Schneier on Security
A blog covering security and security technology.
« Faking Background Checks for Security Clearances |
| No Smiling in Driver's License Photographs »
May 29, 2009
News from the Fingerprint Biometrics World
A Singapore cancer patient was held for four hours by immigration officials in the United States when they could not detect his fingerprints -- which had apparently disappeared because of a drug he was taking.
The drug, capecitabine, is commonly used to treat cancers in the head and neck, breast, stomach and colorectum.
One side-effect is chronic inflammation of the palms or soles of the feet and the skin can peel, bleed and develop ulcers or blisters -- or what is known as hand-foot syndrome.
"This can give rise to eradication of fingerprints with time," explained Tan, senior consultant in the medical oncology department at Singapore's National Cancer Center.
Posted on May 29, 2009 at 6:37 AM
• 47 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Right, like a cancer patient who's on that kind of medication is likely to commit crimes. You don't need his fingerprints, brainless immigration morons.
Hugo, come on now. Who better to commit large scale terrorism (or maybe a simple bank robbery) than a potentially terminal patient with nothing to lose?
While the government should make a 180 and return to the previous philosophy of innocent until proven guilty; D has a good point that this person has the POTENTIAL to be a great terrorist.
Do identical twins have identical fingerprints? And if not, why not?
Finally; given that they do not compare actual fingerprints in criminal cases but rather "points of similarity", what is the actual entropy of the domain of fingerprints? 12 potential locations with 4 possible values at each location (which would mean that statistically every set of fingerprint-indicators would be shared by ~300 people on earth someplace)?
> Do identical twins have identical fingerprints?
> And if not, why not?
Because although there is a genetic component that results in some similarities between identical twins (and between regular siblings), most of the pattern is formed semi-randomly during gestation.
> Do identical twins have identical fingerprints?
There is no such thing as 'identical twins'. They might be very very much alike, but if you look closely, everyone is different.
> And if not, why not?
Because they're not the same. :)
> ... than a potentially terminal patient with nothing to lose?
You're right. That man might become Mr. Glass II :)
I had a friend who was terminal with pancreatic cancer - whilst on their "last" road trip together in the RV, she jokingly asked her husband, "So, got anybody you want killed?".
This is the western version of a statement I heard on PBS the other night in a documentary on Pakistan and the Swat valley - "You can't successfully defend against someone who relishes the thought of dying for their cause".
re "Right, like a cancer patient who's on that kind of medication is likely to commit crimes"... Not excusing the stupidity of the whole process, but with the current rules being what they are: how are they supposed to know he's a cancer patient?
People suffering with cancer might be, statistically more likely to be suicide bombers.
They could also use the smell which cancerous tumours create in order to hide explosives. Watch out Bruce.
@bob: Good old birthday theorem to the rescue. I haven't done the maths myself, but yes, matches between fingerprints are not just possible, but likely. Take a large sports stadium full of people: the chances are two of them will share fingerprints or a DNA match.
Someone who faces death through disease is more likely to get in touch with his live than screw everybody around him ... insensetive morons.
Monozygotic (identical) twins may not be identical on the surface, but they share the exact same DNA. Monozygotic twins are created when a zygote splits into two separate zygotes. One sperm, one egg - two babies!
It took a friend of mine who is missing a finger 30 minutes to get through O'Hare immigration recently. The immigiration official didn't know how to deal with the situation, and his manager just kept telling him to rescan it (the missing finger).
This is getting attention because the person affected was a cancer patient, but there are much more common and mundane reasons for not having fingerprints. Some professions and activities wear them down. And amputees may not have fingers to begin with. Surely there should be a general policy for people who can't be fingerprinted, and there probably was one which the immigration officials weren't aware of.
Oh, sure, they have identical DNA, but that doesn't make them identical. A lot of what happens to a person growing up doesn't depend on the genes themselves so much as it depends on what order the genes get turned on and off, and that can be affected by outside chemical influences. And the 'outside' chemical influences can start inside the womb.
@Hugo: it's certainly arguable that someone with cancer might be more or less likely to be a terrorist or criminal or drug smuggler or what-have-you, that's not the important thing to look at: My recollection of the story was that they spent some time verifying that he actually was a cancer patient. Given that there is a drug that can make you lose your fingerprints (and also fights cancer), then observing someone with no fingerprints means that they are either a cancer patient or someone who is using a cancer drug (or some other mechanism) to obfuscate potentially incriminating fingerprints.
It bothers me more that people think that an easily-forged doctor's note is a secure way of distinguishing between those two types of people. But it doesn't bother me much, because I figure even accurate fingerprints are mostly useless anyhow.
"Finally; given that they do not compare actual fingerprints in criminal cases but rather "points of similarity", what is the actual entropy of the domain of fingerprints? 12 potential locations with 4 possible values at each location (which would mean that statistically every set of fingerprint-indicators would be shared by ~300 people on earth someplace)?"
There are certainly duplicates. Like any diagnostic test, it's a matter of weighing competing explanations. Either the fingerprint taken/found belongs to person X, or it was intentionally planted/faked, or it belongs to someone else who happens to have a close fingerprint. Which is most likely depends on the strength of other evidence.
"Right, like a cancer patient who's on that kind of medication is likely to commit crimes. You don't need his fingerprints, brainless immigration morons."
Oh my god, you seriously posted that on a SECURITY article? Come on. You might as well have said "Right, like a thief is just going to walk into a bank and try and take the money out with... oh hello, let me get the door for you, that bag looks heavy.... just take the money out with us standing here."
Excluding someone from a security process, ANY security process, creates a hole. Which is why security should apply equally to president or serf when they pass through an airport, etc. It's why random checks are, well, random. My wife's grandmother *always* gets stopped and searched at airport despite being hardly able to stand from her wheelchair - why because *security* applies to *everyone*. If it doesn't, there's no point having it.
It's like saying "You need ID to open a bank account, unless you're blonde". It's just as stupid.
@Ledow: maybe you should rethink your ideas of security. Visiting a country and having to give fingerprints is absolutly not the same as opening a bank account and needing an ID for that.
The fingerprints are for some potential bad things someone might do. I'm sure the reason for the ID is clear.
The cancer medication we're talking about here make people very weak. When your fingers don't show any more prints, you surely won't be able to cause any kind of threat to anyone. Now, tell me. Why the hell do we need that person's fingerprints????
I think Richard Schwartz is on to something. How do we know there aren't people taking chemotherapy right now as a ruse to get past fingerprint stations? I mean, anybody can say the have cancer, right? Better put everybody on the receiving end of these prescriptions on the no-fly list, just to be safe.
You don't have to have cancer therapy to have no fingerprints. Type 1 diabetics often have no prints. And needle marks all over as well. Very suspicious.
Maybe they should ask 5-0. McGarritt had to do police work with pinapple plantation workers. The acid burned the prints off over time. Yet I don't recall Hawaii falling into the ocean due to massive crime spree
The best thing about Bruce's blog is that it turns everyone into an expert on whatever his latest post pertains to, along with related topics.
This one: terrorism, psychological reasons for suicide killings, monozygotic twins, genetics, fingerprints, forensics, chemistry, medicine, et al...
I love the comment made by "Anonymous" above about this blog turning "everyone into an expert on whatever his latest post pertains to, along with related topics."
An interesting blog like Schneier on Security can draw people who morph into "experts" on many topics. Lots of bright people with many interests, myself included.
But I keep reminding myself of Bob Rosenberger's great paper on "False Authority Syndrome".
Lots of people have commented (here and elsewhere) about how this shows stupidity on the part of the immigration officials.
I couldn't disagree more. I think it shows that they are thinking, and doing their jobs well.
US law requires fingerprint scans of all people entering the country. Immigration officials are required to enforce that law. Most (I would guess over 99%) of the time, this takes a few seconds with a fingerprint scanner. When that doesn't work (no finger, or no fingerprint), the exceptions are dealt with carefully on a case-by-case basis. The person was interviewed, the official probably made some effort to validate the story, the interviewer may have consulted with others, and eventually a decision was made.
So it took 4 hours to process a rare exception to a common rule. The official didn't make a snap decision to deport him (no fingerprint, therefore no entry), and didn't make a snap decision to allow entry (which would also be stupid). The official conducted a reasonably careful and thorough interview, consulted as required, and made a carefully deliberated and informed judgement call. That's exactly what they're supposed to do.
Yes, 4 hours is a long time. But when it happens once in a blue moon, it's OK to spend a long time making a careful decision. If there were a huge number of fingerprintless people going through immigration, then upper management would spend weeks or months designing a policy to deal with them, and each instance then would then be much quicker to process because the immigration official working the line would just have to apply the policy.
@Wade and @Ledow - you guys are right on the money.
From my perspective, the really valuable point that this story highlights is the fact that non-citizens are being printed on entry. In the rather small sample of my personal friends who are both US citizens and who frequently travel abroad, none of them were aware that non-citizens are required to be fingerprinted on entry to the US. They just assumed that their entry process was the same as everyone else's.
Rather than simply accepting the printing of some people as de rigueur, this story should be fodder for an examination of what benefit is really derived from printing people who don't carry a US passport (forged or legitimate).
My educated guess, having participated in the development of the system long before DHS even existed, is that the prints which US-VISIT collects end up permanently in IAFIS along with pretty much every other fingerprint that the federal government gets its hands on:
It would be interesting to see how this blogs posts would have played out if it was "Man using fingerprint erasing drug caught smuggling crack onto plane" or something to that effect.
Hindsight is 20/20
Systems fail. Maybe sooner or maybe later, but they will fail.
Systems *should* fail gracefully.
TSA systems seem designed to fail disgracefully.
Canned pineapple juice. Soak 'em in a saucer 10 minutes a day for 3 weeks, then a once-a-week maintenance dose for twenty minutes. Don't forget to toughen them back up. Driving them into uncooked rice is good for a starter. Have a good explanation ready and be prepared for a long wait. Better yet, alter your travel modes. Have a nice day.
@ Irish Vito,
"Canned pineapple juice. Soak 'em in a saucer 10 minutes a day for 3 weeks,"
Did you ever try biological washing powder?
It's cheaper, quicker and importantly smells less suspicious...
Do you rearly want your fingers to smell like a gammon roast?
Even US citizens are fingerprinted upon entry, sometimes. I'm not sure if it's because we're not residents of the US, or because my wife doesn't have US citizenship.
"I'm not sure if it's because we're not residents of the US, or because my wife doesn't have US citizenship."
It probably does not matter which, look on it as "herd mentality" by those within the US.
From their point of view you have left the confines of the herd.
Therfore the herd now views you as being an externality and therfore a potential threat. Because the herd knows that danger only comes from outside the herd...
Congratulations you are nolonger "one of us" but "one of them", such are the joys of the "war on terror".
Historicaly it was this reason that was the basis for Stalin and others to kill more people than the German Nazi Party, Oh and the basis on which Senetor Joe "Reds under the bed" Mccarthy gained his power.
The history of Joe McCarthy and his rise to power in the early 1950's and his "UnAmerican Commity" that persisted for 20 years after his crash-n-burn in 55 and finaly his death a short while later. Is an object lesson that the US people should be mindfull of. It's parrallels to the modern war on terror are there to be seen by those who care to look.
Oh and have a look at Hittler's Brown Shirts and see if you can find any parrellels there...
Then the case of FBI Director John Edgar Hoover who died back in 72 but had had a firm control on US politicos and others in power by the simple process of spying on them...
As was once said "history has much to teach us about the future".
Of course if the story was different, then the comments about the story would be different.
Of course, in the case of the story you suggest, I imagine that most of the comments would be along the lines of "how exactly would removing your fingerprints assist you to smuggle drugs?"
Fingerprints aren't (currently) used as part of the airline booking or checkin process, but some countries have (often citizen only) fingerprint-based biometric immigration lines for enrolled participants to fast-track immigration. But there, having no fingerprints would mean you go back to the slow line and more hassle.
So perhaps the major compelling reason to elide your fingerprints is to avoid a match in a criminal database so you can actually make it through immigration, but you would probably expect more scrutiny in that case. So probably not a good idea if you're trying to avoid notice, such as if you're smuggling.
Which brings us back to the actual story at hand. The fact that the man underwent additional screening is no surprise at all. The length of time it took is a little surprising, you'd think an identification problem could be solved in less than four hours, but there is possibly an implied unhumanitarian slant in the reader's mind. Reading the article however, the man doesn't seem particularly upset by the experience, he seems to mostly be advising other people taking the same drug to be fore-armed with a doctor's note to explain the condition if travelling [to the US].
@Calum IIRC, one birth event in every 80 yields twins, one twin event in every 3 produces identical twins. Thus out of every 240 birth events, 243 offspring will be produced, two of which will have identical DNA.
In other words, the population-wide chance of a person having an identical twin is a little under 1%.
Regarding the comments on identical-twin fingerprints, yes, they will have the same over-all shape, but the fine detail (minutiae) - composed of ridge endings and bifurcations will be unrelated.
...and before someone raises irises, statistical analysis shows that there is no more (or less) similarity between the left and right eyes of a single person as there is with either eye of an identical twin as there is with a random stranger.
John Daugman's (originator of iris recognition systems) papers discuss "chaotic morphogenisis" as the random tearing process that occurs as the iris grows and develops in the womb.
In fact the *only* biometric susceptible to confusion by identical twins is DNA analysis.
What's "biological washing powder"? Isn't it laundry detergant with enzymes?
Another pristine example of airport security. Throw common sense out the window because something 'unusual' crops up. A 62 year old cancer patient. Lookout now!
"What's "biological washing powder"? Isn't it laundry detergant with enzymes?"
Ahh I'm from the UK and we call if "biological" and yes it contains enzymes.
An interesting little experiment is to make up a concentrated solution (about 1 part powder to 2parts water) and leave something like a pork chop in it for a couple of days, the results are to say a bit of an eye opener.
Another little experiment I dont particularly recomend is "caustic soda" or Sodium hydroxide (not sure what you call it in the US). If you make a dilute solution up and rub a little between your fingers it feels slipery or slimy, not because it is (it's not) it's just that it is turning parts of your skin into soap which does feel slippery or slimy.
There are other commanly available chemicals such as cement powder (concreate) that will quite chearfully strip away your fingerprints.
Just ten minutes of "grouting" with your fingers on crazy paving is enough to convince most people that their fingerprints can be removed.
The real problem is not the ease by which it can be done, but stopping the process doing further damage.
The advantage of pinapple juice is it is a slow process using a natural source. Biologial washing powder is going to be faster but will happily carry on munching away at your skin. Both will potentialy give you allergies to the active chemical components which could be very problematical.
@Troy: SAS (Scandinavian Airlines System) uses fingerprint for check-in/baggage control. Despite best-practice, they use it as identification instead of authentication. Thankfully, it's optional to use.
I am confused..so are you saying that washing your hand in these things will definitely alter your fingerprints. I have read numerous time sthat nothing can alter your fingerprints and that by trying to strip it it absolutely does nothing to it..please elaborate because I have been trying to study this for a long time now.
I have to clear up another misconception that I see in the responses to this story. The misconception is that all fingerprint technologies are the same, so any one system’s failing applies to all such systems. It would be like saying that your iPhone cannot be trusted, because you heard that someone cloned an 8 year old cell phone. Or, that satellite TV doesn’t work, because you heard about a person who couldn’t receive a signal because they lived in the woods, plus don’t forget that satellite dishes are 8 feet in diameter!
The fact is, this is a *specific* reader technology failing – one that is 8 years old, in fact. It should not be surprising that an optical “ridge contour” scanner, as used by Immigration and Customs, would fail to scan someone who has smooth prints – there are no contours, nor ridges, on the surface! To show how far we’ve come since these scanners, those same scanners cost over $500, and are the size of a brick. Modern sensors (now costing less than $3) use RF Technology to look below the skin’s surface, beyond surface wear and tear, to the cell structure that sits below, forming the fingerprint. This individual could have been fingerprinted with the new technology, except that the US-VISIT program is locked to the 8 year old reader technology. This kind of makes the case of why you would want to use an algorithm and platform that allows interoperable migration among and between many different readers, so you wouldn’t be stuck with the old reader technology the way US-VISIT is. It should support the clunky $500 brick and the $3 laptop scanner, and know which is which, so a more secure application could restrict the use to the most trustworthy devices.
So why are these misconceptions so readily propagated? Biometrics as a technology is unique in attracting this kind of overly broad, knee-jerk concerns, likely because there is a vocal minority who are scared of the implications of anyone collecting biometric data, who attempt to FUD the technology at any opportunity. They believe, among other things, that the government could use the biometric data to connect your activities across various lifestyle domains. “The government could know that you are the same person who uses a health club as who visited Walt Disney World,” I’ve heard one privacy advocate caution.
Sounds scary, but let’s actually think about that. Wouldn’t your name and address associated with the health club membership be the same as the name and address on the credit card that you used to buy your Disney tickets, or signed up for the Disney loyalty program with? If so, then isn’t a name and address comparison a much more economical way for a snooping government to connect those dots? It absolutely is, because biometric algorithm matching is much more CPU intensive than comparing text strings. So, unless you are a person who routinely operates under false names and addresses, the prospect of adding a biometric to your health club membership (making it possible to walk in with nothing but your finger), or your Disney Annual Pass (preventing you from sharing your pass), introduces no new risk of big brother watching you.
My hope is that people will give logical thought to what are the *actual* implications of being able to bind an identifier (e.g. Social Security Number, Medical Record Number) to an real person who is the rightful owner of that identifier, preventing, in the process, identity thieves from hijacking it by obtaining some PII from a database somewhere. Before you say, “but a fingerprint could be stolen from a database too,” realize that having possession of biometric data doesn’t convey the identity to the holder – that’s the whole point. Biometric data is measured from a person, not accepted as raw data, and the process by which that takes place is secured against someone injecting data into the pipeline.
It is interesting how this affects the new experiments in biometric security that is being used. A lot of countries are using biometrics in ATM machines, work places, passports, etc.
What happens to these people when biometrics becomes the norm?
Well what can I say. I was stunt to find out at age of 37 that I have no fingerprints...I am a nobody ... wasn't able to have my european passport issued to me because of it. Have to undergo genetic test to find out why I have no fingerprints..it sucks but I see myself having many problems in the near future with my ID's :(
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.