Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years (nextgov.com)

← Back to Stories (view on slashdot.org)

Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years (nextgov.com)

Posted by EditorDavid on Saturday May 19, 2018 @11:34PM from the bad-news-for-crank-callers dept.

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"

49 of 112 comments (clear)

Min score:

Reason:

Sort:

Giving up on the pretense of "meta-data" by fibonacci8 · 2018-05-19 23:40 · Score: 5, Insightful

Just admit that with enough pieces of information it's all "personally identifying".

--
Inheritance is the sincerest form of nepotism.
1. Re:Giving up on the pretense of "meta-data" by Entrope · 2018-05-20 00:19 · Score: 3, Interesting
  
  That's a false dichotomy. The point of metadata collection has always been to identify the parties to a conversation. The point of collecting the content is to find it whether the parties are talking about weddings and grandchildren or about compromised email servers and collusion with foreign governments.
2. Re:Giving up on the pretense of "meta-data" by fibonacci8 · 2018-05-20 02:31 · Score: 5, Informative
  
  And that's a red herring. The contention of metadata collection has been whether or not it qualifies as unreasonable search and seizure, emphasis on the search part. Gathering such data within the limits of a warrant is legal. It's still a grey area whether requiring metadata gathering and retention on everyone is overreach. The "point" isn't relevant if it legally poisons evidence collected to where the rest becomes inadmissible in court.
  To my understanding, the 4th amendment is still supposed to be a thing. Skipping the need for probable cause for each search, and not requiring a warrant to specify appropriately narrow limits for each search, by requiring businesses to conduct a continuous broad search seems to violate the letter and the spirit of the law. Privatization of corruption doesn't stop the practice from being corrupt.
  
  --
  Inheritance is the sincerest form of nepotism.
3. Re: Giving up on the pretense of "meta-data" by Hallux-F-Sinister · 2018-05-20 07:54 · Score: 1
  
  Or...or...or... maybe different people and different organizations have different ideas and goals for metadata collection and use-cases and insisting any one is somehow true and correct is like arguing about what a given formation of clouds most resembles, especially when the people arguing are from different cultures, viewing the clouds from different locations, seeing them from different angles, and maybe even looking at them on different days. On different planets. I suspect the best we can do is a agree to disagree on this point.
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
Avoid American-made chipsets and phones by Anonymous Coward · 2018-05-19 23:44 · Score: 5, Insightful

Eventually it will come down to Google being forced to demand that these features are in phones, in order to license the Android mark and access to Google Play.
In the extension this means Qualcomm and other American manufacturers will get to take in heavy licensing fees, because it will all be patented.
It's a drive to both sell more American products and collect more information on people at the same time.
One scary aspect of this is that the data will obviously be collectable to U.S. government and manufacturers. Three-letter agencies could literally replay the signals and have a water-proof case against anyone, by claiming the data shows that "they were there".
1. Re:Avoid American-made chipsets and phones by techno-vampire · 2018-05-20 14:03 · Score: 1
  
  ...claiming the data shows that "they were there".
  
  A good lawyer would argue that all that proves is that your phone was there, not that you were. And, as the prosecution wouldn't need to use this if they had a witness to your presence, that in itself might be enough for reasonable doubt. Of course, IANAL, and could easily be wrong.
  
  --
  Good, inexpensive web hosting
2. Re:Avoid American-made chipsets and phones by rtb61 · 2018-05-20 21:51 · Score: 1
  
  No it will eventually come down to the cheapest phones with the least number of features will be the most secure and reliable. High end phones will be insecure by design, have many routes of failure (any of the security features fail and you phone is a brick), and lack all measure of privacy. Every feature missing from a phone makes it cheaper, so which phone will win, cheaper and private or expensive and whores you privacy out to all and sundry.
  
  --
  Chaos - everything, everywhere, everywhen
3. Re:Avoid American-made chipsets and phones by KingBenny · 2018-05-22 12:30 · Score: 1
  
  o dear, the top five posts aren't on how n-ers and mexicans wrecked the berlin wall today ? has there been a coup led by cmdr Taco to take the power back ? lets hope it stays that way then ... i was more like how is this not why facebook has been on trial and also (ofcourse) "what could go wrong" with a failproof systems like that ? but what you just said here yea, totally fits the Trump agenda in the long run ... welcome to the soviet era Hahah , i still use an old €15 samsung for calling and i have no simcard in my smartphone at all, i hope i can keep doing that, maybe i should start looking for secondhand cookieless gpsless phones in case this one breaks down
  
  --
  Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
Incompatible by AmiMoJo · 2018-05-19 23:48 · Score: 3, Interesting

I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
1. Re:Incompatible by rmdingler · 2018-05-20 00:31 · Score: 1
  
  I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.
  The data gathered would likely spike to higher risk only in incidences when individual behavior is uncorrelated with baseline activity.
  In your case, consistent pressure changes in your grip may be used as a lower risk score, and your risk of being misidentified would only increase during the rare(r) days when your grip is constant and firm.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:Incompatible by AmiMoJo · 2018-05-20 00:37 · Score: 2
  
  Or more likely I'll go to use some service and the computer will say no. If there even is a human being available they won't be able to do anything.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:Incompatible by currently_awake · 2018-05-20 03:05 · Score: 2, Insightful
  
  This isn't about paying for lunch, it's about eliminating burner phones. Once all phones are legally required to have this, they can ensure nobody has anonimity.
4. Re:Incompatible by BlueStrat · 2018-05-20 04:37 · Score: 1
  
  This isn't about paying for lunch, it's about eliminating burner phones. Once all phones are legally required to have this, they can ensure nobody has anonimity.
  That and it's a perfect tool for moving to a cashless society where government knows everything you buy, sell, or pay for and can add it to their dossier database and also be able to track and tax individual transactions at the micro-payment level in real-time.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
5. Re: Incompatible by Hallux-F-Sinister · 2018-05-20 08:03 · Score: 1
  
  No, someone will just come up with phone movement randomizers. You know how people with more money than sense buy wristwatches that have to be worn to keep time, automatic or self-winding models, but they own a bunch and only have one pair of wrists, so they buy winders that use WAY more power than batteries to slowly turn them end over end? Theyâ(TM)ll have that but for phones, that randomly jiggle and bounce them around inside a case to randomize movement to defeat this system, and as for how people hold them... when you want to dial a number and have your privacy, just set the phone down on a flat surface, I.e., a tabletop or the ground, and dial there. Use a wand instead of a finger, and try to get everyone else to do the same and use the same kind of wand so that fingertip pressure is randomized too... we can beat this...
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
6. Re:Incompatible by viperidaenz · 2018-05-20 09:19 · Score: 1
  
  Oh no... new technology to make things easier for most people may not work for you sometimes, you may have to use the existing channels.
  Although, you have no idea, but apparently you just feel like saying "it wont work for me (but it might, I literally have no idea what I'm talking about) so it must be flawed!"
GDPR by Anonymous Coward · 2018-05-19 23:49 · Score: 1

I hope the GDPR will make this illegal in Europe.
Sure it will identify people. However, it will also be hackable (Spectre, anyone) and then the black hats will have unassailable proof they are who they are not.
Seriously, who ever proposed this is either a black hat or has not the least idea about security.
Disclosure: I rarely wear hats.
1. Re: GDPR by mrbester · 2018-05-20 01:38 · Score: 1
  
  However, these legal fees only apply if they are being prosecuted for not complying with the law (when, and more importantly, if they are). Hiding "we're tracking you... (20 pages later) ... and if you agree, click this button" in a EULA / click-through isn't going to fly, particularly if there is no opting out.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
2. Re: GDPR by BlueStrat · 2018-05-20 04:04 · Score: 5, Informative
  
  However, these legal fees only apply if they are being prosecuted for not complying with the law (when, and more importantly, if they are). Hiding "we're tracking you... (20 pages later) ... and if you agree, click this button" in a EULA / click-through isn't going to fly, particularly if there is no opting out.
  Bullshit.
  It requires keeping teams of specialist lawyers on retainer and an entire new department in the company that does nothing towards generating revenue, only monitor compliance and deal with GDPR-related issues with users and government. Regulatory compliance costs are a real thing and hurt smaller enterprises far more than some megacorp.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
3. Re: GDPR by mrbester · 2018-05-20 10:48 · Score: 1
  
  The law is pretty clear, so specialist lawyers aren't required, along with their overinflated hourly charges, no matter how much they say they are. It's only when the big companies try to sidestep it that they might be needed. There's onerous bookkeeping, but that's been the case for a few years with DPA, only now there has to be more emphasis.
  What gets me is the sudden flurry of activity. It has been known this was coming into force for nearly two years and the amount of burying heads in sand with a "this won't affect me" attitude to only now be doing anything is staggering.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
4. Re: GDPR by Gonoff · 2018-05-20 20:04 · Score: 1
  
  GDPR only helped big companies ...
  It is your big companies that are the most stressed by it.
  Smaller companies that actually make things should have less problems. Yes there are rules but anywhere where production is more important than lawyers and accountants may even find that they are on the right track anyway.
  I helped a small voluntary organisation become compliant recently. The most complicated thing was the form that was handed to all members that asked them if we could hold their data etc.
  
  --
  I'll see your Constitution and raise you a Queen.
Translation by jenningsthecat · 2018-05-20 00:03 · Score: 4, Insightful

... will be available in the vast majority of mobile devices
... will be mandated for every phone sold in North America
Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.
Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.

--
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
1. Re:Translation by lgw · 2018-05-20 00:27 · Score: 2
  
  Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc.
  
  So, sort of like WeChat in China then. Oh, it might not be technically required, but good luck getting very far without it. And don't forget your social credit score!
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
2. Re:Translation by currently_awake · 2018-05-20 03:06 · Score: 1
  
  If the Government is getting such valuable benefits from my phone, they should be paying my bill.
3. Re:Translation by BlueStrat · 2018-05-20 05:13 · Score: 1
  
  .. will be available in the vast majority of mobile devices ... will be mandated for every phone sold in North America
  Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.
  Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.
  I'll just leave this here.
  https://youtu.be/s2NNZdigSXg
  They're already working on essentially that very technology.
  No population has ever regretted being extremely cautious about allowing government to expand it's powers & scope, whether directly or by using private sector resources to accomplish their goals.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
4. Re:Translation by jenningsthecat · 2018-05-20 06:06 · Score: 1
  
  Thanks for the link. I've never heard of that movie before - and I'm old enough to have seen Coburn's 'Flint' movies in first run at the local theatre. Now all I have to do is find a copy...
  
  --
  'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
5. Re: Translation by Hallux-F-Sinister · 2018-05-20 08:07 · Score: 1
  
  Doubt it. Religious wackos insisting that anything that MUST be carried is the MARK OF THE BEAST will be enough to ensure their representatives never force this on them. Religious insanity it turns out, is not ALL bad.
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
6. Re: Translation by Reverend+Green · 2018-05-20 19:26 · Score: 1
  
  Social credit score - or "Earned Public Reputation", as domestic totalitarians are calling the version they plan for America.
Google by AndyKron · 2018-05-20 00:08 · Score: 2

Google: By your grip you're getting ready to throw your phone. Is there anything I can hel.....CRASH!
Great by Megane · 2018-05-20 00:14 · Score: 2

Now when do they solve the robo-caller identity verification problem?

--
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
1. Re:Great by GrumpySteen · 2018-05-20 00:28 · Score: 2
  
  When it stops being profitable for the carriers (i.e. never).
2. Re:Great by lgw · 2018-05-20 00:29 · Score: 1
  
  What do you mean "when"? You don't think they already verify robocaller IDs against the list of campaign contributors? It's just like why physical mail is 95% spam by weight.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Great idea by burtosis · 2018-05-20 00:58 · Score: 3, Insightful

911 emergency, how can we help you?

*shaking* I've been in a car accident and am pretty badly hurt, can you send help?

Sir, I'm not sure who you are but placing a false call to 911 is a crime *click*

Hello? Hello?
More us might develop that.. by Slicker · 2018-05-20 01:29 · Score: 1

For anyone with any sense of paranoia is likely to try to develop some arthritis like this. In fact, it'll have also include how we walk.. Maybe it'll be voice characteristics, too.
I used to think people walking around talking to invisible others was weird. I discovered it's this new thing called a "bluetooth" earpiece. Now I image we'll see people holding their phones in weird ways, walking, and talking in funny ways... It'll be interesting.
The next James Bond movie will need its villains to do the same while on phones. Skip around, spin, toss the phone in the air and catch it with the other hand--anything you haven't done before.. You might as well make it a musical.
1. Re:More us might develop that.. by PolygamousRanchKid+ · 2018-05-20 03:55 · Score: 1
  
  Now I image we'll see people holding their phones in weird ways, walking, and talking in funny ways... It'll be interesting.
  Well if we all start doing Monty Python's Silly Walks it will definitely be amusing.
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Pressure? Gait? by Anonymous Coward · 2018-05-20 01:31 · Score: 1

So my smartphone would send data about my gait, my gesture characteristics, etc. to someplace I don't control?
Guess that's why I don't have any smartphone.
1. Re:Pressure? Gait? by infolation · 2018-05-20 08:07 · Score: 1
  
  ...and when you sprain your ankle, you get locked out of your own phone.
2. Re: Pressure? Gait? by Hallux-F-Sinister · 2018-05-20 08:23 · Score: 1
  
  Bad news, bro. You dont need one. You have a computer and that is enough. If you think you can hide behind being an AC, again, bad news, bro. When you browse slash dot not only are there MAC and IP addresses, and cookies and persistent cookies and macromedia hidden super cookies, but the browser likely records not only what you typed, but a log of every keystroke and WHEN you made it, which may as well be a fingerprint for your typing style, what in ham radio I have read somewhere what they called a FIST, which is the distinctive style of how long the operator took to depress and release the key that sent the pulses, how long they waited from one pulse to the next, one word to the next, etc. Also, even without a smartphone, video of you walking can be correlated with sound recordings to get detailed info on your musculoskeletal system in fine detail, which is of course unique to you... there is no hiding from the telescreens, Winston. Also... we know you have a smartphone.
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
Fly in the ointment... by QuietLagoon · 2018-05-20 01:46 · Score: 1

It appears to take a while to build the history required for the identity verification purposes, yet that verification is used for only a very short time. If someone else has my smartphone for a short time, they could pose as me based upon the history retained in the smartphone. imo, in order to be a secure verification, the timeline for building the history needs to be closer to the timeline of usage.
Have a bad day, get locked out? by CptLoRes · 2018-05-20 01:51 · Score: 1

So if by chance you are having a bad day with external stress factors changing your daily rutine and behavior, you get locked out? I am sure that will help making an already bad day worse..
My old rule: by Anonymous Coward · 2018-05-20 02:03 · Score: 1

In China, use an American phone.
In the US, use a Chinese phone.
And pray that it isn't a double spy phone.
P.S.: There are dopant-level hardware trojans now: https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html
Commerical suicide? by petes_PoV · 2018-05-20 03:56 · Score: 1

A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project
Very wise. It sounds like an ideal way to completely kill-off the sales of any manufacturer who gives in and installs this.
Apart from all the drawbacks listed, any phone that did this would essentially be spying on its user. Not just with trying to identify the user, but with the record of encrypted (yeah .... right) positioning data to know where that person had been.
The only people I can see who would ever use one of these would be government employees and I doubt that they would do so freely.

--
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Re: Say what? by Anne+Thwacks · 2018-05-20 04:12 · Score: 1

"Lm 2 English" - is that like "ESL"?
It is definitely not "English as spoken in England"

--
Sent from my ASR33 using ASCII
Fantastic by WinstonWolfIT · 2018-05-20 05:02 · Score: 1

So if I go on a weekend bender in Vegas I can't call a cab.
Good luck with that by ItsJustAPseudonym · 2018-05-20 06:17 · Score: 1

All of my calls are made using speakerphone mode, while the phone rests on a phonograph turntable. Mostly I run it at 33 1/3 RPM. If I don't like you, you get 'the 78 RPM' treatment.
1. Re: Good luck with that by Hallux-F-Sinister · 2018-05-20 08:27 · Score: 1
  
  Yeah. Until you need to make or take a call, away from your precious turntable. Then they GET you.
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
2. Re:Good luck with that by Mal-2 · 2018-05-20 21:36 · Score: 1
  
  I put my phone in a surplus centrifuge affected by Stuxnet. That adds extra randomization to the signal.
  
  --
  How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Sorry, I don't hold my phone by p51d007 · 2018-05-20 14:10 · Score: 1

If I'm in the car, it's hands free via the car radio. If I'm not in the car, I have borg implant (BT headset).
Re: Creepy by Gonoff · 2018-05-20 19:43 · Score: 1

I thought he was one of the alligators.

--
I'll see your Constitution and raise you a Queen.
Was hoping this was about spam calls by MisterMoney · 2018-05-21 00:49 · Score: 1

I was really hoping this would be about reducing the amount of spoofed/spam calls everyone gets.