Slashdot Mirror
Cry To Beat Iris Scanners
Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"
Hm, so technology meets the sterotypical cop: bat your eyelashes, cry a little and get out of the ticket.
A little learning never hurt anyone.
For the 123rd time. *How* does biometric data prevent terrorism or halt illegal immigration or any of the things it's meant to do?|
Terrorists: Is any (known) terrorist worth his/her salt going to fly on their own passport. What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
Stopping Criminals: Yes because criminals are moral enough not to have fakes!
The trade off isn't worth it. The only person this effects is you: the law abiding honest citizen. Life is no harder for any of the above groups.
Simon.
So we're going to have a system that is derailed by a few tears and fluttering eyelashes?
We already have a system like that. It's called Windows.
_
Download AWESOME music here (lame encoded).
"So we're going to have a system that is derailed by a few tears and fluttering eyelashes?" Yes. They're called women.
Sure, there's a problem with it correctly identifying the real people. But is this really "beating" the scanner?
Just a thought...
I recently had a bad fall and ended up in hospital (no need to mention the shopping trolley and the amount of alcohol that caused this situation)
After some standard tests, the doctor spotted that one of my iris's (sp?) was larger than the other, which had something to do with the head trauma.
Basically that means that if you need to pass an eye scan, just drink lots, grab a trolley, fall on your head, and nothing will be able recognise you by your eyes any longer as the features of them will have changed.
(probably talkin s%$t, but i could be right, right??)
Anyway, when I go get my eyes examined, there's this machine taking a picture of my retina and blowing air into it so as to remove water. Oh and they ask me to remove my lens first, imagine!
I may just start selling signs that say "Secure Area: No Chopped Onions Allowed".
What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Well, in the Bush/Ashcroft 1984 utopia, the biometric identifiers are not only stored on your passport, but also in centralized databases. They aren't only used to tie you to your passport, but they are also used to retrieve possibly matching identities from those centralized databases.
Furthermore, the same centralized databases contain assessments of how much of a threat you likely pose, based on detailed information about where you have traveled, what kinds of political views you have stated in public forums (and maybe in private), the results of surveillance, contacts, purchasing history, insurance history, habits, and interests.
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
That one's even easier. The general idea is that all US citizens would have their biometric identifiers registered in central databases with an indication that they may enter the country. Furthermore, the biometric identifiers of everybody who has ever been denied entry would also be registered. When you appear at the border and your biometric identifiers fall into the first category, you are permitted in. If they fall into the second category, you won't be let in, no matter what your (probably fake) passport says. And if you fall in between--well, prepare for a long wait.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
I'm not saying that any of this will work. I'm just saying that, if you assume that biometric identifiers actually work reliably and/or that you can produce ids that are difficult to fake, you can concoct scenarios in which they would be useful for the intended purpose.
I think those are big "ifs", but if you are going to attack these policies, I think you need to dig a little deeper to do so.
All of the 9/11 hijackers had valid state IDs. I think about that while I'm showing my ID to the sixth person in the airport. Speaking of those guys, there was big report released last month showing that the federal TSA baggage screeners were just as incompetent as the private employees they replaced. It's all window dressing to make you feel safe enough to go out and spend your money. Meanwhile, our ports are wide open to someone slapping a stamp on a bomb.
-B
The title of the post is poorly worded. Crying doesn't BEAT iris scanners -- that seems to imply that by crying, the iris scanner goes "okay, you're good." Instead, the iris scanner FAILS if you cry. That means, if your eyes water, the iris scanner may not recognise you.
Needless to say, this makes a lot more sense, and is actually more acceptable. After all, (and here's my layman's view coming in) iris scanners are essentially cameras with some pretty cool-dude computer vision algorithms in the back. If your eyes are teary, the CV algorithms get messed up -- it's kind of like having a distortion lens (like an oddly shaped magnifying lens) on the front of the camera.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
A UK reporter was able to obtain a *real* fake ID for just over a grand. Through a network of bribes.. It's not as hard as you think..
Ask yourself this: How much do you recon they pay their staff at the passport issuing office? Now ask yourself how much that passport could be worth to someone! The math does itself.
ID cards are flawed because you can't secure a system that large. Criminals have cash to 'invest' in perverting your system.
Simon
"So the only people that can be succesfully scanned are Vulcans?"
First they have sex more often then I do, and now they can enter places I can't? Depressing.
"Derp de derp."
haha.. Lesson 2 in security. Authenticating a person doesn't tell you their motive.
Simon.
Where I work we use these iris scanners. I wear glasses for my astigmatism and the system reads just fine through my glasses, unless I turn them perpendicular to my face. Other people who work here have to remove their glasses regardless.
Who knows if it will flop or fly for what you've described it for, but I can think of a lot of good uses for it in the private sector.
Current time clock systems allow for a lot of cheating. "Here's my timecard, I'm going home early. Please clock me out". Timecard fraud becomes much easier to prevent when you can't just give someone your card to clock you out.
Most people HATE remembering passwords. If given the choice, most people would gladly trade in all their pins and passwords for the ability to have an iris scan identify them. Even if told it's not perfect.
What about cars? I'd love to be able to just open my door and while my hand is in contact with the handle scan my fingerprint and remember how I like my seat, mirrors, etc. adjusted.
I remember when Netscape first introduced cookies everyone was up and arms about the privacy issues. People were PISSED. And yes, plenty of people have abused cookies. But the benefits far outweigh the drawbacks. Almost all current web login systems use cookies. If we didn't have cookies we'd have to use a dirty work around like putting cookie data in the url for GET requests (which is incredibly insecure).
Biometrics are a good thing for day to day life. Very rarely does anything that sets out to change the world actually do; but it can definatly make the world a little easier to live in and help the average person immensely.
Why, oh why, is there not a "retarded" modifier?!
harmonious design
Given that the integrity, honesty, competence and trustworthiness of those at the top of the political power-pyramid has been well and truly drawn into question by recent events related to the treatment of prisoners in Iraq, am I the only one worried that these centralized databases of personal ID and info represent a *huge* potential for abuse?
:-(
It really scares me that what was frightening science fiction yesterday, looks like becoming reality tomorrow.
Looks as if one of our most important rights (the right to privacy and anonmymity) is about to be exponged forever -- with narry a whimper from the general population.
When *used* only as promised, modern sophisticated ID and tracking systems may pose no threat to the general public -- but what happens when (and that is *when*, not "if") they are abused?
What protection mechanisms are incorporated to stop some bureaucrat or politician (ab)using such a system to track a foe and use that information for their own means?
Isn't about time we told our politicians to back off and mind their own business?
While I'm most certainly not anti-American, I think the simplest and most effective way that the USA could reduce the risk of terrorist attacks is by getting out of Iraq and stop trying to expand its empire and the reach of its military muscle.
I can imagine how much better life would be for US citizens if the US government spent as much on the health, welfare and education of its own people as it has on war in the past 60 years or so -- and ultimately, what have they got to show for their involvement in Vietnam, Granada, Somalia, Iraq, etc?
Yeah, we all know that Saddam was a despot -- but I'd wager that there are just about as many people who regard Bush as a despot. Surely that gives them no more right to attack the USA than the USA had to attack Iraq. All sides in this battle are completely and utterly mad.
Uh-oh, off topic
This seems a worrying trend with biometric systems - even innocent fear/nerves cause physiological changes which can cause a scanner to give a 'no match' scenario. If biometric ID were to become compulsory, there is the distinct possibility of this problem becoming a real danger to the population.
For example, if you have some nerves or phobia about the screening process (big men with guns, what-ifs about false positives), your physiology changes, and your biometrics no longer match your card. You are therefore taken in for further questioning.
Even if you are cleared, the next time it happens, you are more nervous, and eventually this becomes a common event for you.
In extreme cases, some people's reinforced phobia would then prevent them claiming benefits, travelling, anything that the ID was required for, sine they fear the accusations and questioning.
This is similar to effects seen on the now-discredited polygraph, still in use by agencies worldwide.
For example, I always get tense going through metal detectors. This is partly due to a childhood visit to Washington from the UK, when by accident I triggered the bomb detectors on a visit to the CIA buildings. (I was about 7, and didn't realise my pocket fan would set off the detectors.) I was taken away from my parents, and searched. This is a big thing when you're seven, and now these sorts of checks make me (irrationally, I know) very twitchy.
If failing these tests due to phobia were to become a pattern with me, even if it meant I was often singled out in any sort of official process, I am sure my phobia's symptoms would increase, just driving up the error rate. Positive feedback, you see.
But who's going to sign it?
riding round the world on an old motorcycle
Iris scanners have a failure rate of around 4% -> 7%. This is a failure to identify a legitimate person against a *previously stored scan*. I.e. the scan stored in your biometric card or the scan stored in the government database.
Fingerprint scanners have a failure rate of around 2%.
Facial scanners have a failure rate of 10+%.
Government of the people, by corporate executives, for corporate profits.
I work at a high security department of a large company. I have to pass the iris scan on a daily basis and have never had any trouble with the machine not accepting my eye. And you don't want to know how my eyes look after a weekend of drinking and barely no sleep. You don't have to open your eyes very wide or anything that would make your eyes water. You just look into the machine the same way as you normaly look at something.... Vere rarely the systems doesn't accept you the first time but when you try for a second time the system gets it. We are talking about a 10-15 second procedure so You can't copmplain about that. I don't see the problem.
"There are no people alive without a head"
True, but many without a brain.
Beauty is in the eye of the beerholder.