Hacker Club Publishes German Official's Fingerprint

A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.

Respect, respect maan!

I'd like to see this done to officials in all countries.

Reminds me of Gone in 60 seconds (the Jolie version) where one of the car-thieves glues on Elvis' fingerprints.

Re:Respect, respect maan!

[dpx420]

Yeah if someone tried this with a high ranking government official in China or somewhere, they would indeed mysteriously 'disappear' in 60 seconds.

Re:Respect, respect maan!

[Foobar+of+Borg]

Yeah if someone tried this with a high ranking government official in America, China or somewhere, they would indeed mysteriously 'disappear' in 60 seconds.

There, fixed that for you. I guess now it's Germany, Land of the Free, Home of the Brave (WTF?)

Re:Respect, respect maan!

I'm a retarded asshole There, I fixed all your comments for you.

Re:Respect, respect maan!

[Idiomatick]

WTF does china have to do with this?

Re:Respect, respect maan!

[jack455]

Nice to see this come back from (Score:2 ,Troll)

Re:Respect, respect maan!

[garglblaster]

Well, you summarized it up very well: Germany, Land of the Free, Home aof the Brave. Times are a-changing aren't they? Hint: No, Bush's country isn't any longer considered 'Home of the Free' in any part of the world any longer.. - Sad to say this but true.. my 2 cts

Re:Respect, respect maan!

[nguy]

People are trying to say that Germany can't be all that bad yet, given that it's still better than China. Sad but true.

Re:Respect, respect maan!

[Idiomatick]

Since when was germany worse than china when it came to rights... Wait, godwin is that you???

Re:Respect, respect maan!

[nguy]

Since when was germany worse than china when it came to rights...

China is a pathetically low standard to compare to.

Wait, godwin is that you???

You're a moron.

Re:Respect, respect maan!

Dude, wtf? I *am* from Germany, and I can tell you that it's nowhere even *near* the "land of the free" or "home of the brave". It's turning into a damn police state, Sam (yet again... you'd think we'd learn after a few times), and the fact that there's occasionally some good news doesn't mean shit in the long run. Look at the big picture; if you want a free(r) nation, go to Switzerland or maybe Scandinavia. Those are pretty much the last places on the planet where you'll still have *some* freedom. (And in Switzerland, you're legally allowed to make and keep your own gunpowder, too. Woo!)

Re:Respect, respect maan!

[Foobar+of+Borg]

Dude, wtf? I *am* from Germany, and I can tell you that it's nowhere even *near* the "land of the free" or "home of the brave". It's turning into a damn police state, Sam (yet again... you'd think we'd learn after a few times), and the fact that there's occasionally some good news doesn't mean shit in the long run.

Well, it's just that stuff like this is more in line with America's founding fathers (Tea Party and all that sort of thing). Those in charge need to get a taste of their own medicine from time to time instead of crafting laws that only affect others. But, you are right. Germany and most of Europe (along with other places) is rapidly becoming a police state because those in power want it that way and don't give a flying fuck in a rolling donut about the rest of us. We need more people doing what these hackers are doing. What if Merkel's biometric data or George W Bush's bank account information were put online for all to see? What if random stalkers could look up information on politicians and celebrities on all these internet people search sites (at least in the States, only "little people" can be stalked that way, "important people" are intentionally kept off such lists)? The laws on things like privacy would change in a flash.

Look at the big picture; if you want a free(r) nation, go to Switzerland or maybe Scandinavia. Those are pretty much the last places on the planet where you'll still have *some* freedom. (And in Switzerland, you're legally allowed to make and keep your own gunpowder, too. Woo!)

That's only a short term solution. It's like fighting a defensive war. You will eventually lose.

gag

They should do that to the head of the TSA and put him on the no fly list

couldn't possibly have negative consequences

[Shadowruni]

So.... let's see.
Oh all the people to humiliate... a senior public official who sets policy for something you directly care about.
This couldn't possibly turn out badly.

Re:couldn't possibly have negative consequences

[Yokaze]

Hardly. The CCC is a highly prolific club and is very likely keen on some legal "retaliation", as it would generate even more public attention on that matter.
Since the Home Secretary stated, that storing fingerprints is no privacy concern, he would be hard pressed to explain his stance.

Re:couldn't possibly have negative consequences

Since a senior public official still remains a public official, it could probably be defended on the same grounds that allow for political satire. It is expressly allowed in most countries to make fun of political figures, especially if you're doing it from a political standpoint yourself.

Then again, we also have a new buzzword for crime with ideological motives. It's called terrorism...

Re:couldn't possibly have negative consequences

Since the Home Secretary stated, that storing fingerprints is no privacy concern, he would be hard pressed to explain his stance.

I know german law is byzantine, but surely they can find something along the lines of estoppel in there.

Re:couldn't possibly have negative consequences

[Propaganda13]

Since the Home Secretary stated, that storing fingerprints is no privacy concern, he would be hard pressed to explain his stance. I know german law is byzantine, but surely they can find something along the lines of estoppel in there.

Estoppel sounds more like the defense for the CCC, not for the Home Secretary.

Re:couldn't possibly have negative consequences

[santiagodraco]

Capturing another persons fingerprint and then distributing it to the general public ostensibly for "faking" the identity of that individual... sure seems like grounds for criminal action to me.

Re:couldn't possibly have negative consequences

[Belial6]

It likely is. In just the same way that sinking the Titanic before any passengers boarded would have been grounds for criminal action.

Re:couldn't possibly have negative consequences

[gerardolm]

Let's say you lose your ID card. Someone else could take it and fake that he/she is you. Are you guilty of anything?

Re:couldn't possibly have negative consequences

[dirtsurfer]

>> Oh all the people to humiliate... a senior public official who sets policy for something you directly care about. This couldn't possibly turn out badly.

I love the idea that the way to make politicians do what you want is to be nice to them.

so apparently Monica Lewinsky was probably about a week away from getting us all free national healthcare, too. Curse you, mainstream media!

Re:couldn't possibly have negative consequences

[dotancohen]

That is insightful, where are the modpoints when I need them... I will plagiarize this comment often. Thanks.

Re:couldn't possibly have negative consequences

[jonberling]

Very clever. I think I'm going to use this one too. Here are some other, real life examples of illegal actions:

• the Boston Tea Party
• freeing slaves before the Civil War
• Gandhi's protests against colonization
• Reading the Bible, or other religious text, in nations without Freedom of Religion

There are plenty of illegal actions that are morally correct actions. I usually pull out this list to anyone who suggests that following the law is one and the same with moral actions. Anyone else care to add to this list?

Re:couldn't possibly have negative consequences

[Belial6]

I would say that mine is a little different. The examples you give are illegal actions to try to stop an existing atrocity. My example was trying to point out an illegal act that would prevent a disaster before it happens. The biggest flaw in my example is that with the Titanic, the disaster was not a forgone conclusion as it is with widespread biometric usage.

Really, the official should be happy and count his lucky fingers that the biometric identity theft only involved lifting his fingerprints. If fingerprints become a common security feature, touching glasses will be the least of our worries.

Re:couldn't possibly have negative consequences

[jonberling]

I was going for: Just because their actions may have been illegal, doesn't mean that they were morally wrong. Granted, our examples are different, but our basic argument is similar.

Re:couldn't possibly have negative consequences

[mrogers]

Then again, we also have a new buzzword for crime with ideological motives. It's called terrorism...

Yup, under UK law interfering with any electronic system for political reasons is defined as terrorism, but bombing civilian infrastructure in a "shock and awe" campaign is considered legitimate. George Orwell is no longer the appropriate literary reference - these days it's Lewis Carroll.

Re:couldn't possibly have negative consequences

[Vihai]

1. You can always REVOKE your identity CARD. You can not revoke your fingerprints.
2. An identity card should have another authentication factor, like a PIN, to be used.

Re:couldn't possibly have negative consequences

[Lars+T.]

Capturing another persons fingerprint and then distributing it to the general public ostensibly for "faking" the identity of that individual... sure seems like grounds for criminal action to me. Well, first of all you could only fake the identity of someone with a fingerprint if only the fingerprint would be used to identify him. Point two: Schäuble keeps saying that the use of fingerprints for the biometric IDs would be unfakeable - so he can hardly complain.

Re:couldn't possibly have negative consequences

[gerardolm]

1. That's why the whole biometric ID stuff is flawed.
2. That's a hypothetical situation, sorry.

Re:couldn't possibly have negative consequences

[gerardolm]

By the way, how the hell can you revoke your ID card? Dying? It's not like your ID card has a number other than your real ID number (at least here in Spain), so there's really no way of saying "this one is old and revoked while this one is the new one".

Re:couldn't possibly have negative consequences

[ResidntGeek]

That's _exactly_ what most ID cards have. You think nobody thought to encode a few digits for a serial number on an ID so lost cards could be deactivated? I'm fully in support of underestimating people's intelligence, but that would be a bit extreme.

Re:couldn't possibly have negative consequences

[gerardolm]

Well, of all of the places where people ask for my ID, I have yet to see one where they have those so called "deactivated numbers" in any kind of list. And if they had them, I doubt they would even check them.

In future news...

[Spartan+Niner]

We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously

Re:In future news...

[metlin]

One can only hope.

What better way than a senior official to be convicted of crimes as a result of identity theft because officials such as him decided that privacy didn't really matter anymore?

Personally, I sincerely wish that this happens in all the countries which have fingerprinting in place. Enough already.

Re:In future news...

[Naughty+Bob]

We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously

17 One-fingered crimes at that...

Re:In future news...

17 One-fingered crimes at that... Well if he isn't your doctor...

Re:In future news...

[Spartan+Niner]

You only need one finger to pull a trigger ;-) But yes, it would seem that our good friend Wolfgang has some fast fingers to be in 17 places simultaneously.

Re:In future news...

[evil_aar0n]

On the other hand - no pun intended - this might actually work out in his favor, since he _could_ go out and commit a crime, and they'd have to wonder whether the fingerprint evidence was valid or not.

Re:In future news...

[peragrin]

actually it would only have to happen once or twice, People would start to realize that biometerics are useless for confirming Identity. DNA now that is good, and it is something difficult to duplicate. Now all we need is field DNA testing and database of DNA to compare to. Of course knowing the government said Database would run windows be comprised, and i get to be Brad Pit, by DNA testing.

Re:In future news...

[driftingwalrus]

I propose a new line of business for the body mod community: Fingerprint removal.

Re:In future news...

[LurkerXXX]

I'll be by later to snag a few hairs out of your comb. Never mind why I want them...

I make DNA all day in the lab. It's getting easier and cheaper to make every year.

DNA isn't going to turn out to be any more of a panacea than fingerprints.

Re:In future news...

[Znork]

DNA now that is good, and it is something difficult to duplicate.

No need to duplicate it, free samples are falling off you everywhere you go. So no, DNA isn't very good either.

There is however a very good biometric one can use. A neural imprint of a specific token; it currently can't be read without the cooperation of the person, it leaves no imprint around except as the owner desires and controls.

It's known as a 'password'. A technology that is, perhaps, new and radical, but far more secure than other biometrics. Which, unfortunately, isn't particularly secure, just less insecure than the crap the scam artists of the biometrics industry are trying to push on the gullible.

Re:In future news...

[AJWM]

DNA now that is good, and it is something difficult to duplicate.

I dunno, DNA wants to duplicate, although that's not what you meant.

In terms of different individuals having the same DNA, talk to identical twins. About all DNA tests can really do is disprove that someone with non-matching DNA is guilty. DNA "matches" don't compare 100% of the DNA (even if they did, that doesn't rule out twins), and close relatives may well "match" also (and the fewer comparison points, the less-close the relative that could still "match").

Re:In future news...

[Wavebreak]

Long as he only used one finger.

Re:In future news...

[netsharc]

Wow, in that case, why not do like Thomas Crown and distribute your fingerprint, or email password, or whatever. If 50 people use your identity, and you commit a crime, no one knows who of the 50 does it...

Oh, the possibilities...

Re:In future news...

[Flagran]

all DNA tests can really do is disprove that someone with non-matching DNA is guilty. DNA isn't even perfect at that, due to chimeras and mosaics.

Re:In future news...

[Deadstick]

On the contrary...now if his fingerprint is found on a murder weapon, he has 16 alibis.

rj

Re:In future news...

[CastrTroy]

I'll one up you, and promote the use of the pass phrase. Seriously. Sites with 8 character maximums or only alphanumeric passwords annoy me to no end. There's no reason you shouldn't allow people to use 300 character pass phrases if they so wish.

Re:In future news...

[CastrTroy]

Seriously? This article may be to technical for the general public (on the Chimera article). Since when should everything be able to be understood by everyone as soon as they read it. What do you think all the links are to all the other articles. So you can read up on all the other stuff and educate yourself. Probably a little off-topic, but that one blew my mind. I wonder if Brittanica has little disclaimers like that.

Re:In future news...

[hulye]

Since when is it a crime to satisfy your girlfriend?

Re:In future news...

[Cardcaptor_RLH85]

This truthfully makes sense to me. I don't think that there are any real technical limitations to having very long symbolic pass phrases anymore so why are we often limited to 8 or 16 characters? My Windows password is a long sentence with correct grammar, punctuation, and one or two non-dictionary based proper nouns. Much easier to remember than a random string or even, in some cases, a password.

Re:In future news...

[Reziac]

Also, a "DNA profile" doesn't mean your complete DNA. It means a mere 15 or 20 markers. And while it's not *likely* that you and some random stranger will be a match on those markers, it's not *impossible* by a long stretch.

Re:In future news...

[xmedar]

Actually the basic idea of a Chimera was in the first two episodes of season 3 of ReGenesis.

Re:In future news...

[BrokenHalo]

I'm willing to be corrected here, but in just about any current Unix or Linux system that I know of, shadow passwords allow sequences of unlimited length.

I can see why they might be difficult to implement on web forms, however.

Re:In future news...

[roman_mir]

I propose that from now on, whoever commits a crime where any number of fingers might be involved, the criminal uses a new exciting privacy protecting technology, known simply as the glove. However to throw the cops off on a wrong lead, they always leave a print of one finger only. The middle finger. I think I have a business idea, a glove with one missing finger or a glove with one fake fingerprint.

Re:In future news...

[armareum]

I think this group might have something to say about it.

Re:In future news...

[CastrTroy]

The sad part is, that certain versions of windows will only take the first 7 characters, and just simply drop the rest.

Re:In future news...

[discogravy]

"...you found his fingerprints WHERE ?"

Re:In future news...

[IpalindromeI]

Why?

Good for them

[Scareduck]

High officials often seem to think the consequences of privacy-invading legislation will only occur to other (read: little) people. It's good to remind people in those positions that they do not have absolute power, and that they need to think about second order consequences.

Re:Good for them

[swright]

Maybe this is what you meant, but I just think this is the perfect example to illustrate to all how biometrics are just NOT the be-all and end-all. If only for the one simple fact that he cannot change his fingerprint like he could a password that got compromised!

Re:Good for them

[Hyppy]

Biometrics, to most security professionals, are far from the end-all solution. Multi-factor authentication is recommended for most.

Here's the basic triad of authentication mechanisms:
- Something you are (fingerprint, retina, etc)
- Something you have (access card, RSA key fob, etc)
- Something you know (password, PIN, etc)
Choose one for basic security. Choose two for great security. Choose three for ironclad security.

Re:Good for them

[IgnoramusMaximus]

All three easily solved via a security by-pass incentive in a form of a pistol to the head or a kidnapped lover/child/dog etc which will "get it" if you do not cooperate or some poison with time release and the antidote delivered upon your succesful authentication, etc and so on and on and on and on.

"Ironclad security" does not exist.

Re:Good for them

[Morten+Hustveit]

"Ironclad security" does not exist.

Not even when you completely cover something with iron?

Re:Good for them

[aproposofwhat]

Two words.

Duress codes.

Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.

Not quite ironclad, but an extra level of safety.

Re:Good for them

[Fjandr]

Two words: plasma cutter.

Re:Good for them

[Propaganda13]

Duress codes are just a silent alarm.

The criminal still has a gun pointed at you or your family.

Re:Good for them

[Matt+Perry]

Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.

Then they'd have to keep TWO post-it notes under their keyboard.

Re:Good for them

[TheSpoom]

Yes, because it would be unconscionable to design a system where the duress code did not let you in. I would assume the duress code successfully authenticates you but alerts security.

Re:Good for them

[Torvaun]

Ah yes, the other kind of brute force attack.

Re:Good for them

[und0]

Hi, my name is Werner Brandes. My voice is my passport. Verify Me.

Re:Good for them

[driftingwalrus]

Two words: plasma cutter. Or oxygen lance, or oxy-acetylene torch:)

Re:Good for them

[Plutonite]

Ironclad Security only exists when you have Chuck Norris on the shift. Do we really have to discuss this?

Re:Good for them

[v1]

Those can work against you too. My mom's got a security system in her apartment building, which is also secured. She was in a hurry one day and entered the wrong code to the alarm when she opened her apartment door, and re-entered it and it silenced as it should. 30 minutes later (!!) there's a knock on the door and looking out thru the hole she sees a row of cops lining the hallway all the way to the end, and a guy dressed in a white coat at the door "wanting to talk". She insisted it must be a mistake since the alarm company always calls before sending the cops. not when you enter the hostage code. oops! So they insisted on coming in for a bit and while they chatted with the white-coat, several of the officers methodically swept their place making sure there wasn't a guy with a weapon holding one of the family members hostage in a closet or something. It had taken them over 20 minutes to get someone else to buzz them into the building or they'd have been there a lot sooner.

Re:Good for them

[LiquidCoooled]

I doubt anyone would be interested in your single account.
Those who are of interest are hardly going to let a real impersonator access things.

The manager of the bank nearby was followed home and his family were held hostage whilst he was sent to open the bank up.
Scary to think these things happen in your community.

http://www.timesonline.co.uk/tol/news/uk/article485684.ece
http://news.bbc.co.uk/1/hi/business/4116123.stm

Re:Good for them

[xant]

I call Shenanigans. What kind of bootsie-assed second-rate law enforcement unit has to wait to get buzzed in?

Re:Good for them

[JWSmythe]

    How thick is your iron, and how big of a C-4 charge did I put on the outside of it? :)

    I may have said I wanted to break the security, but I never said I wanted to preserve the contents. :)

    Yesterday, a kid challenged me to solve a Rubik's Cube. He couldn't figure it out, so I said, "it's an engineering problem", took it apart, and put it back together. Maybe he'll learn to define the rules of a challenge better next time.

Re:Good for them

[westlake]

All three easily solved via a security by-pass incentive in a form of a pistol to the head or a kidnapped lover/child/dog etc

This is easy only if you are Tom Cruise and have overdosed on reruns of Mission: Impossible.

Re:Good for them

[v1]

They live in a loft IN downtown kansas city. Not a lot of people live IN the city, 99% are in the burbs. All the loft buildings in the area are secure buildings, you have to get buzzed in. This one has an art gallery on 1st floor so security is tighter than the usual on top of that. These are warehouse buildings, they occupy entire city blocks and are 3-5 floors tall, it's a big place. Unless you know where the apartment you are looking for is at, it can take awhile to find it once you get in, because the place is a maze of hallways. In this case it was a Sunday evening so none of the people at the building office were in, and they had to run the list of people on the directory at the keypad several times before they could get one of her neighbors to buzz them in.

Also once you get IN the building, you have at least two more locked doors to cross at various stairways before you even get to her loft. One of her neighbors had to escort them to her loft after buzzing them in.

I admit, it is absurd, but that's what it took.

Re:Good for them

[brusk]

Ironclad security is whoever's on watch that day on the battleship. http://en.wikipedia.org/wiki/Ironclad

Re:Good for them

[CastrTroy]

Just because you can cut the iron, doesn't stop it from being iron. Iron clad doesn't mean inpenetrable, it simple means really hard to penetrate. If you are going to go through the trouble of blowing the door off a bank vault with C4, you can have the money. If you're going to go through the trouble to shoot me for my password, you can have it.

Re:Good for them

[CastrTroy]

Ah, yes. A gated community where the cops can't even get in. Don't you feel safe now.

Re:Good for them

[Hotawa+Hawk-eye]

The Mythbusters would like to disagree with that, I think.

Re:Good for them

[v1]

well yes it is nice that you don't have to panic if you forget to lock a door or something there. But I suspect my reality is wasted on your attempt at sarcasm.

Re:Good for them

[Vellmont]

well yes it is nice that you don't have to panic if you forget to lock a door or something there.

I don't think that makes up for calling 911 potentially dying while the paramedics try to get in the building behind the multiple locks, then try to find the apartment you're in.

"Security" also works against the guys you WANT in the building as well.

Re:Good for them

[Reziac]

Not quite so dramatic, but I used to rent a house whose owners had their own security contract. So the "safe word" was the owners' phone number, which I couldn't remember to save my life (I dealt with a manager). The keycode to disarm the alarm system didn't always work, and then I'd get a call from the security company, and we'd have an argument over the "safe word" which I couldn't remember....

The alarm system also had a motion sensor, which was forever getting set off by the cats. And it also had a siren..... one night I'm driving home about 2am, and from about two miles away... what's that noise?? sounds like a siren!! OMG, it's MY HOUSE! Gods know how long the siren had been blaring, or what the neighbours thought.... that was the last time I armed the alarm. Wasn't worth the trouble!!

Re:Good for them

[lsw]

Thank you Sir for giving me my new sig

Re:Good for them

[jsiren]

It had taken them over 20 minutes to get someone else to buzz them into the building or they'd have been there a lot sooner. I find this bit somewhat alarming. Do ambulance crews and other rescue people have to be buzzed in as well?

Re:Good for them

[roninamano]

Wow!! Where was this? Here in NYC the cops respond by sitting on there butts in front of the building for 2 minutes. If the alarm is on they note alarm on. If the alarm is off they note alarm off- alls well. Occasionally, one comes out to check on stuff. But never have I heard of a response like yours. Now that's a response!

One time my wife came into the apartment with the kids and forgot to enter the code. The alarm went off and she panicked and couldn't remember the code under the alarm screeching. Every time they moved the motion detectors were set-off and the alarm would screech anew. The security people called me and I headed back. The security guard sent did nothing. The police surprising did (because of the renewed alarms), banged on the door, which my wife answered setting off another alarm. When I got there I got the alarm to reset and calm down. The cops had left my wife with a false alarm ticket. Wife and kids were shaken but unhurt. All in all it was worth the hassle- if something had been happening, the response that day would have been enough to slow it down or scare it away.

But my brother wasn't so lucky. His apartment was burglarized and the alarm went off each time the crooks came back for more stuff. Apparently they walked their loot right past cops and the guards.

Re:Good for them

[DavidHumus]

> If you're going to go through the trouble to shoot me for my password, you can have it.

Only if you remember to do the two things in the correct order.

Re:Good for them

[Hyppy]

You misunderstood. Security in this case is specifically referring to ensuring that the individual who is trying to authenticate is who they say they are. If they have a gun to their head, that doesn't change who they are.

Brave defenders of freedom

[Bromskloss]

I salute you, impressed by your action!

Re:Brave defenders of freedom

At least they get off their asses unlike American's who cry about the Constitution but do fuck all about it.

Bush was right, it is JUST a piece of PAPER. Why? Because American's do NOTHING about it and do not believe in it.

This is plain to see by their inactions.

Re:Brave defenders of freedom

[cparker15]

What do you suggest an American could do that wouldn't land her/him in Guantanamo Bay? There's only so much an American citizen can do to dismantle the Orwellian aspects of the government and still remain within the confines of the law.

I don't obey the laws because I'm a coward. I obey the law because I have a family and I don't want to be taken away from them by people who think they have the right to do so. There's a fine line between the labels of "patriot" and "terrorist" in this country. Sometimes, there is no line. I don't want my son to grow up having a "terrorist dad". On top of that, I can't provide for my family if I'm put away. An American who did something like this to a top US government official would disappear, fast.

So, before you further spread your anti-American views, it's time for you to either put up or shut up.

haha

[fluch]

Come on guys, where is the "haha" tag?

Re:haha

[mstahl]

What about "pwnt" or "hoistedbyhisownpetard"?

Biometrics: lamest of all security protocols

[DamnStupidElf]

At least until extreme body modification is commonplace, biometrics suck for identification. It's the only modern "security" mechanism that lacks revocation. Without revocation, a security model is eternally broken as soon as one chink is found.

A person only has 20 digits, 2 palms, 2 soles, 2 retinas, and one genome. All of the biometric properties of those can easily be duplicated with noninvasive methods (simply enrolling in a biometric system requires the same access as duplication would). When one of those 27 properties is compromised, how do you revoke its use? I guess start with the fingers and palms and as people get older they have to start using their feet for identification, and at the very last make them get pricked for each identification. When all the biometric identifiers are used up, the now useless (at least in a Secure(TM) society) people can be recycled in the soylent green program or something.

Re:Biometrics: lamest of all security protocols

Soylent Green is people?

Re:Biometrics: lamest of all security protocols

[Fission86]

When one of those 27 properties is compromised, how do you revoke its use? Cut it off?

Re:Biometrics: lamest of all security protocols

[w3c.org]

Ok, let me explain this: I only have eight fingers (five on right hand, three on left hand, call it a deformity), and what's interesting is that one of my left hand finger has a digital print different from the other. It has a straight digital print, whereas my other fingers have a left curved one ( | instead of / ) So: am I able to be delivered a passport or some kind of identity on which this deformity appear ? If not, well, where can I apply for a serial-killer job, knowing I can offer the guarantee of never being on any list ?

Re:Biometrics: lamest of all security protocols

[delvsional]

Not necessarily, a scar can change your fingerprint. Mine has changed more than once. So, all he has to do is slice open the finger, wait for it to heal and re-enroll. Should take a month tops. Where's that knife?

Re:Biometrics: lamest of all security protocols

[Joe5678]

Biometrics is not all bad, it's just implemented badly. It SHOULD be used on top of existing systems, as an additional barrier along with your password and keycard. It should NEVER be used on its own.

Re:Biometrics: lamest of all security protocols

[r2q2]

For DNA which is about 4 billion BP long you could use different parts of the sequence to provide revocability. That gives you about 125 million DNA keys using 32 BP per key.

Re:Biometrics: lamest of all security protocols

[tboult0]

While biometrics themselves are not "revocable", there are multiple technologies that allow creation of revocable tokens from them. Systems that use revocable biometric tokens (biotokens) can then have different representations in each database and when one is compromised it can be revoked and replace. They can have expiration dates and such much like a digital certificate. (And revoking is similar.. the data still exists it is just no longer used). These are all 2 factor (you at least have to enter an identity to verify against, so they can look up the "transform" data), and have a number of advantages. While password are easy to change, they are also easier to steal/crack.

All the people doing revocable biometric tokens (there are many, ask google) work to ensure one cannot recover data that that matches with the original. Biometrics companies that say the template is sufficient since it is not invertible to the image are technically correct, but misleading. It does not have to be the original, just match with it. Never trust a company that says it, or better yet call them on it publicly.

Of course biometrics can be compromised in other ways and no single-factor "biometric" solution should be viewed as security-- that is a pure convenience thing. When combined with other factors, and done so that neither factor is stored separately, then revocable biometric tokens do add to security.

Full disclosure: I'm leading a startup company in this space (http://www.securics.com/ -- we are looking for some good biometrics and software developers (embedded Linux anyone?). You can complain about these things or try to help make them better them. Complainers need not apply.

T-shirt

[BlueParrot]

Seriously, maybe a protest with loads of people wearing his fingerprint on a T-shirt would get the message across ...

Re:T-shirt

[guruz]

I suppose this will come too ;) http://images.google.com/images?q=%22stasi+2.0%22+shirt

Re:T-shirt

[saibot834]

You can already get his picture on T-Shirts (The protesters call the current political course "Stasi 2.0")

But the whole point of this is actually the E-Pass which contains fingerprints and is supposed to be absolutely safe. And the CCC has shown ways to make a fake fingerprint with some glue in less than an hour.

Re:T-shirt

[zippthorne]

And the mythbusters showed an even quicker method:

1) print fingerprint on laser printer
2) hold over sensor.

Seriously, as sloppy as those guys usually are, after that episode, I don't see why anyone who speaks English or has access to a translation would seriously consider fingerprint-based authentication for anything.

Re:T-shirt

[AJWM]

My kids were watching the Scooby-Doo 2 movie the other day. There's a scene where Daphne activates a fingerprint activated lock by dusting the scanner with blush powder (highlighting the latent fingerprint from its last use) then using a pore-strip over her own finger to provide the right body temperature/capacitance/whatever without her fingerprint confusing the sensor.

I was amused to see that the technology's weaknesses had made it to the Scooby-Doo level already. I don't know if that exact combination would work, but I've heard of similar successful attacks.

No better thant he status quo?

[EaglemanBSA]

This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. It's not very easy to hide your fingerprints (or even your DNA, for that matter) from people who really want to find them, and to rely on them for definite identification has the same problems as a social security number. Plus, anyone with a police record would be somewhat compromised from the get go here in the U.S.

I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?

Re:No better thant he status quo?

[metlin]

I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?

What are you talking about?! It's fantastic.

I mean, since fingerprints cannot be conclusive anymore, I foresee our politicians with moral fibers of steel pushing for more surveillance. I mean, if we cannot really tell whose fingerprints they are, we certainly need video proof! And since we do not know where a crime may happen, the policy makers (who typically have about as much morality as a pea) have decided that the way around this is to have cameras everywhere. Public restrooms and your house included.

I mean, think of the children! /cynic

Re:No better thant he status quo?

[rnt]

I mean, since fingerprints cannot be conclusive anymore, I foresee our politicians with moral fibers of steel pushing for more surveillance. They will also be pushing for a whole new set of copyright laws, giving governments exclusive copyrights on their citizens' fingerprints. Unauthorized copying or publishing of your own fingerprints will be severely punishable!

Re:No better thant he status quo?

[metlin]

And here I was, thinking that I was jaded.

Re:No better thant he status quo?

[Breakfast+Pants]

Distopian nonsense.

I mean, since [the invention of gloves] we do not know where a crime may happen, the policy makers (who typically have about as much morality as a pea) have decided that the way around this is to have cameras everywhere. Public restrooms and your house included.

Re:No better thant he status quo?

[Lafeek]

This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. Biometrics can only be used for identification, not authentication. So biometrics is:

an unchangeable, and in many cases public, login.

Major flaw of biometrics

[this+great+guy]

This event highlights one of the major flaw of biometrics. This official had his fingerprint copied. There is nothing he can do. He can't change it. He can't prevent people from using it. No fingerprint reader will ever be able to determine with 100% certainty whether a particular fingerprint is real or fake. Bottom line: when one of your biometric traits gets stolen, you get screwed. For life.

I hope this convinces governments that using biometrics for anything is a bad idea (other than perhaps criminal investigations, although what if this german official's fingerprint was found on a murder scene ?).

Re:Major flaw of biometrics

[rolfwind]

I disagree. Any security model is susceptible, but people should not be surprised that biometric information is duplicable -- as we are basically just results of DNA-copying ourselves.

This is like how any lock can be picked, eventually. The value is not in a lock that can't be picked, as that is an impossibility, but one that makes the level of entry significantly high so as to ward off any amateur attempts and possibly raise the suspicions of those watching -- i.e. some guy deciding the lock is too hard and bashes in a window (it doesn't stop the intrusion but alerts me something happened).

So I think biometric data can be a good thing. It significantly raises the barrier of entry -- most will try to find an easier way and other attempts may raise suspicions. The bad thing is assuming it's the be all, end all of security and never wrong.

Re:Major flaw of biometrics

[Basehart]

That's why they should use another part of the body as an identifier, such as the penis for example?

Senior public officials could slide their penis into the reader at checkpoints and a reading quickly and easily taken.

Females could be fitted with a custom made prosthetic of some kind.

Re:Major flaw of biometrics

[twenex]

The previous comment should have been titled "the major misunderstanding of biometrics". The biometric itself is not required to be kept private. Any biometric system worth anything utilizes a combination of the sample analysis and comparison with various "liveness checks" or other heuristics to determine that the sample given came from the appropriate person. While it is worth having a debate on the relative effectiveness of these techniques, to dismiss biometrics based on the flawed "once you've lost your fingerprint..." argument is wrong.

Example checks might be:
- Fingerprint: measuring temperature, bloodflow through the finger, resistance of finger, etc
- Voice: asking the individual to respond to questions, measuring stress, etc
- Iris: measuring dilation over time, asking the subject to look left or right, etc

Various systems have had combinations of these or many other approaches. In addition, some more secure systems use a combination of biometrics (e.g. finger for identification with voice for authentication)

Again, it's worth debating how effective these approaches may be in each particular deployment scenario, but the previous post (strangely marked "insightful") is just wrong.

Re:Major flaw of biometrics

[aproposofwhat]

I'm sorry, but you have just infringed on my patent no. 7209859 - Glory Hole Mk 1.

Please see the dominatrix down the corridor for your corrective treatment.

Re:Major flaw of biometrics

[JamesTRexx]

such as the penis for example

I guess the name Bobbitt doesn't ring a bell?

Re:Major flaw of biometrics

[BlackCreek]

AFAICT the point that the parent poster was making is that unlike other security measures (say ID card, social security number etc) you just can't get a new biometric reading for your fingers (without at least some serious medical intervention), you can't get a new iris scan for your eyes, you can't get a new DNA code etc.

Biometric data may put some entry barriers higher, so what? The problem is that you just can't get a new iris scan, like you get a new passport once your gets stolen.

The worst of the situation is that we have all these politicians deciding --without the least form public debate about the real privacy implications-- that biometric data is now to be collected, and used, and kept by the government.

Re:Major flaw of biometrics

[TheSpoom]

That only happens if you fail authentication.

Re:Major flaw of biometrics

[Loconut1389]

that's why you have multi-factor authentication. Just having a copy is useless. When fingerprints are the only system in place, it's not secure. Retina scans are better- once blood supply is lost the eye will always be different and probably have a detached retina- odds of a Minority Report thing are none I'd guess.

Re:Major flaw of biometrics

[driftingwalrus]

People always talk about checking that the subject is alive with things like bloodpressure, etc. But, in practice, I have yet to find a single fingerprint reader that does this. It's not even really pointful to check. It's absurdly easy to create a false print that is worn on a living thumb.

Re:Major flaw of biometrics

[BlackCreek]

The whole point of the parent poster is apparently lost to you.

The point being that my biometric data is mine. It is private. It is not the government's business to have my blood samples, or DNA, or finger print. I am not a criminal, and therefore I expect to be entitled to some privacy from the BigBrother.

Once some retarded government bureaucrat decides to leave a laptop inside a taxi or something, my private data is lost, and I can never get a new fingerprint, or iris scan. I can get a new social security number, I can get a new passport, a new bank account number, but I **cannot** get a new DNA.

Re:Major flaw of biometrics

[twenex]

Sorry, you miss the point. Biometrics are not private and any biometric system which is built with that assumption is flawed.

But I suppose you wear a tinfoil mask to guard against those face recognition systems tied to cameras because your face data is yours and only yours.

You are confusing the ethics, legality and technology behind biometrics in a bad way.

Re:Major flaw of biometrics

[Znork]

It significantly raises the barrier of entry

It significantly lowers the barrier of entry. Compared to figuring out someones password or stealing a key duplicating biometric data is trivial.

Re:Major flaw of biometrics

[pcgabe]

what if this german official's fingerprint was found on a murder scene ?

No, no no NO! You guys are looking at this all wrong! Don't you see?

He can now GET AWAY WITH MURDER. If this fingerprint is found at the scene? So what? It's the perfect alibi. He could commit a crime and INTENTIONALLY leave this fingerprint at the scene.

In fact, how do we know he didn't arrange for it to be released in the first place? We could be dealing with a truly devious mind here. Does anyone know if he happens to own a white, furry cat?

Re:Major flaw of biometrics

[BlackCreek]

Sorry, you miss the point. Biometrics are not private and any biometric system which is built with that assumption is flawed.
But I suppose you wear a tinfoil mask to guard against those face recognition systems tied to cameras because your face data is yours and only yours. You are confusing the ethics, legality and technology behind biometrics in a bad way.

I am confusing so much? Really? Please tell where is the police state where you live. Since your biometrics are not private (as you say it yourself), I assume your government has the right to request your DNA sample (or iris scan) in order to allow you to enjoy public services. Or not?
Get a grip dude:

My blood type is (still) legally private.

My iris scan is (still) legally private.

My DNA is (still) legally private.

I am still allowed to walk down the street anonymously, with a cap, and dark glasses own, and a police officer still needs probable cause to ask me to remove those. A police officer also needs cause to request a fully, well made iris scan.

But if I need to: travel abroad, or while living in another EU country, get any paperwork done. (Both rights I have, mind you). I need a passport.
To have a passport I need to surrender my fingerprints. My fingerprints are no longer private, the government has the right to request them. I fully understand that, and I do oppose it.
Not only that, the government also made my fingerprints much, much less private. Now people don't need special permits or access to a (well kept?) database to have a copy of a very good scan of my fingerprints. Because now for every service I need to present a passport, I'll need to handle over these (high quality) files (kept in the passport) for copy if so desired.
Before, if a hotel clerk wanted my fingerprints it would be manual job, it would be time costing, expensive, and the quality would be poor. Now he buys a reader, asks to take a look at my passport, and voila! High quality copies made in a second, to extra costs, no extraordinary effort. My government after all, took good care and spend good money for it to be easy.

So now, not only my central government has access to these (high quality) scans, but also a bunch of other people as well. Which is, lets face it, a much worse problem.

I reckon you hint at the point that people confuse anonymity with privacy. But trust me, I am pretty aware of the difference.

Re:Major flaw of biometrics

[Deadstick]

although what if this german official's fingerprint was found on a murder scene ?

He tells the cops to RTFA.

rj

Re:Major flaw of biometrics

[fjf33]

We need to invest more money into genetic engineering. Then when we want to change our password (fingerprint) we just go get a jab at the doctor and a couple of weeks later our fingers reconfigure and we get new fingerprints. It is perfect.

Re:Major flaw of biometrics

[DamnStupidElf]

Example checks might be: - Fingerprint: measuring temperature, bloodflow through the finger, resistance of finger, etc - Voice: asking the individual to respond to questions, measuring stress, etc - Iris: measuring dilation over time, asking the subject to look left or right, etc

- Temperature provided by current through a resistor: Bloodflow simulated with artificial blood, or with a real finger covered with fake fingerprints, resistance of finger provided by $.002 resistor from Radio Shack.
- Voice recorder plus boom mike pointed at the individual to be impersonated while they're being interrogated by the biometric scanner.
- They already make contact lenses that change the color of your iris; how hard would it be to just impersonate another iris? Retinal scanners are apparently harder to fool, but they are ultimately just a camera. Build an inverse array of the lenses in the retinal scanner, and place an LCD or one of the digital projector arrays where the CCD sensor in the biometric device would be, and play back whatever the device wants to see. Depending on how accurate the camera and algorithms are in the biometric device, such a hack could be easy or just expensive.

Various systems have had combinations of these or many other approaches. In addition, some more secure systems use a combination of biometrics (e.g. finger for identification with voice for authentication)

If each element is easily defeated, multiple elements will be easily defeated. There's nothing hard about fooling two systems at the same time if they're easy to fool.

Re:Major flaw of biometrics

[rilister]

I think it's even worse than that. Eventually, in order to authenticate that your biometric data is correct, your fingerprint (or iris scan or whatever) is compared with known data. Despite what it looks like on CSI, surely is effectively comparing two hashes for a 'good-enough' match? The image has to be reduced to some (long) code for storage and transmission by some repeatable (and perfectly crackable) method. Think CSS.

Effectively, it's not just about someone stealing your fingerprint - this fingerprint is just data. It all boils down to regular database security, protecting one long (but unchangable) code. And as everyone says, once security has been breached, it's gone forever.

Every single database that uses your biometrics will have to be 100% secure, or they all fail, because there can't be an infinite number of ways of encoding this info.

I'm so convinced biometrics are a terrible idea.

Re:Major flaw of biometrics

[Lars+T.]

Any biometric system worth anything utilizes a combination of the sample analysis and comparison with various "liveness checks" or other heuristics to determine that the sample given came from the appropriate person. While it is worth having a debate on the relative effectiveness of these techniques, to dismiss biometrics based on the flawed "once you've lost your fingerprint..." argument is wrong.

Example checks might be:
- Fingerprint: measuring temperature, bloodflow through the finger, resistance of finger, etc Funny you should mention this: fingerprint systems can still be easily tricked

(Google's translation is just too damn bad, so this is actually mine) Even if they measure if the blood flows through the finger, the pulse beats, or if the print can be deformed, to trick the system we just need to "find the right material." [...] Only for measuring sweat we can't spontaneously think of a way to defeat that, but since that will jack up prices, it would only be used in high security tests.

"The" finger print?

[fredrated]

Were the other 9 digits lost in an accident?

Re:"The" finger print?

[ilikepi314]

I'm sure there were other prints, but only one was needed to prove the point -- that his fingerprints and therefore biometric security just got PWNED.

Legal action?

[HalAtWork]

The article says a ministry spokesman alluded to possible legal action against the club.
 
To what ends? You can't deter it as it's already happened, and you can't suppress it, as even the method for tricking the security system is widely known. If the security system is broken, you can't legalize it into working again. The security system was built in order to keep things safe, and now we have to keep other things safe from the security system itself.

DMCA

[RichardEasterling]

With the advent of Biometric Embedded Copyright Token (BECT), If this hack had been done in America, wouldn't this fall under the DMCA?

It would by interesting to try to tell the cops that they can not have your finger prints because it violates the DMCA.

Re:DMCA

[Just+because+I'm+an]

I'm not sure that the 'Digital' in DMCA refers to fingers...

Re:DMCA

[ShadowsHawk]

They don't use ink to finger print you any more. In that sense, they are making a digital copy of your finger prints.

A perfect demonstration to the perfect person

[smolloy]

This is a perfect way to demonstrate to the perfect person why such invasions of privacy are bad, and of the unintended negative consequences of their plans. Sometimes people in power forget that the "solutions" they develop to certain problems may be worse than the problems themselves. All they see is that a certain issue will be fixed -- not that the fix raises even worse issues.

Bravo!

Re:A perfect demonstration to the perfect person

[Reziac]

Also to demonstrate to officials that what they design for the people, they should have to endure themselves as well. Or are they not part of "the people" anymore??

even worse

[ILuvRamen]

You don't have to go to any special measures really to do this. I mean plastic and all those synthetic rubber moulds and stuff that the average person couldn't do is a bit excessive. Remember on mythbusters when they tried to beat that "unbeatable" fingerprint lock on a door and managed to do it by printing off the fingerprint with a laser printer and licking it? Yeah, biometrics is a joke. And really good biometrics like DNA aren't practical or fast and the retina scan, well you do that every day for a year and see if you don't go partically blind. I can't care hoe safe they think it is. Facial recognition is pretty useless and easy to beat too. Until they find something that's 100% unique and fast and accurate, they should forget about biometics.

Re:even worse

[lordholm]

Well, retina scans are problematic since you have to look inside the eyes, but I have not seen any reports of people going blind from them (they are used daily at some places). I would however say they are quite invasive, almost like logging in by leaving dental marks (not exactly, but you get the point, you look inside your body basically). More interesting though are iris scans, those do not need to look inside the eye, only on the exterior surface.

Of course, when super-HD cameras are everywhere, you will leave those around as well, but at least they (the iris scans) are at the moment better than anything else as you dont leave them around on whatever you touch.

Iris scans also do not require you to touch anything that thousands of others have touched (fingerprint authentication is disgusting with respect to desease control, and I am really surprised that the council of ministers (note, the parliament had nothing to say in this), decided on having fingerprints in passports, despite the health hasards with the fingerprinting devices).

Preventing pass-port fraud is something that should be done, note that a negative match on your biometrics will not necessarily get you arrested, but rather have your papers examined in detail by humans,. So, the point with the new passports are to speed up and automate the border checkpoints as much as possible, and also ensure that the passports are hard to fake.

The passports are difficult to forge, because they contain all the information printed in the passport (with a weak access protection I agree), but they are signed cryptographically with a secret key held by the issuing authority. But for this goal (preventing forgery, no fingerprints are needed, the signature is enough), the biometrics are only needed for automated border controls, and for that iris scans and / or facial recognition are the least invasive.

Re:even worse

[sohare]

What is the context of demanding that "they find something that's 100% unique and fast and accurate"? Nothing will ever fit that bill. You can steal/counterfeit plastic cards, guess passwords, pick locks, etc. It's simply unreasonable to demand the things you do, and moreover it's a logical fallacy (akin to what anti-evolutionists or conspiracy theorists do when they anomaly hunt).

I note three things that appear to be grossly overlooked in all the crowing from our community of armchair experts. 1) There there is such a thing as a hierarchy of security needs. Some things just don't need extreme security. For a lot of security needs, mere deterrence is sufficient (look at bike locking strategies for example). 2) Technologies can be used in tandem to create more robust security. 3) Further development of technologies may lead to individual robustness for particular security measures. The first locks, for instance, were extremely crude.

Has anyone tried this on a fingerprint reader?

[rduke15]

I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

Do you really get a good enough copy? How hard is it? (After all, any security can be broken somehow. So an essential aspect is the "cost" of breaking the security)

Re:Has anyone tried this on a fingerprint reader?

[andreas]

Of course. It works. With exactly the fingerprint copy distributed in the Datenschleuder.

Re:Has anyone tried this on a fingerprint reader?

[mactard]

There was actually a Mythbusters episode that showcased how you could take a fingerprint found on a can and use it on a DoD approved biometric fingerprint scanner. It's really a useless method of security.

Re:Has anyone tried this on a fingerprint reader?

[rah1420]

I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

As a matter of fact, Yes.

Re:Has anyone tried this on a fingerprint reader?

[KillerCow]

I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

Do you really get a good enough copy?

Yes.

How hard is it?

Very easy.

GFE: fingerprint hack.

Re:Has anyone tried this on a fingerprint reader?

[88NoSoup4U88]

It doesn't seem hard at all at a 'normal' reader (see Mythbusters episode.

The high-end, ridicilously expensive fingerprint readers are a lot harder to crack though; But I wouldn't say uncrackable.

Re:Has anyone tried this on a fingerprint reader?

[MikeFM]

I think the only working model is the concept of security in layers. The more layers an attacker has to dig through to compromise a systems security the more secure that system is. Biometrics alone are pretty weak. Passwords alone are pretty weak. Use them together and they're a little less weak. The biggest obstacle is the user. Will they put up with multiple security checks? Can they remember a good password? Will they notice where they're leaving behind fingerprints or if someone is trying to record their voice?

In the end you have to be realistic with your expectations for any security system. We lock our front door when we leave our house but we all know that someone that wants to get in can still get in if they want to try hard enough. When you lay in bed at night you have no way to be sure that a stranger hasn't secretly entered your home and is waiting to cut your throat in the dark. Yet we make a bigger deal over how secure access to your bank account and other sensitive information is. At some point you just have to say enough and go on with your life.

Re:Has anyone tried this on a fingerprint reader?

[Chris+Pimlott]

wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

Do you really get a good enough copy? How hard is it? (After all, any security can be broken somehow. So an essential aspect is the "cost" of breaking the security) Already been done. here's a video demonstration, again courtesy of our friends at CCC. Just takes a digital camera, a bit of wood glue, a bottlecap, a transparency and a bit of skin-friendly glue to apply the fake to your finger.

Re:Has anyone tried this on a fingerprint reader?

[v1]

Most systems like this have a very wide berth on the checks because the false negatives are a lot higher profile than the false positives. One higher-up getting locked out of a building because of a bit of dirt on his finger is a stronger motive for change than the possibility that 1 in 100 could get in that should not.

Re:Has anyone tried this on a fingerprint reader?

[mentaldrano]

That is the whole point, really. No system is foolproof, so you just have to make it hard enough that the attacker decides that the reward isn't worth the cost. End of story.

Even then, some idiot might keep banging his head against it until he gets lucky.

Re:Has anyone tried this on a fingerprint reader?

[howlingmadhowie]

the idea of a fingerprint reader on a laptop is pretty strange. the box is covered with your fingerprints anyway. it must be a lot easier to crack than a password.

Re:Has anyone tried this on a fingerprint reader?

[zippthorne]

According to the very episode you referenced, the high end, ridiculously expensive readers were among the easiest to crack. Now, I'll grant that that doesn't exclude the possibility of even more expensive and high-end readers, but it doesn't exactly inspire much hope, either.

My guess is that they're that expensive not because of a low false positive rate, but because of a low false negative rate. Since the more expensive they are, the higher up in the management chain they're going to be authorized at. And a high-level manager for whom it fails is going to think it's broken. He's not going to notice a dozen thieves walking in behind him.

Re:Has anyone tried this on a fingerprint reader?

[MikeFM]

I always think of it as making it hard enough that someone else is a more rewarding target. All you have to do is have better security than anyone else of an equivalent level of payout.

Of course there are always some people, like myself, that do it just for the challenge. Those people will opt for the harder challenge just to prove something to themselves. As a teenager I kept trying to find the hardest places to break into, shoplift from, etc just to see if I could do it. (As well as doing things like reverse shoplifting to return stuff I'd stolen.) Usually this type of person isn't interested in harming the victim though.

now if only there wer a place using biometrics..

[kesuki]

like disneyland paris to test this thumb print out...

I can't recall if disney's biometrics use just the thumb or the whole hand.. but i know people who get the year long pass have to use biometrics to get into disneyland... this is to cut down on fraud of say a person renting or selling the pass to other people, so obviously disneyland was the first place I'd even seen biometrics in public.

very cool, using this technology people can sell their biometric fake palms along with the pass to use the year round pass with other people... (although i think disney has a photo as well as the biometrics) oh well. photos can be faked as well ;)

Ah, the Yakuza solution.

[Chas]

Yep. The problem is, what do you do if they compromise multiple sections of your biometric profile?

Bob: DAN! What the fuck happened to you? You have no arms and not legs.
Dan: And no testicles either. They took those too.
Bob: No tes..what happened?
Dan: Somebody got a copy of my biometric profile. So we had to make changes...
Bob: But you have no arms and no legs!
Dan: They even changed my name...
Bob: They did? What's your name now?
Dan: Matt

Re:Ah, the Yakuza solution.

[Siridar]

Ah, that reminds me of the old joke:

Q: what do you call a man with no arms and no legs, lying in front of a door?
A: Matt.

Q: what do you call a man with no arms and no legs, floating in the ocean?
A: Bob.

isn't biometric authentication a good thing?

[sentientbrendan]

Everyone knows that biometric data can be stolen, just like every other means of identifying yourself. I thought the point of biometric data was that it added one *more* piece of data that would have to be stolen before someone could successfully impersonate you.

So in addition to needing to know a pin or password, someone also needs to have stolen my fingerprint in order to take money out of my bank account. Isn't this what is called two factor authentication? Isn't that a good thing that makes it that much more difficult to steal an identity?

According to this article Germany's new passports:
http://www.itsmig.de/best_practices/ePass_en.php

they contain both fingerprint data, and a picture of the person. Thus, to steal your identity, a person would have to steal your passport, look like you, and also steal your fingerprint. This actually seems like a pretty good system that would prevent someone from using a stolen passport to steal the rightful owners identity. Without the fingerprint data, an identity theft doesn't need to do as much work.

That said, I'm not from germany, so maybe there additional nuances about this thing that I'm missing.

Re:isn't biometric authentication a good thing?

[Todd+Knarr]

Except that with most types of biometric data (eg. fingerprints), they suffer two faults: you leave copies of them everywhere, and once compromised they can't be changed. The first makes it easy for someone to compromise the authentication, as this club demonstrated. I'll bet the minister left his fingerprints on a lot more than just a single plastic cup at a panel, and lifting a fingerprint from a hard surface is relatively easy to do. And the second means that compromises are 100% absolutely fatal for the rest of your life. With a password or a PIN, if it's compromised you can just use alternative authentication and then change it. With a physical key or combination you can just change the lock or the combination on the lock and the old key or combination becomes useless. But how do you change your fingerprint? And if you can't, how does anyone from that point on know that any use of your fingerprint is really you and not an imposter? So the fingerprint check doesn't add significant difficulty in obtaining the additional authentication item, and it makes a compromise much more annoying to recover from.

You have to evaluate any security mechanism not just in terms of it's strength (resistance to compromise), but in terms of it's resilience (the consequences of a compromise and the difficulty of correcting the compromise). Biometrics tend to vary on the first, but all of them are highly brittle: any compromise tends to be total and irreparable.

Re:isn't biometric authentication a good thing?

[ditoa]

Two problem I have with biometric authentication

1. You leave it everywhere. You leave your finger prints all over your desk at work. Just look how this guys finger print was stolen from a glass.
2. You can't change it.

Two factor auth is about something you know and something you have. I would much rather the later was a usb eToken or similar and not my fingerprint!

Re:isn't biometric authentication a good thing?

I thought the point of biometric data was that it added one *more* piece of data that would have to be stolen before someone could successfully impersonate you.

Indeed, and this is why it's bad. Let's say someone wants to steal your car, but it's locked with a fingerprint reader. So they have to steal your fingerprint. How do you think the thief is going to accomplish this? Hint: it involves a sharp object and a lot of blood.

You do not want to give criminals even more incentive to cause bodily harm than they already have.

Re:isn't biometric authentication a good thing?

[David+Jao]

Everyone knows that biometric data can be stolen, just like every other means of identifying yourself.

Part of the problem is that you (and many other people) seem to think authentication is the same as identification. It's not. Biometrics are awesome as part of two-factor authentication, but they're horrible as a means of identifying yourself.

Identification is the problem of determining, on your own, the identity of a given person.

Authentication is the problem of determining whether or not a given identity corresponds to a given person.

The difference is that, in authentication, you are given both a single person and a single identity, and your job is to answer true or false as to whether they match. Authentication is a yes/no question: your answer is either yes or no. In identification, you are given only a person, and your job is to produce a matching identity. Identification is not usually a yes/no question, although in some cases it can be disguised as one -- for example: to answer "Is this person a terrorist?" you typically have to determine a person's true identity (which a terrorist is not likely to offer to you) and then check that identity against known terrorist databases.

National governments are fully aware of this distinction, and they exploit public confusion to further their agenda. Biometrics are being advertised as authentication tools (does this passport accurately identify this person?), for which they work pretty well, but in reality governments are using biometrics for identification (is this person a terrorist?), an approach which has fail written all over it.

Even for authorization, biometrics are not a panacea, but they are at least a useful tool capable of contributing some benefits when employed properly. For identification, biometrics are an unmitigated disaster, for many reasons, chief among them the base rate fallacy, which says that the accuracy of an identity test drops precipitiously when the test is presented with large databases of identities.

Re:isn't biometric authentication a good thing?

[ceoyoyo]

All very good points if you're talking about an automated scanning system. Somehow I think the customs agent might be a little suspicious if I whip out my foil fake fingerprint before he checks mine against my passport.

Not that I think fingerprints are a good idea. I don't. They're part of this paranoia nonsense. A "terrorist" is going to look perfectly legit, with a passport obtained from the government, complete with the correct fingerprints.

Re:isn't biometric authentication a good thing?

[Todd+Knarr]

Except that you won't be whipping it out. It'll already be on your fingertip ready to go. Bear in mind that the test for faking out a fingerprint scanner was that it was done with a human guard watching. And the attacker still succeeded.

Re:isn't biometric authentication a good thing?

[fenkt]

Regarding the digital photo, it looks like "If it doesn't fit, it gets photo chopped "

Re:isn't biometric authentication a good thing?

[WotTheFrog]

I really can't understand why governments are going to all this expense to produce biometric ID cards etc. There's a much simpler alternative: just have a unique serial number tatooed onto every child's arm at birth - and onto the arms of those already born now - and there you have it. No more need for cards, passports etc. A unique person-number wherever you go. Simple, don't you think? I can't understand why the nazis^h^h^h^h^hnice bureaucrats in our various interior ministries haven't already jumped on the idea. After all, what's the difference between that and being forced to carry a biometric ID card and having to show it any time some cop, border guard, pharmacist, bank cleck etc. asks for it. ID cards and freedom do not mix.

Re:isn't biometric authentication a good thing?

[ceoyoyo]

Sure, if a guard, who believed the scanner was secure, was just "watching." If you're a customs officer who already suspects there's something fishy about the guy in front of you, you're going to be a little more careful. A quick examination of the guy's fingers would catch most attempts. Possibly you could STILL fool a suspicious border guard, but that would be considerably more involved than fooling a machine.

Re:isn't biometric authentication a good thing?

[Todd+Knarr]

Possibly. The guard during the test in question knew that specific person was going to be trying to fake the results, and still couldn't tell it was being done. But consider the common cases for abuse of fingerprints. At the bank ATM or the door the public doesn't use, odds on there won't be a guard at all. And if there is, making sure he isn't suspicious is a lot easier than getting past him once he is. Dress right, act right and 9 times out of 10 he'll assume you are right. Especially when the box that he knows will alarm if the wrong fingerprint's seen doesn't alarm.

Re:isn't biometric authentication a good thing?

[ceoyoyo]

Sure, fingerprints are stupid in many situations. But the one we're talking about is for additional security on a passport. You can fake your appearance too, but we still put photos on passports. Should we stop? No, because the photo on the passport makes it quite a bit more secure. A fingerprint would work the same way. If you're sufficiently suspicious of someone to check his fingerprints against his passport it would be a simple extra step to examine his fingers first.

The fingerprint doesn't work terribly well as a foolproof screen-everyone device, but it does work very well to identify a person you've already decided to spend some extra time looking at.

Yes, fingerprint readers are easily screwed.

[Flu]

Yes, this was done a couple of years ago in Sweden as a Master Thesis, which was described in Swedish Engineering paper Ny Teknik http://www.nyteknik.se/efter_jobbet/kaianders/article32986.ece (sorry, swedish only). The student Marie Sandström tested a simple yello, which was created using the same method as mentioned in the article above, on three commercial fingerprint-readers on the CeBit fair in 2004.

official's fingerprint was found on a murder scene

[zmollusc]

What if this german official's fingerprint was found on a murder scene ?

Well, duh! The police and judicial system would treat him exactly the same as someone without any political clout or friends in high places, because there is no corruption in the ruling class.

the eye looks both in and out

[1+a+bee]

I've always thought that the only viable answer to the increasing privacy invasion we face by both government and business is to turn the camera around and look back at the innards of the one that's doing the looking. What this German hacker club has accomplished is to say, "If you're gonna look here [our fingerprints], we can look back. Any hey, people are much more interested in *your* fingerprints, than some joe shmo wanna be."

That there will be more and more eyes in the future is inescapable. If we developed technology that allowed us to see who's doing the looking, I believe, then a protocol would develop. It would be roughly like the protocol people observe in a park when eye meets eye. If you catch a stranger looking too much, or without apparent reason, then you stare them down.

Re:the eye looks both in and out

[BlackCreek]

I disagree that that is the only viable answer. While being able to "turn the camera around" is great.
The fact is that there is a huge unbalance in the resources governments have to invade our privacy, and the resources that scattered groups of citizens would have.

There is no real way to compete with their resources.

The only real solution, IMHO, is to make the majority of the population conscious of these problems and simply kick these facists-wannabes out of their offices.

Re:the eye looks both in and out

[gr8scot]

I disagree that that is the only viable answer. I disagree that that is not the only viable answer. You propose to solve the problem by putting a lot of people out of office, and declaring "mission accomplished." That amounts to taking the good intentions of their replacements on faith, as we've been asked to take these jokers. Anybody can promise to respect my privacy. A published protocol forcing two-way surveillance in all cases of surveillance is the only solution. "Trust me" is not a phrase used by a Constitutional government that intends to respect any of your rights.

Re:the eye looks both in and out

[BlackCreek]

My point is that the power unbalance is just too large.

My proposal is not to just put lots out of the office, and simply trust the new people; but to (try to) accomplish real separation of powers between the three traditional government branches. So that these, highly funded, highly empowered branches, assigned to serve the public interest can restrict each other.

Note that having all these branches in place will lead to nowhere if there is no public interest in what & how they are doing.

A published protocol? What gives? What forces them to respect the protocol? Would you trust them to respect this published protocol forcing two-way surveillance? (not a rhetorical question dude!).

Aren't all those laws in the line of "don't listen to my phone calls without a judicial order. If you do (without order), you get jail time." a very honest and serious attempt of an "two-way surveillance" protocol? Executive & judiciary controlling each other?

Having all the cryptography in the planet won't help you, if they can make arbitrary laws, making a criminal out of you, and then send trained armed people to your house, and send you to Gitmo.

The power unbalance is just too large.

Copyright your biometrics

[BountyX]

Quick everyone, copyright your fingerprints and retina images. Then when the government tries to get a copy of it, they have to either pay royalties, or they would be violating copyright. >=) muwhahaha

Perfect alibi

[oever]

Mister Schauble can enjoy an easy career as burglar when he's out of office. With 4000 copies of your fingerprint circulating, it cannot be used as evidence any more.

The only thing dumb thing he could get caught with is when he leaves wheelchair tracks at the scene of the crime.

Wait until the mental dinosaurs retire?

[Futurepower(R)]

People have strong opinions about technology without bothering to understand it.

It's the same in politics. People call the U.S. government's action in Iraq a war, but killing Iraqis is only a distraction from the real purpose. The real purpose is stealing money from the U.S. taxpayer.

Obviously, at more than $1,000,000 per Iraqi killed, most of them very poor, the "war" is mostly about money, and the killing is only required to draw attention away from the real purpose.

How will the astounding ignorance of technology get resolved? Maybe we will have to wait until all the old dinosaurs retire. When I say "old dinosaurs", I am not talking about chronological age, I am talking about mental age. Some 24-year-olds are old dinosaurs mentally.

Re:Wait until the mental dinosaurs retire?

[Trespass]

It won't get resolved. The boomers die off and you get people my age who'll be dumb as shit about whatever technologies are out there ten years from now. New boss same as the old boss and all that. You have to fight for what you need here and now.

Movies come to mind...

[AnomaliesAndrew]

The Net...
Minority Report...
Demolition Man...
Judge Dread...

What makes this clownshoe Wolfgang Schäuble think it'll work any better in real life than it always has in the movies?

Re:Movies come to mind...

[Darfeld]

Because movies are... fictions? Essentially build on the scenarist's need to wright a plot. And for that matter, popular disbelief in technology is a huge factor in what people are willing to believe in a movie. And popular beliefs or disbeliefs aren't exactly build on solid scientific bases...

That said, I think that choosing a password you leave on every thing you touch isn't a good idea.

Re:Movies come to mind...

[erroneus]

To that, all I'll have to add is that the truth is stranger than fiction.

It's often rather difficult for people to make an objective assessment of the present especially since causes and facts are often incomplete "now" and often require now to be later before you can look back on now and get a more clear picture, but consider the shocks and fears generated when "1984" was published. Now look at how much farther we have gone beyond 1984's "science fiction" and how we don't even notice it, let alone are alarmed by it.

Things aren't "getting bad." They ARE bad. Things are getting worse. For all the people out there who think we need to give up privacy and crap like that, you need only look back to your teenage years for why a sense of personal space and privacy is important for people in general. I don't know that there are any studies on the subject, but I'd be willing to place a very large bet on the notion that in societies with less privacy, the suicide rates are likely to be higher. A person's sense of safety is closely tied to their sense of privacy... you only need to sit on a toilet without walls surrounding it once to understand that notion.

Re:Movies come to mind...

[Reziac]

I would go further, and say that your sense of *personhood* is tied to whether you're allowed to have privacy. And =that= is why privacy (even if in just the most minor things) is so important to kids, the more so as they mature and become independent *persons*. Personhood, which is concomitant on privacy, is what tells you that you are of value as a person.

Take that away and you've reduced the individual to part of the homogenous crowd, subject to abnormal stress levels wherever he can't quite fit that unbending mold. And then you have -- as you guessed, a higher suicide rate. Look at Japan for a good example.

Re:Movies come to mind...

[Lars+T.]

Because movies are... fictions? Essentially build on the scenarist's need to wright a plot. The funny thing is: the CCC has already fooled quite a lot of fingerprint scanners without the need to chop off somebody's finger (as seen in many movies).

Re:Movies come to mind...

[Darfeld]

That is why I said I don't want a password I let on anything I touch (like the computer itself).

Instant winnage!

[billcopc]

Hats off to the CCC, this is brilliant! How satisfying it must be to rub the government's nose in their own mess.

True hacktivism at its finest!

There actually *are* things to like about Germany

[Qbertino]

The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state. It has a taste of anarchy to it and on its fringes it has inofficial members with ties to the black-hat community. Yet it is a well organised official registered German association that speaks up on behalf of the people and democracy. With a 27-year tradition of keeping the public political debate alive on IT related rights-issues by perpetually coming up with creative ways of gaining attention. This recent 'Schäuble-Fingerprint' stunt being one of them. I don't know if they've exposed their selves with legal liability by doing this (after all it was officially published in their magazine 'Datenschleuder') but it sure is as funny, hilarious and exposing as ever. Creative non-sense at its best. Go, CCC!

don't see a downside

[nguy]

This particular public official is a paranoid asshole anyway. Antagonizing him won't make any difference, but publicly embarrassing him will make him less effective.

post an image

[nguy]

I think people would do well to post images of the fingerprint to Flickr, Picasa, etc. so that it is widely archived as well.

Fingerprints are not evidence at all

[Doctor+O]

I can't find it anymore, but I read a study on fingerprints that essentially said that they are not viable evidence at all, because even though the fingerprints themselves might differ, the way of describing them was deficient so that lots of people end up with "identical" fingerprints. I don't remember the exact numbers, but I remember calculating that in my 650,000 people home town there were a three-digit number of people with fingerprints "identical" to mine.

Dammit, I really can't remember even the title. If someone has a link, please post it. If I *ever* get into a trial where fingerprints are used as evidence, I'd like to have a copy of that document for my lawyer.

News at 9..

[plasmacutter]

I mean, if we cannot really tell whose fingerprints they are, we certainly need video proof!

news at 9:
A teletubbie with the head of britney spears was caught on video killing former president GW bush.

Re:There actually *are* things to like about Germa

[plasmacutter]

and they did such a good job with the EUCD didn't they .

Some CCC members reckoned to disappear anytime

I have talked to Andi from the CCC just about over a week ago and he told me that he had something big and dangerous running. Well, now I know what that was. He also told me that he was followed by black BMWs many times recently and he told me that he reckoned to mysteriously 'disappear' any time.

The answer why I am posting as an AC is left as an exercise to the reader.

Best comment of he thread.

[BeerCat]

Excellent! A quick precis on why it is so bad (it's because it's the solution to the wrong problem).

No mod points today though, so I can't mod you up.

For their next stunt ...

[Alain+Williams]

collect and dupe up some DNA which could be planted at crime scenes, not that hard to do.

But you say: how could that incriminate someone to link someone to random crime, surely alibis would get him off ? True, but targetted, specific crimes - a but of DNA attached to a hair (or something) would indicate that someone was there.

Maybe that is the solution: have copies of lots of people's DNA scattered in all sorts of incriminating places - make it useless as a ''he was there'' indicator.

Re:Why why why? Are Europeans are going mad?

[imsabbel]

9.11.

All ministers of interior seem to be prime examples of the old "power corrupts" thing. They just sit there, and suddenly get the nice idea "if i could just track and observe _everybody_, _I_ would be a hero who stops all crime".
And because they are all idiots, they really believe it.

So they jump to the slightest chance of doing so, getting a real hard on with every now terrorist rumor that enables them to pass more bills.

Secondly, a lot of the biometrics was also forced onto the european nations by the US.
Want to the USA? Fingerprinting. That alone destroyed much of the taboo that fingerprinting had in europe forever. Many of us just dont have a choice. I am not staying home because i dont like my buissness trip destination.
Also, "no biometric passport" == "we kick you out of the visa waiver program", which is something they cannot allow, also.

Finally.

[fireheadca]

This is the moment we've been waiting for.

All we need now is a stool sample and we close step number 3 and move to step 4.

4) Profit!!

bwahaha

[afxgrin]

I love these people. Chaos taking over....

Yep! Really, really well done!

[Joce640k]

Fingerprints as biometric are almost useless. The only way to make sure they work is to have a trained finger inspector look at every finger before it's used.

DNA has the same problem as fingerprints...

[Joce640k]

You leave your DNA everywhere you go and there's machines which can duplicate it and produce big samples - big enough to create fake DNA mouthwashes or whatever is needed to fool the scanner.

The only way to be sure you're looking at the right DNA is to stick a needle into a person and take a sample from deep inside them... ...and that's not going to be very popular.

Most biometric systems are junkware being pushed by people who are after the lucrative government contracts. The bottom line is they don't really work too well.

The only one which might work is retinal scanning but for whatever reason I don't see that on anybody's ID card agenda. Why not? I don't know...

Duress codes

[mikeb]

Duress codes were widely implemented by the British Special Operations Executive in the Second World War.

Agents dropped behind Axis lines were taught how to use 'security codes' if they were compromised (i.e. captured by the Nazis).

The imbeciles in London who received their messages, especially from the totally infiltrated Dutch circuits, were so stupid as to message them back saying 'why are you omitting your security codes?'

It got so bad that on April 1st 1944 the London operators received a plaintext message from the head of the Nazi operation thanking them for their cooperation (I think his name was Geiske).

Hundreds died. It soured British/Dutch relations for a generation. It was monstrous, inexcusable loss of life.

Don't EVER underestimate the power of stupidity.

Re:There actually *are* things to like about Germa

[nguy]

The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state.

That's nice, but it's a tiny minority. The average German has much more blind trust in his government than the average American.

Germany had a lively political scene in the 1920's and 1930's as well, but that didn't matter when the voters put Hitler in power.

they have never been different

[nguy]

I would have, given Europe's left leaning bent, expected Europeans to go the opposite route and promote civil liberties, but it seems that in country after country Europeans going the opposite route.

Tracking people has a long tradition in Europe. In countries like France and Germany, the government knows where every citizen lives. In Germany, the government even knows each person's religion (this is a country that slaughtered millions because they had the wrong religion!). Warrantless wiretapping connections to the Eastern Bloc used to be commonplace.

Europe has never been libertarian, it's always been about big government. Left vs. right has only been about which kind of big government Europeans wanted, not about wanting less of it.

imagine beating

[alizard]

retinal scanners. Yes, I know there are ways to do this with images. . . but a criminal or terrorist outfit is much more likely to use direct means to get a retinal pattern. Most people would miss an eye more than one of their fingers.

Re:imagine beating

[gr8scot]

retinal scanners. Yes, I know there are ways to do this with images. . . but a criminal or terrorist outfit is much more likely to use direct means to get a retinal pattern. Yes, that's the point, exactly, and the reason we need to ban biometric identification from all non-military uses, and possibly military uses as well, before our Reptilian Overlords or whatever have the chance to mandate biometric readers, which would only endanger the bodies of the client for a marginal, if not entirely fictitious, cost saving to the owners of the biometric devices, and of course of the data, for all practical purposes, our owners. It would certainly help a few hundred billionaires tighten their control over real people, though, so I guess it just depends on what your definition of "society" is.

Identity theft as a political statement

[VoidCrow]

Nice one, guys.

Mythbusters

[ohxten]

Reminds me of the episode on Mythbusters... it was comically simple to get through the systems. Granted, they weren't multi-million dollar ones, but one even read a fingerprint printed on a piece of paper.

Re:Yep! Really, really well done!

[InvalidError]

Fingerprints as biometric are almost useless. The only way to make sure they work is to have a trained finger inspector look at every finger before it's used. In a MythBusters episode on security device, they showed - much to their own surprise - that some of those fancy biometric fingerprint readers can be tricked by a plain paper copy.

Yup, fingerprints are extremely weak security checks since a normal person leaves hundreds of prints behind them every day.

Re:Why why why? Are Europeans are going mad?

[gr8scot]

That's really contrary to what I've heard from Europeans, who say they've gotten used to occasional acts of "terrorism" and they recognize that the risk of being a victim of "terrorism" is infinitesimal. I guess I could believe that a handful of "swing" voters might be for a police state, but I don't believe it's a majority view. I don't believe it's "what electorates seem to want." At most, it's indicated by occasional polls asking leading questions based on false assumptions.

If you were a professional politician keen on staying in power, would you be more likely to try to point out the low risk to the electorate, or would you be inclined to explore ways where you do not significantly alter the risk at all, but do influence the weighting of that risk in the minds of the uncommitted voters? I am having great difficulty imagining what it might be like to be so stupid that I can only gain approval by lying.

Re:Yep! Really, really well done!

[ShadowsHawk]

I was told to set up a finger print scanner on our parts room. Figure printers plus grease (industrial setting) = no access.

Re:Yep! Really, really well done!

[InvalidError]

I imagined the concept of clean rag should still exist even in industrial settings. Simply clean the sensor a little before applying the printed fingerprint - the fake fingerprint does not need to be manufactured/printed on-site.