Slashdot Mirror
Would You Submit Biometric Data to Join a Gym?
An anonymous reader asks: "I went to my gym (Rocky River, OH branch) yesterday and there was a huge line of people at the counter. When I went to the scanner to swipe my membership card, I noticed they were training people in the use of their new security system that requires the input of your thumb print. There currently a story on boingboing that mentions a tanning salon in Arkansas that is enacting a similar policy. I'm going to call the gym later today and see what type of security they have on their network. I guess we can look forward to a future where these sorts of personal services clubs require the submission of biometric data. I was wondering how the members here at Slashdot feel about the security risks involved in submitting biometric data to small private companies?"
As far as I know, biometric devices store only a signature of your fingerprint (like a digest of key points), so the stolen data would be of little use. Moreover they care about security because they normally control access to places.
I would worry more about the other data they could hold on their machines, which could contain more sensitive personal information and could be stored in less secure machines.
There's still a lot of sensitive data (medical records etc.) stored in Access databases and similar by people not really expert on computer security, often in old not updated windows PCs... that scares a lot me more!
It's already been done. There was even a Slashdot article on it. The guy took an computer image and make a mold and use gelatin. Then he put the gelatin on his thumb and fooled almost every finger print device he could find. He could also eat the gelatin off if someone got suspicious.
Think before you post next time.
Every time I see this stupid line on Slashdot it's from some idiot who is totally wrong and feel you can think up facts instead of bothering to Google for them.
I don't even want to get started about how clueless your one-way hash is. Or how much easier it is to download thousands of finger prints from a computer than it is to follow thousand of people around looking for a good print.
Next time, don't post.
1) Make it optional. Don't want to submit your thumbprint? Fine.
But if you switch you get a 3% discount and a free drink every month! But you loose a bit of privacy.
That's the way big stores (Walmart&Co) get you to switch to their rabate system. You safe $50 a year. They earn $100 because the sell your data to "data blackhole" companies like ChoicePoint.
How much worth is your privacy?
Don't wait until there is any kind of self regulation in the "data grabbing business".
In Germany the data belongs YOU! You have the right to demand for information regarding your personal data. If the company does not ansnwer in time (14 days) you can inform the data protection officer and he will investigate for you.
Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
You realize of course that the woman who CLAIMED to find that finger is now facing fraud charges right?
here
or here
or here even
another one
In other words.. she's a known con artist, and now she's paying the price for being clumsy.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
Latex or geletin successfully fools almost all biometric security devices in use today.
http://www.security-focus.com/news/6717