Page 15 of 16
The University of Regensburg in Germany has released authentication software that makes use of the fact that each person’s typing behavior is unique. It works by requesting that the person who seeks access to a computer or a password-protected file type a short passage on an ordinary keyboard: the longer the passage, the more reliable the authentication.
EPIC has information here, mostly on Walt Disney World.
EDITED TO ADD: Disneyworld scans hand geometry, not fingerprints.
From the Washington Post:
Suspects arrested or detained by federal authorities could be forced to provide samples of their DNA that would be recorded in a central database under a provision of a Senate bill to expand government collection of personal data.
The controversial measure was approved by the Senate Judiciary Committee last week and is supported by the White House, but has not gone to the floor for a vote. It goes beyond current law, which allows federal authorities to collect and record samples of DNA only from those convicted of crimes. The data are stored in an FBI-maintained national registry that law enforcement officials use to aid investigations, by comparing DNA from criminals with evidence found at crime scenes.
[…]
The provision, co-sponsored by Kyl and Sen. John Cornyn (R-Tex.), does not require the government to automatically remove the DNA data of people who are never convicted. Instead, those arrested or detained would have to petition to have their information removed from the database after their cases were resolved.
So much for high-tech security:
Prison officers have been forced to abandon a new security system and return to the use of keys after the cutting-edge technology repeatedly failed.
The system, which is thought to have cost over £3 million, used fingerprint recognition to activate the locking system at the high-security Glenochil Prison near Tullibody, Clackmannanshire.
After typing in a PIN code, prison officers had to place their finger on a piece of glass. Once the print was recognised, they could then lock and unlock prison doors.
However, problems arose after a prisoner demonstrated to wardens that he could get through the system at will. Other prisoners had been doing the same for some time.
Unfortunately, the article doesn’t say how the prisoners hacked the system. Perhaps they lifed fingerprints off readers with transparent tape. Or perhaps the valid latent fingerprints left on the readers by wardens could be activated somehow.
I would really like some more details here. Does it really make sense to have a tokenless access system in a prison? I don’t know enough to answer that question.
Here’s an interesting application of DNA identification. Instead of searching for your DNA at the crime scene, they search for the crime-scene DNA on you.
The system, called Sentry, works by fitting a box containing a powder spray above a doorway which, once primed, goes into alert mode if the door is opened.
It then sprays the powder when there is movement in the doorway again.
The aim is to catch a burglar in the act as stolen items are being removed.
The intruder is covered in the bright red powder, which glows under ultraviolet (UV) light and can only be removed with heavy scrubbing.
However, the harmless synthetic DNA contained in the powder sinks into the skin and takes several days, depending on the person’s metabolism, to work its way out.
In January, I wrote about the DHS new biometric ID cards. And in April I pointed to an EPIC analysis of the card.
In May, Phil Libin wrote a rather flawed commentary on the EPIC analysis on CNet.
We wrote a response.
Edited to add: Liben responded to our response.
Biometric library cards are coming to Naperville, Illinois.
On the one hand, the library is just storing a data string derived from the fingerprint, and not the fingerprint itself. But I have a hard time believing the second paragraph below.
Library Deputy Director Mark West said the system will be implemented over the summer beginning with a public education campaign in June. West said he is confident the public will embrace the technology once it learns its limitations.
The stored numeric data cannot be used to reconstruct a fingerprint, West said, nor can it be cross-referenced with other fingerprint databases such as those kept by the FBI or the Illinois State Police.
Nor do I have any faith in this sentence:
Officials promise to protect the confidentiality of the fingerprint records.
This is an interview with me from ITConversations.
The UK government tried, and failed, to get a national ID. Now they’re adding biometrics to their passports.
Financing for the Passport Office is planned to rise from £182 million a year to £415 million a year by 2008 to cope with the introduction of biometric information such as fingerprints.
A Home Office spokesman said the aim was to cut out the 1,500 fraudulent applications found through the postal system last year alone.
Okay, let’s do the math. Eliminating 1,500 instances of fraud will cost £233 million a year. That comes to £155,000 per instance of fraud.
Does this kind of security trade-off make sense to anyone? Is there absolutely nothing better the UK government can do to ensure security and safety with £233 million a year?
Yes, adding additional biometrics to passports—there’s already a picture—will make them more secure. But I don’t think that the additional security is worth the money and the additional risks. It’s a bad security trade-off.
And I’m not a fan of national IDs.
From the BBC:
Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.
The car, a Mercedes S-class, was protected by a fingerprint recognition system.
What interests me about this story is the interplay between attacker and defender. The defender implements a countermeasure that causes the attacker to change his tactics. Sometimes the new tactics are more harmful, and it’s not obvious whether or not the countermeasure was worth it.
I wrote about something similar in Beyond Fear (p. 113):
Someone might think: “I am worried about car theft, so I will buy an expensive security device that makes ignitions impossible to hot-wire.” That seems like a reasonable thought, but countries such as Russia, where these security devices are commonplace, have seen an increase in carjackings. A carjacking puts the driver at a much greater risk; here the security countermeasure has caused the weakest link to move from the ignition switch to the driver. Total car thefts may have declined, but drivers’ safety did, too.
Sidebar photo of Bruce Schneier by Joe MacInnis.