biometrics Archives - Page 15 of 17

Entries Tagged "biometrics"

Page 15 of 17

The Failure of US-VISIT

US-VISIT is the program to program to fingerprint and otherwise keep tabs on foriegn visitors to the U.S. This article talks about how the program is being rolled out, but the last paragraph is the most interesting:

Since January 2004, US-VISIT has processed more than 44 million visitors. It has spotted and apprehended nearly 1,000 people with criminal or immigration violations, according to a DHS press release.

I wrote about US-VISIT in 2004, and back then I said that it was too expensive and a bad trade-off. The price tag for “the next phase” was $15B; I’m sure the total cost is much higher.

But take that $15B number. One thousand bad guys, most of them not very bad, caught through US-VISIT. That’s $15M per bad guy caught.

Surely there’s a more cost-effective way to catch bad guys?

Posted on January 31, 2006 at 4:07 PM • View Comments

Kevin Kelly on Anonymity

He’s against it:

More anonymity is good: that’s a dangerous idea.

Fancy algorithms and cool technology make true anonymity in mediated environments more possible today than ever before. At the same time this techno-combo makes true anonymity in physical life much harder. For every step that masks us, we move two steps toward totally transparent unmasking. We have caller ID, but also caller ID Block, and then caller ID-only filters. Coming up: biometric monitoring and little place to hide. A world where everything about a person can be found and archived is a world with no privacy, and therefore many technologists are eager to maintain the option of easy anonymity as a refuge for the private.

However in every system that I have seen where anonymity becomes common, the system fails. The recent taint in the honor of Wikipedia stems from the extreme ease which anonymous declarations can be put into a very visible public record. Communities infected with anonymity will either collapse, or shift the anonymous to pseudo-anonymous, as in eBay, where you have a traceable identity behind an invented nickname. Or voting, where you can authenticate an identity without tagging it to a vote.

Anonymity is like a rare earth metal. These elements are a necessary ingredient in keeping a cell alive, but the amount needed is a mere hard-to-measure trace. In larger does these heavy metals are some of the most toxic substances known to a life. They kill. Anonymity is the same. As a trace element in vanishingly small doses, it’s good for the system by enabling the occasional whistleblower, or persecuted fringe. But if anonymity is present in any significant quantity, it will poison the system.

There’s a dangerous idea circulating that the option of anonymity should always be at hand, and that it is a noble antidote to technologies of control. This is like pumping up the levels of heavy metals in your body into to make it stronger.

Privacy can only be won by trust, and trust requires persistent identity, if only pseudo-anonymously. In the end, the more trust, the better. Like all toxins, anonymity should be keep as close to zero as possible.

I don’t even know where to begin. Anonymity is essential for free and fair elections. It’s essential for democracy and, I think, liberty. It’s essential to privacy in a large society, and so it is essential to protect the rights of the minority against the tyranny of the majority…and to protect individual self-respect.

Kelly makes the very valid point that reputation makes society work. But that doesn’t mean that 1) reputation can’t be anonymous, or 2) anonymity isn’t also essential for society to work.

I’m writing an essay on this for Wired News. Comments and arguments, pro or con, are appreciated.

Posted on January 5, 2006 at 1:20 PM • View Comments

Weakest Link Security

Funny story:

At the airport where this pilot fish works, security has gotten a lot more attention since 9/11. “All the security doors that connect the concourses to office spaces and alleyways for service personnel needed an immediate upgrade,” says fish. “It seems that the use of a security badge was no longer adequate protection.

“So over the course of about a month, more than 50 doors were upgraded to require three-way protection. To open the door, a user needed to present a security badge (something you possess), a numeric code (something you know) and a biometric thumb scan (something you are).

“Present all three, and the door beeps and lets you in.”

One by one, the doors are brought online. The technology works, and everything looks fine—until fish decides to test the obvious.

After all, the average member of the public isn’t likely to forge a security badge, guess a multidigit number and fake a thumb scan. “But what happens if you just turn the handle without any of the above?” asks fish. “Would it set off alarms or call security?

“It turns out that if you turn the handle, the door opens.

“Despite the addition of all that technology and security on every single door, nobody bothered to check that the doors were set to lock by default.”

Remember, security is only as strong as the weakest link.

Posted on December 14, 2005 at 11:59 AM • View Comments

Stride-Based Security

Can a cell phone detect if it is stolen by measuring the gait of the person carrying it?

Researchers at the VTT Technical Research Centre of Finland have developed a prototype of a cell phone that uses motion sensors to record a user’s walking pattern of movement, or gait. The device then periodically checks to see that it is still in the possession of its legitimate owner, by measuring the current stride and comparing it against that stored in its memory.

Clever, as long as you realize that there are going to be a lot of false alarms. This seems okay:

If the phone suspects it has fallen into the wrong hands, it will prompt the user for a password if they attempt to make calls or access its memory.

Posted on November 16, 2005 at 6:26 AM • View Comments

Authenticating People by their Typing Pattern

The University of Regensburg in Germany has released authentication software that makes use of the fact that each person’s typing behavior is unique. It works by requesting that the person who seeks access to a computer or a password-protected file type a short passage on an ordinary keyboard: the longer the passage, the more reliable the authentication.

Posted on November 2, 2005 at 8:06 AM • View Comments

Theme Parks and Privacy

EPIC has information here, mostly on Walt Disney World.

EDITED TO ADD: Disneyworld scans hand geometry, not fingerprints.

Posted on October 11, 2005 at 12:14 PM • View Comments

The Beginnings of a U.S. Government DNA Database

From the Washington Post:

Suspects arrested or detained by federal authorities could be forced to provide samples of their DNA that would be recorded in a central database under a provision of a Senate bill to expand government collection of personal data.

The controversial measure was approved by the Senate Judiciary Committee last week and is supported by the White House, but has not gone to the floor for a vote. It goes beyond current law, which allows federal authorities to collect and record samples of DNA only from those convicted of crimes. The data are stored in an FBI-maintained national registry that law enforcement officials use to aid investigations, by comparing DNA from criminals with evidence found at crime scenes.

[…]

The provision, co-sponsored by Kyl and Sen. John Cornyn (R-Tex.), does not require the government to automatically remove the DNA data of people who are never convicted. Instead, those arrested or detained would have to petition to have their information removed from the database after their cases were resolved.

Posted on September 27, 2005 at 11:31 AM • View Comments

Fingerprint-Lock Failure in a Prison

So much for high-tech security:

Prison officers have been forced to abandon a new security system and return to the use of keys after the cutting-edge technology repeatedly failed.

The system, which is thought to have cost over £3 million, used fingerprint recognition to activate the locking system at the high-security Glenochil Prison near Tullibody, Clackmannanshire.

After typing in a PIN code, prison officers had to place their finger on a piece of glass. Once the print was recognised, they could then lock and unlock prison doors.

However, problems arose after a prisoner demonstrated to wardens that he could get through the system at will. Other prisoners had been doing the same for some time.

Unfortunately, the article doesn’t say how the prisoners hacked the system. Perhaps they lifed fingerprints off readers with transparent tape. Or perhaps the valid latent fingerprints left on the readers by wardens could be activated somehow.

I would really like some more details here. Does it really make sense to have a tokenless access system in a prison? I don’t know enough to answer that question.

Posted on September 26, 2005 at 4:03 PM • View Comments

DNA Identification

Here’s an interesting application of DNA identification. Instead of searching for your DNA at the crime scene, they search for the crime-scene DNA on you.

The system, called Sentry, works by fitting a box containing a powder spray above a doorway which, once primed, goes into alert mode if the door is opened.

It then sprays the powder when there is movement in the doorway again.

The aim is to catch a burglar in the act as stolen items are being removed.

The intruder is covered in the bright red powder, which glows under ultraviolet (UV) light and can only be removed with heavy scrubbing.

However, the harmless synthetic DNA contained in the powder sinks into the skin and takes several days, depending on the person’s metabolism, to work its way out.

Posted on June 22, 2005 at 8:39 AM • View Comments