Home Secretary Requests Fingerprint-Activated iPods

John Reid, Home Secretary, has called upon tech manufacturers to improve the security on their gadgets to help with his recent push to frustrate criminals. Inviting Apple, Sony, and several others to his crime fighting summit Reid hopes to attack the rising robbery numbers in the most recent Home Office figures.

Useless

[geek]

There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.

In resoponse to the added security...

[Billosaur]

...thieves have not only been stealing the iPods, but cutting off their victim's fingers as well. Given this new threat, the Home Secretary is calling for iPods controlled by brain waves.

Why?

[morgan_greywolf]

Why fingerprint-activated iPods? So no one but me can find out what's on my iPod? (Like I care if anyone knows that I listen to Disturbed, Metallica, or Puddle of Mud?) So no one will steal it? How fast before the thieves figure out how to disable the fingerprint scanner? All this'll do is drive up the cost of iPods, as if Apple didn't already charge and arm and a leg for the things.

Alternatively

[rlp]

Wifi enabled players + municipal wifi + device ID + central revocation list = frustrated criminals.

What a fantastic idea

[Realistic_Dragon]

Now when they steal my iPod not only will they get a few thousand pounds worth of music, they will also get the fingerprint data I was forced to use as the password for my bank account.*

You don't have enough fingers to generate unique passwords for everything!

*Yes, I am aware they could be stored as a hash. Some electronics companies will probably do so - but all of them? And how many will use a good hash that has decent properties for the application? I'm guessing at one, and that will only be due to an accident.

Grabbing at liquid

[SpiffyMarc]

Trying to get a handle on this kind of theft is like trying to get your hands around some liquid. There's just no way to contain the stuff, it's going to come leaking out between your fingers somehow.

This reminds me a bit of the statistic I heard where more and more people are, in the face of those microchip car keys, just breaking into homes and stealing the keys rather than breaking into the car. If they need me to activate my device before they can take it, they're just going to pull a gun or knife on me.

Re:Useless

[hey!]

Oh, I don't think that's really true.

What you have to do is make it more trouble to get around the security than the value of the device. So, if you can pin-reset the device, obviously the security measures aren't worth squat. But let's say you have to open the device, and the case is designed to break when that happens. Sure, as a geek you might no mind walking around with the guts of your gadget hanging out, but it does put a crimp on the resale value.

The real problem is figuring out effective security measures that won't bite legitimate users thousand of times more often than they bite thieves.

Manufacturers barely have the capacity to make usable devices as it is. Adding security that will thwart a thief is sure to earn them legions of incensed users.

In any case Homeland Security doesn't really want really secure devices, because one of the unauthorized parties that might want to look at the contents of your device is ... Homeland Security.

Revocation

[Jeremiah Cornelius]

"I'm sorry sir. Your identity has been compromised, and we are revoking all known authenticators. Your physical characteristics are no longer valid to autheticate your personal identity. You have been added to the list of unconfirmable citizens. Please turn in your face and fingers to the Department at the earliest possible opportunity."

Revokation of Biometrics

[mwilliamson]

One of the biggest problems with biometric authentication is the lack of ability to revoke a compromised biometric key. Sure you can revoke rights based on a fingerprint, but then you've no way to use it again. Lifting fingerprints with gelatin isn't really that hard. See http://www.schneier.com/crypto-gram-0205.html#5 [schneier.com] for more information on the gummy-bear fingerprint reader bypass technique.

Personally, I think biometrics are great as a username equivalent, but should not be relied on for authentication. There is sound reason to have (1) something you have with (2) something you know in a good authentication system. The ability to revoke and re-generate either component is needed.

-Michael

Uhmmm...

[ZDRuX]

Why finger prints?! Why not just use the good `ol numeric 4-digit password? Seems to be working fine for the majority of people who use banking machines every day.

Re:Useless

[skiflyer]

It doesn't, but it's a pointless example in the case of iPods, thieves aren't trying to steal the contents of the drives, they're trying to steal the device itself.

Technological solution to social problem

[kahei]

Like the endless parade of anti-IP-infringement measures, like the endless surveillance and mail-sifting programs, this is yet another result of a bunch of people facing (or creating) a social problem, and then trying to convince themselves that a nifty gadget will fix it.

And it's the latest in a long parade.

What they've got is a culture that favors the instigator, rather than the victim, in robbery, street violence, and general antisocial behavior. Here are their solutions so far:

--Cameras
--Electronic tags
--New Databases (rather like many large companies, the UK government loves greating A New Database to solve any kind of problem)
--Magic dream iPods that can't be stolen or some such rubbish

It's a simple choice -- you can either address a problem, or you can talk about how cool it would be if a gadget would make it go away.

Frustrate criminals, or legit users?

[necro2607]

Hmm... I have a strong feeling that, like all other security measures we encounter, they will be far more inconvenient to legitimate users than they will be to "criminals".

It's such an old story in the tech industry, and probably spans back throughout most of mankind's recent history now that I think about it. Just that little bit of extra hassle to do what you're trying to do, that actually won't do much of anything against your average "criminal". For a quick example, note the fact that effectively all computer games since the late 90s require that you keep the game CD-ROM in the CD drive while you play the game.

It's not a huge deal, per se, but it's yet another one of those things that we put up with in order to "stop the criminals", or whatever (even though the so-called criminals laugh at the pathetic "security" as they remove it with a couple clicks).

Normalisation

[Gumshoe]

John Reid is really, really keen on keeping Biometric information for all UK citizens as part of a national ID project. Naturally enough, a large proportion of the UK population is uncomfortable with the idea. I suspect that this new idea is an attempt to encourage people into thinking that biometric identification is a part of everyday life.

As other poster's have pointed out there are other methods of protecting these sorts of devices (think of your car stereo for example) so it's reasonably clear to me at least that Reid has an ulterior motive.

Re:Education system

[kahei]

Well yeah. You're the guy who produces, and they (muggers etc) are parasites -- so the burden's always going to be on you, whether it's the burden of paying more for your iPod or the burden of paying tax for a proper legal and penal system, or (if you roll that way) the burden of throwing more money at an education system which focuses entirely on league-tables and 'building self esteem'.

The UK's like the USA -- it educates *some* of its own people but generally it relies on attracting people who were educated elsewhere and immigrate in order to make money. Actually, these days the UK is *more* like this than the USA is -- it's an economy that depends utterly on immigration. This leaves the lower-class young UK-ians, who are often educated to a horrifyingly low level, with a stark choice between crime, the Army, and the supermarket checkout. In the USA the latter two are more likely overall, but in the UK the crime option is a lot safer, and thus the iPod problem.

I think it's just one of those things that nothing much can be done about.

Re:Brilliant!

[jfengel]

Because I can hardly see somebody trying to fence an iPod with the little proviso that you have to keep around a fake thumbprint in order to use it.

Crime is something you deter, not forbid. Slashdotters get used to security being absolute because we work with computers, where we tend to put all of our data eggs in one password basket. Security of physical objects is much more about making it inconvenient, not impossible, to steal something.

Thank goodness.

[TheOldSchooler]

I know I'm sleeping better at night knowing that Homeland Security is focusing it's attention and resources to the critical matter of protecting the nation's valuable mp3 players. Forget about border security, cargo inspection or tracking illegal immigrants. That stuff is peanuts.

Hah! A plan to sell more meat cleavers...

[EmbeddedJanitor]

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m [bbc.co.uk]

Re:Hey, disarming your citizens is working...

[Anonymous Brave Guy]

Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.

As opposed to the US, where your rights are granted by the Constitution, yet can be ignored at the pleasure of the President? Not a very convincing way to win an argument, my friend. :-)

How about the Fuzz?

[garyok]

Why doesn't Reid try to figure out ways that police officers can be freed from the mountain of paperwork they're forced to create every shift so they can go out on the nosey for scabby crims to smack about/arrest with the minimum necessary force? Then they'd maybe stop some of the muggings where people are getting hurt and killed.
Even if this fingerprinting scheme were adopted, all it'd do is give fences a reason to give the crim buttons for ipod. It wouldn't stop a thing. It might make the muggers more vicious as they'll have to be more prolific to cover their crack tab for the night and really don't want to spend their time asking nicely.

Re:Useless

[MoxFulder]

Exactly. Encryption protects the data, it doesn't protect the device at all. Unless the device is totally useless without the data, and even then it only deters smart thieves.

Has anybody ever considered WHY so many iPods get stolen?

I think it's because people wear them like big flashy pieces of jewelry. I see lots of people with their iPods strapped to their upper arms, prominently attached to their belts, clipped to backpack straps, etc... and of course they all have the telltale white earphones.

We're talking about a very sought-after and yet common product worth several hundred dollars, and people enthusiastically flaunt them all over the place. Those who carry cash, jewelry, important documents, and weapons often go to great lengths to be discreet... but this has somehow totally escaped the iPod herd. Every iPod "holster" seems designed to display the thing as prominently as possible.

It's basically just dumb marketing and dumb consumers. Expensive electronics != fashion accessory.

Re:Mythbusters

[cayenne8]

"Well then how about a retinal scanner built into the back of the device?"

Just what we want...new tech to add to the device like an iPod, that drives up the size of the unit, the cost of the unit, whilst adding nothing to the primary function of the unit (audio/video playback).

Hey, if someone steals it...it is replaceable.

Re:Brilliant!

[valintin]

Which means, this is not really about having your ipod stolen because the biometrics must be reset. It's about requiring all the music on your ipod to be deleted when you change ownership.