Sigh, first go read any text on economics written by someone with economic credentials. Second take a look at the history of wealth in the U.S. by reading through some census reports.
After having accomplished this, come back here and express and intelligent and informed opinion. No, obviously we don't have a purely capitalist system because it is a theoretical system that can never exist. Yes, we do have a system that is closer to capitalism than pretty much any system that has achieved stability for more than about 50 years at a time. All of my statements of fact are pretty obvious from just looking at historical data and every model of capitalism I have ever seen shows that wealth accumulates more wealth within it until it reaches extreme consolidation. If you care to dispute that or anything else I said, provide a credible reference or a logical reason. To date you have not made one coherent argument. "Nu uh" is not exactly the kind of argument that is going to convince anyone here.
nsofar as children are generally the rightful heirs of a parent's estate, and that the wealth produced by an individual rightfully belongs to the individual and not the State, anyone who tries to impose such a cap needs to be killed.
Some people held very similar ideas in the not so distant past. Something like:
Insofar as children are generally the rightful heirs of a parent's estate, and that the peasants ruled by an individual rightfully belong to the individual and not some usurper, anyone who tries to take over the governance of the peasants needs to be killed.
...then we chopped their bloody heads off and established more fair systems of governance. You think economics is any different? Wealth is power. Being born to one set of parents rather than another does not entitle you to position or power and if you think it does, well that is probably because you benefit from it. The people as a whole (you know the ones supposedly in charge) do not benefit from it, and there is no ethical reason to tolerate it.
The numbers I gave were indicative of wealth disparity, i.e. how the currency, stock, and property in the country are divided up. If you choose to buy into the fiction that our currency has real value that is increasing, you could argue that it does not matter since there is more total wealth. I'm not buying it though, and there are a lot of things the poor aren't buying either; like land and houses. Also, think about free time and the ability to retire. Today fewer people than ever have any hope of owning land and property, and that is the real measure of wealth in this country.
Your light hearted comments about plasma TV's and iPods touches on another point. If technology is advancing, all people should benefit, but it is not clear that is really happening to the extent it should. We have the technology to easily grow all the food needed by the country for a mere pittance compared to the national budget, but still people even in America go hungry for lack of money to buy food. Construction technologies make the building of homes and housing easier than ever, but people still lack for shelter because they don't have enough money. Why is that, do you suppose?
Your argument boils down to, "it is impossible to make everything exactly fair so we should ignore unfair circumstances entirely." I reject your arguments utterly. I could just as well argue it's not fair that one person is born the son of a carpenter and grow up in a wood shop when another was born of a pig farmer and had to grow up on a pig farm. For this reason there is no point overthrowing a tyrannical monarchy since we can't equalize everyone's position in life.
Fair means everyone should be given an equal opportunity, or as nearly equal as it is practical to create. Fair means one person should not be born into a situation where they never have to work, or think, can buy anything they can think of, are free to flaunt most of the laws and get away with it, and are free from worrying about hunger or hardship, while another person has to eat ketchup packets from fast food joints, has no hope of ever being out of debt, has no chance for a real education, and has no chance to ever be able to afford a home, without turning to crime.
Can we make sure no one has any advantages over anyone else, no. But that also does not mean we should tolerate the kind of inequality based upon birth we see these days. Neither does it mean we should tolerate a system of government and economics that is designed to keep the rich and wealthy rich and wealthy, and make them even wealthier at the expense of the poor. Just because life cannot be made completely fair is no reason to not make it as fair as possible. And just to be clear, we're talking equal opportunity and a decent living for all. There is no need to try to equalize for height or intelligence or memory. This is a purely economic equation. While I believe those with special problems should be helped by society, the distribution of wealth is the specific problem we are addressing. It takes money to make money and in a capitalist system money consolidates. The poor are getting poorer and the rich are getting richer and all economic models show this will continue, despite the relative efforts and hard work of the poor. Any system that consolidates all the money and makes more and more poverty and makes incredibly wealthy people even wealthier as time passes is broken.
Simply banishing all inheritance and dumping that money into paying off the national debt and then into tax reductions would be a good start. It would need to be paired with a law preventing people from giving away large sums of money to their children. Just capping the total amount of money you can give your child at $500,000 would result in billions of dollars a year going to the government instead of to a person who has never done anything to earn it. Obviously there are lots of complications, but the principal is pretty straightforward. It is certainly better to have more people actually contributing to society and doing something than it is to have them sitting idly and watching their existing money accumulate more money at the expense of the already broke lower classes.
Or does "fair" jsut[sic] mean that everyone should have a trust fund, or noone should?
Either no one or everyone having a trust fund would help to equalize things and break some of the spiraling capitalist accumulation cycle that is inevitably ruining the lives of most of the population.
A free market does not exist in the presence of trusts or monopolies, therefore the existence of cartels is said to be the antithesis of Free Market Capitalism, here shortened to just Capitalism.
I can't say I've ever heard the term "free market capitalism" outside of speaking points from neoconservatives. I've not seen it used in a real economic text. I've heard "Free market economy" a lot though, which is, perhaps, what you mean? Can you provide a formal definition of "Free Market Capitalism" and a source? I suppose individual terms are not as important as concepts, but capitalism is a well defined term and can be found in the dictionary (unlike "Free Market Capitalism"). In any case, there is little doubt that whatever variant of capitalism exists in the U.S. today is responsible for the economic disparity and the formation of huge corporations that have undue influence over our political structures. Whatever we have, it is not working properly.
First of all, the population base is growing so there are many more people adding in at the low end.
So because more people are born to poor parents it is ok that they are even less wealthy than their parents? I thought the idea that circumstances are a just entitlement went out with feudalism. Just because one person is born to a wealth parent and another to a poor parent does not make their disparity fair by any means.
Secondly the amount of money is increasing over time so even if a small number of people may cotrol a large percentage of wealth it does not mean much without saying how much ecenomic freedom the people in the middle have.
Both the numbers I posted and those from wikipedia were percentages of wealth in the country, not amounts of money. They account for currency, property, and stock.
That has increased quite a lot as the middle class has a lot of financial power they did not have before.
Got anything to back that up? Everything I've seen shows the middle class shrinking and the lowest class growing. Your assertion that the middle class has more financial power is not backed up by any numbers I've seen.
There are no details in the article on how this number was really calculated. Proof my Wiki is not enough to convince me I'm afraid.
The numbers were taken from the census data, so the base data granularity is pretty ideal. The calculated numbers, however, are presumably consistent with one another over time so the trend they show within the United States is self normalizing for that particular aspect of differentiation. In any case, you can calculate the numbers yourself or just look at the census data I posted and that for the last few decades. All the numbers are there plain to see. I've not seen any statistician or economist who has claimed that wealth is not consolidating in the U.S. and that the middle class is not shrinking. Do you have some sort of reference to a paper or numbers that you think imply this is not so?
I can't even conceive of how you can argue that capitalism is working for a country when 40% of the households are completely broke and where a mere 5% of the population has more than half of the wealth, especially since all indications are that wealth is simply inherited, not earned through hard work, intelligence, innovation, or any other useful contribution to society. Go into any kindergarten classroom and give two kids 10 cupcakes each and ask the other 38 the kids to share 20 cupcakes among them. If they ask why tell them because those two kids were born to special parents. How many do you think will think that is fair? Sorry, the system is broken to have reached this state, and is not getting any better. Birth should not be an entitlement and everyone should have an equal chance at wealth and happiness regardless of who their parents are. If you believe otherwise, I'm afraid I can't respect that position, just as peasants everywhere have thrown down kings who claimed political power over them based on birth, so to will the peasants eventually throw down those who wield inherited money as power over them.
Ok, but through some recursive Googling lead to disclosure of the entire work?
Sure, provided you change you IP address every five paragraphs.
While I agree that it's easier to go to the library and check out the book, there is a way to circumvent the system.
Sure, you could build a system, and recreate the book, but for the time and expense it is cheaper just to buy a copy and OCR it. If you're planning to illegally copy a work, or illegally redistribute it en masse, it is not like google print is the best way to go. There are already laws preventing people from illegally copying/distributing the works, all Google is doing is making the world of print searchable. They get my thanks for indexing my books for others to find, reference, and buy and they deserve bloody Nobel prize if they do this for all written works as it is one of the greatest benefits to mankind to be accomplished in may years and helps fulfill some of the promise of the internet as it was originally envisioned.
Umm, due to your definitive logical fallacy, failure to elucidate, your argument fails. You don't specify what you are referencing in my above post, thus your argument, if it even is one, is incomprehensible. Nice try yourself.
Another poster has already put up a better reference than I was going to to prove my point. Here are some more facts that help to put the situation in perspective as to where we are right now (copied from another post I made to this thread).
Last time I looked at the figures something like 400 people in the top 1% of the wealthiest people in the U.S. were not born with a parent in the top 1%. Of those, none of them did not have parents in the top 5%. The U.S. still has more upward mobility than most of the world and the vast majority of the wealth in this country is owned by a small minority. Real upward mobility, is just a pipe dream. the top.5% controls about 25% of the wealth. The top 5% controls well over 50% of the wealth. Those numbers are increasing, not decreasing every year. The bottom 80%, that is 8 out of every 10 people are left to split less than 20% of the wealth. If you total up all the wealth owned by the bottom 40% of the households in the country you get a net total of nothing. Thats right, nothing, almost half the people are maybe a little bit ahead, or a little bit in debt but as a whole are completely broke. All this is from census data as compiled by Berkley University.
The Evilest, biggest corporation known to Slashdotdom, Microsoft, was barely a blip on the radar 20 years ago.
First, this is the really real world. Second MS is still a relatively small corporation compared to the really big ones. Third, MS is owned by shareholders. How many MS shareholders were not rich before they invested in MS? Last time I looked at the figures something like 400 people in the top 1% of the wealthiest people in the U.S. were not born with a parent in the top 1%. Of those, none of them did not have parents in the top 5%. The U.S. still has more upward mobility than most of the world and the vast majority of the wealth in this country is owned by a small minority. Real upward mobility, is just a pipe dream. the top.5% controls about 25% of the wealth. The top 5% controls well over 50% of the wealth. Those numbers are increasing, not decreasing every year. The bottom 80%, that is 8 out of every 10 people are left to split less than 20% of the wealth. If you total up all the wealth owned by the bottom 40% of the households in the country you get a net total of nothing. Thats right, nothing, almost half the people are maybe a little bit ahead, or a little bit in debt but as a whole are completely broke. All this is from census data as compiled by Berkley University.
It's time to wake up and realize that the U.S. is not a land of opportunity for the vast majority of people and the poor are constantly getting poorer. The middle class is steadily disappearing. The people running the corporations and who own most of the shares in them are wealthy and were born that way. Pretty much all of our politicians are wealthy and were born that way. The legal system, political system, and economic system is all heavily weighted against the poor. If you are not aware of that, then you have been living with your head in the sand. In a capitalist economy wealth consolidates, until there are a few very rich people and a lot of very poor people. Every respectable economic model shows that. We need some serious reform if we want to change that. That means electoral reform, economic reform, inheritance reform, and some serious government changes. The government is supposed to be for the people, but it really isn't much anymore. Every 4 years you can vote for one rich guy who will screw you over or a different rich guy who will screw you over. Until we fix that, there is no hope for change. The danger, of course, is that when the poor get too poor they revolt and the wealth and power get redistributed, but anyone who thinks we'll end up with a fair democracy from that is a optimist of the highest order. More likely we will end up with war and death and oppression for many years. It is better, in my opinion, to salvage what we can of our existing government, and try to give the people a vote again. I'd like to see mandatory, binding referendums. If I can get 10,000 votes my issue should be on the ballot and voted on directly by the people. This representative democracy is just not working out as it should anymore.
Capitalism writes laws, because money is power. We need to remake the laws to insure the people have the power, since most of the money is in the hands of a very small minority.
What you see att work with the RIAA etc is not capitalism, it's almost the exact opposite. It's unions and large cartels stifling capitalism, combined with a legal system that allowes this.
You don't seem to know what capitalism is. It's simple, capitalism is defined as trade and industry controlled by individuals and not by the state. Imposing laws to stop cartels and unions is not capitalism, it is in fact opposed to capitalism. Of course capitalism does not work by itself which is why pretty much every government on the planet has a regulated capitalism where the government steps in, breaks up monopolies, and restricts and controls some industry and trade with some measure of socialism where the government collects wealth on behalf of the citizens and distributes it for certain purposes (relief of the poor, disaster relief, health care, education, etc.).
Capitalism is all about the continued distribution of wealth, from the slow and lazy to quick, inovative and hard working. Anything the prevents this re-distribution goes agains the principals of capitalism.
I claimed that they'd care if you asked them to change their authentication.
Will a user care if you ask them to undergo surgery to have the RFID chip (not biometric) implanted at the base of their skull removed? Yes they will. Will a user care if you ask them to get plastic surgery on their face (biometric), some will some won't. Will a user care if you ask them to shave their mustache or dye their hair (biometric)? Most probably won't. Will they care if you ask them to take pills that will alter a portion of their body chemistry (biometric) that will have no detectable effect except for being readable by a scanner? Unlikely.
There are numerous non-biometric "something you have" keys that users will care about getting changed and even some examples biometric keys users most likely will not care about having changed. Sorry, this property also fails the test.
If you want further clarification, go back and read my prior posts, as I don't intend to respond further.
I've read your prior posts. The number of fundamental differences you listed is zero. I've given examples to disprove every one you've come up with and you've failed to refute any of my examples. Everything you have presented is a way some biometrics differ from some non-biometric "something you have" keys. I don't expect you to respond and that is just fine; you've been grasping at straws for quite a while. I'm sorry you can't see the danger of special casing biometrics and I'm sorry you seem intent on doing so. I hope that your promotion of this process does not lead you, or more likely someone else trying to create or follow a formal authentication policy to misuse biometrics in a dangerous way. There is already plenty of such misuse going on and I'm sorry I was unable to convince you from a purely logical standpoint that your categorization is wholly unnecessary and dangerous.
Someone steals a car and sells it to you for $10. When the car is discovered you are going to lose it and maybe go to jail for receiving stolen property.
If the courts cannot prove you knew or suspected it was stolen, you are in the clear. You will lose it, but in that case you are the victim of a crime (fraud), not a victim of the legal system.
Someone robs a bank and gives you $10,000 because you are a nice guy. Do you really think you get to keep it? Do you think you aren't going to jail or at least get some really nice community service sentance?
This is the exact same situation as above.
Some kids drop off some pirated software and music on your computer. Do you think you are immune to prosecution and/or civil suit because you didn't actually do the downloading? Not hardly. You are at least an unwitting accessory. But if you know they are doing it and doing nothing about it, then you are absolutely an accessory if not accomplice.
If you don't know about it, legally you are in the clear. If they can't prove you know about it, you are legally in the clear. If you do know about it, but do not benefit from it in any way, you are in the clear (you have no obligation to report a crime). If you know about a crime and benefit from it (they give you copies of the games/music that you know are there), then you are guilty.
If you reasonably fear legal action, and you have not broken any laws, then the legal system is broken.
Ahh, the wisdom of the anonymous coward making ad hominem attacks. OK, here are the facts, go ahead and tell me which one you dispute. The U.S. is a very capitalist nation. Corporations are the product of capitalism, being for profit legal bodies created by and for capitalists to promote their capitalism. Large corporations change the legal system using large contributions to politicians in exchange for laws favorable to them being created/passed. Corporations use the existing laws to stop smaller companies innovations from being successful, being available, and thus costing them money.
Care to dispute any of these assertions 'O' font of knowledge? For the record I am neither a socialist, marxist, or capitalist. Maybe you've been sleeping for the last few hundred years and missed the current events. Capitalism stifles innovation and progress regularly. It also encourages it with (often) some measure of reward and by encouraging competition. Now tell me how the RIAA, a capitalist organization to the point of having overstepped U.S. antitrust laws and exceeded even it's lax policies to prevent complete consolidation, is encouraging innovation by bringing lawsuits against the creators of new technology (eDonkey) in order to bankrupt them with legal fees when they are obviously not breaking any laws? Do tell, I'm all ears.
Let me put it this way: if authentication is based on voiceprint, thumbprint, and a scan of the vein patterns in my arm, no one can detect that ahead of time. They must be familiar with my security system and anticipate that those qualities will be looked for. If an object can be found in some kind of a search, that object tells the searcher that I use that means of authentication somewhere.
You're asserting that all physical keys are detectable and that biometrics are not detectable as such. First, you're making the assumption that an entire person can not be duplicated in their physical form which, while true given our current technology, is not a truism. It is just the current situation as far as we know and thus cannot be a scientific fact. Second you are asserting that non-biometric "something you have" items are detectable, which is not necessarily the case in any given situation. normal keys can be mixed with dummy keys, making the "real" key indistinguishable and obfuscated keys can be disguised as normal materials people carry with them every day. If a key for a given individual is a particular brand and shade of lipstick in its original container, how can the attacker differentiate this from all the other objects a person carries daily? Finally, if a given set of biometrics is used, it is subject to a corrupted authentication attack by randomly attacking valid users, removing biometrics and seeing if they are able to gain access. It need not even be detectable in that an agent could obfuscate a fingerprint, or covertly administer a drug to change a voice pattern. None of the characteristics you mention are unique to biometrics, aside from being a part of the body, which is what defines a biometric and is, hence, a logical definition flaw.
I don't remember suggesting that we use hair color alone as a means of authentication... That people have physical characteristics that are easy to change/fake is pretty irrelevant to whether "having" physical characteristics yourself brings up different security concerns than "having" an object with certain physical characteristics.
I asked for a fundamental difference between biometrics and other "something you have" objects. Your reply was that biometrics are not easily changed. In response I gave an example of a biometric that is easy to change and an non biometric that is not easy to change. How then can you claim that this is a fundamental difference that warrants biometric being classified differently?
You will see a difference when you ask the user to change his DNA for future authentication.
This is completely irrelevant to your point. You claimed a fundamental difference was that a legitimate user cares if they have a biometric taken from them. I provided an example case where an user would care a great deal about a regular "something you have" and another where a user would not care at all if a biometric "something you have" is taken. Your response that a different property (and one I already have shown to be false) is the fundamental difference just shows how indefensible your assertion is.
You have still not shown any difference of biometrics in general that makes them different and need to be treated differently than other "something you have" keys. You've mentioned plenty of examples of how a particular biometric differs from a particular "something you have" but no trait that is unique to biometrics. Why should I treat biometrics differently than any a arbitrary "something you have" key?
I'm afraid you are just trying to invent some difference and/or sidestep any argument to avoid admitting that you were mistaken. You still have not provided a single fundamental difference.
While many people don't use eDonkey (and the like) to pirate, the simple fact of the matter is that most do. Everyone suffers.
And you're ok with the innocent being punished for the crimes of the guilty? Anyone who does not intentionally violate copyrights, who is in any way harassed or punished is an innocent person being abused by the legal system. It is injustice and used to be something people cared about.
I've seen my neighbors kids come over with CD's of burned software that they got "for free" from Kazaa. They put me at risk that way. I don't want that crap installed on my computer so I can be their next target and example.
So you're not doing any copying, but you're afraid the legal system will punish you for the actions of others. Our legal system is supposed to founded on "innocent until proven guilty." If you did nothing then there should be no evidence against you. If you don't feel confident of that then something is wrong with the legal system, not with what other people are doing.
Capitalism is not the enemy of justice here. Capitalism has been bypassed here.
Capitalism, when unregulated, leads to consolidation of money into fewer and fewer hands. Have you ever heard the phrase, "it takes money to make money" used? It is more or less true. It is the person who finances a company or idea (who has the money to do so to start with) that makes most of the money on successful enterprises. Money has always been power. Money has almost always been able to influence governments.
Capitalism allowed for wealth to gather into relatively few hands in the U.S., starting from a much more level playing field than ever before. People could go out and claim a chunk of land, and make something of it. Now the land (like most other wealth) is owned disproportionately by the wealth elite and by corporations. Corporations are nothing more than a legal structure (laws passed using the influence of wealth) that protects the owners from responsibility for criminal actions undertaken to make them even more rich. They have also been used as ways to avoid taxes (which those who are not rich have to pay) and to legally bind individuals into doing unethical things in order to make more profit for the shareholders. It is these giant corporate beasts, the product of and nearly ultimate incarnation of capitalism that has consolidated such wealth and influence to make the legal system no longer work for anyone without the same wealth to challenge them. You are seeing capitalism at work, to stifle progress. We're only about 50-100 years away from the point where the poor rise up, kill the rich, and wealth gets redistributed somehow, and it is not going to be pretty, unless something changes.
I didn't say you had to *be* Bob, but just that you had to fake it. You have to alter characteristics of your being in order to mimic characteristics of Bob's being.
For any given test you have to alter a single characteristic, or in some cases have that characteristic stored elsewhere. Having a severed thumb may allow me to open a biometric lock. You don't necessarily have to alter your characteristics, just to have a characteristic that will pass inspection.
No, my assertion is all security could be said to be testing for "things they have", but that "things they know" and "things they are" are special cases, worth distinguishing.
Things you know are treated as a case in authentication theory because they are not physical, and are subject to a whole set of rules and procedures. Properly implemented they cannot be taken by force, nor even through most coercion. Things you have are physical objects. They can be taken, unless there is a mechanism for their destruction. A whole set of rules and theories apply to these items as well, and they are different in many cases than for "something you know" keys. A well designed, very high security authentication scheme might, for example, provide multiple passwords, including one that will allow access to a honeypot system and provide false information and possibly one that will disable all that users passwords and provide confirmation of that to the user. In this way a well trained person can either direct a torturer to a pre-prepared fake store of knowledge or disable access and make sure the torturer know that has happened (thus removing motivation for further torture). The point is, these are two, well defined aspects of authentication theory and while a given implementor of an authentication system may not fully understand why they are obeying a particular rule of that theory, it can still protect their system.
"Something you are" is not measurable by itself. You can't measure that someone is that person. You can measure that they know things (something they know) or that they have a particular, pre-measured characteristic. In authentication theory this is exactly the same as any other "something you have" key. I do not know of any feature of a biometric that makes it distinct in practice or application from any other "something you have" key. You have not provided any example of a way a biometric can be measured that makes it distinct in use.
It is different, however, in that it's measuring a physical characteristic of *your body*.
I deny this is a valid difference. If I graft a key onto my body, how does that make it different in use from a biometric? I'll address each of your points below.
valid users are going to be less able or likely or willing to change their "authentication key" if it requires extensive surgery and transplants.
Hair color is a biometric. It is easily dyed a different color. An implanted RFID is not a biometric. It requires surgery to change. I see no fundamental difference.
Biometrics have one strength over normal "something you have" items in that they're convenient-- you always have it with you, without needing to carry anything extra.
See the implanted RFID example above. It is always with you, but not a biometric. Also, biometric can be lost to an accident or attack. This is not a fundamental difference either.
...they're certainly more problematic for the valid users once they are stolen.
Depending upon the situation a valid user may be killed for losing a normal "something you have" key. Depending upon the biometric, a user may not care if a sample of his hair or DNA is taken. Again I see no fundamental difference.
I don't see any aspect of a biometric or it's use that cannot be true of a normal "something you have" key. They behave exactly like any other "something you have" and do not require a special case for their handling. Creating a special case is unnecessary and more
Most people - the overwhelming majority - are not competent to use a general purpose computer.
I'd like to put forth the assertion that this is because most general purpose computers are not designed for the average person and are pretty poorly designed overall. There is no technical reason why general purpose computers cannot be much, much, much more resistant to viruses and even trojans, automatically perform backups, etc.
For these people, a thin client web appliance using applications hosted remotely on machines maintained by competent people makes a huge amount of sense. And, frankly, that's 90+% of the whole population, so this is potentially a very big market.
Currently the least computer savvy portion of the population is also the least likely to have an always on internet connection or a sufficiently fat internet connection. Thus trying to capture this market is going to be a pain in the ass. Second, people like to own rather than rent many things. Third, people like to be able to use their computer without a subscription or internet connection at any given moment. Laptops especially are very popular right now and only gaining in popularity, but it is unlikely that internet will be available everywhere or even most places reliably for many, many years. Who want their ability to compose a letter, write a book, or play a game to die when they go to the family cabin or on a car trip? Fourth, what makes you think moving administration to a remote location will make the situation any better? Users will still fail to secure their machines and be vulnerable to viruses and trojans unless they have proper security from the end user's machine.
I think the proper and correct solution is to fix general purpose computers, not scrap them and move to an inferior solution. All the problems you mentioned are solvable, and are partially solved on everything except Windows machines. The problem is largely not with general purpose computers, but with the current popular implementations thereof; no reason to throw the baby out with the bath water, just improve general purpose computers.
I disagree with this. You only have to fake the characteristics of Bob that the guards know. You don't have to fake "being bob" because most of what makes Bob, Bob is completely unknown to the person(s) testing Bob. In some cases this may be a lot of various information and characteristics, in others it might be basically nothing. If a random person goes up to the guard and says, "hey I'm Bob" when they are really not, and are passed through because the guard know Bob is supposed to be coming through, but has no idea who Bob is, has the attacker faked "being Bob" or did he just faked on particular characteristic that Bob has?
Bringing this back to modern terms, does a thumbprint scanner test to see if you are Bob or if you have the same thumbprint that it is expecting? Faking being a person is a combination of things you know and things you have, but you have to take into account the tester. Any given test for identifying a person either through something they know or something they have is subject to all sorts of deception and avoidance. Your assertion that what is being tested is who a person is, rather than a combination of "things they have" and "things they know" is mostly due to the fact that thousands of tests are being issued more or less simultaneously by the most advanced tester known to man, another human. In reality, however, most biometrics are tests from a machine and they all test very specific characteristics. Unless you can define the essence of a person and build a physical test for it, I can't agree that that is what is being tested, only individual characteristics, which make them "something you have" in my opinion.
They do warrant being separated out a bit, and talked about specially, don't they? If for no other reason, then to talk about the weaknesses, the fact that you're carrying them around all the time. People can see your face and touch your hands (or touch something that touched your hands). They're unprotected, constantly changing, constantly being damaged. You can't replace them or change them. They weren't designed to be machine readable, and therefore aren't as easy for a machine to read (reliably). You are agreeing, aren't you, that biometrics have some real weaknesses that aren't present in other "something you have" items?
I agree that most biometrics have a whole slew of weaknesses not usually built into traditional "something you have" items, but I disagree that they need to be treated any differently than other "something you have" items. All such items need to be evaluated and handled according to their strengths and weaknesses. Security badges may be visible all the time. Implanted RFID chips may be taken with a person everywhere and read/copied without their knowledge. Analog magnetic devices and physical keys may wear and change shape, or decay over time. Not all security devices are designed to be easily machine readable, like older passports. Some identification keys may be irreplaceable and some biometrics can be changed with modern medicine. At the most basic level photo IDs may be defeated by hair dye. All of the problems and advantages of biometrics may be present in other "something you have" keys, it is just not common practice to combine all these weaknesses because it makes for what can be a very poor key, which biometrics usually are as well.
The idea isn't new or unscientific. It isn't untested. We can disagree about whether we want to separate out the different sorts of "having" for the sake of terminology, but it doesn't change the fact that "facial recognition" and behavior measurements have been used in security for... well, forever. It just didn't used to be computers doing the facial recognition.
You misunderstand me. I'm not suggesting biometrics are new. I'm suggesting that biometrics being a special case and not subject to the same evaluation and procedures as other "something you have" items is new and unscientific. There is no reason, scientifically, w
It might be that there are guards ordered to only let in people that they already know on sight (something you are).
You acknowledge the possibility of this later on, but let me just say, I reject this as a valid criteria. There is no way to measure something you are. You can only measure and test against known characteristics (something you have) and by asking questions (something you know). Guards might pass Bob through because they know what bob looks like, sounds like, and because bob has the knowledge to respond appropriately when asked about his wife. If someone else can disguise themselves to look like bob (something he has) and sound like bob (another physical characteristic, and something he has) and they know how to respond about his wife (something he knows) then they too can pass even though they are fundamentally not Bob. That is because "something you are" is not a testable or even definable characteristic. Trying to tack it onto a scientific theory is completely unsound.
The reason I object to this addendum so strongly is because it leads to people trying to evaluate things like thumbprints and voice patterns under special cases, exempt from the normal tests and principals that apply to "something you have" keys. This leads to lesser security and poor selection of "something you have" keys.
As for the rest of your post, I agree wholeheartedly. Biometrics are useful for very trivial security or as part of a layered security system, with human oversight, and additional checks. Biometrics are convenient and user friendly. I fear, however, they will be horribly misused, in places where non-scientists make decisions and where poor scientists make decisions without considering what is and is not a scientific and testable criteria. Muddying the waters with psuedo-scientific bastardizations of real, well thought out, time tested, rules and principals will only make matters worse.
Because you don't get to manufacture a new thumb in order to meet changing requirements.
I've never seen being able to be changed or have a new one manufactured as a criteria for "something you have" in authentication science. Even if it were, for some weird reason, there is no physical reason why someone cannot grow a new thumb or build a new prosthetic thumb with a thumb print. I reject your argument that this is a valid distinction.
Naturally occurring objects are not artifacts.
OK, now you're arguing semantics. You're the one who started using the term, "artifact" which is not the term used in the original argument. The phrase, "something you have" was used and I don't see why that does not encompass biometrics. You have a thumb and a thumbprint and an eye and particular DNA characteristics, etc. Furthermore they are applied identically to "something you have" in authentication theory.
The point, and you're helping to make it here, is that these two classes require fundamentally different treatment.
I'll ask the same question I did in my last post. Since you can use the same reader to read biometric and traditional "things you have" and since both objects have to be measured or keyed to a device prior to use and since biometrics and other "something you have" items can be stolen, faked, or lost naturally, in what way do they fundamentally differ that requires they be treated differently? Obviously all keys will have different advantages and disadvantages. Thumbprints go with you everywhere and are always exposed, but very hard to lose. A regular brass key is easier to lose, but less exposed to copying. Why should biometrics be placed in a special category, where they are not directly compared and evaluated beside other "something you have" keys?
I notice that you're again applying your conclusion as a premise. We've already established that your argument rests on making no distinction between "being" and "having." So far, you haven't produced anything in support of that premise.
Do you have a thumb. All right then, it is "something you have." Provide a good reason why it should be treated differently and I'd be happy to listen. So far I have not heard any reasons from you. If I'm creating a security system I'll consider biometrics the same as any other "something you have" and evaluate a given biometric on it's appropriateness based upon how it compares to other available "something you have" keys. In applying basic rules of authentication theory, each and every one applies just as much to biometrics as other keys. The only possible exception is that you should change biometrics on a regular basis, which I still hold is true. It may not be practical or even possible due to the limitations of most biometrics, but for a secure system they should ideally be changed regularly and certainly should be changed when they are known to be compromised. The fact that this is not usually practical speaks to their unsuitability as keys in most cases, not to something that should be changed in basic theory. Should modern medicine reach the point where it is practical to change biometrics regularly, they should certainly be changed regularly (or more likely just not used at all). I fundamentally disagree with special casing biometrics. They should be evaluated on the same criteria and treated in the same way as any other key with the same limitations (like an implanted RFID chip).
I agree completely. I've been asking for some of these features with good defaults and a user friendly configuration on a usable desktop for years. Right now, only the most security conscious are looking to these systems, but as security tightens in general this type of system will become more and more needed. I still have my doubts that this sort of system will gain any popularity until newer version of Windows manage to take significant market share and remove some of the lowest hanging fruit for malware authors. It would certainly be nice to have a time-tested and well refined system by then though.
An artifact can be anything agreed between the parties... Something you "are," on the other hand, is by definition a natural measurement associated with your person, not an artifact.
I don't see why your thumb is not an artifact according your definitions. It seems like you're trying to define "something you have" as any agreed upon object that is not a biometric, which seems to be a spurious addendum. You claim a biometric "does not have arbitrary properties, but natural ones" but there is no reason why an artifact cannot have natural properties. Early authentication schemes employed naturally occurring artifacts such as jaggedly broken rocks and pieces of wood whose natural grains/features could be aligned to provide a matching "key." In the case of an artificial object or a biometric you are still measuring one or more properties of a physical object. The fact that that object is a part of a person's body is a significant characteristic, but does not fundamentally alter the way the object is measured or verified. Heck, thumb print devices could easily be keyed to arbitrary thumbs taken from cadavers, which would make artifacts that are identical to biometrics, are measured in the same way by the same device. How does this change the nature of an authentication scheme?
The point is that authentication built around "something you are" has to operate within the constraints of both measurement and a finite set of properties. Authentication around "something you have" does not have such constraints. The difference is fundamental, and indeed testable.
You're operating under several false assumptions. First there are any number of limitations on what artifacts can be practically used in an authentication scheme. Second biometrical testable properties of the human body can be altered or spoofed just as any other "something you have."
To return to your claim that authentication schemes can't distinguish between these two classes, of course it's possible to build a naive authentication model that ignores the distinction, but I'd argue that's simply bad engineering.
I don't understand your assertion. Biometric devices have to be built to test certain properties of a human body and those properties must be measured in advance in order to be used. Other "something you have" schemes are built to test specific properties of some object which has to be set (or measured) in advance. How then does a biometric measurement and testing of something that is part of your body differ from the measurement and testing of something that is not part of your body in a way that biometrics should not be subject to all the same tests and evaluation criteria that other "something you have" artifacts are? In what way do you believe they should be treated differently and why?
RedHat could be well on it's way to becoming the next Microsoft.
I think you are mistaken. It is entirely probable that RedHat the company will partner up with lots of big businesses. Big businesses, however, want a commodity OS, competitive advantages, and for that matter, open source at this point. Having been burned by MS for so long, many companies at the heart of the Linux community are unlikely to swiftly move to closed formats, APIs, code, etc. Even assuming RedHat did exactly that, introducing formats and closed source code as much as possible, they are still working on a base that is GPL and that they cannot close and still sell. That means there is nothing stopping others from modifying that code or even redistributing it. RedHat would basically have to write their own OS from scratch or based upon BSD licensed code in order to get us close to the situation we have with MS. Even were they to do that, we'd still be several steps ahead for compatibility and security from where we are now with Windows.
To summarize, sure RedHat can become "evil" but that does not stop Linux, and RedHat has no way to "take over" Linux since they don't own it. I'm just not too worried, they have a long hard road ahead to become MS, and they will need a new OS to do it.
Sigh, first go read any text on economics written by someone with economic credentials. Second take a look at the history of wealth in the U.S. by reading through some census reports.
After having accomplished this, come back here and express and intelligent and informed opinion. No, obviously we don't have a purely capitalist system because it is a theoretical system that can never exist. Yes, we do have a system that is closer to capitalism than pretty much any system that has achieved stability for more than about 50 years at a time. All of my statements of fact are pretty obvious from just looking at historical data and every model of capitalism I have ever seen shows that wealth accumulates more wealth within it until it reaches extreme consolidation. If you care to dispute that or anything else I said, provide a credible reference or a logical reason. To date you have not made one coherent argument. "Nu uh" is not exactly the kind of argument that is going to convince anyone here.
nsofar as children are generally the rightful heirs of a parent's estate, and that the wealth produced by an individual rightfully belongs to the individual and not the State, anyone who tries to impose such a cap needs to be killed.
Some people held very similar ideas in the not so distant past. Something like:
Insofar as children are generally the rightful heirs of a parent's estate, and that the peasants ruled by an individual rightfully belong to the individual and not some usurper, anyone who tries to take over the governance of the peasants needs to be killed.
...then we chopped their bloody heads off and established more fair systems of governance. You think economics is any different? Wealth is power. Being born to one set of parents rather than another does not entitle you to position or power and if you think it does, well that is probably because you benefit from it. The people as a whole (you know the ones supposedly in charge) do not benefit from it, and there is no ethical reason to tolerate it.
By what measure?
The numbers I gave were indicative of wealth disparity, i.e. how the currency, stock, and property in the country are divided up. If you choose to buy into the fiction that our currency has real value that is increasing, you could argue that it does not matter since there is more total wealth. I'm not buying it though, and there are a lot of things the poor aren't buying either; like land and houses. Also, think about free time and the ability to retire. Today fewer people than ever have any hope of owning land and property, and that is the real measure of wealth in this country.
Your light hearted comments about plasma TV's and iPods touches on another point. If technology is advancing, all people should benefit, but it is not clear that is really happening to the extent it should. We have the technology to easily grow all the food needed by the country for a mere pittance compared to the national budget, but still people even in America go hungry for lack of money to buy food. Construction technologies make the building of homes and housing easier than ever, but people still lack for shelter because they don't have enough money. Why is that, do you suppose?
Your argument boils down to, "it is impossible to make everything exactly fair so we should ignore unfair circumstances entirely." I reject your arguments utterly. I could just as well argue it's not fair that one person is born the son of a carpenter and grow up in a wood shop when another was born of a pig farmer and had to grow up on a pig farm. For this reason there is no point overthrowing a tyrannical monarchy since we can't equalize everyone's position in life.
Fair means everyone should be given an equal opportunity, or as nearly equal as it is practical to create. Fair means one person should not be born into a situation where they never have to work, or think, can buy anything they can think of, are free to flaunt most of the laws and get away with it, and are free from worrying about hunger or hardship, while another person has to eat ketchup packets from fast food joints, has no hope of ever being out of debt, has no chance for a real education, and has no chance to ever be able to afford a home, without turning to crime.
Can we make sure no one has any advantages over anyone else, no. But that also does not mean we should tolerate the kind of inequality based upon birth we see these days. Neither does it mean we should tolerate a system of government and economics that is designed to keep the rich and wealthy rich and wealthy, and make them even wealthier at the expense of the poor. Just because life cannot be made completely fair is no reason to not make it as fair as possible. And just to be clear, we're talking equal opportunity and a decent living for all. There is no need to try to equalize for height or intelligence or memory. This is a purely economic equation. While I believe those with special problems should be helped by society, the distribution of wealth is the specific problem we are addressing. It takes money to make money and in a capitalist system money consolidates. The poor are getting poorer and the rich are getting richer and all economic models show this will continue, despite the relative efforts and hard work of the poor. Any system that consolidates all the money and makes more and more poverty and makes incredibly wealthy people even wealthier as time passes is broken.
Simply banishing all inheritance and dumping that money into paying off the national debt and then into tax reductions would be a good start. It would need to be paired with a law preventing people from giving away large sums of money to their children. Just capping the total amount of money you can give your child at $500,000 would result in billions of dollars a year going to the government instead of to a person who has never done anything to earn it. Obviously there are lots of complications, but the principal is pretty straightforward. It is certainly better to have more people actually contributing to society and doing something than it is to have them sitting idly and watching their existing money accumulate more money at the expense of the already broke lower classes.
Or does "fair" jsut[sic] mean that everyone should have a trust fund, or noone should?
Either no one or everyone having a trust fund would help to equalize things and break some of the spiraling capitalist accumulation cycle that is inevitably ruining the lives of most of the population.
A free market does not exist in the presence of trusts or monopolies, therefore the existence of cartels is said to be the antithesis of Free Market Capitalism, here shortened to just Capitalism.
I can't say I've ever heard the term "free market capitalism" outside of speaking points from neoconservatives. I've not seen it used in a real economic text. I've heard "Free market economy" a lot though, which is, perhaps, what you mean? Can you provide a formal definition of "Free Market Capitalism" and a source? I suppose individual terms are not as important as concepts, but capitalism is a well defined term and can be found in the dictionary (unlike "Free Market Capitalism"). In any case, there is little doubt that whatever variant of capitalism exists in the U.S. today is responsible for the economic disparity and the formation of huge corporations that have undue influence over our political structures. Whatever we have, it is not working properly.
First of all, the population base is growing so there are many more people adding in at the low end.
So because more people are born to poor parents it is ok that they are even less wealthy than their parents? I thought the idea that circumstances are a just entitlement went out with feudalism. Just because one person is born to a wealth parent and another to a poor parent does not make their disparity fair by any means.
Secondly the amount of money is increasing over time so even if a small number of people may cotrol a large percentage of wealth it does not mean much without saying how much ecenomic freedom the people in the middle have.
Both the numbers I posted and those from wikipedia were percentages of wealth in the country, not amounts of money. They account for currency, property, and stock.
That has increased quite a lot as the middle class has a lot of financial power they did not have before.
Got anything to back that up? Everything I've seen shows the middle class shrinking and the lowest class growing. Your assertion that the middle class has more financial power is not backed up by any numbers I've seen.
There are no details in the article on how this number was really calculated. Proof my Wiki is not enough to convince me I'm afraid.
The numbers were taken from the census data, so the base data granularity is pretty ideal. The calculated numbers, however, are presumably consistent with one another over time so the trend they show within the United States is self normalizing for that particular aspect of differentiation. In any case, you can calculate the numbers yourself or just look at the census data I posted and that for the last few decades. All the numbers are there plain to see. I've not seen any statistician or economist who has claimed that wealth is not consolidating in the U.S. and that the middle class is not shrinking. Do you have some sort of reference to a paper or numbers that you think imply this is not so?
I can't even conceive of how you can argue that capitalism is working for a country when 40% of the households are completely broke and where a mere 5% of the population has more than half of the wealth, especially since all indications are that wealth is simply inherited, not earned through hard work, intelligence, innovation, or any other useful contribution to society. Go into any kindergarten classroom and give two kids 10 cupcakes each and ask the other 38 the kids to share 20 cupcakes among them. If they ask why tell them because those two kids were born to special parents. How many do you think will think that is fair? Sorry, the system is broken to have reached this state, and is not getting any better. Birth should not be an entitlement and everyone should have an equal chance at wealth and happiness regardless of who their parents are. If you believe otherwise, I'm afraid I can't respect that position, just as peasants everywhere have thrown down kings who claimed political power over them based on birth, so to will the peasants eventually throw down those who wield inherited money as power over them.
Ok, but through some recursive Googling lead to disclosure of the entire work?
Sure, provided you change you IP address every five paragraphs.
While I agree that it's easier to go to the library and check out the book, there is a way to circumvent the system.
Sure, you could build a system, and recreate the book, but for the time and expense it is cheaper just to buy a copy and OCR it. If you're planning to illegally copy a work, or illegally redistribute it en masse, it is not like google print is the best way to go. There are already laws preventing people from illegally copying/distributing the works, all Google is doing is making the world of print searchable. They get my thanks for indexing my books for others to find, reference, and buy and they deserve bloody Nobel prize if they do this for all written works as it is one of the greatest benefits to mankind to be accomplished in may years and helps fulfill some of the promise of the internet as it was originally envisioned.
Umm, due to your definitive logical fallacy, failure to elucidate, your argument fails. You don't specify what you are referencing in my above post, thus your argument, if it even is one, is incomprehensible. Nice try yourself.
Another poster has already put up a better reference than I was going to to prove my point. Here are some more facts that help to put the situation in perspective as to where we are right now (copied from another post I made to this thread).
Last time I looked at the figures something like 400 people in the top 1% of the wealthiest people in the U.S. were not born with a parent in the top 1%. Of those, none of them did not have parents in the top 5%. The U.S. still has more upward mobility than most of the world and the vast majority of the wealth in this country is owned by a small minority. Real upward mobility, is just a pipe dream. the top .5% controls about 25% of the wealth. The top 5% controls well over 50% of the wealth. Those numbers are increasing, not decreasing every year. The bottom 80%, that is 8 out of every 10 people are left to split less than 20% of the wealth. If you total up all the wealth owned by the bottom 40% of the households in the country you get a net total of nothing. Thats right, nothing, almost half the people are maybe a little bit ahead, or a little bit in debt but as a whole are completely broke. All this is from census data as compiled by Berkley University.
The Evilest, biggest corporation known to Slashdotdom, Microsoft, was barely a blip on the radar 20 years ago.
First, this is the really real world. Second MS is still a relatively small corporation compared to the really big ones. Third, MS is owned by shareholders. How many MS shareholders were not rich before they invested in MS? Last time I looked at the figures something like 400 people in the top 1% of the wealthiest people in the U.S. were not born with a parent in the top 1%. Of those, none of them did not have parents in the top 5%. The U.S. still has more upward mobility than most of the world and the vast majority of the wealth in this country is owned by a small minority. Real upward mobility, is just a pipe dream. the top .5% controls about 25% of the wealth. The top 5% controls well over 50% of the wealth. Those numbers are increasing, not decreasing every year. The bottom 80%, that is 8 out of every 10 people are left to split less than 20% of the wealth. If you total up all the wealth owned by the bottom 40% of the households in the country you get a net total of nothing. Thats right, nothing, almost half the people are maybe a little bit ahead, or a little bit in debt but as a whole are completely broke. All this is from census data as compiled by Berkley University.
It's time to wake up and realize that the U.S. is not a land of opportunity for the vast majority of people and the poor are constantly getting poorer. The middle class is steadily disappearing. The people running the corporations and who own most of the shares in them are wealthy and were born that way. Pretty much all of our politicians are wealthy and were born that way. The legal system, political system, and economic system is all heavily weighted against the poor. If you are not aware of that, then you have been living with your head in the sand. In a capitalist economy wealth consolidates, until there are a few very rich people and a lot of very poor people. Every respectable economic model shows that. We need some serious reform if we want to change that. That means electoral reform, economic reform, inheritance reform, and some serious government changes. The government is supposed to be for the people, but it really isn't much anymore. Every 4 years you can vote for one rich guy who will screw you over or a different rich guy who will screw you over. Until we fix that, there is no hope for change. The danger, of course, is that when the poor get too poor they revolt and the wealth and power get redistributed, but anyone who thinks we'll end up with a fair democracy from that is a optimist of the highest order. More likely we will end up with war and death and oppression for many years. It is better, in my opinion, to salvage what we can of our existing government, and try to give the people a vote again. I'd like to see mandatory, binding referendums. If I can get 10,000 votes my issue should be on the ballot and voted on directly by the people. This representative democracy is just not working out as it should anymore.
Capitalism writes laws, because money is power. We need to remake the laws to insure the people have the power, since most of the money is in the hands of a very small minority.
What you see att work with the RIAA etc is not capitalism, it's almost the exact opposite. It's unions and large cartels stifling capitalism, combined with a legal system that allowes this.
You don't seem to know what capitalism is. It's simple, capitalism is defined as trade and industry controlled by individuals and not by the state. Imposing laws to stop cartels and unions is not capitalism, it is in fact opposed to capitalism. Of course capitalism does not work by itself which is why pretty much every government on the planet has a regulated capitalism where the government steps in, breaks up monopolies, and restricts and controls some industry and trade with some measure of socialism where the government collects wealth on behalf of the citizens and distributes it for certain purposes (relief of the poor, disaster relief, health care, education, etc.).
Capitalism is all about the continued distribution of wealth, from the slow and lazy to quick, inovative and hard working. Anything the prevents this re-distribution goes agains the principals of capitalism.
You are mistaken and need a dictionary.
I claimed that they'd care if you asked them to change their authentication.
Will a user care if you ask them to undergo surgery to have the RFID chip (not biometric) implanted at the base of their skull removed? Yes they will. Will a user care if you ask them to get plastic surgery on their face (biometric), some will some won't. Will a user care if you ask them to shave their mustache or dye their hair (biometric)? Most probably won't. Will they care if you ask them to take pills that will alter a portion of their body chemistry (biometric) that will have no detectable effect except for being readable by a scanner? Unlikely.
There are numerous non-biometric "something you have" keys that users will care about getting changed and even some examples biometric keys users most likely will not care about having changed. Sorry, this property also fails the test.
If you want further clarification, go back and read my prior posts, as I don't intend to respond further.
I've read your prior posts. The number of fundamental differences you listed is zero. I've given examples to disprove every one you've come up with and you've failed to refute any of my examples. Everything you have presented is a way some biometrics differ from some non-biometric "something you have" keys. I don't expect you to respond and that is just fine; you've been grasping at straws for quite a while. I'm sorry you can't see the danger of special casing biometrics and I'm sorry you seem intent on doing so. I hope that your promotion of this process does not lead you, or more likely someone else trying to create or follow a formal authentication policy to misuse biometrics in a dangerous way. There is already plenty of such misuse going on and I'm sorry I was unable to convince you from a purely logical standpoint that your categorization is wholly unnecessary and dangerous.
Someone steals a car and sells it to you for $10. When the car is discovered you are going to lose it and maybe go to jail for receiving stolen property.
If the courts cannot prove you knew or suspected it was stolen, you are in the clear. You will lose it, but in that case you are the victim of a crime (fraud), not a victim of the legal system.
Someone robs a bank and gives you $10,000 because you are a nice guy. Do you really think you get to keep it? Do you think you aren't going to jail or at least get some really nice community service sentance?
This is the exact same situation as above.
Some kids drop off some pirated software and music on your computer. Do you think you are immune to prosecution and/or civil suit because you didn't actually do the downloading? Not hardly. You are at least an unwitting accessory. But if you know they are doing it and doing nothing about it, then you are absolutely an accessory if not accomplice.
If you don't know about it, legally you are in the clear. If they can't prove you know about it, you are legally in the clear. If you do know about it, but do not benefit from it in any way, you are in the clear (you have no obligation to report a crime). If you know about a crime and benefit from it (they give you copies of the games/music that you know are there), then you are guilty.
If you reasonably fear legal action, and you have not broken any laws, then the legal system is broken.
Ahh, the wisdom of the anonymous coward making ad hominem attacks. OK, here are the facts, go ahead and tell me which one you dispute. The U.S. is a very capitalist nation. Corporations are the product of capitalism, being for profit legal bodies created by and for capitalists to promote their capitalism. Large corporations change the legal system using large contributions to politicians in exchange for laws favorable to them being created/passed. Corporations use the existing laws to stop smaller companies innovations from being successful, being available, and thus costing them money.
Care to dispute any of these assertions 'O' font of knowledge? For the record I am neither a socialist, marxist, or capitalist. Maybe you've been sleeping for the last few hundred years and missed the current events. Capitalism stifles innovation and progress regularly. It also encourages it with (often) some measure of reward and by encouraging competition. Now tell me how the RIAA, a capitalist organization to the point of having overstepped U.S. antitrust laws and exceeded even it's lax policies to prevent complete consolidation, is encouraging innovation by bringing lawsuits against the creators of new technology (eDonkey) in order to bankrupt them with legal fees when they are obviously not breaking any laws? Do tell, I'm all ears.
Let me put it this way: if authentication is based on voiceprint, thumbprint, and a scan of the vein patterns in my arm, no one can detect that ahead of time. They must be familiar with my security system and anticipate that those qualities will be looked for. If an object can be found in some kind of a search, that object tells the searcher that I use that means of authentication somewhere.
You're asserting that all physical keys are detectable and that biometrics are not detectable as such. First, you're making the assumption that an entire person can not be duplicated in their physical form which, while true given our current technology, is not a truism. It is just the current situation as far as we know and thus cannot be a scientific fact. Second you are asserting that non-biometric "something you have" items are detectable, which is not necessarily the case in any given situation. normal keys can be mixed with dummy keys, making the "real" key indistinguishable and obfuscated keys can be disguised as normal materials people carry with them every day. If a key for a given individual is a particular brand and shade of lipstick in its original container, how can the attacker differentiate this from all the other objects a person carries daily? Finally, if a given set of biometrics is used, it is subject to a corrupted authentication attack by randomly attacking valid users, removing biometrics and seeing if they are able to gain access. It need not even be detectable in that an agent could obfuscate a fingerprint, or covertly administer a drug to change a voice pattern. None of the characteristics you mention are unique to biometrics, aside from being a part of the body, which is what defines a biometric and is, hence, a logical definition flaw.
I don't remember suggesting that we use hair color alone as a means of authentication... That people have physical characteristics that are easy to change/fake is pretty irrelevant to whether "having" physical characteristics yourself brings up different security concerns than "having" an object with certain physical characteristics.
I asked for a fundamental difference between biometrics and other "something you have" objects. Your reply was that biometrics are not easily changed. In response I gave an example of a biometric that is easy to change and an non biometric that is not easy to change. How then can you claim that this is a fundamental difference that warrants biometric being classified differently?
You will see a difference when you ask the user to change his DNA for future authentication.
This is completely irrelevant to your point. You claimed a fundamental difference was that a legitimate user cares if they have a biometric taken from them. I provided an example case where an user would care a great deal about a regular "something you have" and another where a user would not care at all if a biometric "something you have" is taken. Your response that a different property (and one I already have shown to be false) is the fundamental difference just shows how indefensible your assertion is.
You have still not shown any difference of biometrics in general that makes them different and need to be treated differently than other "something you have" keys. You've mentioned plenty of examples of how a particular biometric differs from a particular "something you have" but no trait that is unique to biometrics. Why should I treat biometrics differently than any a arbitrary "something you have" key?
I'm afraid you are just trying to invent some difference and/or sidestep any argument to avoid admitting that you were mistaken. You still have not provided a single fundamental difference.
While many people don't use eDonkey (and the like) to pirate, the simple fact of the matter is that most do. Everyone suffers.
And you're ok with the innocent being punished for the crimes of the guilty? Anyone who does not intentionally violate copyrights, who is in any way harassed or punished is an innocent person being abused by the legal system. It is injustice and used to be something people cared about.
I've seen my neighbors kids come over with CD's of burned software that they got "for free" from Kazaa. They put me at risk that way. I don't want that crap installed on my computer so I can be their next target and example.
So you're not doing any copying, but you're afraid the legal system will punish you for the actions of others. Our legal system is supposed to founded on "innocent until proven guilty." If you did nothing then there should be no evidence against you. If you don't feel confident of that then something is wrong with the legal system, not with what other people are doing.
Capitalism is not the enemy of justice here. Capitalism has been bypassed here.
Capitalism, when unregulated, leads to consolidation of money into fewer and fewer hands. Have you ever heard the phrase, "it takes money to make money" used? It is more or less true. It is the person who finances a company or idea (who has the money to do so to start with) that makes most of the money on successful enterprises. Money has always been power. Money has almost always been able to influence governments.
Capitalism allowed for wealth to gather into relatively few hands in the U.S., starting from a much more level playing field than ever before. People could go out and claim a chunk of land, and make something of it. Now the land (like most other wealth) is owned disproportionately by the wealth elite and by corporations. Corporations are nothing more than a legal structure (laws passed using the influence of wealth) that protects the owners from responsibility for criminal actions undertaken to make them even more rich. They have also been used as ways to avoid taxes (which those who are not rich have to pay) and to legally bind individuals into doing unethical things in order to make more profit for the shareholders. It is these giant corporate beasts, the product of and nearly ultimate incarnation of capitalism that has consolidated such wealth and influence to make the legal system no longer work for anyone without the same wealth to challenge them. You are seeing capitalism at work, to stifle progress. We're only about 50-100 years away from the point where the poor rise up, kill the rich, and wealth gets redistributed somehow, and it is not going to be pretty, unless something changes.
I didn't say you had to *be* Bob, but just that you had to fake it. You have to alter characteristics of your being in order to mimic characteristics of Bob's being.
For any given test you have to alter a single characteristic, or in some cases have that characteristic stored elsewhere. Having a severed thumb may allow me to open a biometric lock. You don't necessarily have to alter your characteristics, just to have a characteristic that will pass inspection.
No, my assertion is all security could be said to be testing for "things they have", but that "things they know" and "things they are" are special cases, worth distinguishing.
Things you know are treated as a case in authentication theory because they are not physical, and are subject to a whole set of rules and procedures. Properly implemented they cannot be taken by force, nor even through most coercion. Things you have are physical objects. They can be taken, unless there is a mechanism for their destruction. A whole set of rules and theories apply to these items as well, and they are different in many cases than for "something you know" keys. A well designed, very high security authentication scheme might, for example, provide multiple passwords, including one that will allow access to a honeypot system and provide false information and possibly one that will disable all that users passwords and provide confirmation of that to the user. In this way a well trained person can either direct a torturer to a pre-prepared fake store of knowledge or disable access and make sure the torturer know that has happened (thus removing motivation for further torture). The point is, these are two, well defined aspects of authentication theory and while a given implementor of an authentication system may not fully understand why they are obeying a particular rule of that theory, it can still protect their system.
"Something you are" is not measurable by itself. You can't measure that someone is that person. You can measure that they know things (something they know) or that they have a particular, pre-measured characteristic. In authentication theory this is exactly the same as any other "something you have" key. I do not know of any feature of a biometric that makes it distinct in practice or application from any other "something you have" key. You have not provided any example of a way a biometric can be measured that makes it distinct in use.
It is different, however, in that it's measuring a physical characteristic of *your body*.
I deny this is a valid difference. If I graft a key onto my body, how does that make it different in use from a biometric? I'll address each of your points below.
valid users are going to be less able or likely or willing to change their "authentication key" if it requires extensive surgery and transplants.
Hair color is a biometric. It is easily dyed a different color. An implanted RFID is not a biometric. It requires surgery to change. I see no fundamental difference.
Biometrics have one strength over normal "something you have" items in that they're convenient-- you always have it with you, without needing to carry anything extra.
See the implanted RFID example above. It is always with you, but not a biometric. Also, biometric can be lost to an accident or attack. This is not a fundamental difference either.
Depending upon the situation a valid user may be killed for losing a normal "something you have" key. Depending upon the biometric, a user may not care if a sample of his hair or DNA is taken. Again I see no fundamental difference.
I don't see any aspect of a biometric or it's use that cannot be true of a normal "something you have" key. They behave exactly like any other "something you have" and do not require a special case for their handling. Creating a special case is unnecessary and more
Most people - the overwhelming majority - are not competent to use a general purpose computer.
I'd like to put forth the assertion that this is because most general purpose computers are not designed for the average person and are pretty poorly designed overall. There is no technical reason why general purpose computers cannot be much, much, much more resistant to viruses and even trojans, automatically perform backups, etc.
For these people, a thin client web appliance using applications hosted remotely on machines maintained by competent people makes a huge amount of sense. And, frankly, that's 90+% of the whole population, so this is potentially a very big market.
Currently the least computer savvy portion of the population is also the least likely to have an always on internet connection or a sufficiently fat internet connection. Thus trying to capture this market is going to be a pain in the ass. Second, people like to own rather than rent many things. Third, people like to be able to use their computer without a subscription or internet connection at any given moment. Laptops especially are very popular right now and only gaining in popularity, but it is unlikely that internet will be available everywhere or even most places reliably for many, many years. Who want their ability to compose a letter, write a book, or play a game to die when they go to the family cabin or on a car trip? Fourth, what makes you think moving administration to a remote location will make the situation any better? Users will still fail to secure their machines and be vulnerable to viruses and trojans unless they have proper security from the end user's machine.
I think the proper and correct solution is to fix general purpose computers, not scrap them and move to an inferior solution. All the problems you mentioned are solvable, and are partially solved on everything except Windows machines. The problem is largely not with general purpose computers, but with the current popular implementations thereof; no reason to throw the baby out with the bath water, just improve general purpose computers.
You have to fake being Bob.
I disagree with this. You only have to fake the characteristics of Bob that the guards know. You don't have to fake "being bob" because most of what makes Bob, Bob is completely unknown to the person(s) testing Bob. In some cases this may be a lot of various information and characteristics, in others it might be basically nothing. If a random person goes up to the guard and says, "hey I'm Bob" when they are really not, and are passed through because the guard know Bob is supposed to be coming through, but has no idea who Bob is, has the attacker faked "being Bob" or did he just faked on particular characteristic that Bob has?
Bringing this back to modern terms, does a thumbprint scanner test to see if you are Bob or if you have the same thumbprint that it is expecting? Faking being a person is a combination of things you know and things you have, but you have to take into account the tester. Any given test for identifying a person either through something they know or something they have is subject to all sorts of deception and avoidance. Your assertion that what is being tested is who a person is, rather than a combination of "things they have" and "things they know" is mostly due to the fact that thousands of tests are being issued more or less simultaneously by the most advanced tester known to man, another human. In reality, however, most biometrics are tests from a machine and they all test very specific characteristics. Unless you can define the essence of a person and build a physical test for it, I can't agree that that is what is being tested, only individual characteristics, which make them "something you have" in my opinion.
They do warrant being separated out a bit, and talked about specially, don't they? If for no other reason, then to talk about the weaknesses, the fact that you're carrying them around all the time. People can see your face and touch your hands (or touch something that touched your hands). They're unprotected, constantly changing, constantly being damaged. You can't replace them or change them. They weren't designed to be machine readable, and therefore aren't as easy for a machine to read (reliably). You are agreeing, aren't you, that biometrics have some real weaknesses that aren't present in other "something you have" items?
I agree that most biometrics have a whole slew of weaknesses not usually built into traditional "something you have" items, but I disagree that they need to be treated any differently than other "something you have" items. All such items need to be evaluated and handled according to their strengths and weaknesses. Security badges may be visible all the time. Implanted RFID chips may be taken with a person everywhere and read/copied without their knowledge. Analog magnetic devices and physical keys may wear and change shape, or decay over time. Not all security devices are designed to be easily machine readable, like older passports. Some identification keys may be irreplaceable and some biometrics can be changed with modern medicine. At the most basic level photo IDs may be defeated by hair dye. All of the problems and advantages of biometrics may be present in other "something you have" keys, it is just not common practice to combine all these weaknesses because it makes for what can be a very poor key, which biometrics usually are as well.
The idea isn't new or unscientific. It isn't untested. We can disagree about whether we want to separate out the different sorts of "having" for the sake of terminology, but it doesn't change the fact that "facial recognition" and behavior measurements have been used in security for... well, forever. It just didn't used to be computers doing the facial recognition.
You misunderstand me. I'm not suggesting biometrics are new. I'm suggesting that biometrics being a special case and not subject to the same evaluation and procedures as other "something you have" items is new and unscientific. There is no reason, scientifically, w
It might be that there are guards ordered to only let in people that they already know on sight (something you are).
You acknowledge the possibility of this later on, but let me just say, I reject this as a valid criteria. There is no way to measure something you are. You can only measure and test against known characteristics (something you have) and by asking questions (something you know). Guards might pass Bob through because they know what bob looks like, sounds like, and because bob has the knowledge to respond appropriately when asked about his wife. If someone else can disguise themselves to look like bob (something he has) and sound like bob (another physical characteristic, and something he has) and they know how to respond about his wife (something he knows) then they too can pass even though they are fundamentally not Bob. That is because "something you are" is not a testable or even definable characteristic. Trying to tack it onto a scientific theory is completely unsound.
The reason I object to this addendum so strongly is because it leads to people trying to evaluate things like thumbprints and voice patterns under special cases, exempt from the normal tests and principals that apply to "something you have" keys. This leads to lesser security and poor selection of "something you have" keys.
As for the rest of your post, I agree wholeheartedly. Biometrics are useful for very trivial security or as part of a layered security system, with human oversight, and additional checks. Biometrics are convenient and user friendly. I fear, however, they will be horribly misused, in places where non-scientists make decisions and where poor scientists make decisions without considering what is and is not a scientific and testable criteria. Muddying the waters with psuedo-scientific bastardizations of real, well thought out, time tested, rules and principals will only make matters worse.
Because you don't get to manufacture a new thumb in order to meet changing requirements.
I've never seen being able to be changed or have a new one manufactured as a criteria for "something you have" in authentication science. Even if it were, for some weird reason, there is no physical reason why someone cannot grow a new thumb or build a new prosthetic thumb with a thumb print. I reject your argument that this is a valid distinction.
Naturally occurring objects are not artifacts.
OK, now you're arguing semantics. You're the one who started using the term, "artifact" which is not the term used in the original argument. The phrase, "something you have" was used and I don't see why that does not encompass biometrics. You have a thumb and a thumbprint and an eye and particular DNA characteristics, etc. Furthermore they are applied identically to "something you have" in authentication theory.
The point, and you're helping to make it here, is that these two classes require fundamentally different treatment.
I'll ask the same question I did in my last post. Since you can use the same reader to read biometric and traditional "things you have" and since both objects have to be measured or keyed to a device prior to use and since biometrics and other "something you have" items can be stolen, faked, or lost naturally, in what way do they fundamentally differ that requires they be treated differently? Obviously all keys will have different advantages and disadvantages. Thumbprints go with you everywhere and are always exposed, but very hard to lose. A regular brass key is easier to lose, but less exposed to copying. Why should biometrics be placed in a special category, where they are not directly compared and evaluated beside other "something you have" keys?
I notice that you're again applying your conclusion as a premise. We've already established that your argument rests on making no distinction between "being" and "having." So far, you haven't produced anything in support of that premise.
Do you have a thumb. All right then, it is "something you have." Provide a good reason why it should be treated differently and I'd be happy to listen. So far I have not heard any reasons from you. If I'm creating a security system I'll consider biometrics the same as any other "something you have" and evaluate a given biometric on it's appropriateness based upon how it compares to other available "something you have" keys. In applying basic rules of authentication theory, each and every one applies just as much to biometrics as other keys. The only possible exception is that you should change biometrics on a regular basis, which I still hold is true. It may not be practical or even possible due to the limitations of most biometrics, but for a secure system they should ideally be changed regularly and certainly should be changed when they are known to be compromised. The fact that this is not usually practical speaks to their unsuitability as keys in most cases, not to something that should be changed in basic theory. Should modern medicine reach the point where it is practical to change biometrics regularly, they should certainly be changed regularly (or more likely just not used at all). I fundamentally disagree with special casing biometrics. They should be evaluated on the same criteria and treated in the same way as any other key with the same limitations (like an implanted RFID chip).
I agree completely. I've been asking for some of these features with good defaults and a user friendly configuration on a usable desktop for years. Right now, only the most security conscious are looking to these systems, but as security tightens in general this type of system will become more and more needed. I still have my doubts that this sort of system will gain any popularity until newer version of Windows manage to take significant market share and remove some of the lowest hanging fruit for malware authors. It would certainly be nice to have a time-tested and well refined system by then though.
An artifact can be anything agreed between the parties... Something you "are," on the other hand, is by definition a natural measurement associated with your person, not an artifact.
I don't see why your thumb is not an artifact according your definitions. It seems like you're trying to define "something you have" as any agreed upon object that is not a biometric, which seems to be a spurious addendum. You claim a biometric "does not have arbitrary properties, but natural ones" but there is no reason why an artifact cannot have natural properties. Early authentication schemes employed naturally occurring artifacts such as jaggedly broken rocks and pieces of wood whose natural grains/features could be aligned to provide a matching "key." In the case of an artificial object or a biometric you are still measuring one or more properties of a physical object. The fact that that object is a part of a person's body is a significant characteristic, but does not fundamentally alter the way the object is measured or verified. Heck, thumb print devices could easily be keyed to arbitrary thumbs taken from cadavers, which would make artifacts that are identical to biometrics, are measured in the same way by the same device. How does this change the nature of an authentication scheme?
The point is that authentication built around "something you are" has to operate within the constraints of both measurement and a finite set of properties. Authentication around "something you have" does not have such constraints. The difference is fundamental, and indeed testable.
You're operating under several false assumptions. First there are any number of limitations on what artifacts can be practically used in an authentication scheme. Second biometrical testable properties of the human body can be altered or spoofed just as any other "something you have."
To return to your claim that authentication schemes can't distinguish between these two classes, of course it's possible to build a naive authentication model that ignores the distinction, but I'd argue that's simply bad engineering.
I don't understand your assertion. Biometric devices have to be built to test certain properties of a human body and those properties must be measured in advance in order to be used. Other "something you have" schemes are built to test specific properties of some object which has to be set (or measured) in advance. How then does a biometric measurement and testing of something that is part of your body differ from the measurement and testing of something that is not part of your body in a way that biometrics should not be subject to all the same tests and evaluation criteria that other "something you have" artifacts are? In what way do you believe they should be treated differently and why?
RedHat could be well on it's way to becoming the next Microsoft.
I think you are mistaken. It is entirely probable that RedHat the company will partner up with lots of big businesses. Big businesses, however, want a commodity OS, competitive advantages, and for that matter, open source at this point. Having been burned by MS for so long, many companies at the heart of the Linux community are unlikely to swiftly move to closed formats, APIs, code, etc. Even assuming RedHat did exactly that, introducing formats and closed source code as much as possible, they are still working on a base that is GPL and that they cannot close and still sell. That means there is nothing stopping others from modifying that code or even redistributing it. RedHat would basically have to write their own OS from scratch or based upon BSD licensed code in order to get us close to the situation we have with MS. Even were they to do that, we'd still be several steps ahead for compatibility and security from where we are now with Windows.
To summarize, sure RedHat can become "evil" but that does not stop Linux, and RedHat has no way to "take over" Linux since they don't own it. I'm just not too worried, they have a long hard road ahead to become MS, and they will need a new OS to do it.