Ready or Not, Biometrics Finally in Stores 317
cancer4xmas writes: "It's very exciting to see USA Today's Technology front page saying, "Will that be cash, fingerprint or cellphone?" They're running a story on emerging biometric devices being the most fundamental change in personal finance since 1950, when the credit card was introduced. The concept is now being tested in some stores. Check out the full story." Now couple that tidbit with this morsel from wherley: "In a letter [scroll down a bit] to Bruce Schneier's Cryptogram newsletter, Ton van der Putte tells of a recent invitation from the BBC to comment on the addition of fingerprint biometrics to the British ID card. Using a digital camera and UV lamp he was able to make dummy fingerprints that fooled the readers - and in less time and less cost than similar experiments 10 years ago. He says: '...now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.'"
Free stuff! (Score:4, Insightful)
Ouch (Score:5, Insightful)
Carjacker + knife + need for your finger = not a pretty scene.
That's kind of kept me off of Biometrics for awhile. Now where'd my tin foil hat go...
God, please, stop... (Score:3, Insightful)
As someone working in biometrics and algorithm development, I would personally like to BEG the press to stop with the awful articles.
Almost every article says the same thing, makes awful assumptions, comments on the privacy issue, and generally screws the pooch.
Misconceptions and overhype can kill technologies for years....
Voluntary good. Mandatory bad. (Score:5, Insightful)
One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:
(1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.
(2) To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.
Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.
Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister. If it's all the same, I'll keep my ATM card. It's a lot easier to change my bank account number than my fingerprint or eyeball.
Biometrics replace cards or signatures? (Score:4, Insightful)
Market driven vs. product driven (Score:3, Insightful)
This is the whole problem with market driven products as opposed to product driven products. Companies rush to produce a product and get it to market to capture some degree of market share even though their product may suck. We have endured years of this under the Microsoft paradigm in that Microsoft advertises years in advance what products they are going to produce, sets a time-line, and then by-god the products will ship by that date. Never mind the quality. I much prefer Apple's way of doing things in that they do not talk about what they are doing, and they then ship a product when it is done. Meanwhile the rest of the computer industry is busy copying Microsofts strategy and the quality of software for the most part is slipping down the tubes.
Products such as biometrics especially needs to be completely wrung out to determine if it can be faked. They did not, it can be, but what do you bet they take it to market anyway?
Re:Ouch (Score:2, Insightful)
Imagine the idendity thefts of dead people. Not a pretty site.
Re:Ouch (Score:5, Insightful)
These things are going to be so flakey. Even something as simple as a mag-stripe reader on a credit card sometimes takes 10 swipes to read on one reader, and just 1 on another.
Re:God, please, stop... (Score:2, Insightful)
Speaking from experience (Score:2, Insightful)
Place a kid within 5 feet of a button and he/she will inevitably press it. Repeatedly.
Re:God, please, stop... (Score:3, Insightful)
Could you please tell me how I change my secret when its compromised? Yes, seriously.
Re:God, please, stop... (Score:5, Insightful)
What's in it for the consumer? (Score:3, Insightful)
So, really, what's the incentive for a consumer to want to use their fingerprint rather than something hanging on their keychain or in their wallet. Yeah, the keychain or wallet can be stolen... but safety laws already exist to protect your accounts.
In short, the current system isn't that broken... this solution has privacy concerns attached. Seems like the answer to a question nobody's asking...
Simple Solution (Score:3, Insightful)
Re:LOL (Score:3, Insightful)
umm
chop
slice
attach print to bottom of real finger
wa-la
Re:Fingerprint twins... (Score:3, Insightful)
For instance - How much less credit card fraud would there be if you had to verify not by signiature, but by fingerprint? Much harder to reproduce *quickly* by a purse snatcher / pickpocket.
Stealing my finger doesn't bother me... (Score:5, Insightful)
When the credit card db gets hacked (and it's happened several times), you just have to cancel it and get issued a new card.
When the fingerprint db gets hacked, they can't issue me a new finger.
A fleshcolored, spit wetted, rubber sleeve over a finger, with a copy of someone elses finger would work quite well, and be undectable by the minimally interested checkout line clerk.
Re:Ouch (Score:5, Insightful)
I hope Joey Slowy, the illiterate and not-so-bright thief with the crack habit and the carving knife, is fully apprised of the safeguards in place to prevent him from using my severd thumb, before it occurs to him that my thumb is the answer to his temporary lack of his preferred illegal intoxicant.
Be so good as to travel to the local homeless encampment, interrupt his crack-induced reveries, and inform him so, will you?
Theyre everywhere! (Score:5, Insightful)
You think that's bad... (Score:4, Insightful)
Preface: I am posting AC and not naming any names here.
In the mid-to-late 1990s, when the phrase "identity theft" had first entered the lexicon but before the media discovered how well they could capture audiences with its mere mention, I worked with a card issuer on a so-called "secure card" test program. The idea was twofold: merchants were getting complacent in terms of trying to verify that the person presenting the card was actually the cardholder, and credit card fraud was an increasing problem.
The proposed solution to both dilemmas was to issue cards with the cardholder's PHOTOGRAPH on the FRONT of the card. We'd indemnify cardholders against any fraudulent purchases (as opposed to beyond the first $50.. it was a novel idea back then) for any bogus transaction made with one of these photocards. Cashiers weren't bothering to check the back for a signature, but surely they'd see if the photo on the front matched the person making the purchase, right? LOL.
Existing cardholders were allowed to volunteer for the test program by responding to an insert in their bill. Along with the application, they had to send in a photocopy of their drivers' license, and a small color photograph of themselves which was easily identifiable as the same person in the drivers license photo. About 10,000 such cards were eventually issued, with surveys included and sent as a follow-up to see what the cardholders encountered. During the test period, here are a few interesting things we found.
1... Merchants weren't checking the photo, even though it was right there as a 1.5" x 1.5" image on the front left side of the card.
Many cardholders reported no problem giving their spouse the card to use, where the photo wasn't even the same sex as the person making the purchase.
There were a lot of folks surprised that cashiers didn't even notice the photograph.
There were a lot MORE folks surprised that cashiers noticed the photograph but paid it no attention. For example, female customer would use card issued to JOHN DOE with a picture of a man on the card, no questions asked by merchant.
2... Merchants who did check the photo were overly attentive.
People who had changed hairstyles, dyed their hair, grown or shaved facial hair since the photo had been taken, or even gained or lost weight were having their cards refused because the photo wasn't a "perfect" match.
If a card was not outright refused due to appearance changes, a store manager was often called by the cashier, or some other delay was introduced into the purchase, inconveniencing both the cardholder and the merchant.
3... Some of the merchant services reps around the country were issued temporary expense cards with someone else's name and photograph on them (intentionally, as part of the test).
These cards were set to return a "Call" response on transaction attempts, which tells the merchant they need to call the card issuer to get special instructions before accepting the card.
Many merchants ignored the response and ran the transaction through as a "Force" process without bothering to see if there was a problem with the card. In live circumstances this would have resulted in a chargeback to the merchant with no recourse.
Merchants who did call were instructed to check the ID of the customer against the name and photo on the card. In nearly half of these cases, the merchants wound up doing a Force anyway (another chargeback). The reps were told to try and explain it away - "Oh that's my boyfriend's card" etc - and it worked pretty well.
4... Though this obviously is not the party line... Credit cards are as good as cash but provide next to zero security. Ask yourself when was the last time you tried making a purchase on plastic a
What about... (Score:3, Insightful)
We already have a unbreakable system (Score:3, Insightful)
When I pay for something by debit, I enter a private PIN number to complete the transaction. If the pin is incorrect, the whole transaction needs to be repeated. After a certain number of attempts (usually no more than 3 or 4), a retailer will simply refuse to honor the card at that time (more often than not suggesting that perhaps the card may need to be replaced by the bank). ATM's are exactly the same way... after a certain number of failed attempts, the atm will simply keep the card and I have to wait for the bank to mail out a new one.
Now like it or not, systems which work by scanning fingerprints *CAN* be fooled consistently by a sufficiently technically minded individual. Systems which require a secretly selected (and well chosen) authentication number cannot be fooled by any means other than sheer lucky guessing (and you'll run out of tries long before your odds of guessing right even approach being something more than negligible). IMO, that's about as foolproof as we're ever going to get (unless or until it becomes technologically possible to read other people's thoughts).
Re:Free stuff! (Score:3, Insightful)
I agree, and the real point is, if someone is willing to go that far, certainly cash or a credit card suffer the same shortcomings... you can much more easily pick one's pocket than lop off their finger. And if someone goes as far as killing someone, I'm sure they'd think it much easier to just take the person's credit cards and cash than their finger (which in most cases is simply linked to one of said credit cards).
Re:Hardly anyone ever uses biometrics correctly (Score:4, Insightful)
Every security system known can be broken (including one time pads - if you human engineer a way into getting one of pads - which has been done in the past by secretly capturing one user of a pad, and forcing him to carry on the conversation while relaying the information to his captors).
But the harder a system is to break, the more it deters the use of false or stolen identities.
For example, to replace pictures with biometrics would be stupid. To add biometrics increases the difficulty of the forget. Etc.
A useful authentication system would be one where it takes a lot of work to forge a single identity, and that work would have to be repeated to forge another one. Biometrics in common with other systems have the promise of making such systems.
When I last worked with biometrics (a long time ago), the problem was that you could not get an acceptable false positive rate at the same time that you got an acceptable false negative rate. But when biometrics are combined with other systems, you can allow higher false positives (and hence fewer false negatves = rejections), because the other systems add security. And the whole thing becomes harder to break, making it less worthwhile to break unless you try to protect something way too valuable with it.
Unfortunately, security in computers has often been viewed as identical with cryptography. The result is that serious and smart cryptographers, like Bruce Schnier become "the experts" on security. But mathematics tends to bias people towards openness, provability and precision. Thus many security techniques which do in fact work with real human beings (such as keeping secrets, if you are smart about it) are often decried by them. In other words, Schnier and others make public pronouncements that are out of their true field of expertise.
If you want to find people who truly understand security, check with the military or banks. They have been dealing with security for millenia. They take a different attitude from cryptographers.
They understand that in most systems, security is a cost/risk tradeoff, not an absolute. Hence they use one or more techniques for a particular security need. A simple ID card might get you into a military base, while to get into some facilities requires the ID card, a special ID, the knowledge of safe door combinations, and perhaps personal recognition by another trusted individual. None of these techniques is perfect by itself, but the combination is remarkably formidable.
Thus biometrics represent a a technique that can be used to enhance security. Can it be defeated? Yes, by itself. How easy is it to defeat? It depends on a number of factors, but especially what other security measures are used along with the biometrics, and how their parameters are set.
Re:Hardly anyone ever uses biometrics correctly (Score:5, Insightful)
Well, you're absolutely correct, but you've veered a bit from the mark. It seems that the advocates of biometric identification are not interested in using biometrics to augment existing security procedures, but to replace these procedures, and they seem to be gushing that biometric "authentication" is a silver bullet, or something very close to it. Few banks, and no military or intelligence agency in their right mind would be so foolish as to believe that. If you've taken the time to even read the article I linked to, you'd see that Schneier isn't advocating that we not use biometrics at all, but that we not treat them as keys. They have their uses, especially when combined with real keys and other authentication schemes, but to use them alone for authentication isn't generally a good idea.
Granted, sole biometric identification is better than some present identification methods, and could replace them in those areas, where the risk is not high enough to justify the use of more expensive and complex procedures, but does it give sufficient security for many of the domains to which it is being applied? I think not. Biometrics raise the bar a bit, but not high enough to be used on their own for many of the applications to which people want to put them to use.
By the way, you're highly out of date about Schneier's present views on security. If you've taken the time to read his many writings over the years, you'll see how much his attitude towards security has changed since the days of Applied Cryptography, where he naively talks about "protecting ourselves with mathematics." His most famous maxim is now "Security is a process, not a product," and he keeps constantly talking about how security is all about risk management, not risk avoidance. Exactly what you're saying, isn't it? Have a look at Secrets and Lies and the Crypto-Gram archive sometime.
Re:start implementing without relying fully relyin (Score:4, Insightful)
Not a good argument. Listen, people can't fly, but let's jump off the nearest 10-story building, and we'll learn how to fly on the way down. I mean, the advantages of being able to fly must outweigh any conceivable drawbacks, no?
The flaw with your argument is that biometric identifiers, once compromised, cannot be changed. What happens if you get your fingerprints lifted? A finger transplant? No, at that point your only choice is to have some sort of fraud alert put on your fingerprint, and then you can no longer use it. So it's useless for you, forever. If you'd read the article you'd see that the authors complained that they discovered critical flaws in fingerprint readers ten years ago, including that they could be fooled using fake gelatin fingers, and they still haven't fixed that. You think Microsoft is bad, leaving IIS unpatched for three months? Try ten years... The only conclusion is that the readers can't be fixed.
Blind adoption of some shiny new technology without at least some foresight is too common, and really, really stupid. Electronic voting is another great example of this...
Re:Ouch (Score:3, Insightful)