Schneier on Security
A blog covering security and security technology.
« Replacing Alice and Bob |
| Friday Squid Blogging: Octonaut »
September 27, 2012
NPR on Biometric Data Collection
Interesting Talk of the Nation segment.
Posted on September 27, 2012 at 1:14 PM
• 11 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Did any Americans consent to this? Was there any attempt to ask?
I'll note a few things:
--One caller, "Peter", said he had a lot of success with biometrics in Iraq (A WAR ZONE!)
--An FBI rep didn't care to talk with NPR about it. Must have something to hide.
--Apparently if you live in Milwaukee, you can be asked to submit your digit-prints for speeding.
Guess everyday will be Halloween here shortly, trick or treat:
So, it's surprisingly hard to figure out whether it's legal to wear a mask while walking down the street normally. That said, if this passes I may have to buy a Guy Fawkes mask or two.
"How does the FBI respond when people say, 'Big Brother'?"
"... What the FBI has told me, they said, 'Look, this is just for tracking bad guys. This is just a way for us to be better at going after criminals. And this stuff is not going to be used for any other reasons. And there's legal reasons for why we can't use this for other stuff. And there are precautions to stop that from happening. [It just makes their work easier - just like fingerprints, but more efficient.]"
starts around 11:45
Boy, am I glad I don't live in a country where the government cannot know when what I do will possibly be relevant to a federal crime
My state, Indiana, like several others have been requiring driver license photos to be taken without glasses, without smiling, etc. If you gotten a driver's license (new or renewed) in the last five years or so, the FBI already has your picture on file.
And as far as making investigations easier, sure having this data will make investigations easier.
Also having this data on file makes it a lot easier to build maps of social networks.
Having this data on file creates a vast potential for misuse.
Don't have drinks or be seen in public with anyone who might also later been seen with a criminal.
Transcripts should be edited, this guy must be annoying to listen to, but it's completely intolerable to read:
But, you know, as we've seen that, you know, lots of things can happen with that information. It can - you know, it can be taken. It can be stolen. It can be, you know, used otherwise. And I - you know, I think those are the concerns that, you know, you'll probably hear about the programs.
Long ago, I too had the habit of using "you know." Thankfully, the infuriating filler was driven out of me on a visit to my grandfather. Every time I said, "you know," he interrupted me: "No, I don't know."
I am wondering whether it makes much of a difference whether the FBI - or any other governmental body - collects pictures from your driver's licence, passport - or facebook and google. Researches at a US university were able to identify a third of all pedestrians passing by - within 3 seconds - using facebook photos.
The TSSA already scans your crank. How long before they biometrically identify you by your wang?
I'm sure there aren't any hacking groups who might want access to this information, or want to pollute the database in interesting ways.
Biometrics for those arrested AND convicted, arrested but not convicted, employees/applicants for government or other jobs with special security
check required shoudl be stored in separate data bases with different
rules for collection such data (legitimate sources of collection),
different access rights and autorization to access that data,
retention period for that data and FOIA personal rights to request for
existence of such data being collected.
That whole thing sounds like quite a bit of fluff and buzzwords. The only real thing they said was that the FBI plans on incorporating physical characteristics beyond fingerprints into their existing fingerprint system. They failed to mention anything about developing magic new technology that could match from a large exemplar database to a large amount of photos to be recognized.
Even the infamous "neutral face" DMV photos end up utterly absurd. People looking at my DMV photos using the most advanced facial recognition system on the planet (the human brain, which can differentiate between photos of identical twins if they're both known) can't match me. Hell, I can't match me to my DMV photo.
On top of all this, obtaining useful photos in public would be a nightmare. I work security in a casino in Vegas and I can say that maybe 25% of the time we get a photo from surveillance systems that could be matched to the actual individual unless we're actively looking (i.e. paning around and zooming in) at a single individual. The success rate for our modern facial recognition system is even lower than that, and it still relies on us pruning down the database by manually selecting race, gender, and approximate age *before* it will even try to match it.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.