Would a National Biometric Authentication Scheme Work? 178
Ian Lamont writes "The chair of Yale's CS department and Connecticut's former consumer protection commissioner are calling for the creation of a robust biometric authentication system on a national scale. They say the system would safeguard privacy and people's personal data far more effectively than paper-based IDs. They also reference the troubled Real ID program, saying that the debate has centered around forms of ID rather than the central issue of authentication. The authors further suggest that the debate has led to confusion between anonymity and privacy: 'Outside our homes, we have always lived in a public space where our open acts are no longer private. Anonymity has not changed that, but has provided an illusion of privacy and security. ... In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy.' The authors do not provide any suggestions for specific biometric technologies, nor do they discuss the role of the government in such a system. What do you think of a national or international biometrics-based authentication scheme? Is it feasible? How would it work? What safeguards need to be put in place?"
I'm wondering (Score:5, Insightful)
And once a system has been cracked, it is totally useless, since you can't change your "password" on biometric stuff.
Re: (Score:2)
Re:I'm wondering (Score:5, Insightful)
MythBusters did a test of several of these devices. None were particularly hard to beat, including some that were supposed to be....
Even now, the best form of authentication is a human standing there looking at your driver's license, deciding whether it is real or not, then comparing the photo. The only thing that would be significantly better and more accurate would be a system in which you would swipe a driver's license and it would contact the DMV and bring up a digital copy of that license for comparison purposes. Anything beyond that---particularly biometrics---is more likely to weaken, not strengthen security as people will tend to believe what some biometric reader device tells them over what they see with their own eyes 99 times out of 100.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not top of the line, certainly, but not bottom, either. As for the single method thing, you're right. However, in the mind of most people, biometrics are intended to remove the need for remembering things like pin numbers, not augmenting them. This is, of course, a bad idea, but that doesn't mean it isn't a (sociological) problem.
Re: (Score:2)
It will weaken security. When Wells Fargo started putting out the card readers so customers could swipe their ATM cards and enter their PINS I noticed that 99/100 the tellers never even looked the customer in the face. I was shocked, and angry. They get frustrated with me now since I have always refused to identify myself in such a way. They then react by thinking that I must not be the right person, and out comes the drivers license, 2 other forms of ID and questions
Re: (Score:2)
The card would just contain a token, not the face and data. The token would then be looked up with the DMV, as I said. If you make a copy of the license and change the face, that token is going to match either the original face (in which case the image will be wrong) or your personal face (in which case the license number will be wrong, presumably along with all the other data). The security there is not illusory... at least not unless the person forging the license can crack the DMV's computers (in whic
Re: (Score:3, Insightful)
1) Something you have (a keycard, a usb key, a simple barcode scanned ID card)
2) Something you know (a strong password, the name of your first pet and the city you graduated highschool from)
3) Something you are (Your retinal scan, your infrared signature given off by your body, your dna, your face from two angles)
A system using this three step authentication p
Re:I'm wondering (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
And it is very rare that I care if the person in front of me is who they say they are. I only care if the have the authorization to do what they want to do. (Use a credit card, for example.)
Re: (Score:2, Insightful)
"Something you are" is actually just a convoluted case of "something you have" - do you have something that makes the scanner go "approved"?
Fingerprint scanner? A xerox of a lifted print. DNA sample? See Gattaca [wikipedia.org]. Body infrared signature? Heaters in the clothes.
Biometrics are tokens that you can't revoke or replace. They're a generally bad idea.
Re:I'm wondering (Score:4, Insightful)
In short, the people with most to gain from this are the criminals, who will have a really cheap, simple and reliable way of proving they are who they are not.
Meanwhile hoards of old ladies will be hauled of to jail "But officer, I thought it was my ID card - I realise now it was my library card/son's ID card - if you just let me go home, I can get my ID from the draw by the bed where I always keep it!"
You biometric database is exactly as secure as the PHP written by school leavers who lied on their CVs that protects it.
Re: (Score:2)
Lifting my fingerprint is much easier than lifting my wallet, which is easier than guessing my password. Now do all three.
Supposing one could get all three, the time and effort involved in compromising just one identity this way, with a very short time for use could make the whole process worthless compared to todays methods of authentication. The big problem is not how often it would happen, it would be the extraordinary level of trust people would have in a successful authentication.
Re: (Score:2)
The 3 points of contact rule still is the best. We just haven't come up with the right combination for a remote authentication process. It works fine in person. You are asked for you
Re: (Score:2)
Re: (Score:3, Insightful)
Re:I'm wondering (Score:4, Insightful)
What worries me the most about biometric IDs is the idea that somehow, biometrics never change. I expect that there will be no process in place to change the biometrics, or that the process will be so impossible as to be the same as having no process. And if the process to change your biometric passwords is easy, why use them instead of just a regular picture ID?
This stuff might work in specific situations, where outliers are rare, and relationships between the scanners and scannees close enough to make fixes easy. But I can only see nightmares if this gets implemented on a national level.
Yale CS (Score:5, Funny)
So let's let this wise man create a national biometric identification system. It sounds like a bad idea to me, but I'm just part of the rabble. I haven't had the benefit of his education and experience. I've never even been to a regatta!
Re: (Score:2)
And for my liberal friends out there, JFK also had a Yale degree.
absolutelly! (Score:4, Insightful)
Everyone knows that bad people are entirely willing to be completely honest, so obviously a system like this would mean we would know everything about them, and could stop all evil in the world.
Re: (Score:3, Insightful)
Re: (Score:2)
First, what?
Second, I refer you to my first reply.
You make no sense. Care to elaborate?
Private Sector (Score:3, Insightful)
Oh no, not this again. (Score:5, Insightful)
Biometrics is inherently flawed as an authentication system, because biometrics is a password you can't change. Once someone gets your password, or at least the numerical representation of it such as could be lifted from a compromised reader or database, you are toast. How are you going to change your retina scan to something new?
And never mind the demonstrated hackability of all but the premium readers.
Biometrics sound great at first blush, and to the common voter they seem foolproof, so this fad will get worse before it will get better. In fact, the authentication issue may have achieved the level of complexity as the net-neutrality issue, such that Joe Registered Voter cannot possibly understand it (even if he is the rare sort to spend an hour googling it before forming an opinion).
Meanwhile, text passwords plus certificates (where 'certificate' could be a smart card, or your cellphone's IMEI, or whatever) is still the answer for security. It's awful, to be sure, but it's much less awful than biometrics.
Re:Oh no, not this again. (Score:5, Insightful)
http://wordnet.princeton.edu/perl/webwn?s=identification [princeton.edu]
http://www.google.com.au/search?hl=en&q=define%3Aauthentication [google.com.au]
Biometrics are good for identification.. they replace your "login", not your "password".
By "replace" do you mean "redundantly supplement"? (Score:2)
Re: (Score:2)
Re: (Score:2)
The reason why "identity theft" is such a problem is because people accept identification as authorization.. just because some scammer can put together 100 points of identification doesn't mean that I have authorized him to do transactions on my behalf.
Re: (Score:2)
Re: (Score:2)
Why? Because my government doesn't own me. They don't get to brand me.
The Internet is the perfect example of freedom from identification. If I want to be QuantumG on some other board, I will be. If I want to be some other pseudonym, I will be. Life used to be like this. In the old west you'd use whatever name you wanted and you could build your "personal brand" however you choose. If you fuck up, you just move away from the people who know y
Re: (Score:2)
Identification means trawling the database of all known biometrics to find ones that might match - a one-to-many match, that is generally quite slow and will generate a number of
Re: (Score:2)
Dickhead.
Re: (Score:2)
If he took a picture of you, without you saying who you were, ran it past a database of photos of everyone, and the system popped up with "This is probably QuantumG", that would be *identifying you* from a set of possible people using a biometric.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The second is that corporate admins have been using biometrics to solve a real security problem, and people are mindlessly copying them because they don't understand that they're only useful to solve one specific problem.
The problem that admins in large organisations have is that their users
No. Nein. Nyet. (Score:2)
Re: (Score:2)
Open acts not private? (Score:4, Interesting)
This could destroy that.
Re: (Score:2)
Are Fingerprints Unique (Score:3, Interesting)
The idea that every fingerprint is unique is a untestable hypothesis, since you'd have to fingerprint everyone ever born, right? We assume it's correct because we've never found examples of fingerprints that were identical.
So my question is this: if we were to fingerprint everyone in the US (all 300+ million of us)... does anyone think we might find that matching set? No one has ever done a fingerprint database of that size, right? With a quick search, I couldn't find out how many prints were in AFIS.
On the topic more directly, I'd say this would be nearly impossible. Ignoring the privacy concerns that people would use to try to stop thing going into effect... does anyone think we would be able to convince most/all of the 20 million or so illegal aliens in the US to do this? I would think you would run into the same problems in just about any other country, except somewhere like China.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I agree it's quite unlikely. I don't think it would happen either. Still, it would be very interesting if we were to find it. Despite the rarity not really changing the outcome, how many millions of people have been convicted through fingerprints around the world? We're pretty darn sure about this, so if it were to be disproved it would be very interesting to watch.
I agree though. I believe they are unique. If they weren't, we would probably see it in identical twins. Since we don't, that means they are pr
Re: (Score:2, Insightful)
The answer is yes.
Re: (Score:3, Insightful)
For instance, a fingerprint algorithm may utilize certain features of a print (such as a line split or a swirl) to map points on a graph. Subsequent swipes will then have a certain number of points which must match within a certain range on this graph.
It is possible that these qualitative values would
Re: (Score:3, Insightful)
My biggest concern is false positive/false negative results. Let's say you have a false reading rate of 0.01% - that's 99.99% success. With 200M people each verifying their identity a conservative twice a day that's 20,000 false readings a day.
To provide the worst sort of evidence (anecdotal), I get about 5% false negative and unknown false positive rate with my (new) laptop fingerprint scanner. That error rate excludes "scan again" requests. Sure, it's an El Cheapo, but do you imagine a government splurg
What's the real subject here? (Score:2)
Re: (Score:3, Interesting)
The question of when anonymity is going to have very different answers depending on who you ask. Most law abiding citizens would object to being ID'ed dozens of times a day as they go about their business, but for a "track the terrorist" system this is what would have to happen, and is what DHS would want. Right now it's too blatantly oppressive and logistically difficult to ID everyone who walks into the subway or dri
Re: (Score:2)
And you think this can be provided by contractors working for the government? You must be new to this planet!
The article misses the point of anonimity (Score:5, Insightful)
Even the courts have found that anonymity is important component of freedom of speech. (Along with freedom of association.).
That's what my Tbird was for. (Score:3, Interesting)
Wrong question, but here's the answer: No. (Score:3, Interesting)
The question isn't unique IDs, it's tyranny. We hack tyranny first.
I think they missed the point (Score:2)
The real issue is whether you choose want to have any one organization to own all the identification information, and if anyone truly believes it will be confined to be u
The way I feel about biometrics (Score:3, Insightful)
commonly confused (Score:5, Interesting)
Authentication is when you identify(as in Identity) yourself, when you want to(say, to enter your home), or to get that 5% rebate at that place you like to eat at.
Anonymity is when someone else wants you to identify yourself, and you refuse.
Imputability is when someone's done something and 1) you want to Identify them properly, and 2) do something about some of the people you identify(presumably because something they did was wrong)
Anonymity is something private citizens like, in part because they don't much like imputability. That is when they do something, and it's not tied to their Identity.
Forcing someone to authenticate themselves is something the police, for one, likes, because
1) It prevents them from being blamed for mis-identifying someone
2) If they catch you doing something, and impute it once you authenticated yourself, they're fairly sure they impute it in such a way, it will follow you for a long long time(if they can impute your "identity" more on that later.
However, it has its drawbacks
1) If you authenticate yourself with falsified credentials, you get someone else blamed for your acts
2) It doesn't deal with the fact that you may be unable(damaged or lost credentials)/unwilling to identify yourself/automated systems may mis-indentify you
It doesn't solve the question of "Identity" itself either. Like when the no-fly list(falling under imputability) lists names(which can be the same for two people), leading to the same result as a falsified authentication.
Just a quick summary:
Identity: Who you are
Authentication: Proving who you are
Anonymity: Not having to say who you are
Imputability: Blaming who you are
The four are interlinked, but often confused, as in the article.
People interested in laws like RealID need to pay a lot more attention to distinctions between all four. Until the authentication part can be more more foolproof, the imputability is scary(you can be blamed for stuff you haven't done), the anonymity, well it's scary to those who'd rather deal with people they can identify(and therefore impute, think contracts to keep it in the white hat sphere). And the Identity, well that's the real problem. If you have a single, centralized database, any single mistaken Identity becomes life-altering, if not actually life-threatening(correcting someone's id with falsified credentials in order to make their lives a living hell? Yes, it can do that).
Does that bother you a little? I know it does me.
If this fails (Score:3, Insightful)
It doesn't matter how strong your security system is, it will fail. What happens when it does? I can't get a new $BodyPart if some fraudster spoofs it.
Who Watches The Watchers? (Score:4, Insightful)
Re-stating the obvious:MOTB (Score:2)
Work for Political Spying Like on Obama's Passport (Score:3, Informative)
Privacy includes anonymity. (Score:2, Insightful)
Another way of looking at it:
privacy: people not knowing what you've done.
anonymity: people not knowing who did X.
if you lose anonymity, you lose privacy in relation to X, and where X covers everything in the public sphere, you lose all privacy except in relation to those things that are not in the public sphere (Y). That's a lot of privacy to lose.
Authentication != Identification (Score:2)
A Solution in Search of Problem (Score:3, Insightful)
I have a suspicion. It's not for authentication at all. Others have already pointed out the inherent flaw in using nonrevokable certificates for authentication. (i.e. once someone has faked or corrupted your biometric data, you're fucked.) So what is a biometric data good for? The same thing that's good for when the government stores DNA sequences of everyone processed. It's a globally unique identifier. You can put multiple databases together easily. Name collisions are a thing of the past.
If you really think that government won't combine their databases, you're a fool.
Obscurity isn't security, but there is something to be said about making information, even public records, a bit harder to put together than to give a big data dump about everyone to everyone. Society has built on a certain level an anonymity existing, even when legally it doesn't exist. But it's all too obvious that people's expectations and behaviors don't always align with the letter of the law. And seriously, given the government's current cavalier attitude towards privacy and the law, do you really think that a simple law is going to stop them?
it's not about "biometric" (Score:2)
So, the problem isn't really the biometric identifier itself (which is generally a good thing), it's with whether it's implemented in a centralized way or in a dis
No retina scanning for me, my eyes change (Score:3, Insightful)
I'm hosed if they chose retina scanning. I get drusen deposits http://www.medterms.com/script/main/art.asp?articlekey=10015 [medterms.com] .
Fortunately, it's not macular degeneration. But those deposits form and dissolve over time. That would make retina scanning a problem for me.
Identification != authentication (Score:2)
It's the difference between a username and a password.
Which way do you want it? (Score:2)
The generalized question is do you want to be able to be identified or not?
Everyone bitches and moans about "identity theft", but then appear to not want the alternative - verified identity.
I agree with the majority here - I do not want to be tracked all the time, not because I have anything to hide, just because it doesn't seem right, for many of the reasons stated elsewhere.
However, it might be nice to have a method,
Re: (Score:2)
Haven't you heard of kidnapping and blackmail?
As a victim of identity theft don't you think perhaps much of the responsibility falls with the credit agency that granted credit in your name without actually contacting you?
Of course it was your job to fix the problem... and they didn't reimbuse your for your time, did they?
Wounldn't it be nice if you could force anyone wanting to grant credit in your name to actually call you on the phone or se
Re: (Score:2)
And the truthful answer is: I'd rather not be reliably mis-identified as "Mustapha Al Gangsta" on the basis of a hacked government database.
Of course it would work (Score:2, Insightful)
please don't... I like all my parts intact! (Score:2)
Cutting off your thumbs (Score:2)
The problem is that we have numerous examples every day that we cannot build really secure systems in a commercial context. There are too many people involved, there are too many vulnerable points in the systems where people can tap into data streams, etc. Despite the mathemat
it would work fine at first (Score:2)
we would start seeing people with the same fingerprints. we might also start seeing people with the same DNA.
our systems are not complex or sensitive enough to really be sure.
Re: (Score:2, Insightful)
Re:And how well would that work? (Score:5, Interesting)
That turned out well, didn't it?
Re: (Score:2)
Re: (Score:3, Insightful)
Have you looked at the response winning the latest
The only possibly better response than whatcouldpossiblygowrong would be cureworsethanthedisease.
I'm confident I'd vote against any nitwit pushing such a plan.
Re: (Score:3, Insightful)
Re: (Score:2)
I want to KEEP my thumbs and retinas, thank you!
Re: (Score:2)
A) They're not secret.
B) They're not changable.
Biometrics are at their best when someone is trying NOT to be identified as themselves.
Step 1: Get a job as a waiter.
Step 2: Fingerprint glasses.
Step 3: Profit!
The concept is appalingly stupid. It is much worse than the current system of having to show every bouncer your home address and having a number that people at least make a token effort to pretend is secret.
Re:It would work to... (Score:5, Insightful)
Why does all this scare me? Is it because I could be classified a 'problem individual' based on my political leanings? Is it because the Executive Branch reserves the right to pull American citizenship at will? Is it because even the Russians [wikipedia.org] know the best way to deal with a recalicrant individual, no matter what his power base, is to tar him as a sex offender?
My other question is of course, if I'm out and about, living my life in a lawful manner, why should the government care about me?. Police aren't there to arrest the lawful, they're there to arrest the criminals after commission of a crime. Where is the mandate to surveil everybody in sight waiting for them to commit a crime?
Re: (Score:3, Insightful)
Some of the basic premises stated in the article are just plain wrong. For example:
We have always enjoyed "the anonymity of the crowd." Walking down the street, minding your own business, with nobody having the right to interfere with y
Re: (Score:2)
Re: (Score:2)
Re:It would work to... (Score:4, Funny)
Yep, Dick Cheney with a few drinks in him and a shotgun in his hand will certainly wipe that smile (and a layer of skin) off your face real quick.
Re:It would work to... (Score:5, Insightful)
The premise of the article - or at least the blurb - is wrong. It makes the claim we "have no expectation of privacy in the public space." But we do. Ever want to take a road trip to some town where no one knows you, just to get away, do some shopping, have dinner, watch a show, without having to deal with people who know you? Ever enjoy the feeling of being out, alone, in an unfamiliar city?
How's that going to sit when the desk clerk looks you in the eye as you walk up and says, "How you doing, Mr. LeParanoid, and how's that appendectomy scar healing up? Wife happy about that diamond necklace you bought last week?"
Or gives you a steely look because you're on The Sex Offender List (because you had the temerity to have sex with someone 3 days over some arbitrary line, or perhaps you pissed in a bush somewhere) and proceeds to treat you like a criminal as soon as your RF-enabled ID gets in range of his LittleDictatorsConsole(tm)? Sure, you can add biometrics to it so he's sure you're a sex offender or other malcontent antisocial. That'd all be real good, wouldn't it? After all, in this society, onece you're a criminal, you're permanently low class, you can't make up for it.
This whole ID mania needs to go away. It is a sign of a pervasive sickness among the rulers of this society. It is not a solution, or a potential solution, to terrorism, or any other problem we face.
Re: (Score:3, Interesting)
Last I checked (1999 or there abouts), there were 535 members of congress, of which 29 had been accused of spousal abuse, 7 had been arrested of fraud, 19 had been accused of writing bad checks, 117 had bankrupted at least two businesses, 3 had been arrested for assault, 71 couldn't get a credit card due to bad credit, 14 had been arrested on drug-related charges, 8 had been arrested for shoplifting, 21 were defendants in then-ongoing lawsuits. In 1998 alone, 84 were stopped for drunk driving.
After all, in this society, once you're a criminal, you're permanently low class, you can't make up for it.
Sure looks
Re: (Score:3, Funny)
I mean, you've had those statistics memorized for nine years???
Re: (Score:2)
Re:It would work to... (Score:5, Insightful)
It's certainly possible to design the system to provide strong authentication for a variety of purposes without compromising privacy or even anonymity. Whether or not anyone will bother to do that/allow that to happen is debatable, but you shouldn't necessarily relate the ability to authenticate with an inability to provide privacy.
*I know they might like to know who I am for marketing purposes and whatnot, but they have no interest with respect to conducting a safe and reliable financial transaction.
Re: (Score:2, Insightful)
Actually, the premise is more right than you are in this particular matter. What you are describing here as privac
Re:It would work to... (Score:5, Informative)
No. You fundamentally misunderstand privacy. Privacy is not "being alone."
Privacy is the existence of social boundaries that we (generally) agree not to cross.
Examples: I invade a lady's privacy when I look up her skirts without her permission. I invade your privacy if I open your mail without your permission. I invade your privacy if I read your medical records without your permission. All of this can happen with you, me and the issue in question all out in the public space.
These are things we can do, but we agree not to do, because we recognize the fundamental right to privacy as existing in open society, not just in the home or when we are alone. Private means that you retain control by social convention over information which relates to your existence, and in turn, were I to obtain access by any means without your permission, I would have crossed the social boundary for that issue. That is the very core of "violating someone's privacy."
Anonymity is another social boundary. We have -- in the past -- recognized that others have the right to proceed about their day without having to inform others who they are and what they are doing. This boundary, like any other social boundary, can be crossed (violated, more like) by simple, easy actions on the part of invaders of privacy. But anonymity is not a thing unto itself, it is simply another facet of privacy.
The following should help you develop a better understanding of what privacy actually is: More on privacy. [ideaspike.com]
Re: (Score:3, Insightful)
A driver's license is a certificate that says you can drive. It doesn't even need your name on it. You just need to have one in case someone questions if you have passed a test to drive. Having done so, of course, does not permit you to run a red light or drive over someone's baby in a stroller. Nor does not having a license prevent you from starting a car and driving off. As it turns out, the thing that really matters to society is how well you drive -- not the certificate at all.
A passport is a certif
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
The more efficient ones imply insert THEIR data against your name in the database index:
Its easy when you know how, and the go'mint computer can do zillions of transactions a second.