but there is such a think as a technology that has been proven to be inherently flawed.

      Just google for "Bertillonage" for an example of a failed biometrics concept, which no amount of technology could save.

      Is iris scanning inherently flawed? I don't know, but if they're just now finding out crying gives a false negative, I don't think anyone has really done any real tests to prove one way or another.

    2. Re:There is no such thing by 0xC0FFEE · · Score: 2, Interesting
      This is going OT, but we're not talking inter-operability or performance here where "flawedness" is caused by the infrastructure in place. We're talking basic stuff like data acquisition and data analysis algorithms.

      Now if the data acquisition is flawed, there's nothing you can do and there's no algorithm to correct the flaws. Now following my suggestions previously it is not really _hard_. If the algorithms are flawed then its no big problem because 1) You've acquired data through a proper acquisition process and thus have a good dataset 2) you can use another algorithm and use the dataset to rapidly see if it works.

      I looked at your "example" of 19th century biometrics. Interesting historical value. Your point was?

  2. Re:Please.. Mr Blunket/Random authority.. Get a cl by Ralph+Wiggam · · Score: 5, Interesting

    All of the 9/11 hijackers had valid state IDs. I think about that while I'm showing my ID to the sixth person in the airport. Speaking of those guys, there was big report released last month showing that the federal TSA baggage screeners were just as incompetent as the private employees they replaced. It's all window dressing to make you feel safe enough to go out and spend your money. Meanwhile, our ports are wide open to someone slapping a stamp on a bomb.

    -B

  3. Re:What's the big deal... by 16K+Ram+Pack · · Score: 2, Interesting
    A trial?

    How many government trials with political backing don't get implemented?

    If it goes bad, Blunkett will just say that there were issues to iron out. I can't imagine for 1 minute that he'll cancel it.

  4. accuracy by noelo · · Score: 2, Interesting

    While people may joke about this technology and the whole id verification process/big brother, the fact is that its here to stay and I'd rather that flaws like this one are discovered in the initial test stages than having to spend hours proving who I am at an airport.

  5. Re:Please.. Mr Blunket/Random authority.. Get a cl by Ckwop · · Score: 5, Interesting

    Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.

    A UK reporter was able to obtain a *real* fake ID for just over a grand. Through a network of bribes.. It's not as hard as you think..

    Ask yourself this: How much do you recon they pay their staff at the passport issuing office? Now ask yourself how much that passport could be worth to someone! The math does itself.

    ID cards are flawed because you can't secure a system that large. Criminals have cash to 'invest' in perverting your system.

    Simon

  6. Astigmatism by groupthink · · Score: 4, Interesting

    Where I work we use these iris scanners. I wear glasses for my astigmatism and the system reads just fine through my glasses, unless I turn them perpendicular to my face. Other people who work here have to remove their glasses regardless.

  7. Re:Please.. Mr Blunket/Random authority.. Get a cl by 16K+Ram+Pack · · Score: 2, Interesting
    Particularly as visitors here for less than 3 months will be exempt.

    Also, people will rely on the DNA database as evidence, and not do the proper police/intelligence work. Fakers will escape the net. I always remember a maths teacher telling us to apply "sanity tests". Like roughly do the maths in your head and then check against the detailed calculations. The problem with systems over humans is that this is often not done (A bit like "why didn't Saddam fire those WMDs if he had them?")

  8. Failure rates. by rew · · Score: 2, Interesting

    ... fails to correctly identify people in just 4 percent of cases ...

    If you do a test run with 1000 individuals,and find that 4% of the subjects are identified as someone else, then you really have a problem.

    If you then scale up to 1 million people, you will find that a MUCH larger percentage of people will be misidentified: There is a much larger database of people who might have an iris that to the computer looks almost the same. That's when the shit hits the fan.

  9. Failure rates are the problem by Raindeer · · Score: 2, Interesting

    The pain with biometrics is, that it is so sexy and so hyped up, that people aren't willing to look at the numbers behind it. Contrary with what privacy and security people always shout, the biggest problem isn't that it doesn't stop criminals and terrorists. The single biggest problem of biometrics is its failure rate.

    If you want to roll out biometrics on a massive scale, an accuracy of 0.1 percent chance for falsely rejecting a person means that at an average large airport, like JFK, Atlanta, Heathrow means that 1 in a thousand scans fails. Now this might not sound as a big chance, but since you need to go through the biometric scanner twice, when you get on or when you get off. So this reduces the amount of people nescessary for failure to 500. Result is that with the hundreds of millions flying on a yearly basis in Europe and the US over 100.000 people might not get on or off a plane.

    You might be one of them!

  10. Nervous != guilty - does scanner obey this logic? by thesp · · Score: 5, Interesting

    This seems a worrying trend with biometric systems - even innocent fear/nerves cause physiological changes which can cause a scanner to give a 'no match' scenario. If biometric ID were to become compulsory, there is the distinct possibility of this problem becoming a real danger to the population.

    For example, if you have some nerves or phobia about the screening process (big men with guns, what-ifs about false positives), your physiology changes, and your biometrics no longer match your card. You are therefore taken in for further questioning.

    Even if you are cleared, the next time it happens, you are more nervous, and eventually this becomes a common event for you.

    In extreme cases, some people's reinforced phobia would then prevent them claiming benefits, travelling, anything that the ID was required for, sine they fear the accusations and questioning.

    This is similar to effects seen on the now-discredited polygraph, still in use by agencies worldwide.

    For example, I always get tense going through metal detectors. This is partly due to a childhood visit to Washington from the UK, when by accident I triggered the bomb detectors on a visit to the CIA buildings. (I was about 7, and didn't realise my pocket fan would set off the detectors.) I was taken away from my parents, and searched. This is a big thing when you're seven, and now these sorts of checks make me (irrationally, I know) very twitchy.

    If failing these tests due to phobia were to become a pattern with me, even if it meant I was often singled out in any sort of official process, I am sure my phobia's symptoms would increase, just driving up the error rate. Positive feedback, you see.

  11. Re:Please.. Mr Blunket/Random authority.. Get a cl by mpe · · Score: 2, Interesting

    Once they have a database they can at least make the comparison between citizens and aliens.

    Assuming that the "database" is secure against alterations. Any government using such a system will require that falsified and completely bogus identities can be created and that they be indistinguishable from real identities. It wouldn't do for someone's ID to carry metadata which equates to "undercover law enforcement". It would only require one criminal or blackmailable person with the relevent access for this assumption to be false.

  12. I don't understand this by Zog+The+Undeniable · · Score: 3, Interesting
    Nationwide Building Society in the UK tried iris scanning for ATMs a few years ago, and it was 100% successful. The technology wasn't rolled out further because of (a) cost and (b) it was fairly useless as a fraud prevention measure unless all other banks did it too - you could just use a non-iris ATM if you only had a card and PIN.

    Rather gruesomely, the system checked for a pulse in the iris to ensure that you hadn't got a life-size photograph...or cut off the account owner's head.

    --
    When I am king, you will be first against the wall.
    1. Re:I don't understand this by TheLink · · Score: 3, Interesting

      Well they're not all made the same. Just like anything there are different specs. Not sure of the ones used in the ATMs - I heard some of those can work from quite a significant distance- 1 metre? The one I played around with only could do about 10 cm to 20cm maybe 30 cm.

      To register a person you'd want the best pic possible, so you normally want a cooperative subject. But after that the one I tested was pretty OK, even IDs people with scratched eyewear and even some sunglasses.

      As for the danger to epileptics claims thats stupid - the stuff can work with IR light. The one I played around with had 3 red LEDs for illumination and was made by LG.

      Just buy the right iris scanner for the task and it'll work OK, unless the iris is obscured - I suppose really thick/long eyelashes might cause problems.

      Epileptic thing really sounds fishy, perhaps there's a hidden story/agenda somewhere. Now if they had said that fake contact lenses could cause problems I'd believe them - then you need fancy scanners that detect pulses and the usual involuntary iris size changes - I doubt the cheap scanners do that.

      Whatever it is, with biometrics for real security you always need a guard there, otherwise you can bring in equipment to fool the sensors. No self respecting guard is going to let you stick some fancy gizmo into/in front of a biometric sensor...

      --
  13. No, the iris scanner fails to identify you. by Moderation+abuser · · Score: 4, Interesting

    Iris scanners have a failure rate of around 4% -> 7%. This is a failure to identify a legitimate person against a *previously stored scan*. I.e. the scan stored in your biometric card or the scan stored in the government database.

    Fingerprint scanners have a failure rate of around 2%.

    Facial scanners have a failure rate of 10+%.

    --
    Government of the people, by corporate executives, for corporate profits.
  14. Wonder how it will cope with cataract ops by rpjs · · Score: 2, Interesting

    I had ops for cataracts when I was a child. As a result my pupils aren't the nice round sort the rest of you have but are sort of ragged. I wonder how Mr Blunkett's rinky-dinky little fascist scanner equipment will cope with my eyes?

    Well no matter, hopefully me and the soon-to-be-missus will have emigrated to somewhere saner by the time the "voluntary" ID cards will have stopped being voluntary.

  15. Re:Please.. Mr Blunket/Random authority.. Get a cl by Thundersnatch · · Score: 2, Interesting
    ID checkpoints are good for one thing: they offer security officers an opportunity to study the behavior of people in line. I knew a bouncer in college who could spot fake IDs without looking at the cards themselves. He had experience, trianing, and intuition about the behavior of underage people trying to get into bars, and he was very accurate.

    ID checkpoints will only catch the stupid criminals based on the ID itself. But even a well-trained terrorist will have trouble not showing some nerves while being ID-checked by a uniformed officer. With proper training and experience, security officers could identify a pool of people with anamolous behavior that require further watching/screening.

    Of course, the TSA probably doesn't train people in behavior observation, and the employees are low-paid and not well motivated. As Bruce Schneier said on the same subject: "We're taking smart people and replacing them with dumb technology, to the detriment of security."

  16. Re:Please.. Mr Blunket/Random authority.. Get a cl by TRACK-YOUR-POSITION · · Score: 2, Interesting

    Here in the US, my brother tried to replace his driver's license (the de facto US identity card) because his old one was damaged. He tried to use cash to pay the fee for this (probably something like $20), but then he discovered the driver's license center would only accept a money order because the employees of the center weren't trusted to handle cash. Seriously! Our government over here doesn't even trust the people who hand out ID cards with twenty dollars of cash!

  17. Re:Am I the only one worried by all this? by Lord+Ender · · Score: 3, Interesting

    If the US hadn't spent so much on its military in the past 60 years, much of the world would be communist (in the model of the USSR) and would not have this "freedom" we now enjoy. There would still be a cold war. Countries like South Korea would be in the sad state of countries like North Korea. If we had taken that money and put it toward social services, we would curerntly have an unsustainable population because every unproductive bum in the world would come here for free health care, shelter, and food. And these bums would have a disproportinately high number of children, who inherit their freeloading attitude. But enough of thus alternate timeline.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.