Forgot your password?
typodupeerror
Privacy

Would a National Biometric Authentication Scheme Work? 178

Posted by Soulskill
from the i-am-who-eye-am dept.
Ian Lamont writes "The chair of Yale's CS department and Connecticut's former consumer protection commissioner are calling for the creation of a robust biometric authentication system on a national scale. They say the system would safeguard privacy and people's personal data far more effectively than paper-based IDs. They also reference the troubled Real ID program, saying that the debate has centered around forms of ID rather than the central issue of authentication. The authors further suggest that the debate has led to confusion between anonymity and privacy: 'Outside our homes, we have always lived in a public space where our open acts are no longer private. Anonymity has not changed that, but has provided an illusion of privacy and security. ... In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy.' The authors do not provide any suggestions for specific biometric technologies, nor do they discuss the role of the government in such a system. What do you think of a national or international biometrics-based authentication scheme? Is it feasible? How would it work? What safeguards need to be put in place?"
This discussion has been archived. No new comments can be posted.

Would a National Biometric Authentication Scheme Work?

Comments Filter:
  • I'm wondering (Score:5, Insightful)

    by taustin (171655) on Thursday March 20, 2008 @07:28PM (#22813444) Homepage Journal
    . . . if there's a biometric "authentication" method that hasn't been cracked in the real world in ways that would be easy for the average clever crook to duplicate for a trivial amount of money. Fingerprint scanners are trivial - Mythbusters fooled a brand new, state of the art door lock with a xerox of a fingerprint, by licking it. Retina scanners have been cracked, facial recognition software is a joke with no punch line. What else is there?

    And once a system has been cracked, it is totally useless, since you can't change your "password" on biometric stuff.
    • They have scanner that are very hard to beat but they cost way to much to be used in any widespread way.
      • Re:I'm wondering (Score:5, Insightful)

        by dgatwood (11270) on Thursday March 20, 2008 @07:57PM (#22813734) Journal

        MythBusters did a test of several of these devices. None were particularly hard to beat, including some that were supposed to be....

        Even now, the best form of authentication is a human standing there looking at your driver's license, deciding whether it is real or not, then comparing the photo. The only thing that would be significantly better and more accurate would be a system in which you would swipe a driver's license and it would contact the DMV and bring up a digital copy of that license for comparison purposes. Anything beyond that---particularly biometrics---is more likely to weaken, not strengthen security as people will tend to believe what some biometric reader device tells them over what they see with their own eyes 99 times out of 100.

        • I mean the ones at the CIA, NSA, and other places like that.
        • by nametaken (610866)
          You take Mythbusters too seriously. Those were NOT top-of-the-line biometric authentication techniques. On top of that, they were all based on a single method, each. It wasn't even a good thumbprint with a pincode, which they would not have cracked.
          • by dgatwood (11270)

            Not top of the line, certainly, but not bottom, either. As for the single method thing, you're right. However, in the mind of most people, biometrics are intended to remove the need for remembering things like pin numbers, not augmenting them. This is, of course, a bad idea, but that doesn't mean it isn't a (sociological) problem.

        • by EdIII (1114411) *
          You bring up some very good points.

          It will weaken security. When Wells Fargo started putting out the card readers so customers could swipe their ATM cards and enter their PINS I noticed that 99/100 the tellers never even looked the customer in the face. I was shocked, and angry. They get frustrated with me now since I have always refused to identify myself in such a way. They then react by thinking that I must not be the right person, and out comes the drivers license, 2 other forms of ID and questions
    • Re: (Score:3, Insightful)

      by Bryansix (761547)
      Retina scanners haven't been hacked as far as I know. More importantly any security system that preports to be secure should check three things.
      1) Something you have (a keycard, a usb key, a simple barcode scanned ID card)
      2) Something you know (a strong password, the name of your first pet and the city you graduated highschool from)
      3) Something you are (Your retinal scan, your infrared signature given off by your body, your dna, your face from two angles)

      A system using this three step authentication p
      • Re:I'm wondering (Score:5, Insightful)

        by Daniel_Staal (609844) <DStaal@usa.net> on Thursday March 20, 2008 @08:05PM (#22813828)
        Which totally misses the point. Which is why? What problem are they trying to solve? What possible problem is worth the cost of those in power having a way to track every individual of any age anywhere in the country?
        • Identity theft and various other forms of fraud, which cause several billions of dollars of loss to private citizens?
          • Re: (Score:2, Insightful)

            by peccary (161168)

            Identity theft and various other forms of fraud, which cause several billions of dollars of loss to credit card companies?
            fixed that for you.
      • Re: (Score:2, Insightful)

        by Mr. Slippery (47854)

        Something you are (Your retinal scan, your infrared signature given off by your body, your dna, your face from two angles)

        "Something you are" is actually just a convoluted case of "something you have" - do you have something that makes the scanner go "approved"?

        Fingerprint scanner? A xerox of a lifted print. DNA sample? See Gattaca [wikipedia.org]. Body infrared signature? Heaters in the clothes.

        Biometrics are tokens that you can't revoke or replace. They're a generally bad idea.

      • Re:I'm wondering (Score:4, Insightful)

        by Anne Thwacks (531696) on Friday March 21, 2008 @05:19AM (#22817160)
        Thanks to the modern miracle of SQL Injection, and similar high power technologies, any amount of fraudulent records can find their way into the database, while the legitimate ones leak out. If the UK government has anything to do with it, all the data will be available for a moderate price in Moscow, Lagos and Bangalore within days of the system going live.

        In short, the people with most to gain from this are the criminals, who will have a really cheap, simple and reliable way of proving they are who they are not.

        Meanwhile hoards of old ladies will be hauled of to jail "But officer, I thought it was my ID card - I realise now it was my library card/son's ID card - if you just let me go home, I can get my ID from the draw by the bed where I always keep it!"

        You biometric database is exactly as secure as the PHP written by school leavers who lied on their CVs that protects it.

    • by Molochi (555357)
      My bank uses a biometric scanner to access the safety deposit boxes. You put your whole hand on it in a vulcan greeting sort of way. It seems to measure distance between finger pads. Still requires a passcode as well. Most importantly it's in a monitored location, so if my severed hand or a capacitive replica were placed on it some attention might occur. One can hope.
      • Re: (Score:3, Insightful)

        by camperdave (969942)
        And if you lose your hand in, say, a devastating chess accident, you can't get at your safety deposit box?
    • Re:I'm wondering (Score:4, Insightful)

      by NeutronCowboy (896098) on Thursday March 20, 2008 @08:07PM (#22813846)
      Nevermind whether the scanner has been cracked. What happens if you lose your biometric password, or it gets mangled beyond recognition? I suspect they'll scan multiple parts of your body (ten fingers, 2 eyes, voice) and will accept a majority of successes as opposed to only 100% of successes. But there still will be some poor sap who lost the majority of his fingers in a wood chipper accident, and had both eyes affected due to glaucoma or retinal sunburn. Now he comes down with a cold. What's gonna happen? He won't be able to authenticate?

      What worries me the most about biometric IDs is the idea that somehow, biometrics never change. I expect that there will be no process in place to change the biometrics, or that the process will be so impossible as to be the same as having no process. And if the process to change your biometric passwords is easy, why use them instead of just a regular picture ID?

      This stuff might work in specific situations, where outliers are rare, and relationships between the scanners and scannees close enough to make fixes easy. But I can only see nightmares if this gets implemented on a national level.
  • Yale CS (Score:5, Funny)

    by astrashe (7452) on Thursday March 20, 2008 @07:30PM (#22813468) Journal
    If history has taught us anything over the past few years, it's that putting guys from Yale in charge of things is always a great idea.

    So let's let this wise man create a national biometric identification system. It sounds like a bad idea to me, but I'm just part of the rabble. I haven't had the benefit of his education and experience. I've never even been to a regatta!
  • absolutelly! (Score:4, Insightful)

    by rucs_hack (784150) on Thursday March 20, 2008 @07:33PM (#22813494)
    Yes of course it would work!

    Everyone knows that bad people are entirely willing to be completely honest, so obviously a system like this would mean we would know everything about them, and could stop all evil in the world.
    • Re: (Score:3, Insightful)

      by zappepcs (820751)
      Why is it that you can so easily and clearly state the GLARING obvious truth of this but smart people and governments don't seem to understand it no matter how many times it is iterated to them. Perhaps instead of banning handguns in Washington DC they should ban idiots. Yes, I realize the strain that would put on voting machines, but damn!
  • Private Sector (Score:3, Insightful)

    by kid_oliva (899189) on Thursday March 20, 2008 @07:33PM (#22813498) Homepage
    It sounds interesting, but I am not for governmental control or involvement. Most here believe less government is better government. Why would we want to involve an entity that can't even balance a checkbook get its hands on something this complicated. I'm sorry but I don't see George W, Hilary Clinton, Barack Obama, or John McCain doing an adequate job at all except to hose it up and force regulation and compliance. Our current issues will not be solved with this. They will only take on a new twist.
  • by inviolet (797804) <slashdot @ i d e a smatter.org> on Thursday March 20, 2008 @07:38PM (#22813558) Journal

    Biometrics is inherently flawed as an authentication system, because biometrics is a password you can't change. Once someone gets your password, or at least the numerical representation of it such as could be lifted from a compromised reader or database, you are toast. How are you going to change your retina scan to something new?

    And never mind the demonstrated hackability of all but the premium readers.

    Biometrics sound great at first blush, and to the common voter they seem foolproof, so this fad will get worse before it will get better. In fact, the authentication issue may have achieved the level of complexity as the net-neutrality issue, such that Joe Registered Voter cannot possibly understand it (even if he is the rare sort to spend an hour googling it before forming an opinion).

    Meanwhile, text passwords plus certificates (where 'certificate' could be a smart card, or your cellphone's IMEI, or whatever) is still the answer for security. It's awful, to be sure, but it's much less awful than biometrics.

    • by QuantumG (50515) * <qg@biodome.org> on Thursday March 20, 2008 @07:59PM (#22813764) Homepage Journal
      People continue to confuse identification with authentication.

      http://wordnet.princeton.edu/perl/webwn?s=identification [princeton.edu]
      http://www.google.com.au/search?hl=en&q=define%3Aauthentication [google.com.au]

      Biometrics are good for identification.. they replace your "login", not your "password".

      • Or am I going to have to send future emails to <img src="my-correspondants-fingerprint.png">@gmail.com?
      • Doesn't that bring us back to the question of "why?" ?? It has already been demonstrated numerous times that the biometric IDs can be stolen with ease.
        • by QuantumG (50515) *
          If you're against "biometric IDs" entirely then pictures on driver's licenses are dumb right?

          The reason why "identity theft" is such a problem is because people accept identification as authorization.. just because some scammer can put together 100 points of identification doesn't mean that I have authorized him to do transactions on my behalf.

          • I'm not entirely against biometric IDs; I just think its benefit doesn't outweigh the cost.
            • by QuantumG (50515) *
              I'm personally against all government issued identification.

              Why? Because my government doesn't own me. They don't get to brand me.

              The Internet is the perfect example of freedom from identification. If I want to be QuantumG on some other board, I will be. If I want to be some other pseudonym, I will be. Life used to be like this. In the old west you'd use whatever name you wanted and you could build your "personal brand" however you choose. If you fuck up, you just move away from the people who know y
      • Completely wrong, sorry. Biometrics are usually good for verification (authentication), not identification. Verification means checking that your biometric ("password") matches the one linked to your claimed identity ("username"), and is a one-to-one match that can be performed swiftly, with few false positives or false negatives.

        Identification means trawling the database of all known biometrics to find ones that might match - a one-to-many match, that is generally quite slow and will generate a number of
        • by QuantumG (50515) *
          Yes, I'll tell that to the barman looking at my ID to verify my age.

          Dickhead.

          • The barman is verifying your identity, by comparing your face with a photo on the card. If it matches, he believes that you have the claimed identity on the card, with the age given. The biometric is being used to *verify* that you possess the claimed identity.

            If he took a picture of you, without you saying who you were, ran it past a database of photos of everyone, and the system popped up with "This is probably QuantumG", that would be *identifying you* from a set of possible people using a biometric.
    • by asuffield (111848)
      There's two root causes here. The first is that fingerprint and retina scanners are fancy, so Hollywood uses them in films, so people think they're good because people are complete morons who believe what they see on TV.

      The second is that corporate admins have been using biometrics to solve a real security problem, and people are mindlessly copying them because they don't understand that they're only useful to solve one specific problem.

      The problem that admins in large organisations have is that their users
  • We do NOT need National IDs at all, other than passports.
    • Passports are even getting to be bad.... You now need them for every country you visit and the US government even with all of our hard earned money can't seem to get them out quickly.
  • by nurb432 (527695) on Thursday March 20, 2008 @07:41PM (#22813596) Homepage Journal
    Perhaps not technically 100%, but you can expect a reasonable level of privacy/anonymity in public.

    This could destroy that.
    • You may be able to expect a reasonable level of anonymity in public, but you have no expectations of privacy. If you want privacy, you have to go to a reasonably non-public place, such as your home or a building not under surveillance; even a bathroom works to some extent, as there are laws prohibiting most monitoring of such places.
  • by MBCook (132727) <foobarsoft@foobarsoft.com> on Thursday March 20, 2008 @07:44PM (#22813626) Homepage

    The idea that every fingerprint is unique is a untestable hypothesis, since you'd have to fingerprint everyone ever born, right? We assume it's correct because we've never found examples of fingerprints that were identical.

    So my question is this: if we were to fingerprint everyone in the US (all 300+ million of us)... does anyone think we might find that matching set? No one has ever done a fingerprint database of that size, right? With a quick search, I couldn't find out how many prints were in AFIS.

    On the topic more directly, I'd say this would be nearly impossible. Ignoring the privacy concerns that people would use to try to stop thing going into effect... does anyone think we would be able to convince most/all of the 20 million or so illegal aliens in the US to do this? I would think you would run into the same problems in just about any other country, except somewhere like China.

    • by MBCook (132727)
      Figures I'd find this after I posted. According to this page [fultonsheriff.org], AFIS (which is international) only holds 17 million prints (1.7 million people). So a US database would be over 175x as big.
    • by Bagheera (71311)
      You mentioned in your own reply that you've found AFIS, with it's relatively large collection. Now, to answer your question of uniqueness being an untestable hypothesis it's not 100% provable, but it is possible to give a statistical likelyhood of finding two people with identical prints. Since as far as I know there've been no identical prints found from different people in existing databases, it's possible to safely say that the likelyhood is less than 1 in (sample size), where sample size is the total
      • by MBCook (132727)

        I agree it's quite unlikely. I don't think it would happen either. Still, it would be very interesting if we were to find it. Despite the rarity not really changing the outcome, how many millions of people have been convicted through fingerprints around the world? We're pretty darn sure about this, so if it were to be disproved it would be very interesting to watch.

        I agree though. I believe they are unique. If they weren't, we would probably see it in identical twins. Since we don't, that means they are pr

    • Re: (Score:2, Insightful)

      by civiltongue (830912)
      You're asking the wrong question. The issue is: can fingerprints be misread (false positives or false negatives) by trained, qualified experts.

      The answer is yes.

    • Re: (Score:3, Insightful)

      by Panaflex (13191)
      That's not the only issue anyway... All biometric scanners have an algorithmic component which distills the scan into quantitative numeric values which can be compared to subsequent swipes of the fingerprint.

      For instance, a fingerprint algorithm may utilize certain features of a print (such as a line split or a swirl) to map points on a graph. Subsequent swipes will then have a certain number of points which must match within a certain range on this graph.

      It is possible that these qualitative values would
    • Re: (Score:3, Insightful)

      by Mjec (666932)

      My biggest concern is false positive/false negative results. Let's say you have a false reading rate of 0.01% - that's 99.99% success. With 200M people each verifying their identity a conservative twice a day that's 20,000 false readings a day.

      To provide the worst sort of evidence (anecdotal), I get about 5% false negative and unknown false positive rate with my (new) laptop fingerprint scanner. That error rate excludes "scan again" requests. Sure, it's an El Cheapo, but do you imagine a government splurg

  • The article is about someone saying why we need one. I agree that we need a secure scheme that provides both authentication and anonymity as appropriate. Without a proposed scheme in front of us there's no way to answer the /. headline's question, "Will it work?" So stand by for a thread full of rants about privacy and big government.
    • Re: (Score:3, Interesting)

      we need a secure scheme that provides both authentication and anonymity as appropriate.

      The question of when anonymity is going to have very different answers depending on who you ask. Most law abiding citizens would object to being ID'ed dozens of times a day as they go about their business, but for a "track the terrorist" system this is what would have to happen, and is what DHS would want. Right now it's too blatantly oppressive and logistically difficult to ID everyone who walks into the subway or dri
    • we need a secure scheme that provides both authentication and anonymity as appropriate.

      And you think this can be provided by contractors working for the government? You must be new to this planet!

  • by MyNameIsFred (543994) on Thursday March 20, 2008 @07:46PM (#22813646)

    ...The debate over Real ID and sensitivity to creation of any form of national ID reveal a fear that anything that identifies us to others will intrude on privacy . This has led to a preoccupation with forms of ID rather than the fundamental question of how we can reliably identify ourselves to each other....
    This quote suggests that they miss the whole point of the debate over Real ID. I would argue that the main point of the opposition to Real ID was to oppose anything that make it easier for the government to reliably ID us.

    ...While anonymity implies privacy, it does not confer it. We delude ourselves into thinking we have privacy if the person next to us doesn't know our name...
    Again this misses the point of the Real ID debate. While making it difficult for the government to ID does not prevent them from IDing us, it helps. It also helps prevent the government from retaliating against protesters. It does not prevent it, but makes it harder. That is why protesters frequently cover their faces. That is why protesters want to make it difficult for the government to track their travels.

    Even the courts have found that anonymity is important component of freedom of speech. (Along with freedom of association.).
  • by dotancohen (1015143) on Thursday March 20, 2008 @07:48PM (#22813666) Homepage

    In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy.
    The private acts that I did in the sphere of privacy carved out by my '88 TurboCoupe did _not_ require federal authentication, thank you.
  • by postbigbang (761081) on Thursday March 20, 2008 @07:49PM (#22813678)
    Just like in the UK, it'll work until it's cracked. Or the RFID data from passports. It is no business of the government who I am, or where I am without probable cause by a signed affidavit. There's a sufficient majority that would make sure that a national ID system is never used in the US that it's moot anyway. And for Larry Ellison and others that want to try it, they'll get laughed at, again, and just as loudly.

    The question isn't unique IDs, it's tyranny. We hack tyranny first.
  • They also reference the troubled Real ID program, saying that the debate has centered around forms of ID rather than the central issue of authentication. I think the issue is neither forms of ID nor authentication. People readily carry similar forms of ID and perform similar usages of authentication all the time in private enterprise.

    The real issue is whether you choose want to have any one organization to own all the identification information, and if anyone truly believes it will be confined to be u

  • by edalytical (671270) on Thursday March 20, 2008 @07:58PM (#22813750)
    I have three problems with biometrics:
    1. My biometrics are my property and I'm not giving them up.
    2. I have the right to be free from "unreasonable searches and seizures".
    3. There is supposed to be a need of "probable cause".
  • commonly confused (Score:5, Interesting)

    by perlchild (582235) on Thursday March 20, 2008 @08:00PM (#22813776)
    The summary talks about a common misconception, and manages to create another.

    Authentication is when you identify(as in Identity) yourself, when you want to(say, to enter your home), or to get that 5% rebate at that place you like to eat at.

    Anonymity is when someone else wants you to identify yourself, and you refuse.

    Imputability is when someone's done something and 1) you want to Identify them properly, and 2) do something about some of the people you identify(presumably because something they did was wrong)

    Anonymity is something private citizens like, in part because they don't much like imputability. That is when they do something, and it's not tied to their Identity.

    Forcing someone to authenticate themselves is something the police, for one, likes, because
    1) It prevents them from being blamed for mis-identifying someone
    2) If they catch you doing something, and impute it once you authenticated yourself, they're fairly sure they impute it in such a way, it will follow you for a long long time(if they can impute your "identity" more on that later.

    However, it has its drawbacks
    1) If you authenticate yourself with falsified credentials, you get someone else blamed for your acts
    2) It doesn't deal with the fact that you may be unable(damaged or lost credentials)/unwilling to identify yourself/automated systems may mis-indentify you

    It doesn't solve the question of "Identity" itself either. Like when the no-fly list(falling under imputability) lists names(which can be the same for two people), leading to the same result as a falsified authentication.

    Just a quick summary:

    Identity: Who you are
    Authentication: Proving who you are
    Anonymity: Not having to say who you are
    Imputability: Blaming who you are

    The four are interlinked, but often confused, as in the article.

    People interested in laws like RealID need to pay a lot more attention to distinctions between all four. Until the authentication part can be more more foolproof, the imputability is scary(you can be blamed for stuff you haven't done), the anonymity, well it's scary to those who'd rather deal with people they can identify(and therefore impute, think contracts to keep it in the white hat sphere). And the Identity, well that's the real problem. If you have a single, centralized database, any single mistaken Identity becomes life-altering, if not actually life-threatening(correcting someone's id with falsified credentials in order to make their lives a living hell? Yes, it can do that).

    Does that bother you a little? I know it does me.
  • If this fails (Score:3, Insightful)

    by bob.appleyard (1030756) on Thursday March 20, 2008 @08:17PM (#22813938)

    It doesn't matter how strong your security system is, it will fail. What happens when it does? I can't get a new $BodyPart if some fraudster spoofs it.

  • by softwaredoug (1075439) on Thursday March 20, 2008 @08:17PM (#22813940)
    Who is to be trusted with by biometric data? Who would have access? How would the software/authentication work? Who will write the software? Is it going to be proprietary? Will it be enabled in voting machines? Why should I trust the government agency/subcontractor to do all this correctly? It seems that whoever controls this biometric data would have A LOT of power, especially if its integrated into every little device out there. Consider the potential lack of transparency in, say, an election. Could some government employee, maybe just above the average capabilities of a TSA employee, tamper with election results? Also, if my biometric info is linked to my credit card, how hard would it for that person to go on a shopping spree. How could I prove it wasn't me? The whole thing wreaks...
  • It's so obvious that I waited to say anything... Mark of the Beast technology can fix this quandary. Roll your eyes, but read on.
    • Yes, biometrics is immutable, but added an RFID adds a mutable piece
    • Placing the RFID in the hand would allow a convenient way to get a fingerprint reader AND a chip reader to read both halves of the key.
    • Conversely, it would be tricky to hack BOTH the bio and the RFID at the same time, especially in the middle of WalMart.
    • Need retinal scan? Stick it in the forehead.
    • If your Bio
  • by Doc Ruby (173196) on Thursday March 20, 2008 @08:43PM (#22814160) Homepage Journal
    Yes, this system would work perfectly for spying on all political opponents (and blackmailable "friends") personal info, just like reported tonight at at the State Department, spying on Obama's passport file [google.com].
  • The article is right: anonymity is not privacy and privacy is not anonymity. However, anonymity is a form of privacy and should be protected within reason.

    Another way of looking at it:

    privacy: people not knowing what you've done.
    anonymity: people not knowing who did X.

    if you lose anonymity, you lose privacy in relation to X, and where X covers everything in the public sphere, you lose all privacy except in relation to those things that are not in the public sphere (Y). That's a lot of privacy to lose.
  • Please stop confounding authentication and identification.
  • by coaxial (28297) on Thursday March 20, 2008 @10:02PM (#22814682) Homepage
    Why is there the push for this? There isn't wide scale fraud, and there's no reason to believe that Bad Guys(tm) couldn't simply create a fake entry in a database, or that the biometric stuff would actually be used. California requires a thumbprint to get a driver's license (!), and yet you're never asked for it at a traffic stop. Why?

    I have a suspicion. It's not for authentication at all. Others have already pointed out the inherent flaw in using nonrevokable certificates for authentication. (i.e. once someone has faked or corrupted your biometric data, you're fucked.) So what is a biometric data good for? The same thing that's good for when the government stores DNA sequences of everyone processed. It's a globally unique identifier. You can put multiple databases together easily. Name collisions are a thing of the past.

    If you really think that government won't combine their databases, you're a fool.

    Obscurity isn't security, but there is something to be said about making information, even public records, a bit harder to put together than to give a big data dump about everyone to everyone. Society has built on a certain level an anonymity existing, even when legally it doesn't exist. But it's all too obvious that people's expectations and behaviors don't always align with the letter of the law. And seriously, given the government's current cavalier attitude towards privacy and the law, do you really think that a simple law is going to stop them?
  • The problem here is with the adjective "national", which suggests that there is a centralized database, and that's a privacy nightmare. But biometric ids don't need a centralized database; they can be stored securely and in a tamper-proof way on the card itself, making sure that nobody but yourself can use your driver's license or your bank card.

    So, the problem isn't really the biometric identifier itself (which is generally a good thing), it's with whether it's implemented in a centralized way or in a dis
  • by vinn01 (178295) on Thursday March 20, 2008 @10:52PM (#22815148)

    I'm hosed if they chose retina scanning. I get drusen deposits http://www.medterms.com/script/main/art.asp?articlekey=10015 [medterms.com] .

    Fortunately, it's not macular degeneration. But those deposits form and dissolve over time. That would make retina scanning a problem for me.
  • Biometrics are useful for identification, in that, if well-chosen and correctly processed, they can uniquely identify an individual. They are not useful for authentication; they are not a guarantee that the identified entity is who they claim to be. For example, while my thumbprint is unique, anyone can lift it off of any surface I've touched and present it to the biometric scanner.

    It's the difference between a username and a password.
  • Naturally, I did not RTFA. So I am not saying it suggests anything useful or not.

    The generalized question is do you want to be able to be identified or not?

    Everyone bitches and moans about "identity theft", but then appear to not want the alternative - verified identity.

    I agree with the majority here - I do not want to be tracked all the time, not because I have anything to hide, just because it doesn't seem right, for many of the reasons stated elsewhere.

    However, it might be nice to have a method,

    • An alive "you" can't be stolen, duplicated, or forgotten

      Haven't you heard of kidnapping and blackmail?

      As a victim of identity theft don't you think perhaps much of the responsibility falls with the credit agency that granted credit in your name without actually contacting you?

      Of course it was your job to fix the problem... and they didn't reimbuse your for your time, did they?

      Wounldn't it be nice if you could force anyone wanting to grant credit in your name to actually call you on the phone or se
    • The generalized question is do you want to be able to be identified or not?

      And the truthful answer is: I'd rather not be reliably mis-identified as "Mustapha Al Gangsta" on the basis of a hacked government database.

  • For the companies selling the scheme. Just like electronic voting machines, DRM... For everybody else... eh
  • I hate biometrics! I feel like it encourages stupid criminals to cut off fingers and rip out eyeballs. "oh, your laptop has a fingerprint reader? better take your finger with me too then!", or "oh, your bank vault requires a retina scan? I'll be needing your eyeball then". why encourage someone to steal body parts?!
  • Suppose you use your thumb print and some hacker steals whatever form they use to store this in and then figures how to feed the thumb print into other systems. With passwords or cards you get a new one. You can't get a new thumb.

    The problem is that we have numerous examples every day that we cannot build really secure systems in a commercial context. There are too many people involved, there are too many vulnerable points in the systems where people can tap into data streams, etc. Despite the mathemat
  • Then it would reveal the flaws in the hardware and software systems in unusual ways.

    we would start seeing people with the same fingerprints. we might also start seeing people with the same DNA.

    our systems are not complex or sensitive enough to really be sure.

Faith may be defined briefly as an illogical belief in the occurence of the improbable. - H. L. Mencken

Working...