Slashdot Mirror
Would a National Biometric Authentication Scheme Work?
Ian Lamont writes "The chair of Yale's CS department and Connecticut's former consumer protection commissioner are calling for the creation of a robust biometric authentication system on a national scale. They say the system would safeguard privacy and people's personal data far more effectively than paper-based IDs. They also reference the troubled Real ID program, saying that the debate has centered around forms of ID rather than the central issue of authentication. The authors further suggest that the debate has led to confusion between anonymity and privacy: 'Outside our homes, we have always lived in a public space where our open acts are no longer private. Anonymity has not changed that, but has provided an illusion of privacy and security. ... In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy.' The authors do not provide any suggestions for specific biometric technologies, nor do they discuss the role of the government in such a system. What do you think of a national or international biometrics-based authentication scheme? Is it feasible? How would it work? What safeguards need to be put in place?"
This would do a lot of things. It would a) keep tabs on anyone who was not american (potential terrorists!) b) keep tabs on problem individuals c) increase national security, because sex offenders could be tracked (and given poor service when they're trying to access govn't services. Not all are good, but not all are bad. Maybe we could just do this for category (c)? ... oh wait, they've tried tracking them. It didn't work. Why would it work on a national level?
. . . if there's a biometric "authentication" method that hasn't been cracked in the real world in ways that would be easy for the average clever crook to duplicate for a trivial amount of money. Fingerprint scanners are trivial - Mythbusters fooled a brand new, state of the art door lock with a xerox of a fingerprint, by licking it. Retina scanners have been cracked, facial recognition software is a joke with no punch line. What else is there?
And once a system has been cracked, it is totally useless, since you can't change your "password" on biometric stuff.
If history has taught us anything over the past few years, it's that putting guys from Yale in charge of things is always a great idea.
So let's let this wise man create a national biometric identification system. It sounds like a bad idea to me, but I'm just part of the rabble. I haven't had the benefit of his education and experience. I've never even been to a regatta!
The issue isn't if we need a national id system. We already have one. It's called a social security card. And as far as it goes, it works. Alot of fraud and general naughtiness, but it works. Any idea that would get implemented would work just as well as that. One reason, and one reason alone. Greed. If the system can be used by humans, it's going to be faulty.
Restore the madness of youth's lechery
Yes of course it would work!
Everyone knows that bad people are entirely willing to be completely honest, so obviously a system like this would mean we would know everything about them, and could stop all evil in the world.
It sounds interesting, but I am not for governmental control or involvement. Most here believe less government is better government. Why would we want to involve an entity that can't even balance a checkbook get its hands on something this complicated. I'm sorry but I don't see George W, Hilary Clinton, Barack Obama, or John McCain doing an adequate job at all except to hose it up and force regulation and compliance. Our current issues will not be solved with this. They will only take on a new twist.
I eat Karma for breakfast, lunch, and dinner. That's why I don't have any.
The difference between possible and impossible lies in determination.
Biometrics is inherently flawed as an authentication system, because biometrics is a password you can't change. Once someone gets your password, or at least the numerical representation of it such as could be lifted from a compromised reader or database, you are toast. How are you going to change your retina scan to something new?
And never mind the demonstrated hackability of all but the premium readers.
Biometrics sound great at first blush, and to the common voter they seem foolproof, so this fad will get worse before it will get better. In fact, the authentication issue may have achieved the level of complexity as the net-neutrality issue, such that Joe Registered Voter cannot possibly understand it (even if he is the rare sort to spend an hour googling it before forming an opinion).
Meanwhile, text passwords plus certificates (where 'certificate' could be a smart card, or your cellphone's IMEI, or whatever) is still the answer for security. It's awful, to be sure, but it's much less awful than biometrics.
FATMOUSE + YOU = FATMOUSE
We do NOT need National IDs at all, other than passports.
Perhaps not technically 100%, but you can expect a reasonable level of privacy/anonymity in public.
This could destroy that.
---- Booth was a patriot ----
The idea that every fingerprint is unique is a untestable hypothesis, since you'd have to fingerprint everyone ever born, right? We assume it's correct because we've never found examples of fingerprints that were identical.
So my question is this: if we were to fingerprint everyone in the US (all 300+ million of us)... does anyone think we might find that matching set? No one has ever done a fingerprint database of that size, right? With a quick search, I couldn't find out how many prints were in AFIS.
On the topic more directly, I'd say this would be nearly impossible. Ignoring the privacy concerns that people would use to try to stop thing going into effect... does anyone think we would be able to convince most/all of the 20 million or so illegal aliens in the US to do this? I would think you would run into the same problems in just about any other country, except somewhere like China.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
The article is about someone saying why we need one. I agree that we need a secure scheme that provides both authentication and anonymity as appropriate. Without a proposed scheme in front of us there's no way to answer the /. headline's question, "Will it work?" So stand by for a thread full of rants about privacy and big government.
Even the courts have found that anonymity is important component of freedom of speech. (Along with freedom of association.).
It is dangerous to be right when the government is wrong.
Just like in the UK, it'll work until it's cracked. Or the RFID data from passports. It is no business of the government who I am, or where I am without probable cause by a signed affidavit. There's a sufficient majority that would make sure that a national ID system is never used in the US that it's moot anyway. And for Larry Ellison and others that want to try it, they'll get laughed at, again, and just as loudly.
The question isn't unique IDs, it's tyranny. We hack tyranny first.
---- Teach Peace. It's Cheaper Than War.
So according to Yale, home of the Skull & Bones secret society that churned out the Bushes and others, if we're in public, suddenly we've lost all privacy? No matter if we're out and about in public or not, what we do is OUR act, it is a private act between us and whomever, not an act that should be monitored and "authenticated" by Big Brother at every moment. Terrorists are 1 in 50 million at best, so do you want to sacrifice 100% of your freedoms and privacy for the ILLUSION of security?
Just say no to Big Brother and the Real ID act. Or else you will find yourself at a random checkpoint soon being asked to "Show Me Your Papers, errr... Thumbs!"
I want the right to be anonymous!
I want the right to be left alone!
I want to be able to walk down the street anonymously. I don't want adds calling out my name like in "Minority Report". Being anonymous is not just about being on-line, it is also part of being left alone. It seems that the right to be left alone is overlooked in these discussions.
I know why you did it. I know you were afraid. Who wouldn't be? War, terror, disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense. Fear got the best of you,... -V from V for Vendetta
The real issue is whether you choose want to have any one organization to own all the identification information, and if anyone truly believes it will be confined to be used only for the sole purposes as it was originally prescribed.
Microsoft found out the hard way that the public doesn't like this idea much with passport. Now the more recent technologies such as cardspace, openid, and other such frameworks talk more of how you can distribute identity among different providers or control parts of it on your own without creating the gigantic single provider of identity.
Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
The summary talks about a common misconception, and manages to create another.
Authentication is when you identify(as in Identity) yourself, when you want to(say, to enter your home), or to get that 5% rebate at that place you like to eat at.
Anonymity is when someone else wants you to identify yourself, and you refuse.
Imputability is when someone's done something and 1) you want to Identify them properly, and 2) do something about some of the people you identify(presumably because something they did was wrong)
Anonymity is something private citizens like, in part because they don't much like imputability. That is when they do something, and it's not tied to their Identity.
Forcing someone to authenticate themselves is something the police, for one, likes, because
1) It prevents them from being blamed for mis-identifying someone
2) If they catch you doing something, and impute it once you authenticated yourself, they're fairly sure they impute it in such a way, it will follow you for a long long time(if they can impute your "identity" more on that later.
However, it has its drawbacks
1) If you authenticate yourself with falsified credentials, you get someone else blamed for your acts
2) It doesn't deal with the fact that you may be unable(damaged or lost credentials)/unwilling to identify yourself/automated systems may mis-indentify you
It doesn't solve the question of "Identity" itself either. Like when the no-fly list(falling under imputability) lists names(which can be the same for two people), leading to the same result as a falsified authentication.
Just a quick summary:
Identity: Who you are
Authentication: Proving who you are
Anonymity: Not having to say who you are
Imputability: Blaming who you are
The four are interlinked, but often confused, as in the article.
People interested in laws like RealID need to pay a lot more attention to distinctions between all four. Until the authentication part can be more more foolproof, the imputability is scary(you can be blamed for stuff you haven't done), the anonymity, well it's scary to those who'd rather deal with people they can identify(and therefore impute, think contracts to keep it in the white hat sphere). And the Identity, well that's the real problem. If you have a single, centralized database, any single mistaken Identity becomes life-altering, if not actually life-threatening(correcting someone's id with falsified credentials in order to make their lives a living hell? Yes, it can do that).
Does that bother you a little? I know it does me.
Biometic ID has a catastrophic fundamental flaw that is never discussed. It can not be revoked. If you loose your credit card or it is stolen it can be revoked. Your password or pin are cracked, changed. Your retina, fingerprint, vein pattern etc.. is digitally compromised. You are screwed! Period! Next!
"This message was sent from an Apple
Deceptive lies, this piece. Anonymity is not a veil for no privacy. We're just losing our anonymity in public too. Isn't new technology great?
Making ID bind harder will make identity theft hit innocent victims that much harder. Moreover, I think the cost of cleanup of a successful forgery or theft will go up much more steeply than the cost and effort required for perpetrating it.
Because biometrics makes this thing 100% secure, no? Yeah, stop laughing already. It's not funny because our benevolent overlords actually believe that crap. Don't kid yourself they don't.
I say we should use that newfangled technology to implement mutual authentication like kerberos does, except perhaps with less need for a trusted third party. It would be interesting to see if we could come up with something like that. And what happened to zero-knowledge proofs? I want my ID card to have that, dammit, not these stupid RF-broadcast-my-ID things with my fingerprints in them.
I feel like this would lead to something we tend to see in sci-fi books and movies, where a society of untagged people exist in some sort of underground world. Scary, but could be cool
It doesn't matter how strong your security system is, it will fail. What happens when it does? I can't get a new $BodyPart if some fraudster spoofs it.
How dare you be so modest!! You conceited bastard!!
Who is to be trusted with by biometric data? Who would have access? How would the software/authentication work? Who will write the software? Is it going to be proprietary? Will it be enabled in voting machines? Why should I trust the government agency/subcontractor to do all this correctly? It seems that whoever controls this biometric data would have A LOT of power, especially if its integrated into every little device out there. Consider the potential lack of transparency in, say, an election. Could some government employee, maybe just above the average capabilities of a TSA employee, tamper with election results? Also, if my biometric info is linked to my credit card, how hard would it for that person to go on a shopping spree. How could I prove it wasn't me? The whole thing wreaks...
No identity system will remain uncracked forever. That's just the way it is these days. A better solution would be to take what we already have and improve the security so that everyone's personal information isn't at risk when a poorly-trained government employee with a laptop decides to leave it somewhere where it can get stolen.
- Yes, biometrics is immutable, but added an RFID adds a mutable piece
- Placing the RFID in the hand would allow a convenient way to get a fingerprint reader AND a chip reader to read both halves of the key.
- Conversely, it would be tricky to hack BOTH the bio and the RFID at the same time, especially in the middle of WalMart.
- Need retinal scan? Stick it in the forehead.
- If your Bio/RFID pair gets hacked, change the chip, or put in a fresh one set the old one as Active=0
Two keys work for nuclear safety. Why not personal data? The scariest part is that I'm NOT being sarcastic. Geez o'Peet, that 1st Century fisherman really hit the nail on the head! (Ok, that was a little sarcastic.)Skip the flamebait modding and tell me why this wouldn't work?
The US Federal Government should not be entitled to know *ANYTHING* about you without pressing reasons.
The idea of putting everyone's information on-file is based on the hypothesis that everyone is guilty of something, and they need to be identified as quickly as possible.
Human rights are being thrown out the door more quickly every day!
People have forgotten that a police officer's job is supposed to be damn near impossible. This is to prevent innocent people from being convicted of crimes that they did not commit, and it is very effective. Any time someone is wrongly convicted, or even ACCUSED of many things, their life is utterly destroyed.
Having been the victim of crooked police officers abusing their police powers on multiple occasions, I can safely say that there are *NO* safeguards that can be put in place to keep this kind of data from being misused, because the very people it would be safeguarded to are the most likely to abuse it.
There should be no readouts of whom is where at any given moment.
The amount of CCTV footage available in major cities is absolutely criminal. Nobody should be able to patch into a system and watch your movements nearly anywhere you go. There are VERY few places where an exception to this is acceptable..and those would exclusively be at places where there are things that could be used as weapons of mass destruction. (airports.. a-la planes being crashed into buildings, nuclear power plants, military ammunition magazines.)
People have the right to live their lives without being spied on constantly!
DON'T GIVE UP THIS RIGHT! FIGHT FOR IT!
I want full control over saying yes or no that is or is not me. What is required is a three party trust system - each of the two entities in a given transaction need to have their own final aribiter, and there must be a mutually trusted third party witness. Who the third party is should be open to competition. The critical part of this is that I want MY server(s) to keep track of where I am 24/7 (not somebody else's server, including the cell phone provider I may use for this purpose). MY trusted server (ok, the service I'll pay) should have access to my current communications channels and multiple ways of verifying my physical presence. If a challenge comes in that says I'm using a credit card in Iowa when I'm in Pakistan and have no recent net connection to the company presenting that request for authentication, I should be unobtrusivly asked for verification.
Where I am 24/7 is MY business. You should be able to only ask "Are you at this place right now?" and my agents should only say yes or no after asking "Who wants to know?"
On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
Yes, this system would work perfectly for spying on all political opponents (and blackmailable "friends") personal info, just like reported tonight at at the State Department, spying on Obama's passport file.
--
make install -not war
I think there is a real need for a central system to verify an individual is an individual, for instances where government documentation is required (drivers license, passport, etc.) - even cross border. The only caveat be that it not store any information about you, nor make any information other than this is Joe Smith or this is not Joe Smith or Unrecognized person available to the Entity requesting verification. It could be done in a trusted environment, where your information is sent encrypted to the central service (so the entity seeking verification does not get to see/store your personal records), and accept a boolean [or integer] response. I think credit beauros, corporations and big brother would love to know every bit of meta data they can collect about you in a central government mandated space. It's the corporations use of this information that scares the hell out of me. Not interested in having spam follow me when I change my address... or give them a profile to target their spam. Big brother is always going to have certain information on you. Fact of life. I can't tell how many times I have had to have fingerprints taken for work or visa's or other activities that require government clearance that has taken several months just to verify that I am who I claim to be. They could make it optional - i.e. use this and we know what color underwear you wear, with immediate verification when required, or don't and wait 6 months for the answer to be verified manually. That way one is incentivized, and the paranoid can remain in their misguided impression that they are off the radar. I am aware of issues with fingerprint readers, but there are basic things that can be done depending on the level or grade of surety the situation requires, anything from a smart card, to photo, iris, fingerprint or advanced fingerprint in front of a trusted agent (such as policeman or customs agent) who can verify it is your finger and you don't have someones chopped off finger in your hand. They have recently introduced a basic system at UK Airports that does this (Iris recognition). Works like a charm.
The article is right: anonymity is not privacy and privacy is not anonymity. However, anonymity is a form of privacy and should be protected within reason.
Another way of looking at it:
privacy: people not knowing what you've done.
anonymity: people not knowing who did X.
if you lose anonymity, you lose privacy in relation to X, and where X covers everything in the public sphere, you lose all privacy except in relation to those things that are not in the public sphere (Y). That's a lot of privacy to lose.
Whether it would work or not, the Federal Government can't constitutionally mandate it. They can mandate it for passports, or for boarding airplanes, enter federal buildings or military bases etc. But other than those limited areas, they have no authority to do so. Even the RealID system was just some additional requirements that state drivers licenses would have to meet in order to count as identification for the purposes described above. If a state chose not to abide by it, there was no penalty other than inconvenience to its citizens, and people would still have been free to choose not to get an ID or drivers license at all.
Or am I going to have to send future emails to @gmail.com?
The biggest problem that I see is the potential for abuse by those in power. People in government know this -- that's exactly why they're in favor of it!
Please stop confounding authentication and identification.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Why is there the push for this? There isn't wide scale fraud, and there's no reason to believe that Bad Guys(tm) couldn't simply create a fake entry in a database, or that the biometric stuff would actually be used. California requires a thumbprint to get a driver's license (!), and yet you're never asked for it at a traffic stop. Why?
I have a suspicion. It's not for authentication at all. Others have already pointed out the inherent flaw in using nonrevokable certificates for authentication. (i.e. once someone has faked or corrupted your biometric data, you're fucked.) So what is a biometric data good for? The same thing that's good for when the government stores DNA sequences of everyone processed. It's a globally unique identifier. You can put multiple databases together easily. Name collisions are a thing of the past.
If you really think that government won't combine their databases, you're a fool.
Obscurity isn't security, but there is something to be said about making information, even public records, a bit harder to put together than to give a big data dump about everyone to everyone. Society has built on a certain level an anonymity existing, even when legally it doesn't exist. But it's all too obvious that people's expectations and behaviors don't always align with the letter of the law. And seriously, given the government's current cavalier attitude towards privacy and the law, do you really think that a simple law is going to stop them?
The problem here is with the adjective "national", which suggests that there is a centralized database, and that's a privacy nightmare. But biometric ids don't need a centralized database; they can be stored securely and in a tamper-proof way on the card itself, making sure that nobody but yourself can use your driver's license or your bank card.
So, the problem isn't really the biometric identifier itself (which is generally a good thing), it's with whether it's implemented in a centralized way or in a distributed, privacy-preserving way. Unfortunately, a lot of political forces seem to be misuing biometric ids in order to fulfill their wet dreams of totalitarian, centralized registration and tracking.
At the border, I use the Nexus pass (works on retina scans). This is very efficient and violates no rights IMO between Canada and the US. Unlike the other people traveling to the USA who must get fingerprints, I feel that even if I was a criminal, I will not likely be leaving my retina imprints behind at the scene of a crime. Fingerprint and DNA Databases already exist in the US as well.
Nevertheless, The pros seem to outweigh some of the cons. Long line ups at border crossings can be avoided by allowing pre-cleared people faster portal access. Likewise, some fraud can be prevented.
There are civil liberty issues which I am aware of and this would have to be a democratic decision, made by informed residents. It would be nice if this is going to happen, that it be transparent and national vs. compartmentalized, regional and secret.
My $0.02 (CAD) worth.
D
"Question everything, including this!" - http://technoracle.blogspot.com/
I'm hosed if they chose retina scanning. I get drusen deposits http://www.medterms.com/script/main/art.asp?articlekey=10015 .
Fortunately, it's not macular degeneration. But those deposits form and dissolve over time. That would make retina scanning a problem for me.
Biometrics are useful for identification, in that, if well-chosen and correctly processed, they can uniquely identify an individual. They are not useful for authentication; they are not a guarantee that the identified entity is who they claim to be. For example, while my thumbprint is unique, anyone can lift it off of any surface I've touched and present it to the biometric scanner.
It's the difference between a username and a password.
Don't underestimate the power of The Source
The generalized question is do you want to be able to be identified or not?
Everyone bitches and moans about "identity theft", but then appear to not want the alternative - verified identity.
I agree with the majority here - I do not want to be tracked all the time, not because I have anything to hide, just because it doesn't seem right, for many of the reasons stated elsewhere.
However, it might be nice to have a method, decoupled from ubiquitous tracking, to ID myself in an unambiguous way - where I can categorically say, for instance, do not issue credit for "me" unless I ID myself via method X.
So, what is method X - where you can be happy that it "really" ID's you, but which you can withhold when you want to remain unknown?
The only way I can think of to prove you are you, is via biometrics, but I am not sure how to achieve that, bearing in mind I do not want to allow for the possibility of someone offering my severed fingers to a machine for ID, or my lifeless retinas, etc.
I have some personal interest in this, as I have been the victim of ID theft in the past, fortunately not a major hassle (and actually of some amusement, when reading one bogus credit card charge for attorneys fees :-). I had no monetary loss in any of the several instances, but it did cost me a few hours of calls and letters to clear things up. It certainly would be nice if one didn't have to know more than my name, date of birth, ssn, and mother's maiden name to steal from a credit card company under my name.
Most credit companies now allow you to use some other "secret" (than your mother's maiden name) to ID you. I would suggest you preemptively put that that in place, but the question is what is the "real" answer for a positive ID?
Seems to me it will ultimately involve biometrics, wherein you present your live body, in person, for verification. An alive "you" can't be stolen, duplicated, or forgotten... at least until we have SF grade teleporters and digital cloning of your transport stream... maybe even regular cloning for that matter, but it will be a while before petty crooks will force grow an adult body from your dna scraped from your discarded star bucks cup.
This issue is a bit more complicated than you think.
Am I the only one who thinks a paper signature as "authentication" is ridiculous? We need a better system. I would love our IDs to act as a digital certificate that requires biometrics AND a password to be used. That way, you want to sign a contract - insert your ID, scan your fingerprint, and type in your password. We should be signing things electronically rather than faxing in a signed sheet (cut and paste, anyone?). I don't care if it is the Government, Visa, American Express, or Network Solutions providing this service. I just think in an electronic age, it should be easier to authenticate things remotely and more securely than a scribble on some paper.
Another thing is when companies, like credit card and cell phone companies, say they have your authentication for a 2 year contract or a a new line of credit that you didn't really agree to. I think agreements like this should require your IDs digital certificate. That way both parties end up with a digitally watermarked document showing that you both agree to it and it can't be modified without destroying the watermark. All this should be technically feasible now and is very necessary. This could potentially stop identity theft immediately.
For the companies selling the scheme. Just like electronic voting machines, DRM... For everybody else... eh
What?
Well, I realize some may argue I'm doing a disservice to baboons and other primates by comparison...
But wtf are these people thinking?
They can't even make electronic voting work!
Thusly, what illegal controlled substance are they using which makes them think we'd
believe they could effectively differentiate 100.000% between any two of six billion
people, based upon biometric data, using current technology?
First off, I'd much rather have my pin number stolen than my thumb, eye, or head. Secondly, any national database of important data will be comprimised, somebody gets their laptop stolen, oops I misplaced the backup tapes, etc. Third, How much would this cost? probably billions of dollars after you factor in personnel, mountains of new biometric equipment, vast server centers to store all the data. Could we seriously not come up with a better way to spend billions of dollars? Even if we want to spend that money on "terrorism" instead of something useful like education or health care, we could hire tons of police officers, train some bomb dogs, what have you. Fourth, who gets to use this biometric data? how much can the see of it? It seems to be a major privacy and security hole, and would no doubt allow for many organizations to abuse it greatly.
Ze Atomic Device! It iz Ztolen!
...because in soviet Amerika, biometric authentication scheme works YOU!
If a crim wants to pinch my old fashioned paper id, they just take it or fake it. If a crim wants my biometric, they take my finger, eye whatever. Not nice. Bottom line - there are some things I'd lose an eye or a finger for, but not many. To hell with biometrics.
I hate biometrics! I feel like it encourages stupid criminals to cut off fingers and rip out eyeballs. "oh, your laptop has a fingerprint reader? better take your finger with me too then!", or "oh, your bank vault requires a retina scan? I'll be needing your eyeball then". why encourage someone to steal body parts?!
"The chair of Yale's CS department and Connecticut's former consumer protection commissioner " Is just another $perjorative-slander who doesn't get it. 'Consumer protection' How about civil rights? Where in the bill of rights does it say anything about consumers?
Suppose you use your thumb print and some hacker steals whatever form they use to store this in and then figures how to feed the thumb print into other systems. With passwords or cards you get a new one. You can't get a new thumb.
The problem is that we have numerous examples every day that we cannot build really secure systems in a commercial context. There are too many people involved, there are too many vulnerable points in the systems where people can tap into data streams, etc. Despite the mathematical possibility of uncrackable encryption and all the good CS logic, implementation and real world issues make this a great debating point, but not realistic for the next 5-10 years. We should focus some efforts now on building systems that cannot be hacked into, no matter how lazy and slothful the operators are. Once we have that infrastructure, we can consider such systems.
Of course, even then I can just see someone intercepting Bill Gates' thumb print and then organizing a SETI@home like project to crack whatever encryption is used. May take 5 years, but access to his bank account is worth it!
This quote from the article got my attention:
"The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow though it; the storms may enter; the rain may enter -- but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement."
Speech on the Excise Bill - 1733
William Pitt, 1st Earl of Chatham
Centralized identity is what allows identity fraud to happen to begin with.
Absolutely! The beauty of biometrics-based security measures is that they eliminate need for paper and electronic ids, ssn, and other things that proved to be inefficient. Swiss banks have been relying on biometric identification for a long time now, and they seem to work. of course, there are some challenges associated with implementing these measures on a larger scale, but overall i believe this is feasible and worth to explore further. Americans seem to be overconcerned about their privacy, and movies like "Minority Report" only exaggerate this problem... I was always wondering why is it that you want everything to be about you, you, and you only, but when it comes to actual attempts to help you to personalize your services, tailor media and content to your personal needs, or simply to ensure your safety, you then cry "privacy invasion!" and run. It is XXI century outside, but you are still stuck in 1776, scared of the dark forest beasts like "privacy invasion", "gun control", etc. ("Village", anyone?). It is time to wake up and embrace the new world! Biometric measures will allow you to pay your bills by touch of a fingertip or blink of the eye; psychographically-and behaviorally-tuned media will deliver content that you want and advertising that you really need. Already now you read news and blogs selectively, preferring those that better fit your needs or political ideological views. You tune your RSS feeds, bookmark your favorite sites, and take advantage of personalized sales offers mailed to you by stores. Why not to go further and make things even easier?!!! Is not that nice when vending machine greets you by your name and dispenses drink based on your mood or blood pressure? Is not that nice when to board the plane or open the bank account all you need is just to press your palm to the screenm, and you get your seat on the plane based on your socio-psychological preferences? Your selfish and egomaniac tendencies lead you to believe that everyone will be snooping on you and invading your life. People, wake up! You will be no more than a record in the database, lost among the millions and millions of other records. welcome to the real world: Modern Metrix Blog at http://www.mmx.typepad.com/
to sugest a tracking system for all of the citizens in a country is simply terrorism against your own people. this means that nobody can have freedom of thought because everything we do and say in any public forum and even private forum will be traced and submitted to scrutiny. even now the fbi has the power to trace you and listen in on your conversations using your own cell phone against you. we nolonger have freedom of speech we now have to be carefull of what we do and say lest we be labeled enemys of the state.
it may not appear to be this bad right now, but just wait 5 years, you will see a change and it will not be for the betterment of this country.
i dont know about yall but i am moving to germany, maybe japan, ireland sounds good too.
What kind of 'consumer protection' advocate is that, anyway? "No expectation of privacy when you're in a public space"?
Like you have no expectation of being safe from everybody taking your fingerprints, people analyzing your DNA from sweat or hairs, or tracking your movements via linked surveillance cameras and image recognition software, right? WTF?!
Then it would reveal the flaws in the hardware and software systems in unusual ways.
we would start seeing people with the same fingerprints. we might also start seeing people with the same DNA.
our systems are not complex or sensitive enough to really be sure.
They're using their grammar skills there.
I would too safe unless there was there no central authority that "owned" the biomarker dataset. The central authority could initentially or accidentally lose the biomarker. The person, central authority or third party could forge, steal or alter it. Then we'd have scenarios like Minority Report or GATTACA.
The ultimate keeper of the biomarker would the subject him/herself, albeit in an encrypted form . It would be like a public key that the subject or governement could use to verify with a second reading of the biomarker, but the roor biomarker unknowable.
I don't think it's feasible, it won't work, and it's not necessary.
It's not feasible because it can't and won't be secure. Whenever you have upwards of 200 million people's authentication ID's in one place, it's going to be ripe for attack, abuse, and misuse. And because it WILL be attacked, abused, and misused it won't work.
Plus, I still fail to see why this is necessary. If they want to reduce identity theft, then just pass a law to absolutely, positively PROHIBIT the use of the SS# for anything other than Social Security payments and records. Nothing else - none of this "credit record" or "utilities" nonsense.
Make it useless for anything other than that, and the crooks won't want to target it any longer.
Furthermore, force the banks, utilities, and credit agencies to utilize their own unique identifiers for their accounts.
I for one will NEVER allow any biometric of mine to be placed into a database or stored on a "smart card". I won't even buy laptops with that useless fingerprint scanning junk on it. If a password is compromised, I change it. If my fingerprint, retinal scan, iris picture, facial scan, or signature is compromised - then what? I don't even sign those pads at stores - I request a paper slip to sign - if they don't have one, then I cancel the transaction, leave, and go somewhere else that I am not forced to sign some half-assed pad.
Forget this nonsense. Tell these fools "NO!" in absolutely unambiguous, and absolutely certain terms. Don't want it, don't need it.
it would run like shit and have SQL injections..
but if they hired a real programmer this would all easily be avoided..
Real paranoid people who want security, do it by breaking up the information.
Only let the people who must know something know the minimum amount.
It is call compartmentalization. CIA and Terrorist cells do the same thing.
It is why I have several credit cards, for different purchanse types.
What has the government really improved, besides killing people and breaking things?
Shrink the federal government.
This time, I guess goatse kinda expresses my reaction.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
Yes, this system would work perfectly for spying on all political opponents (and blackmailable "friends") personal info, just like reported tonight at at the State Department, spying on Obama's passport file.
Spying? Have you ever applied for a passport?
For a presidential candidate, where so much is publicly known about them, there is almost nothing on a passport application that isn't already public.
However, this just goes to show how easy it is for insiders to get information to commit identity theft & fraud.
You are totally wrong. You obviously don't know what's in a passport file.
But even that is irrelevant. What is relevant is that spying on that file is a crime. Sharing info found in it is a felony. 3 people were fired over it, even though the office tried to hide that it had happened. When it happened to Bill Clinton in 1992, an Assistant Secretary of State was fired over it. And people keep doing it, despite the risk and cost. So it's obviously worth the effort.
But even if it wasn't, it's still important.
You don't even have the nerve to post with a real UserID. You've got a lot of nerve talking about how revealing personal info is not important. But then, you apologists for these political ripoffs never have any shame.
--
make install -not war
Our fearless leader have suggested requiring all livestock be chipped for our protection. The small herd owners find this an unappealing prospect. Perhaps the current highest purpose of our government is to invent new rat-holes to pour our money into.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
The Chaos Computer Club of Germany has an article on defeating biometric fingerprint authetication. They found it nearly trivial to bypass using polaroids of fingerprints with a heat source and so on and so forth. If I remember correctly, those awesome bastards bypassed the fingerprint scanner the same day they received it in the mail and took it out of the box...
The same thing happened with voice authentication in the login dialog for Mac OS X. It was cool: to log in, just say your name. To login to someone else's account, just play back them saying their name from a audio/tape recorder. The system couldn't tell the difference enough of the time, so the feature was quietly removed from OS X, starting with Panther (10.3) I think.
Where biometric authentication really shines is in movies. I gives the audience concrete action to watch when the characters interact with a computer. It looks good on screen and helps the dramatize the story more than typing introspectively at a keyboard and monitor.
Couldn't have said it better myself. I have had the misfortune to fall under the ID bus several times. Once, in the army, a data entry error caused me to be accused of failure to pay a debt. It only took eight months to convince the powers that be that since I wasn't in the state involved I couldn't have possibly run up a debt no matter what their records said. The other time was in the late 70's when the state, in it's wisdom, gave my driver's license to my ex-wife's current husband. It has now been 31 years and the state has yet to admit it's error and rectify the situation. One point I haven't seen mentioned anywhere is that these documnets are the property of the state, not the person who's identity they represent. When my latest wife died, the first thing the sheriff wanted was her driver's license and social security card because they were the property of the state. Think of that for a moment. Your identity, as far as the government is concerned, is the property of the state. I'm no philosopher, but if someone other than me owns my identity doesn't that make me a slave (owned person) of another?