Slashdot Mirror
Home Secretary Requests Fingerprint-Activated iPods
John Reid, Home Secretary, has called upon tech manufacturers to improve the security on their gadgets to help with his recent push to frustrate criminals. Inviting Apple, Sony, and several others to his crime fighting summit Reid hopes to attack the rising robbery numbers in the most recent Home Office figures.
...because nobody would ever find the owner's fingerprint in their home!
This is yet another case of legislation coming up with the wrong solution to the right problem.
There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.
...thieves have not only been stealing the iPods, but cutting off their victim's fingers as well. Given this new threat, the Home Secretary is calling for iPods controlled by brain waves.
GetOuttaMySpace - The Anti-Social Network
For the criminals!
And the solution is to force vendors to give the government more tools to monitor you!
Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.
Why fingerprint-activated iPods? So no one but me can find out what's on my iPod? (Like I care if anyone knows that I listen to Disturbed, Metallica, or Puddle of Mud?) So no one will steal it? How fast before the thieves figure out how to disable the fingerprint scanner? All this'll do is drive up the cost of iPods, as if Apple didn't already charge and arm and a leg for the things.
My blog
Wifi enabled players + municipal wifi + device ID + central revocation list = frustrated criminals.
[Insert pithy quote here]
Now when they steal my iPod not only will they get a few thousand pounds worth of music, they will also get the fingerprint data I was forced to use as the password for my bank account.*
You don't have enough fingers to generate unique passwords for everything!
*Yes, I am aware they could be stored as a hash. Some electronics companies will probably do so - but all of them? And how many will use a good hash that has decent properties for the application? I'm guessing at one, and that will only be due to an accident.
Beep beep.
would offer the ultimate in security for the theft adverse iPod owner.
So why mess about with half measures like fingerprint activation? After all, if you stick it someplace where the sun don't shine, ain't nobody gonna know you're iPodding. Ignoring the obvious question of who the hell would try to steal an anally inserted iPod, who would purchase an (obviously) stolen / used anally insertable iPod?
Why the market for stolen iPods would close up tight.
A message from our sponsor
Trying to get a handle on this kind of theft is like trying to get your hands around some liquid. There's just no way to contain the stuff, it's going to come leaking out between your fingers somehow.
This reminds me a bit of the statistic I heard where more and more people are, in the face of those microchip car keys, just breaking into homes and stealing the keys rather than breaking into the car. If they need me to activate my device before they can take it, they're just going to pull a gun or knife on me.
A user activatable but then non-reversible lock that requires your iPod to check in with Apple every time it syncs to ensure its serial number isn't on a list of stolen ones. Then provide a means to access any/all serial numbers you have registered to you and lock them down.
If you don't want your iPod tied to to needing a net connection to sync, don't enable the feature. If you want to know that anyone who mugs you for it gets a worthless lump of metal and plastic - and you're fine with the trade off - turn it on.
It doesn't even need to be that universally used to take a bite out of crime. If people quickly learn the $50 iPods guys in the pub offer them (which, let's face it, they know are stolen but think they're getting a great deal and so don't care) may well not work, they're not going to hand over the $50. You don't have to disable every last stolen one to make buying a stolen one enough of a gamble that people stop doing it and thus they stop being desirable to steal.
Yes, it would become a potential pain for retailers who accept returns but a simple app could let retailers check the iPod hadn't been locked down before accepting returns. Given Apple "authorizes" retailers, this would give them a finite list of people to distribute it to and increase the value of being an authorized retailer.
Why UNIX?
"I'm sorry sir. Your identity has been compromised, and we are revoking all known authenticators. Your physical characteristics are no longer valid to autheticate your personal identity. You have been added to the list of unconfirmable citizens. Please turn in your face and fingers to the Department at the earliest possible opportunity."
"Flyin' in just a sweet place,
Never been known to fail..."
...just won't work. I can't quite put my finger on it though.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
One of the biggest problems with biometric authentication is the lack of ability to revoke a compromised biometric key. Sure you can revoke rights based on a fingerprint, but then you've no way to use it again. Lifting fingerprints with gelatin isn't really that hard. See http://www.schneier.com/crypto-gram-0205.html#5 for more information on the gummy-bear fingerprint reader bypass technique.
Personally, I think biometrics are great as a username equivalent, but should not be relied on for authentication. There is sound reason to have (1) something you have with (2) something you know in a good authentication system. The ability to revoke and re-generate either component is needed.
-Michael
Why finger prints?! Why not just use the good `ol numeric 4-digit password? Seems to be working fine for the majority of people who use banking machines every day.
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.
... but there could be punishment!
Well, maybe not security
I propose that we build a small quantity of plastic explosives or thermite into every new portable device. They will take commands from the GSM cellular network and, upon command from the manufacturer, on receiving word from the original purchaser that the device has been stolen, explode/melt and blow/burn pieces of the device into the criminal's (or person who received said stolen property) face/hands/thighs. It will also have the handy side-effect of securely deleting confidential data. We'll just need some laws to indemnify manufacturers and owners from said criminals' lawsuits, and after that, we'll just let the problems work themselves out.
I foresee this having a slight negative impact on the used-equipment-on-eBay market, but overall I think it'll be a good thing.
What could possibly go wrong?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Or perhaps you could read the linked article. Oh wait this is Slashdot, nevermind.
Like the endless parade of anti-IP-infringement measures, like the endless surveillance and mail-sifting programs, this is yet another result of a bunch of people facing (or creating) a social problem, and then trying to convince themselves that a nifty gadget will fix it.
And it's the latest in a long parade.
What they've got is a culture that favors the instigator, rather than the victim, in robbery, street violence, and general antisocial behavior. Here are their solutions so far:
--Cameras
--Electronic tags
--New Databases (rather like many large companies, the UK government loves greating A New Database to solve any kind of problem)
--Magic dream iPods that can't be stolen or some such rubbish
It's a simple choice -- you can either address a problem, or you can talk about how cool it would be if a gadget would make it go away.
Whence? Hence. Whither? Thither.
Hmm... I have a strong feeling that, like all other security measures we encounter, they will be far more inconvenient to legitimate users than they will be to "criminals".
It's such an old story in the tech industry, and probably spans back throughout most of mankind's recent history now that I think about it. Just that little bit of extra hassle to do what you're trying to do, that actually won't do much of anything against your average "criminal". For a quick example, note the fact that effectively all computer games since the late 90s require that you keep the game CD-ROM in the CD drive while you play the game.
It's not a huge deal, per se, but it's yet another one of those things that we put up with in order to "stop the criminals", or whatever (even though the so-called criminals laugh at the pathetic "security" as they remove it with a couple clicks).
...that'll teach them criminals for sure!
I called it a mighty Sperm Whale, she called it Finding Nemo.
John Reid is really, really keen on keeping Biometric information for all UK citizens as part of a national ID project. Naturally enough, a large proportion of the UK population is uncomfortable with the idea. I suspect that this new idea is an attempt to encourage people into thinking that biometric identification is a part of everyday life.
As other poster's have pointed out there are other methods of protecting these sorts of devices (think of your car stereo for example) so it's reasonably clear to me at least that Reid has an ulterior motive.
Well yeah. You're the guy who produces, and they (muggers etc) are parasites -- so the burden's always going to be on you, whether it's the burden of paying more for your iPod or the burden of paying tax for a proper legal and penal system, or (if you roll that way) the burden of throwing more money at an education system which focuses entirely on league-tables and 'building self esteem'.
The UK's like the USA -- it educates *some* of its own people but generally it relies on attracting people who were educated elsewhere and immigrate in order to make money. Actually, these days the UK is *more* like this than the USA is -- it's an economy that depends utterly on immigration. This leaves the lower-class young UK-ians, who are often educated to a horrifyingly low level, with a stark choice between crime, the Army, and the supermarket checkout. In the USA the latter two are more likely overall, but in the UK the crime option is a lot safer, and thus the iPod problem.
I think it's just one of those things that nothing much can be done about.
Whence? Hence. Whither? Thither.
Khan: I'll agree to your terms, if.... if.... in addition to yourself, you turn over to me all recordings and album covers regarding the band called "Genesis".
Kirk: Genesis? Which one, Peter Gabriel or Phil Collins?
Khan: Don't insult my intelligence, Kirk!
I know I'm sleeping better at night knowing that Homeland Security is focusing it's attention and resources to the critical matter of protecting the nation's valuable mp3 players. Forget about border security, cargo inspection or tracking illegal immigrants. That stuff is peanuts.
http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m
Engineering is the art of compromise.
In the end, iPods and similar items are not sufficently valuable to bother with extensive access controls. It's doubtful that the UK police could even be bothered to investigate the theft of an iPod.
As for the content, well, that's what backups are for :-)
Why doesn't Reid try to figure out ways that police officers can be freed from the mountain of paperwork they're forced to create every shift so they can go out on the nosey for scabby crims to smack about/arrest with the minimum necessary force? Then they'd maybe stop some of the muggings where people are getting hurt and killed.
Even if this fingerprinting scheme were adopted, all it'd do is give fences a reason to give the crim buttons for ipod. It wouldn't stop a thing. It might make the muggers more vicious as they'll have to be more prolific to cover their crack tab for the night and really don't want to spend their time asking nicely.
One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
Just what we want...new tech to add to the device like an iPod, that drives up the size of the unit, the cost of the unit, whilst adding nothing to the primary function of the unit (audio/video playback).
Hey, if someone steals it...it is replaceable.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Steve Jobs - easily the most stubborn man in high tech meets our alcoholic, belligerent, bullying Minister of the Interior.
At last, Dr. (economics (Marxist ones at that)) John Reid will come up against someone every bit as awkward as him - although unlike Reid, Steve Jobs sounds like he knows what he's talking about.
Apple and Sony will tell Dr. Demento that they don't make their products in the UK, nor do they design their products in the UK and that the UK only represents a tiny part of their market so they see no need to burden themselves with additional costs just so that John Reid can bolster his chances of leading a clapped out Labour Party by looking tough on crime.
I just hope Steve Jobs is a little more blunt about it and shows Reid just where he can stick a music player in order to deter thieves.
Apple offers free engraving when you buy iPods from their online store (which I believe is what the grandparent was hinting at).
Think of it this way, guys. This is an opportunity for Apple to "Reinvent the Fingerprint Scanner."
I can see it now, Uncle Jobs on the stage unveiling this amazing reinvention. I think it will inject neurotoxin into whoever's print does not match. An on top of that, it will shout "Exterminate!" like a Dalek! But what if your print doesn't scan correctly and you are injected? Easy, just rescan your print correctly and it will give you a dose of an antidote!
Fire him. On the spot. For sheer stupidity and completely getting his priorities wrong. Jeeeesus - are this the problems he should care about?
How about we use that serial number for some good?
Each iPod makes a connection to the computer and iTunes. Why not have it report its serial number? If your iPod is stolen, you can just report it as stolen and it should render it useless. Would not be very hard for apple to at least institute a list of stolen iPod serial numbers? As it stands, they do nothing about it. I bet that if I stole somebodys iPod I could then go to apple support, register it, and send it back to apple for repairs, no questions asked.