Drone November 2, 2017 5:19 AM

A man stumbles into an emergency room suffering from infection-induced Myocarditis (a condition marked by inflammation of the heart muscles). Unfortunately, the poor man dies from lack of care because he fails his credit card biometric heart size scan. (Yes where I live no pay usually means no urgent care, and yes where I live the health care system is 100% Government controlled.)

Renato November 2, 2017 5:56 AM

This has the same problem as fingerprints and eye scans. Anyone can make you unconscious and use those login methods to impersonate you. No on can extract a password from you if you are unconscious.

Also, in the US, it’s (sometimes) illegal to ask a person for their password (self-incriminating) but it’s rarely illegal to force people to use their fingerprints or to walk in front of a device (imagine airport security if it was).

Sorry mate, 2+ factor authentication, with one of them not being biometric.

lkejrgf November 2, 2017 6:55 AM

@Drone With such a degenerate health care system, the problem isn’t in the method of authentication. It’s in the voters.

Ryan November 2, 2017 7:46 AM

You can do things to increase your heart size, such as with bodybuilders and power lifters (albeit not by their direct choice). The substances they take to build and grow muscle has an absolute effect on the size of the heart.

JonKnowsNothing November 2, 2017 8:08 AM

In the book Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are by Seth Stephens-Davidowitz , the author relates that the size of the left ventricle in race horses is a predictor of race horse success*.

The horse with the bigger L-V Wins All. Rather like a Dreidel.

  • iirc the information was “discovered” by analyzing Big Data Sets matched with veterinary medical details on race horses but later on he mentions that there’s some good old fashioned horse sense trainers and spotters in the mix too.

de La Boetie November 2, 2017 8:42 AM

Until we get some science relating to real-world false-positives/false-negatives, this is just speculation. I really dislike discussion of biometrics or forensic techniques without this data and without truly independent and sceptical peer review (which the courts sadly do not apply).

I’d be far more interested in the application of this technology in health-care and early detection of serious heart conditions. I’ve known a friend who’s died in their 40s from that.

Wael November 2, 2017 8:43 AM

I put my heart and my soul into my work, and have lost my mind in the process -Vincent Van Gogh.

The heart does change size. Pacemakers and diseases could change that. Boy, when problems come, they come in bunches! Heart problems followed by denied access (perhaps an access that could have saved one’s own life!) I don’t need to read the paper to conclude this is a really dumb idea from both health and security standpoints!

Next authentication mechanism: Parapsychology sensors will look into your soul. And if you’re denied access, then you’ll need to make a confession to the device (the whole world) before it grants you access.

Wael November 2, 2017 9:12 AM


souls don’t exist.

So Mephistophilis got the short end of the stick with Doctor Faustus?

Berend November 2, 2017 9:40 AM

Your adult heart size can change. A common cause starting to exercise after being sedentary. The exra load on the cardiovascular system can trigger it. It’s called Athletic Heart Syndrome. It’s fairly common.

Bob November 2, 2017 10:01 AM

HCM, Hypertrophic Cardio Myopathy, is the enlargement of the heart. It can be cause by disease, but also genetic, and it is progressive, meaning the heart’s size increases over time, even in adult life. Genetic HCM typically results in sudden cardiac arrest around age 53 is untreated. Treatment is only symptomatic; there is no known cure.

TIm November 2, 2017 10:05 AM

Since every vulnerability gets a name and a PR firm these days, I’m betting whatever technical defeat for this technical control will be called “Grinching”?

AJWM November 2, 2017 10:32 AM

This is ridiculous. Not only can heart size change for various reasons, as numerous posters above have pointed out, but I don’t imagine there’s a lot of room for variation in heart sizes (even taking into account different auricle/ventricle sizes) across a large number of similarly-sized humans.

The former (heart size change) will lead to false negatives. What’s the rate for false positives?

(And, if someone has a heart transplant, can they then authenticate against the former owner’s biometrics?)

Wael November 2, 2017 12:39 PM

No, no, no! It’s a great idea!

Doppler radar to scan the size

The icing on the cake!!!

Manager: (in staff meeting) End of year is coming fast. We have nothing to show for and the CEO is all over me. We need to get something done pronto, or no bonusses this year.

a few hours later…

Engineer: We developed this disruptive authentication technology. It rocks!
Manager: Tell me, tell me!
Engineer: We’ll scan the heart of the user! And we’ll collect health data too, wink wink.
Manager: Great idea! More safe than retina scans, right!
Engineer: Freakin’ A!
CTO: Just to be safe, run the device on test samples, and share some data points with me. I want to get the FRR/FAR statistics. Heart sizes don’t vary that much, I guess?

A little while later — after they published the paper with corrections 😉

Engineer: We ran the tests. They look good!
CTO: What? wtf? False Acceptance Rate is 50% and False Rejection Rate is 50%? Aaaaand three patients with heart pacers croaked?
Manager: Well, we can use it as a second factor authentication, you know, it’ll cut the user sample in half!
CTO: Sounds good, but let’s get the attorneys on it so they craft a water tight EULA just as a CYA! This idea rocks! Literally! CTO and manger thinking “cha ching! time to plan our vacation”
Engineer: You have a big heart, boss 😉
Attorney: Piece of cake… Give me a few minutes… Here, what do you think?
CTO: Holly crap! 700 page EULA? This EULA is undecipherable! Straight from the legal witchcraft bubbling cauldron! You’re worth every penny, Ira!
Attorney: You also need to cook the test data. Get rid of the expired test subjects. And improve your FAR/FRR data. You know 1:50,000 is the norm these days.
Manager: Fix the data, butt-brain.
Engineer: Not a problem. What I do best.
Manager: And lets prepare a power point presentation for senior leadership. Lots of pie charts and tables, people! Get on it!

Interlinked November 2, 2017 12:53 PM

Facebook and Google will love this invention as it will also allow them to continuously monitor your pulse as you interact with online content.

And you thought the “Post-Trauma Baseline Test” in Blade Runner 2049 was just sci-fi. Just wait.

handle_x November 2, 2017 1:26 PM

“… it turns out the inside walls of your colon can be a unique identifier…”

STOP the nonsense!

fa November 2, 2017 3:35 PM

@Wael wrote:

Manager: And lets prepare a power point presentation for senior leadership. Lots of pie charts
and tables, people! Get on it!

I recently found this:

“PowerPoint is symptomatic of a certain type of bureaucratic environment:
one typified by interminable presentations with lots of fussy bullet-points
and flashy dissolves and soundtracks masked into the background, to try to
convince the audience that the goon behind the computer has something
significant to say. It’s the tool of choice for pointy-headed idiots with
expensive suit and skinny laptops who desperately want to look as if they’re
in command of the job, with all the facts at their fiddling fingertips, even
if Rome is burning in the background. Nothing stands for content-free
corporate bullshit quite like PowerPoint. And that’s just scratching the

(From “The Jennifer Morgue” by Charles Stross)

Wael November 2, 2017 5:14 PM

So I read the “intro”…

the conferernce will be held from Oct. 16-20 in Snowbird, Utah.

I ask what year, and why has the paper not been published?

So it’s not just the heart size, and monitoring is continuous! Low level Doppler radar, eh? As safe as WiFi signal, except it’s “focused” on an important structure. Ingenious!

The research was supported, in part, by the U.S. National Science Foundation.

Hard to believe. Judging by the distressfully low level of acceptance to fund research ideas, I think NSF would be willing to fund ~ 30% of the dumbest ideas posted here. Presentation is more important thuan substance… @fa will tell you more.

John Smith November 2, 2017 7:09 PM

“Turns out that heart size doesn’t change throughout your adult life”

This is demonstrably false.

I visit a cardiologist every few years. On my last visit his ultrasound imaging, and measurements, showed that my heart had significantly increased in size and thickness, and had dropped in resting pulse rate.

This was due to my adoption of heavy weight training and distance running in the last few years (yeah, unusual but I like both). According to his medical notes, I now have athlete’s heart syndrome. He advised me “whatever you’re doing, keep doing it.”

Joseph Hillenburg November 2, 2017 10:14 PM

I guess any children, and any adults suffering from Dilated Cardiomyopathy are SoL with this method.

Wael November 3, 2017 12:36 AM

This was a bit puzzling:

The research was supported, in part, by the U.S. National Science Foundation.

NSF is a respected organization, see! How to reconcile this information? Here is what probably happened (this is a flash-back to the previous story:)

Presenter: We’re working on a foolproof authentication mechanism. No passwords, no legacy Biometrics, completely non-spoof-able, and extremely safe! Works from a distance of up to thirty meters too!

NSF: Pretty impressive! Let’s watch the presentation!

Presentation is immaculate. Complex formulas (wrong, but look impressive,) buzzwords left, right and center: rainbow tables, entropy calculations, RNG, LFSR, PQC, the works … Oh: Cloud, Operating Systems, “pass the hash” and a bunch of other buzzwords that don’t belong there. Some name throwing too: Guass, Einstein, Kofi Annan…

NSF: Okay, we’ll fund your research. In installments, and we’ll monitor progress. Here is the first installment for the next three months,

Three months later, time to show progress and some details…

NSF: You’ll scan what? No more funds, you’re on your own!

That explains the “partial support”. Only thing that makes sense!

Ratio November 3, 2017 12:52 AM


Here is what probably happened (this is a flash-back to the previous story:)

Using flashbacks appears to be the new thing. I’m taking credit. 😉

Wael November 3, 2017 1:08 AM


Re: Flashback… I thought the same thing! I used flashback before I read your piece! You get credit, though. You can prove you used it before I did.

Ratio November 3, 2017 1:51 AM


First hit when searching for “wael flashback”: April 1, 2016. I obviously can’t beat that. (Although… Insert conspiracy theories about socks and previous commenters here.) And I bet there are earlier instances. I humbly accept defeat.

Drone November 3, 2017 2:04 AM

@lkejrgf said: “With such a degenerate health care system, the problem isn’t in the method of authentication. It’s in the voters.”

You’re (erroneously) assuming the voting system works.

Wael November 3, 2017 2:27 AM


First hit when searching for…

Crap! I don’t know what LEEV stands for. I wonder what I was thinking! That’s why comments are very important in programming!

Insert conspiracy theories about socks and previous commenters here.

@ianf, is that you pantomiming? 🙂

I humbly accept defeat.

Ok, we both loose.

Wael November 3, 2017 2:55 AM


[muffled noises]

Your nose must be stuffy. You know what “I anf” means, right? I = ouch; anf = nose! Makes perfect sense 😉

I need to hit the bed. Didn’t sleep last night.

Not_a_heart_patient November 3, 2017 1:10 PM

Hate to say it but in many cases heart size does change. People with untreated high blood pressure for example get an enlarged heart from it. Enlarged literally – it becomes quite a bit bigger.

So this biometric isn’t going to work out.

mostly harmful November 4, 2017 10:28 PM

I see here a post about using organ size as a biometric, and not a single dick joke in the comments!

@Moderator, is this your doing?

Wael November 29, 2018 10:50 PM


Crap! I don’t know what LEEV stands for. I wonder what I was thinking! That’s why comments are very important in programming!

Dang! I figured it out a year later! LE: Law Enforcement, and the subscript is word play on Eve. LEVE + interception = an Eavesdropper…

So if intercepting sound is represented by “Eve”; the eavesdropper, then who represents the Voyeur? Looked up names here and the candidates are, in ascending order of relevance:

  1. Vortimer: Likely candidate
  2. Volodymyr: Sounds like a capable president of a state
  3. Voltaire: Unlikely, but you can’t really trust him either
  4. Vokivocummast: Possible
  5. Vohkinne: Sounds like the sick bastard who’d do this sort of thing

Where are we on:

(Note to self: look at links on key exchange, fortification, ECC, ECDH.)

Should I start reminding you with a sub-space message that will require a Cryptographic Scanning Electron Microscope or a Radio Telescope to see?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.