Ready or Not, Biometrics Finally in Stores

cancer4xmas writes: "It's very exciting to see USA Today's Technology front page saying, "Will that be cash, fingerprint or cellphone?" They're running a story on emerging biometric devices being the most fundamental change in personal finance since 1950, when the credit card was introduced. The concept is now being tested in some stores. Check out the full story." Now couple that tidbit with this morsel from wherley: "In a letter [scroll down a bit] to Bruce Schneier's Cryptogram newsletter, Ton van der Putte tells of a recent invitation from the BBC to comment on the addition of fingerprint biometrics to the British ID card. Using a digital camera and UV lamp he was able to make dummy fingerprints that fooled the readers - and in less time and less cost than similar experiments 10 years ago. He says: '...now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.'"

Not all created equal

[Anonymous Coward]

Good: ATMs, airline ticket kiosks. These save time. They augment, rather than replace, the capabilities provided by humans.

Bad: Home Depot, most grocery store self-check kiosks. These invariably replace human checkers, so now I get to stand in line behind a dumb-blonde soccer mom, some kids goofing with the hardware, and an 85-year-old dude whose idea of high technology is the five-transistor radio. These waste my time.

technology issues in posted responses

[the man with the pla]

Reading through the responses to this technology, it seems that several issues are being addressed/readdressed:

1) Mandatory tagging of criminals - There seems to be a fundamental difference between tagging someone as part of their sentence and tagging someone after their sentence has been served (eg, after release from prison). The latter seems a dangerous trend since it indicates that the punishment for certain crimes may change in an arbitrary fashion, even *after* a criminal has served their time and been "rehabilitated" by societal punishments.

Granted, some crimes are heinous and deserve drastic punishments, but punishments should be known at the time of sentencing. Make the punishment as harsh as is warranted (eg, death sentence or consecutive life sentences effectively ensures that an offender never returns to society), but once a punishment has been fulfilled , no additional arbitrary punishments should be levied. Being unable to agree on what the rule-of-law is at the time of sentencing is very bad. A rule-of-law which is not transparent and clear is not a rule-of-law.

2) RFID technology is good|bad - Anyone who has spent their life thinking about technology knows that technology itself it neither our damnation nor our savior. It is amoral and merely a tool created and used by humans to leverage our ideas.

However, history has shown that we have a penchant for killing each other over issues with no obvious resolution (eg, Who's God is better, Who's skin color is better, etc). Technology just speeds up the process of letting us work out our differences, and, when that fails, subjugate/maim/torture/kill the enemy when they it is obvious that they will not take on our point of view.

3) The posters are "anti-technologist fear mongers" - since this crowd is generally very technology savvy, it is probably more likely that you misunderstand the message being articulated. People on Slashdot certainly seem to get more worked up that your general everyday nongeek citizenry. But that is likely because of the "slippery-slope" issues that are addressed. Looking at how humans use and misuse technology to abuse each other, it is often clear to those with a background in technology what form the abuses could take. Generally, it seems that humans eventually arrive at a solution better for everyone (eg, more tolerant), but only after a more short-term period which exploits the technology to the severe disadvantage of an unfortunate minority.

BTW, although annoying that the article is not based on RFID technology, that hardly matters in the grand scheme. GPS, RFID, biometrics, DRM, etc. are all just technologies. They have amazing potential for benefit of societies. But unless the potential for human-rights abuse is acknowledged and carefully monitored, things will get very bad before things get better.

No technology is without potential for abuse. Period.

This is better than credit card *how*?

[nodwick]

For most systems, customers must sign up, which takes about five minutes. They usually must provide their name, phone number and checking account or credit card information, and a fingerprint. [...] Even though customers are usually asked to provide a second form of ID, the thumbprint reader can be a minute faster than writing a check, biometric companies say. And by making it easier to deduct money from a bank account, it can reduce credit card transactions, for which stores usually pay a fee.

So let's see, to make this work I still have to carry and pull out a conventional ID card. Plus, I have to sign up in the first place, waiting in line and filling out annoying forms to do so, and there's no financial incentive to do it.

Or, I could pull out my credit card, which occupies the same space in my wallet as the required ID, and make my payment without signing up for anything or introducing new privacy concerns. On top of that, my credit card gives me 1% cash back.

I think consumers are going to do the math on this one and figure it's not worth the hassle. Sounds like the incentive is mostly for the store to avoid the credit card fees.

Re:Fake Credit cards are easy too

[Popadopolis]

Credit cards are getting harder too, with smartchips and strategically placed strips of thin metal inside. To fake one requires much more sophisticated equipment than five years ago.

Asian Women

[Michael Crutcher]

I've read that that up to 20% of the population does not have a fingerprint suitable for biometric identification. Most of these people are Asian women. If biometric identification ever becomes mandatory are these people simply out of luck?

A better system might require several biometric techniques together to reach an identification.(hand shape and finger prints would go together nicely)

This article [idsmartech.com] mentions the Asian woman fingerprint problem about 3/4 of the way down, but doesn't mention a source for this claim.

Re:Biometrics replace cards or signatures?

[Fibonacci Ceres]

The signature on the back of your credit card has been entirely superfluous for some time now. Many gas pumps, pay phones and other vending devices require only a swipe or insertion for access to your line of credit. Also, less than half of clerks that are unfamiliar with me even bother to turn the card over where, instead of a signature, it has PLEASE CHECK ID in bold letters. Some of the clerks that do check the back simply give me a strange look and hand it back.
Perhaps ~75% of those who bother to look at the back ask for ID, and I've presented everything from
my driver's license (sans SSN)to really old photo
IDs created by private organizations. All have been accepted with nary a question. I've even given
a second credit card ("Sorry, musta left my ID at the house") to "validate" the first one.
When I'm asked sign on the digitising pad I'm seized with a strange palsy that causes me to doodle erratically in the space provided before approving the purchase by plonking yes with the stylus. Again, I've never had my obvious non-signature questioned even on those CRT systems
where the clerk can see in real time my astonishing
lack of penmanship.
Biometrics in conjunction with with a credit/debit
card would seem to provide far more positive identification than the current system.
That said, I feel uncomfortable with the idea of widespread biometrics in commercial applications.
The more information available in the databases is
just that much more available for inevitable commercial or governmental abuse.
Count me as a Neo-Luddite on this issue.
I'll go back to squatting in my cave now.

Kiosks appear to be taylor made for fraud

[khamar]

Self checkout kiosks appear to be taylor made for fraud and promote a simple two step procedure:

1. Steal credit card
2. Shop where no teller will verify card

Of course, Home Depot has built in fraud protection; they have self checkout lanes that require each item purchased to be registered by weight after scanning. Of course my 4x8 plywood, 5 bags of mulch, and 10' PVC pipe are difficult to balance on the scale after scanning so a teller must assist me (and check my card/id in the process.)

I only hope that my story about finding the severed finger near the power saw will fly when they install those readers...

On a similiar note, Walmart seems to have no problem searching every person who leaves the store / counting everything in your cart. This would make sense if it were not for the teller that just did the same thing 20 seconds before. It seems odd to me that this annoyance is somehow acceptable? Some people have supplied good and back feedback over here. [planetfeedback.com] Lower prices appear to calm such complaints.

Re:Cash, credit card or gelatine

[value_added]

The gelatinous protein guk (technical term) that makes up what is known as gelatin/gelatine can be derived from a variety of animal product sources, not just from pigs and not just from hooves. IIRC, most of what is sold commercially comes from cow by-products like hides.

If you're a cook, you probably already know that. But as I doubt you are, here's a small insight ...

When making chicken stock (chicken stock is THE fundamental ingredient to almost all food preparation), one selects parts like the neck, wings, heart and giblets only, specifically most anything with a lot of bone, cartlidge, or connective tissue, and, if you live near a Chinatown where you can get a freshly slaughtered corn-fed bird that includes the head you can use that too. Why? Because the collagen that ends up in the cooking liquid from all thse parts imparts a "body" to it. The meat, on the other hand, imparts flavour only. By using mostly bones (cheap) and adding in a bit of meat (expensive) and throwing in the usual vegetables, herbs, mushrooms, etc., you end up with something quite delicious that can be used for making everything from sauces to soups to a cooking liquid for your broccoli.

Commercial gelatin, like off-the-shelf stock, is suspect in its orgins. I wouldn't recommend buying it for making stock thought it might work for faking fingerprints.

Re:Which state wants fingerprints?

[JimBobJoe]

CA, TX, HI, GA, CO and it's optional in WV.

And they don't do a damn thing (I maintain that it makes things worse, because people believe it's useful when its not, thereby increasing fraud.) In no state are they even remotely forensic quality.

Re:Ouch

[sllim]

I am afraid the real problem is the intellegence of the average thief.

I am guessing that the scanner looks for a temperature of 98 degrees or so, and if it doesn't get it then doesn't process.

Like I said, the problem is the intelligence of the average theif.
Think they will think of this before they cut off my thumb???
Noooooooooo.

In fact, I dare say the theifs may have to have a pocket full of thumbs before they realize that They are doing something wrong.

Compromises are fatal

[Order]

If somebody gets your credit card information, you can just cancel the card and get a new one.

If somebody, somehow, no matter how, gets your biometric information, what do you do?

That's right - switch to credit cards.

Reliable biometrics could mean complete anonymity.

[escallywag]

Try to look at it differently :

Let's assume biometrics have become reliable (combination of retina - thumbprint and maybe even DNA sampling). If this were the case then a biometric profile could be used as an ID instead of a name and address...

You want to open a new bankaccount, you don't give your name and address but your biometric profile as ID. This should satisfy the banks' need for verifying that it's the account holder that is approving a particular transaction since the biometric profiles match.

In such a system the only thing you have to safeguard is the link between your biometric profile and your name and address. As long as there isn't a Big Brother database that can link both sets of information you could safeguard your anonymity pretty well...

Reality check : Reliable biometrics as I described above would probably get us into a Gattaca-esque society in no time... Oh well, in a perfect world...

Why at all?

[ajs318]

Back in the days when I was growing up in what was then a peaceful little village on the outskirts of Derby, kids could be kids, paedophiles had not been invented, all that mattered was that Forest lost and if the Rams won, well, that was a bonus. But regardless what was happening at the Baseball Ground, if anyone tried shoplifting from the local newsagent's, they were in for a surprise a few weeks down the line. Because the paper lady had eyes like a hawk, and if she spotted you doing something -- and if you did anything, she would spot it -- she would just add it on to your parents' paper bill, and when they got the bill they could deal with you as they saw fit -- which usually meant you had to write a letter of apology to the newsagent, and you'd probably have to stand up to write it. If you ever gave her a mouthful, other people in the village would express disapproval - "There goes that Alice, do you know what she said to Mrs W. the other day?" - until you felt you had no choice but to make your peace with her. She knew how old you were, whether your parents smoked and what brand -- and she would also know if a packet of fags or a can of booze was really for someone else {though I suspect the real explanation was that the parent in question would simply phone the newsagent while you were on the way and say they had sent you. Most of the people in my end of the village were on the phone}. They don't make them like her anymore.

It's my contention that no automated system will ever be as good as our old paper lady, may she rest in peace. She may have had a vulnerability, but either nobody dared exploit it, or they were just too amazed by her apparent superhuman powers to bother. Why can't we just go back to using human beings to do jobs human beings are good at and use machines for jobs machines are good at?

time to game the system.....

[avi33]

I think it's about time we all got this guy's [cockeyed.com] fingerprints and started making thousands of simultaneous purchases worldwide.

He acquired his 15 seconds of internet fame [wired.com] by duplicating and sharing his frequent shopper's card via his personal web site. I can only imagine the junk mail he receives on account of that profile.