Slashdot Mirror
Cry To Beat Iris Scanners
Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"
Hm, so technology meets the sterotypical cop: bat your eyelashes, cry a little and get out of the ticket.
A little learning never hurt anyone.
For the 123rd time. *How* does biometric data prevent terrorism or halt illegal immigration or any of the things it's meant to do?|
Terrorists: Is any (known) terrorist worth his/her salt going to fly on their own passport. What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
Stopping Criminals: Yes because criminals are moral enough not to have fakes!
The trade off isn't worth it. The only person this effects is you: the law abiding honest citizen. Life is no harder for any of the above groups.
Simon.
So we're going to have a system that is derailed by a few tears and fluttering eyelashes?
We already have a system like that. It's called Windows.
_
Download AWESOME music here (lame encoded).
"So we're going to have a system that is derailed by a few tears and fluttering eyelashes?" Yes. They're called women.
I bet sandpaper works too!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Sure, there's a problem with it correctly identifying the real people. But is this really "beating" the scanner?
Just a thought...
It's designed to make contractors money.
This sort of things happen all the time when you're using a new technology. Nothing just works as expected the first time round, and it's precisely because of such issues that people innovate.
And, IIRC, the UK is just doing a trial run of this biometric ID card thingy, and the purpose of such trial runs are to catch "gotchas" like this.
I'm not going to rant on the "privacy issues"... heck, my country uses an ID card system as well, and as far as I'm concerned, it eases a lot of trivial processes (loan applications, etc. etc.) and in case something happens to me, at least people will know who I am.
Welley Corporation - SLM Scammers
I recently had a bad fall and ended up in hospital (no need to mention the shopping trolley and the amount of alcohol that caused this situation)
After some standard tests, the doctor spotted that one of my iris's (sp?) was larger than the other, which had something to do with the head trauma.
Basically that means that if you need to pass an eye scan, just drink lots, grab a trolley, fall on your head, and nothing will be able recognise you by your eyes any longer as the features of them will have changed.
(probably talkin s%$t, but i could be right, right??)
Anyway, when I go get my eyes examined, there's this machine taking a picture of my retina and blowing air into it so as to remove water. Oh and they ask me to remove my lens first, imagine!
I have eyelashes long enough that they rub on most sunglasses I wear. They also blur my peripheral vision unless I open my eyes up really wide. How long do they have to be to interfere with such a system?
:)
I've never been game to trim them though
My daughters have inherited the long eyelashes though and they suit them much better.
I may just start selling signs that say "Secure Area: No Chopped Onions Allowed".
What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Well, in the Bush/Ashcroft 1984 utopia, the biometric identifiers are not only stored on your passport, but also in centralized databases. They aren't only used to tie you to your passport, but they are also used to retrieve possibly matching identities from those centralized databases.
Furthermore, the same centralized databases contain assessments of how much of a threat you likely pose, based on detailed information about where you have traveled, what kinds of political views you have stated in public forums (and maybe in private), the results of surveillance, contacts, purchasing history, insurance history, habits, and interests.
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
That one's even easier. The general idea is that all US citizens would have their biometric identifiers registered in central databases with an indication that they may enter the country. Furthermore, the biometric identifiers of everybody who has ever been denied entry would also be registered. When you appear at the border and your biometric identifiers fall into the first category, you are permitted in. If they fall into the second category, you won't be let in, no matter what your (probably fake) passport says. And if you fall in between--well, prepare for a long wait.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
I'm not saying that any of this will work. I'm just saying that, if you assume that biometric identifiers actually work reliably and/or that you can produce ids that are difficult to fake, you can concoct scenarios in which they would be useful for the intended purpose.
I think those are big "ifs", but if you are going to attack these policies, I think you need to dig a little deeper to do so.
from Pondexter (yes the evil big brother guy) where he said "in a lot of ways we have the worst of both worlds: no security and no privacy".
x te r.html
http://www.wired.com/wired/archive/12.05/poinde
(It was in this past wired, good article)
Im glad
All of the 9/11 hijackers had valid state IDs. I think about that while I'm showing my ID to the sixth person in the airport. Speaking of those guys, there was big report released last month showing that the federal TSA baggage screeners were just as incompetent as the private employees they replaced. It's all window dressing to make you feel safe enough to go out and spend your money. Meanwhile, our ports are wide open to someone slapping a stamp on a bomb.
-B
The title of the post is poorly worded. Crying doesn't BEAT iris scanners -- that seems to imply that by crying, the iris scanner goes "okay, you're good." Instead, the iris scanner FAILS if you cry. That means, if your eyes water, the iris scanner may not recognise you.
Needless to say, this makes a lot more sense, and is actually more acceptable. After all, (and here's my layman's view coming in) iris scanners are essentially cameras with some pretty cool-dude computer vision algorithms in the back. If your eyes are teary, the CV algorithms get messed up -- it's kind of like having a distortion lens (like an oddly shaped magnifying lens) on the front of the camera.
While people may joke about this technology and the whole id verification process/big brother, the fact is that its here to stay and I'd rather that flaws like this one are discovered in the initial test stages than having to spend hours proving who I am at an airport.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
A UK reporter was able to obtain a *real* fake ID for just over a grand. Through a network of bribes.. It's not as hard as you think..
Ask yourself this: How much do you recon they pay their staff at the passport issuing office? Now ask yourself how much that passport could be worth to someone! The math does itself.
ID cards are flawed because you can't secure a system that large. Criminals have cash to 'invest' in perverting your system.
Simon
"So the only people that can be succesfully scanned are Vulcans?"
First they have sex more often then I do, and now they can enter places I can't? Depressing.
"Derp de derp."
haha.. Lesson 2 in security. Authenticating a person doesn't tell you their motive.
Simon.
Where I work we use these iris scanners. I wear glasses for my astigmatism and the system reads just fine through my glasses, unless I turn them perpendicular to my face. Other people who work here have to remove their glasses regardless.
Also, people will rely on the DNA database as evidence, and not do the proper police/intelligence work. Fakers will escape the net. I always remember a maths teacher telling us to apply "sanity tests". Like roughly do the maths in your head and then check against the detailed calculations. The problem with systems over humans is that this is often not done (A bit like "why didn't Saddam fire those WMDs if he had them?")
If you do a test run with 1000 individuals,and find that 4% of the subjects are identified as someone else, then you really have a problem.
If you then scale up to 1 million people, you will find that a MUCH larger percentage of people will be misidentified: There is a much larger database of people who might have an iris that to the computer looks almost the same. That's when the shit hits the fan.
Who knows if it will flop or fly for what you've described it for, but I can think of a lot of good uses for it in the private sector.
Current time clock systems allow for a lot of cheating. "Here's my timecard, I'm going home early. Please clock me out". Timecard fraud becomes much easier to prevent when you can't just give someone your card to clock you out.
Most people HATE remembering passwords. If given the choice, most people would gladly trade in all their pins and passwords for the ability to have an iris scan identify them. Even if told it's not perfect.
What about cars? I'd love to be able to just open my door and while my hand is in contact with the handle scan my fingerprint and remember how I like my seat, mirrors, etc. adjusted.
I remember when Netscape first introduced cookies everyone was up and arms about the privacy issues. People were PISSED. And yes, plenty of people have abused cookies. But the benefits far outweigh the drawbacks. Almost all current web login systems use cookies. If we didn't have cookies we'd have to use a dirty work around like putting cookie data in the url for GET requests (which is incredibly insecure).
Biometrics are a good thing for day to day life. Very rarely does anything that sets out to change the world actually do; but it can definatly make the world a little easier to live in and help the average person immensely.
Why, oh why, is there not a "retarded" modifier?!
harmonious design
The pain with biometrics is, that it is so sexy and so hyped up, that people aren't willing to look at the numbers behind it. Contrary with what privacy and security people always shout, the biggest problem isn't that it doesn't stop criminals and terrorists. The single biggest problem of biometrics is its failure rate.
If you want to roll out biometrics on a massive scale, an accuracy of 0.1 percent chance for falsely rejecting a person means that at an average large airport, like JFK, Atlanta, Heathrow means that 1 in a thousand scans fails. Now this might not sound as a big chance, but since you need to go through the biometric scanner twice, when you get on or when you get off. So this reduces the amount of people nescessary for failure to 500. Result is that with the hundreds of millions flying on a yearly basis in Europe and the US over 100.000 people might not get on or off a plane.
You might be one of them!
Use Adsense for Charity
Given that the integrity, honesty, competence and trustworthiness of those at the top of the political power-pyramid has been well and truly drawn into question by recent events related to the treatment of prisoners in Iraq, am I the only one worried that these centralized databases of personal ID and info represent a *huge* potential for abuse?
:-(
It really scares me that what was frightening science fiction yesterday, looks like becoming reality tomorrow.
Looks as if one of our most important rights (the right to privacy and anonmymity) is about to be exponged forever -- with narry a whimper from the general population.
When *used* only as promised, modern sophisticated ID and tracking systems may pose no threat to the general public -- but what happens when (and that is *when*, not "if") they are abused?
What protection mechanisms are incorporated to stop some bureaucrat or politician (ab)using such a system to track a foe and use that information for their own means?
Isn't about time we told our politicians to back off and mind their own business?
While I'm most certainly not anti-American, I think the simplest and most effective way that the USA could reduce the risk of terrorist attacks is by getting out of Iraq and stop trying to expand its empire and the reach of its military muscle.
I can imagine how much better life would be for US citizens if the US government spent as much on the health, welfare and education of its own people as it has on war in the past 60 years or so -- and ultimately, what have they got to show for their involvement in Vietnam, Granada, Somalia, Iraq, etc?
Yeah, we all know that Saddam was a despot -- but I'd wager that there are just about as many people who regard Bush as a despot. Surely that gives them no more right to attack the USA than the USA had to attack Iraq. All sides in this battle are completely and utterly mad.
Uh-oh, off topic
This seems a worrying trend with biometric systems - even innocent fear/nerves cause physiological changes which can cause a scanner to give a 'no match' scenario. If biometric ID were to become compulsory, there is the distinct possibility of this problem becoming a real danger to the population.
For example, if you have some nerves or phobia about the screening process (big men with guns, what-ifs about false positives), your physiology changes, and your biometrics no longer match your card. You are therefore taken in for further questioning.
Even if you are cleared, the next time it happens, you are more nervous, and eventually this becomes a common event for you.
In extreme cases, some people's reinforced phobia would then prevent them claiming benefits, travelling, anything that the ID was required for, sine they fear the accusations and questioning.
This is similar to effects seen on the now-discredited polygraph, still in use by agencies worldwide.
For example, I always get tense going through metal detectors. This is partly due to a childhood visit to Washington from the UK, when by accident I triggered the bomb detectors on a visit to the CIA buildings. (I was about 7, and didn't realise my pocket fan would set off the detectors.) I was taken away from my parents, and searched. This is a big thing when you're seven, and now these sorts of checks make me (irrationally, I know) very twitchy.
If failing these tests due to phobia were to become a pattern with me, even if it meant I was often singled out in any sort of official process, I am sure my phobia's symptoms would increase, just driving up the error rate. Positive feedback, you see.
Comment removed based on user account deletion
Once they have a database they can at least make the comparison between citizens and aliens.
Assuming that the "database" is secure against alterations. Any government using such a system will require that falsified and completely bogus identities can be created and that they be indistinguishable from real identities. It wouldn't do for someone's ID to carry metadata which equates to "undercover law enforcement". It would only require one criminal or blackmailable person with the relevent access for this assumption to be false.
Rather gruesomely, the system checked for a pulse in the iris to ensure that you hadn't got a life-size photograph...or cut off the account owner's head.
When I am king, you will be first against the wall.
But who's going to sign it?
riding round the world on an old motorcycle
Iris scanners have a failure rate of around 4% -> 7%. This is a failure to identify a legitimate person against a *previously stored scan*. I.e. the scan stored in your biometric card or the scan stored in the government database.
Fingerprint scanners have a failure rate of around 2%.
Facial scanners have a failure rate of 10+%.
Government of the people, by corporate executives, for corporate profits.
So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"
:-]
Yeap its called my love life
Jaj
Both Labour and the Conservatives support the introduction of biometric ID cards. Labour because they believe it will give them control and the Conservatives because of the amount of money their contributors are going to make while rolling the system out.
We're lucky in that there is one party who are definitely against ID cards, the Liberal Democrats, but realistically, they don't matter. The UK has an election system which favours the largest minority (35%-40% is enough), handing them a disproportionate majority in parliament (around 60%).
P.S. For UK residents, the BBC has a campaign page for those who are against ID cards:
http://www.bbc.co.uk/dna/ican/G114
Government of the people, by corporate executives, for corporate profits.
Ask yourself this: How much do you recon they pay their staff at the passport issuing office? Now ask yourself how much that passport could be worth to someone! The math does itself.
In Bush's mindset, any staff person that would do such a thing should probably be considered a terrorist and can just be shipped off to Guantanamo without a trial, where they can be raped and tortured courtesy of the US government. Given that downside, faking ids for a few bucks probably seems a lot less appealing to the staff.
ID cards are flawed because you can't secure a system that large.
You can't in a freewheeling democracy with normal legal protections. But if you make the state sufficiently totalitarian and the punishments sufficiently severe, as history has shown, that sort of thing does actually work, at least for a while. And that's where Bush and Ashcroft are heading; they just aren't aware of the historical precedents they are following.
I had ops for cataracts when I was a child. As a result my pupils aren't the nice round sort the rest of you have but are sort of ragged. I wonder how Mr Blunkett's rinky-dinky little fascist scanner equipment will cope with my eyes?
Well no matter, hopefully me and the soon-to-be-missus will have emigrated to somewhere saner by the time the "voluntary" ID cards will have stopped being voluntary.
While Bipolar bears are currently undergoing rehabilitation from severe mood swings.
In practice, this is a nonsense argument. For example, most people here know that WinXP copy protection can be broken with the help of a few google searches that lead to a few russian websites. there are trivial ways to defeat masterlocks and the ordinary sort of locks that 'secure' house doors. modern money *can*, with enough patience and technical skill, be counterfeited.
And yet microsoft continues to have a keycode unlock to winxp, houses continue to have locks, and treasury departments still spend quite a bit per bill to give them 'security features.' why?
Because as anybody who would rather think about this for two seconds (rather than just whoring up for +5 insightful, as you have) could see, protection in a real and complex world is not about *absolute* protection, it's about decreasing the *rate* of violation/infringement.
I know several people who have bought XP where they pirated 95/98/whatever because of their fear of the online activation system. People continue to have locks on their houses because it will make their house less likely to be burgled, and the counterfeit protection on money stops all but the most determined counterfeiters.
Likewise, biometric data will NOT "prevent" or "halt" illegal immgrigration in an absolute sesns and it is unreasonable to claim that's what it's "meant to do." Rather, it will SLOW THE RATE of illegal immigration (if not terrorism--that is obviously less of a statistical process because of the smaller data set). What is stopping them from getting a *real* passport with teh correct biometrics in a different name? have you ever tried getting an illegal passport of the regular kind? it's not easy! now, try finding somebody who provides an illegal passport with an embedded chip in it! not easy at ALL, especially given that for example, you know, when a UK passport is scanned at a US border, the US queries (or can query) the UK systems to vouch for the authenticity of the passport.
To claim that anybody who wants to "immigrate enough" is bullshit. Sure, there will always be the top n% who are determined, clever, and connected enough to beat any system. But with inceased smart security such as biometrics in concert with other ideas, this n% becomes smaller and smaller.
MOD PARENT DOWN as he has provided NO INSIGHT
-1, Redundant.
Use ISO 8601 dates [YYYY-MM-DD]
I work at a high security department of a large company. I have to pass the iris scan on a daily basis and have never had any trouble with the machine not accepting my eye. And you don't want to know how my eyes look after a weekend of drinking and barely no sleep. You don't have to open your eyes very wide or anything that would make your eyes water. You just look into the machine the same way as you normaly look at something.... Vere rarely the systems doesn't accept you the first time but when you try for a second time the system gets it. We are talking about a 10-15 second procedure so You can't copmplain about that. I don't see the problem.
There are new advances in iris scanners where the scanners can operate even if the individual being scanned is wearing colored contact lenses or even nonreflective sunglasses. Personally I don't understand how anyone could be uncomfortable getting their iris scanned. Retinal scanning requires close contact with the scanning machine, whereas for an iris scanner, you can be a distance away, because your iris is visible from a distance. Minority Report ring a bell?
Ironically, the creators of these systems are probably crying over this.
Nah, this is just what happens when starry-eyed techies meet the real world. The gadget works under perfect conditions, and now the field trials will shake out all of the practical problems that were not thought of in the lab.
I think the real impediment is going to be the natural trepidation of one who finds himself expected to submit his *eyes* to a machine which will decide whether he's good or evil.
Beating the device would imply somehow fooling it to granting you access. The crying effect makes it so the device will not work. So it might be a useless technology if some people can't use it.
M@
Krispy Cream is people
"crying beats iris scanners"
This report is patently false. Why? This news comes from a politician. We all know that they void of human emotion therefore they cannot cry.
"There are no people alive without a head"
True, but many without a brain.
Beauty is in the eye of the beerholder.
ID checkpoints will only catch the stupid criminals based on the ID itself. But even a well-trained terrorist will have trouble not showing some nerves while being ID-checked by a uniformed officer. With proper training and experience, security officers could identify a pool of people with anamolous behavior that require further watching/screening.
Of course, the TSA probably doesn't train people in behavior observation, and the employees are low-paid and not well motivated. As Bruce Schneier said on the same subject: "We're taking smart people and replacing them with dumb technology, to the detriment of security."
Here in the US, my brother tried to replace his driver's license (the de facto US identity card) because his old one was damaged. He tried to use cash to pay the fee for this (probably something like $20), but then he discovered the driver's license center would only accept a money order because the employees of the center weren't trusted to handle cash. Seriously! Our government over here doesn't even trust the people who hand out ID cards with twenty dollars of cash!
...not "it falsely validated him."
Both the register and this slashdot article act as if crying or eyelashes will 'authorize you' when in fact, it just ensures that you fail.
Nice reporting.
Loading...
That's a good point. Your bouncer friend learned to spot nervous 19 year olds because he sees dozens of them every night. How many terrorists have been caught in US airports? Not many. Also, nobody over 21 is nervous about going into a bar. Millions of people get nervous about boarding a plane.
-B