Entries Tagged "biometrics"

Page 16 of 17

Fingerprint Library Cards

Biometric library cards are coming to Naperville, Illinois.

On the one hand, the library is just storing a data string derived from the fingerprint, and not the fingerprint itself. But I have a hard time believing the second paragraph below.

Library Deputy Director Mark West said the system will be implemented over the summer beginning with a public education campaign in June. West said he is confident the public will embrace the technology once it learns its limitations.

The stored numeric data cannot be used to reconstruct a fingerprint, West said, nor can it be cross-referenced with other fingerprint databases such as those kept by the FBI or the Illinois State Police.

Nor do I have any faith in this sentence:

Officials promise to protect the confidentiality of the fingerprint records.

Posted on May 23, 2005 at 7:44 AMView Comments

Biometric Passports in the UK

The UK government tried, and failed, to get a national ID. Now they’re adding biometrics to their passports.

Financing for the Passport Office is planned to rise from £182 million a year to £415 million a year by 2008 to cope with the introduction of biometric information such as fingerprints.

A Home Office spokesman said the aim was to cut out the 1,500 fraudulent applications found through the postal system last year alone.

Okay, let’s do the math. Eliminating 1,500 instances of fraud will cost £233 million a year. That comes to £155,000 per instance of fraud.

Does this kind of security trade-off make sense to anyone? Is there absolutely nothing better the UK government can do to ensure security and safety with £233 million a year?

Yes, adding additional biometrics to passports—there’s already a picture—will make them more secure. But I don’t think that the additional security is worth the money and the additional risks. It’s a bad security trade-off.

And I’m not a fan of national IDs.

Posted on April 21, 2005 at 1:18 PMView Comments

Security Risks of Biometrics

From the BBC:

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.

The car, a Mercedes S-class, was protected by a fingerprint recognition system.

What interests me about this story is the interplay between attacker and defender. The defender implements a countermeasure that causes the attacker to change his tactics. Sometimes the new tactics are more harmful, and it’s not obvious whether or not the countermeasure was worth it.

I wrote about something similar in Beyond Fear (p. 113):

Someone might think: “I am worried about car theft, so I will buy an expensive security device that makes ignitions impossible to hot-wire.” That seems like a reasonable thought, but countries such as Russia, where these security devices are commonplace, have seen an increase in carjackings. A carjacking puts the driver at a much greater risk; here the security countermeasure has caused the weakest link to move from the ignition switch to the driver. Total car thefts may have declined, but drivers’ safety did, too.

Posted on April 1, 2005 at 9:12 AMView Comments

Speech-Activated Password Resets

This is a clever idea from Microsoft.

We know that people forget their passwords all the time, and I’ve already written about how secret questions as a backup password are a bad idea. Here’s a system where a voiceprint acts as a backup password. It’s a biometric password, which makes it good. Presumably the system prompts the user as to what to say, so the user can’t forget his voice password. And it’s hard to hack. (Yes, it’s possible to hack. But so is the password.)

But the real beauty of this system is that it doesn’t require a customer support person to deal with the user. I’ve seen statistics showing that 25% of all help desk calls are by people who forget their password, they cost something like $20 a call, and they take an average of 10 minutes. A system like this provides good security and saves money.

Posted on March 11, 2005 at 1:22 PMView Comments

DHS Biometric ID Cards

The Department of Homeland Security is considering a biometric identification card for transportation workers:

TWIC is a tamper-resistant credential that contains biometric information about the holder which renders the card useless to anyone other than the rightful owner. Using this biometric data, each transportation facility can verify the identity of a worker and help prevent unauthorized individuals from accessing secure areas. Currently, many transportation workers must carry a different identification card for each facility they access. A standard TWIC would improve the flow of commerce by eliminating the need for redundant credentials and streamlining the identity verification process.

I’ve written extensively about the uses and abuses of biometrics (Beyond Fear, pages 197-200). The short summary is that biometrics are great as a local authentication tool and terrible as a identification tool. For a whole bunch of reasons, this DHS project is a good use of biometrics.

Posted on January 19, 2005 at 8:55 AMView Comments

Fingerprinting Students

A nascent security trend in the U.S. is tracking schoolchildren when they get on and off school buses.

Hoping to prevent the loss of a child through kidnapping or more innocent circumstances, a few schools have begun monitoring student arrivals and departures using technology similar to that used to track livestock and pallets of retail shipments.

A school district in Spring, Texas, is using computerized ID badges to record this information, and wirelessly sending it to police headquarters. Another school district, in Phoenix, is doing the same thing with fingerprint readers. The system is supposed to help prevent the loss of a child, whether through kidnapping or accident.

What’s going on here? Have these people lost their minds? Tracking kids as they get on and off school buses is a ridiculous idea. It’s expensive, invasive, and doesn’t increase security very much.

Security is always a trade-off. In Beyond Fear, I delineated a five-step process to evaluate security countermeasures. The idea is to be able to determine, rationally, whether a countermeasure is worth it. In the book, I applied the five-step process to everything from home burglar alarms to military action against terrorism. Let’s apply it in this case.

Step 1: What assets are you trying to protect? Children.

Step 2: What are the risks to these assets? Loss of the child, either due to kidnapping or accident. Child kidnapping is a serious problem in the U.S.; the odds of a child being abducted by a family member are one in 340 and by a non-family member are 1 in 1200 (per year). (These statistics are for 1999, and are from NISMART-2, U.S. Department of Justice. My guess is that the current rates in Spring, Texas, are much lower.) Very few of these kidnappings involve school buses, so it’s unclear how serious the specific risks being addressed here are.

Step 3: How well does the security solution mitigate those risks? Not very well.

Let’s imagine how this system might provide security in the event of a kidnapping. If a kidnapper—assume it’s someone the child knows—goes onto the school bus and takes the child off at the wrong stop, the system would record that. Otherwise—if the kidnapping took place either before the child got on the bus or after the child got off—the system wouldn’t record anything suspicious. Yes, it would tell investigators if the kidnapping happened before morning attendance and either before or after the school bus ride, but is that one piece of information worth this entire tracking system? I doubt it.

You could imagine a movie-plot scenario where this kind of tracking system could help the hero recover the kidnapped child, but it hardly seems useful in the general case.

Step 4: What other risks does the security solution cause? The additional risk is the data collected through constant surveillance. Where is this information collected? Who has access to it? How long is it stored? These are important security questions that get no mention.

Step 5: What costs and trade-offs does the security solution impose? There are two. The first is obvious: money. I don’t have it figured, but it’s expensive to outfit every child with an ID card and every school bus with this system. The second cost is more intangible: a loss of privacy. We are raising children who think it normal that their daily movements are watched and recorded by the police. That feeling of privacy is not something we should give up lightly.

So, finally: is this system worth it? No. The security gained is not worth the money and privacy spent. If the goal is to make children safer, the money would be better spent elsewhere: guards at the schools, education programs for the children, etc.

If this system makes so little sense, why have at least two cities in the U.S. implemented it? The obvious answer is that the school districts didn’t think the problem through. Either they were seduced by the technology, or by the companies that built the system. But there’s another, more interesting, possibility.

In Beyond Fear, I talk about the notion of agenda. The five-step process is a subjective one, and should be evaluated from the point of view of the person making the trade-off decision. If you imagine that the school officials are making the trade-off, then the system suddenly makes sense.

If a kidnapping occurs on school property, the subsequent investigation could easily hurt school officials. They could even lose their jobs. If you view this security countermeasure as one protecting them just as much as it protects children, it suddenly makes more sense. The trade-off might not be worth it in general, but it’s worth it to them.

Kidnapping is a real problem, and countermeasures that help reduce the risk are a good thing. But remember that security is always a trade off, and a good security system is one where the security benefits are worth the money, convenience, and liberties that are being given up. Quite simply, this system isn’t worth it.

Posted on January 11, 2005 at 9:49 AMView Comments

Terrorists and Border ID Systems

This Washington Times article titled “Border Patrol hails new ID system” could have just as accurately been titled “No terrorists caught by new ID system.”

Border Patrol agents assigned to U.S. Customs and Border Protection (CBP) identified and arrested 23,502 persons with criminal records nationwide through a new biometric integrated fingerprint system during a three-month period beginning in September, CBP officials said yesterday.

Terrorism justifies the security expense, and it ends up being used for something else.

During the three-month period this year, the agents identified and detained 84 homicide suspects, 37 kidnapping suspects, 151 sexual assault suspects, 212 robbery suspects, 1,238 suspects for assaults of other types, and 2,630 suspects implicated in dangerous narcotics-related charges.

Posted on January 7, 2005 at 7:58 AMView Comments

1 14 15 16 17

Sidebar photo of Bruce Schneier by Joe MacInnis.