Home Secretary Requests Fingerprint-Activated iPods

John Reid, Home Secretary, has called upon tech manufacturers to improve the security on their gadgets to help with his recent push to frustrate criminals. Inviting Apple, Sony, and several others to his crime fighting summit Reid hopes to attack the rising robbery numbers in the most recent Home Office figures.

Brilliant!

[grape jelly (193168)]

...because nobody would ever find the owner's fingerprint in their home!

This is yet another case of legislation coming up with the wrong solution to the right problem.

Revocation

[Jeremiah Cornelius (137)]

"I'm sorry sir. Your identity has been compromised, and we are revoking all known authenticators. Your physical characteristics are no longer valid to autheticate your personal identity. You have been added to the list of unconfirmable citizens. Please turn in your face and fingers to the Department at the earliest possible opportunity."

Re:Brilliant!

[Azarael (896715)]

Home..? Have you ever seen how many finger prints there are on the *back* of an IPod? Sounds about as effective as hiding a key under the front mat, except the mat is also see through.

Re:Brilliant!

[jfengel (409917)]

Because I can hardly see somebody trying to fence an iPod with the little proviso that you have to keep around a fake thumbprint in order to use it.

Crime is something you deter, not forbid. Slashdotters get used to security being absolute because we work with computers, where we tend to put all of our data eggs in one password basket. Security of physical objects is much more about making it inconvenient, not impossible, to steal something.

Re:

[valintin (30311)]

Which means, this is not really about having your ipod stolen because the biometrics must be reset. It's about requiring all the music on your ipod to be deleted when you change ownership.

Hah! A plan to sell more meat cleavers...

[EmbeddedJanitor (597831)]

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m [bbc.co.uk]

Re:

[cayenne8 (626475)]

"Well then how about a retinal scanner built into the back of the device?"

Just what we want...new tech to add to the device like an iPod, that drives up the size of the unit, the cost of the unit, whilst adding nothing to the primary function of the unit (audio/video playback).

Hey, if someone steals it...it is replaceable.

Useless

[geek (5680)]

There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.

Re:

[Rakishi (759894)]

Sure there is, encryption is one example.

Re:Useless

[geek (5680)]

Wipe the flash. Force a reload on the firmware etc etc etc etc. You can not secure a device when the theif has physical access to it. Anyone that has worked with ATM's knows this.

Re:Useless

[skiflyer (716312)]

It doesn't, but it's a pointless example in the case of iPods, thieves aren't trying to steal the contents of the drives, they're trying to steal the device itself.

Re:

[MoxFulder (159829)]

Exactly. Encryption protects the data, it doesn't protect the device at all. Unless the device is totally useless without the data, and even then it only deters smart thieves.

Has anybody ever considered WHY so many iPods get stolen?

I think it's because people wear them like big flashy pieces of jewelry. I see lots of people with their iPods strapped to their upper arms, prominently attached to their belts, clipped to backpack straps, etc... and of course they all have the telltale white earphones.

We're t

Re:Useless

[Retric (704075)]

An encrypted filesystem does not help when it's the device and not the data that people want.

Re:Useless

[hey! (33014)]

Oh, I don't think that's really true.

What you have to do is make it more trouble to get around the security than the value of the device. So, if you can pin-reset the device, obviously the security measures aren't worth squat. But let's say you have to open the device, and the case is designed to break when that happens. Sure, as a geek you might no mind walking around with the guts of your gadget hanging out, but it does put a crimp on the resale value.

The real problem is figuring out effective security measures that won't bite legitimate users thousand of times more often than they bite thieves.

Manufacturers barely have the capacity to make usable devices as it is. Adding security that will thwart a thief is sure to earn them legions of incensed users.

In any case Homeland Security doesn't really want really secure devices, because one of the unauthorized parties that might want to look at the contents of your device is ... Homeland Security.

Re:Useless

[Marillion (33728)]

The iPod video has a security feature. You can set a PIN code on it to lock it. Re-enter the PIN to unlock. If for some reason you "forget" the pin code, docking the iPod to its "Home" computer will unlock it the iPod.

Product Registration used for theft reporting?

[Se7enLC (714730)]

How about we use that serial number for some good?

Each iPod makes a connection to the computer and iTunes. Why not have it report its serial number? If your iPod is stolen, you can just report it as stolen and it should render it useless. Would not be very hard for apple to at least institute a list of stolen iPod serial numbers? As it stands, they do nothing about it. I bet that if I stole somebodys iPod I could then go to apple support, register it, and send it back to apple for repairs, no questions ask

Re:

[PygmySurfer (442860)]

Apple offers free engraving when you buy iPods from their online store (which I believe is what the grandparent was hinting at).

Fingerprint reader = lame. Thermite = cool.

[Kadin2048 (468275)]

There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.

Well, maybe not security ... but there could be punishment!

I propose that we build a small quantity of plastic explosives or thermite into every new portable device. They will take commands from the GSM cellular network and, upon command from the manufacturer, on receiving word from the original purchaser that the device has been stolen, explode/melt and blow/burn pieces of the device into the criminal's (or person who received said stolen property) face/hands/thighs. It will also have the handy side-effect of securely deleting confidential data. We'll just need some laws to indemnify manufacturers and owners from said criminals' lawsuits, and after that, we'll just let the problems work themselves out.

I foresee this having a slight negative impact on the used-equipment-on-eBay market, but overall I think it'll be a good thing.

What could possibly go wrong?

Re:

[Anonymous Cowpat (788193)]

Don't forget, the RIAA would like some of that device-disabling action. It could autodetect copied MP3 and blow up in the pirate's face. A messy death is better than they deserve anyway.

In resoponse to the added security...

[Billosaur (927319)]

...thieves have not only been stealing the iPods, but cutting off their victim's fingers as well. Given this new threat, the Home Secretary is calling for iPods controlled by brain waves.

Re:

[Volante3192 (953645)]

...great, no iPod for me then

And as citizens of the USA...

[i_like_spam (874080)]

Let's demand fingerprint-activated guns!

Re:

[lawpoop (604919)]

the Home Secretary is calling for iPods controlled by brain waves.

... And also iPods that *control* brain waves...

Re:

[Plutonite (999141)]

I don't know if you were kidding about the fingers, but it's already happened for luxury car owners! [bbc.co.uk]

I might have missed something....

[8127972 (73495)]

.... But how does this stop criminals/terrorists/undefined bad guys?

Hey, disarming your citizens is working...

[ZWithaPGGB (608529)]

For the criminals!
And the solution is to force vendors to give the government more tools to monitor you!
Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.

Re:

[Anonymous Brave Guy (457657)]

Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.

As opposed to the US, where your rights are granted by the Constitution, yet can be ignored at the pleasure of the President? Not a very convincing way to win an argument, my friend. :-)

Home run

[Vollernurd (232458)]

What's a Home Secretary?

Re:

[AliasTheRoot (171859)]

Or perhaps you could read the linked article. Oh wait this is Slashdot, nevermind.

Why?

[morgan_greywolf (835522)]

Why fingerprint-activated iPods? So no one but me can find out what's on my iPod? (Like I care if anyone knows that I listen to Disturbed, Metallica, or Puddle of Mud?) So no one will steal it? How fast before the thieves figure out how to disable the fingerprint scanner? All this'll do is drive up the cost of iPods, as if Apple didn't already charge and arm and a leg for the things.

Re:Why?

[lawpoop (604919)]

Basically it's to gear up the public to be accepting to fingerprint scanning as part of everyday life. You don't need a fingerprint scanner on an iPod. Same reason they're putting RFID chips in credit cards and passports -- to get people so used to them, there will be no problem when they want to implant them in our hand.

Remember, the Total Information Awareness project [wikipedia.org] is alive and thumpin' !

Re:

[legirons (809082)]

"Basically it's to gear-up the public to be accepting to fingerprint scanning as part of everyday life."

And it's a very wide range of methods they're using to force this issue. See for example http://www.theregister.co.uk/2007/04/30/younger_id _card_voting/ [theregister.co.uk] suggesting that ID cards should be a requirement for voting...

For a slightly more scary example, see http://www.theregister.co.uk/2006/08/29/school_fin gerprints_students/ [theregister.co.uk] where children are being taught to "get used to" having their fingerprints taken

Alternatively

[rlp (11898)]

Wifi enabled players + municipal wifi + device ID + central revocation list = frustrated criminals.

Re:

[Lumpy (12016)]

doesn't stop Cellphone thieves.

cellphones, espically the expensive and popular ones already have hacks for the black hats to change the esn and get them de-blacklisted to be resold.

What a fantastic idea

[Realistic_Dragon (655151)]

Now when they steal my iPod not only will they get a few thousand pounds worth of music, they will also get the fingerprint data I was forced to use as the password for my bank account.*

You don't have enough fingers to generate unique passwords for everything!

*Yes, I am aware they could be stored as a hash. Some electronics companies will probably do so - but all of them? And how many will use a good hash that has decent properties for the application? I'm guessing at one, and that will only be due to an accident.

Re:What a fantastic idea

[dgatwood (11270)]

More than that, didn't anybody see MythBusters [wikipedia.org]? Fingerprint readers are nearly worthless as a security mechanism. They are notoriously easy to fool.

of course, an iPod suppository

[The Mutant (167716)]

would offer the ultimate in security for the theft adverse iPod owner.

So why mess about with half measures like fingerprint activation? After all, if you stick it someplace where the sun don't shine, ain't nobody gonna know you're iPodding. Ignoring the obvious question of who the hell would try to steal an anally inserted iPod, who would purchase an (obviously) stolen / used anally insertable iPod?

Why the market for stolen iPods would close up tight.

Grabbing at liquid

[SpiffyMarc (590301)]

Trying to get a handle on this kind of theft is like trying to get your hands around some liquid. There's just no way to contain the stuff, it's going to come leaking out between your fingers somehow.

This reminds me a bit of the statistic I heard where more and more people are, in the face of those microchip car keys, just breaking into homes and stealing the keys rather than breaking into the car. If they need me to activate my device before they can take it, they're just going to pull a gun or knife on me.

Simple Solution...

[nick_davison (217681)]

A user activatable but then non-reversible lock that requires your iPod to check in with Apple every time it syncs to ensure its serial number isn't on a list of stolen ones. Then provide a means to access any/all serial numbers you have registered to you and lock them down.

If you don't want your iPod tied to to needing a net connection to sync, don't enable the feature. If you want to know that anyone who mugs you for it gets a worthless lump of metal and plastic - and you're fine with the trade off - turn it on.

It doesn't even need to be that universally used to take a bite out of crime. If people quickly learn the $50 iPods guys in the pub offer them (which, let's face it, they know are stolen but think they're getting a great deal and so don't care) may well not work, they're not going to hand over the $50. You don't have to disable every last stolen one to make buying a stolen one enough of a gamble that people stop doing it and thus they stop being desirable to steal.

Yes, it would become a potential pain for retailers who accept returns but a simple app could let retailers check the iPod hadn't been locked down before accepting returns. Given Apple "authorizes" retailers, this would give them a finite list of people to distribute it to and increase the value of being an authorized retailer.

Something about this....

[sycodon (149926)]

...just won't work. I can't quite put my finger on it though.

Revokation of Biometrics

[mwilliamson (672411)]

One of the biggest problems with biometric authentication is the lack of ability to revoke a compromised biometric key. Sure you can revoke rights based on a fingerprint, but then you've no way to use it again. Lifting fingerprints with gelatin isn't really that hard. See http://www.schneier.com/crypto-gram-0205.html#5 [schneier.com] for more information on the gummy-bear fingerprint reader bypass technique.

Personally, I think biometrics are great as a username equivalent, but should not be relied on for authentication. There is sound reason to have (1) something you have with (2) something you know in a good authentication system. The ability to revoke and re-generate either component is needed.

-Michael

Uhmmm...

[ZDRuX (1010435)]

Why finger prints?! Why not just use the good `ol numeric 4-digit password? Seems to be working fine for the majority of people who use banking machines every day.

Technological solution to social problem

[kahei (466208)]

Like the endless parade of anti-IP-infringement measures, like the endless surveillance and mail-sifting programs, this is yet another result of a bunch of people facing (or creating) a social problem, and then trying to convince themselves that a nifty gadget will fix it.

And it's the latest in a long parade.

What they've got is a culture that favors the instigator, rather than the victim, in robbery, street violence, and general antisocial behavior. Here are their solutions so far:

--Cameras
--Electronic tags
--New Databases (rather like many large companies, the UK government loves greating A New Database to solve any kind of problem)
--Magic dream iPods that can't be stolen or some such rubbish

It's a simple choice -- you can either address a problem, or you can talk about how cool it would be if a gadget would make it go away.

Frustrate criminals, or legit users?

[necro2607 (771790)]

Hmm... I have a strong feeling that, like all other security measures we encounter, they will be far more inconvenient to legitimate users than they will be to "criminals".

It's such an old story in the tech industry, and probably spans back throughout most of mankind's recent history now that I think about it. Just that little bit of extra hassle to do what you're trying to do, that actually won't do much of anything against your average "criminal". For a quick example, note the fact that effectively all computer games since the late 90s require that you keep the game CD-ROM in the CD drive while you play the game.

It's not a huge deal, per se, but it's yet another one of those things that we put up with in order to "stop the criminals", or whatever (even though the so-called criminals laugh at the pathetic "security" as they remove it with a couple clicks).

Normalisation

[Gumshoe (191490)]

John Reid is really, really keen on keeping Biometric information for all UK citizens as part of a national ID project. Naturally enough, a large proportion of the UK population is uncomfortable with the idea. I suspect that this new idea is an attempt to encourage people into thinking that biometric identification is a part of everyday life.

As other poster's have pointed out there are other methods of protecting these sorts of devices (think of your car stereo for example) so it's reasonably clear to me at least that Reid has an ulterior motive.

Better yet, identify for retinal scan

[Dachannien (617929)]

Khan: I'll agree to your terms, if.... if.... in addition to yourself, you turn over to me all recordings and album covers regarding the band called "Genesis".
Kirk: Genesis? Which one, Peter Gabriel or Phil Collins?
Khan: Don't insult my intelligence, Kirk!

Reid is an idiot

[geoff lane (93738)]

Security requires at least two parts. These are commonly described as "something you are" and "something you know". The common username/password pair is an example. For fingerprints, the fingerprint is the "username"; it is not the password. The fact the movies and TV commonly show access control systems that only use the fingerprint doesn't mean that such systems are secure in the real world.

In the end, iPods and similar items are not sufficently valuable to bother with extensive access controls. It's doubtful that the UK police could even be bothered to investigate the theft of an iPod.

As for the content, well, that's what backups are for :-)

How about the Fuzz?

[garyok (218493)]

Why doesn't Reid try to figure out ways that police officers can be freed from the mountain of paperwork they're forced to create every shift so they can go out on the nosey for scabby crims to smack about/arrest with the minimum necessary force? Then they'd maybe stop some of the muggings where people are getting hurt and killed.
Even if this fingerprinting scheme were adopted, all it'd do is give fences a reason to give the crim buttons for ipod. It wouldn't stop a thing. It might make the muggers more vicious as they'll have to be more prolific to cover their crack tab for the night and really don't want to spend their time asking nicely.

Oooh I wanna see this discussion

[mikerich (120257)]

Steve Jobs - easily the most stubborn man in high tech meets our alcoholic, belligerent, bullying Minister of the Interior.

At last, Dr. (economics (Marxist ones at that)) John Reid will come up against someone every bit as awkward as him - although unlike Reid, Steve Jobs sounds like he knows what he's talking about.

Apple and Sony will tell Dr. Demento that they don't make their products in the UK, nor do they design their products in the UK and that the UK only represents a tiny part of their market so they see no need to burden themselves with additional costs just so that John Reid can bolster his chances of leading a clapped out Labour Party by looking tough on crime.

I just hope Steve Jobs is a little more blunt about it and shows Reid just where he can stick a music player in order to deter thieves.

Re:

[kahei (466208)]

Well yeah. You're the guy who produces, and they (muggers etc) are parasites -- so the burden's always going to be on you, whether it's the burden of paying more for your iPod or the burden of paying tax for a proper legal and penal system, or (if you roll that way) the burden of throwing more money at an education system which focuses entirely on league-tables and 'building self esteem'.

The UK's like the USA -- it educates *some* of its own people but generally it relies on attracting people who were educ