Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Technology

Home Secretary Requests Fingerprint-Activated iPods 262

John Reid, Home Secretary, has called upon tech manufacturers to improve the security on their gadgets to help with his recent push to frustrate criminals. Inviting Apple, Sony, and several others to his crime fighting summit Reid hopes to attack the rising robbery numbers in the most recent Home Office figures.
This discussion has been archived. No new comments can be posted.

Home Secretary Requests Fingerprint-Activated iPods

Comments Filter:
  • Brilliant! (Score:5, Interesting)

    by grape jelly ( 193168 ) on Monday April 30, 2007 @12:10PM (#18929215)
    ...because nobody would ever find the owner's fingerprint in their home!

    This is yet another case of legislation coming up with the wrong solution to the right problem.
  • Useless (Score:5, Insightful)

    by geek ( 5680 ) on Monday April 30, 2007 @12:11PM (#18929221)
    There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.
    • Re: (Score:2, Offtopic)

      by Rakishi ( 759894 )
      Sure there is, encryption is one example.
      • Re:Useless (Score:5, Informative)

        by geek ( 5680 ) on Monday April 30, 2007 @12:23PM (#18929487)
        Wipe the flash. Force a reload on the firmware etc etc etc etc. You can not secure a device when the theif has physical access to it. Anyone that has worked with ATM's knows this.
    • Re:Useless (Score:5, Insightful)

      by hey! ( 33014 ) on Monday April 30, 2007 @12:26PM (#18929551) Homepage Journal
      Oh, I don't think that's really true.

      What you have to do is make it more trouble to get around the security than the value of the device. So, if you can pin-reset the device, obviously the security measures aren't worth squat. But let's say you have to open the device, and the case is designed to break when that happens. Sure, as a geek you might no mind walking around with the guts of your gadget hanging out, but it does put a crimp on the resale value.

      The real problem is figuring out effective security measures that won't bite legitimate users thousand of times more often than they bite thieves.

      Manufacturers barely have the capacity to make usable devices as it is. Adding security that will thwart a thief is sure to earn them legions of incensed users.

      In any case Homeland Security doesn't really want really secure devices, because one of the unauthorized parties that might want to look at the contents of your device is ... Homeland Security.
      • You'll never defeat the professional thief, but casual ones, you just need to make it more hassle than it's worth.
      • Why not provide a way to have your iPod customized to the point that it would dent resale value?

        If only Apple provided a way to have something like "grahamsz is da c00lest evar" permanantly engraved on my ipod then nobody would want to be seen dead with it (especially not me)....
      • Re:Useless (Score:4, Interesting)

        by Marillion ( 33728 ) <ericbardes@NOsPaM.gmail.com> on Monday April 30, 2007 @01:12PM (#18930437)
        The iPod video has a security feature. You can set a PIN code on it to lock it. Re-enter the PIN to unlock. If for some reason you "forget" the pin code, docking the iPod to its "Home" computer will unlock it the iPod.
      • In any case Homeland Security doesn't really want really secure devices, because one of the unauthorized parties that might want to look at the contents of your device is ... Homeland Security.

        This isn't Homeland Security (U.S. department). This is the Home Secretary (U.K. minister). Unless you really believe that the U.K. is now part of the U.S. that is.
      • How about we use that serial number for some good?

        Each iPod makes a connection to the computer and iTunes. Why not have it report its serial number? If your iPod is stolen, you can just report it as stolen and it should render it useless. Would not be very hard for apple to at least institute a list of stolen iPod serial numbers? As it stands, they do nothing about it. I bet that if I stole somebodys iPod I could then go to apple support, register it, and send it back to apple for repairs, no questions ask
    • One-Time Passwords are the answer to this problem. It would mean the thief would have to steel your OTP card, as well.

      But, as has been pointed out, no device is truly secure, especially with a thief who really wants your data.
    • There is no such thing as security when you have physical access to the device. It's a useless "summit" that will do little more than raise the cost of these devices on consumers.

      Well, maybe not security ... but there could be punishment!

      I propose that we build a small quantity of plastic explosives or thermite into every new portable device. They will take commands from the GSM cellular network and, upon command from the manufacturer, on receiving word from the original purchaser that the device has been stolen, explode/melt and blow/burn pieces of the device into the criminal's (or person who received said stolen property) face/hands/thighs. It will also have the handy side-effect of securely deleting confidential data. We'll just need some laws to indemnify manufacturers and owners from said criminals' lawsuits, and after that, we'll just let the problems work themselves out.

      I foresee this having a slight negative impact on the used-equipment-on-eBay market, but overall I think it'll be a good thing.

      What could possibly go wrong?

      • by mstahl ( 701501 )
        Brilliant! Then you could sell or give it away to one of your enemies, then activate the anti-theft and BOOM!
        • Re: (Score:2, Funny)

          by Idbar ( 1034346 )
          Or better, being paranoid and activate it, only to find it was under the couch.
      • How many stories will we have to hear about that start out with "Allegedly stolen IPOD discovered in smoldering wreckage of owner's car" until this idea is abandoned? Answer: Not enough! Smoldering wreckage, coming to a street corner near you! It's about time this hip trend left the streets of Baghdad and got a little closer to home...
      • Re: (Score:3, Funny)

        Don't forget, the RIAA would like some of that device-disabling action. It could autodetect copied MP3 and blow up in the pirate's face. A messy death is better than they deserve anyway.
    • Declare it to be a way to help Global Warming. You will get funding, PR and a million drones to push it through...

      The issue here is not technology..it is MARKETING!
    • by Bogtha ( 906264 )

      There is no such thing as security when you have physical access to the device.

      Not necessarily. Encrypt the data using some sort of biometric hash of the fingerprint. Don't store the hash or fingerprint at any time. When you need access to the data, you need your fingerprint.

      To get around this, you need to either obtain the fingerprint hash, or compromise the device, return it to its owner, and then obtain it again afterwards.

  • by Billosaur ( 927319 ) * <wgrother@optonline . n et> on Monday April 30, 2007 @12:11PM (#18929227) Journal

    ...thieves have not only been stealing the iPods, but cutting off their victim's fingers as well. Given this new threat, the Home Secretary is calling for iPods controlled by brain waves.

  • .... But how does this stop criminals/terrorists/undefined bad guys?
  • by ZWithaPGGB ( 608529 ) on Monday April 30, 2007 @12:15PM (#18929293)
    For the criminals!
    And the solution is to force vendors to give the government more tools to monitor you!
    Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.
    • Re: (Score:2, Informative)

      by ydrol ( 626558 )
      Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.


      Nice try [wikipedia.org]

    • Re: (Score:3, Insightful)

      Oh, wait, you aren't citizens, but subjects. Your rights are privileges granted by the monarch, and so can be revoked at the pleasure of the government.

      As opposed to the US, where your rights are granted by the Constitution, yet can be ignored at the pleasure of the President? Not a very convincing way to win an argument, my friend. :-)

  • What's a Home Secretary?
    • It's what the Minister of the Interior is called in the UK. i.e. the one responsible for police etc.
      • In the US the Department of the Interior is something wholly different, mostly concerned with managing natural resources owned by the government for the public good. The US analog would be more along the lines of the Department of Justice, prior to the separation of the Department of Homeland Security.

        More to the point, it seems like John Reid has been getting a lot of attention lately stateside. Every few days there's some terrorist development that's just important enough to get the media's attention over
    • by Lxy ( 80823 )
      It's OK, I had to look it up too:

      http://www.homeoffice.gov.uk/about-us/organisation /ministers/john-reid/ [homeoffice.gov.uk]

      Sounds like something similar to the Dept of Homeland Security.
      • It might also be relevant that there's an election soon here in the UK, the government is very unpopular, and the home secretary has had his department split into two, and half taken away from him, because of the mess that it has got into. So he is desparately looking for any sound-bite that will sound good to his friends in the right-wing press. Hence this nonsense.

        After the election on Thursday we will hear no more about this.
    • In this case (John Reid), a government minister who is the parliamentary rottweiler - he orchestrates the UK part of the "war on terror", coming up with random "solutions" like this.
  • Why? (Score:5, Insightful)

    by morgan_greywolf ( 835522 ) * on Monday April 30, 2007 @12:16PM (#18929319) Homepage Journal
    Why fingerprint-activated iPods? So no one but me can find out what's on my iPod? (Like I care if anyone knows that I listen to Disturbed, Metallica, or Puddle of Mud?) So no one will steal it? How fast before the thieves figure out how to disable the fingerprint scanner? All this'll do is drive up the cost of iPods, as if Apple didn't already charge and arm and a leg for the things.

    • by dr_dank ( 472072 )
      Why fingerprint-activated iPods?

      I'm guessing that the ipods are being used as portable storage. I think the bigger problem is allowing government employees being able to copy over sensitive material on an mp3 player in the first place.
    • Re:Why? (Score:5, Interesting)

      by lawpoop ( 604919 ) on Monday April 30, 2007 @12:27PM (#18929591) Homepage Journal
      Basically it's to gear up the public to be accepting to fingerprint scanning as part of everyday life. You don't need a fingerprint scanner on an iPod. Same reason they're putting RFID chips in credit cards and passports -- to get people so used to them, there will be no problem when they want to implant them in our hand.

      Remember, the Total Information Awareness project [wikipedia.org] is alive and thumpin' !
    • by Lumpy ( 12016 )
      Screw that. iPod parts are a big business out there. Steal ipods, sell them to a guy taht parts them and sells the seperate parts.

      This will not even slow down the thieves. What will slow them down is to sell all ipods with C4 packed in them and a keyfob that allows the owner to detonate it.

      thief steals ipod, owner presses button, KA-BOOM! no more ipod and thief is dead or at least missing an arm. now you can go over and either kick the corpse or the bleeding thief.

      That would significantly reduce ipod th
      • What will slow them down is to sell all ipods with C4 packed in them and a keyfob that allows the owner to detonate it.


        Heh heh heh. I like how you think! The only problem is what to use as a detonator... imagine leaving the thing in your car on a hot sunny day...BOOM! goes the car. Not good.

    • >drive up the cost of iPods, as if Apple didn't already charge and arm and a leg for the things.

      The cost will increase by one finger.
  • Alternatively (Score:3, Insightful)

    by rlp ( 11898 ) on Monday April 30, 2007 @12:18PM (#18929351)
    Wifi enabled players + municipal wifi + device ID + central revocation list = frustrated criminals.
    • And if you hack into that central revocation list, then you're like a god!

      No iPod for you!
    • Re: (Score:3, Informative)

      by Lumpy ( 12016 )
      doesn't stop Cellphone thieves.

      cellphones, espically the expensive and popular ones already have hacks for the black hats to change the esn and get them de-blacklisted to be resold.

  • by Realistic_Dragon ( 655151 ) on Monday April 30, 2007 @12:18PM (#18929359) Homepage
    Now when they steal my iPod not only will they get a few thousand pounds worth of music, they will also get the fingerprint data I was forced to use as the password for my bank account.*

    You don't have enough fingers to generate unique passwords for everything!

    *Yes, I am aware they could be stored as a hash. Some electronics companies will probably do so - but all of them? And how many will use a good hash that has decent properties for the application? I'm guessing at one, and that will only be due to an accident.
  • by The Mutant ( 167716 ) on Monday April 30, 2007 @12:18PM (#18929367) Homepage
    would offer the ultimate in security for the theft adverse iPod owner.

    So why mess about with half measures like fingerprint activation? After all, if you stick it someplace where the sun don't shine, ain't nobody gonna know you're iPodding. Ignoring the obvious question of who the hell would try to steal an anally inserted iPod, who would purchase an (obviously) stolen / used anally insertable iPod?

    Why the market for stolen iPods would close up tight.
  • Grabbing at liquid (Score:3, Insightful)

    by SpiffyMarc ( 590301 ) on Monday April 30, 2007 @12:19PM (#18929385)
    Trying to get a handle on this kind of theft is like trying to get your hands around some liquid. There's just no way to contain the stuff, it's going to come leaking out between your fingers somehow.

    This reminds me a bit of the statistic I heard where more and more people are, in the face of those microchip car keys, just breaking into homes and stealing the keys rather than breaking into the car. If they need me to activate my device before they can take it, they're just going to pull a gun or knife on me.
    • Trying to get a handle on this kind of theft is like trying to get your hands around some liquid. There's just no way to contain the stuff, it's going to come leaking out between your fingers somehow.

      This reminds me a bit of the statistic I heard where more and more people are, in the face of those microchip car keys, just breaking into homes and stealing the keys rather than breaking into the car. If they need me to activate my device before they can take it, they're just going to pull a gun or knife on me.

      - Yeah. Trying to stop crime is hard. Let's not try. I don't know whether the statistic about chipped car keys is true, but if it is then the obvious next step would be to increase home security - something which is a hell of a lot easier to do than increasing car security. Suddenly it really is a lot harder to steal a car.

      Requiring it to be activated might mean that it becomes more likely they'll pull a weapon. On the plus side that means a mugger now has to be willing to up the stakes on their crime from

  • Simple Solution... (Score:3, Interesting)

    by nick_davison ( 217681 ) on Monday April 30, 2007 @12:22PM (#18929455)
    A user activatable but then non-reversible lock that requires your iPod to check in with Apple every time it syncs to ensure its serial number isn't on a list of stolen ones. Then provide a means to access any/all serial numbers you have registered to you and lock them down.

    If you don't want your iPod tied to to needing a net connection to sync, don't enable the feature. If you want to know that anyone who mugs you for it gets a worthless lump of metal and plastic - and you're fine with the trade off - turn it on.

    It doesn't even need to be that universally used to take a bite out of crime. If people quickly learn the $50 iPods guys in the pub offer them (which, let's face it, they know are stolen but think they're getting a great deal and so don't care) may well not work, they're not going to hand over the $50. You don't have to disable every last stolen one to make buying a stolen one enough of a gamble that people stop doing it and thus they stop being desirable to steal.

    Yes, it would become a potential pain for retailers who accept returns but a simple app could let retailers check the iPod hadn't been locked down before accepting returns. Given Apple "authorizes" retailers, this would give them a finite list of people to distribute it to and increase the value of being an authorized retailer.
    • by MoFoQ ( 584566 )
      I was about to say the same thing...they do have serial numbers...plus they give you the option to have it engraved.
  • by sycodon ( 149926 ) on Monday April 30, 2007 @12:28PM (#18929595)
    ...just won't work. I can't quite put my finger on it though.
  • by mwilliamson ( 672411 ) on Monday April 30, 2007 @12:29PM (#18929617) Homepage Journal

    One of the biggest problems with biometric authentication is the lack of ability to revoke a compromised biometric key. Sure you can revoke rights based on a fingerprint, but then you've no way to use it again. Lifting fingerprints with gelatin isn't really that hard. See http://www.schneier.com/crypto-gram-0205.html#5 [schneier.com] for more information on the gummy-bear fingerprint reader bypass technique.

    Personally, I think biometrics are great as a username equivalent, but should not be relied on for authentication. There is sound reason to have (1) something you have with (2) something you know in a good authentication system. The ability to revoke and re-generate either component is needed.

    -Michael

  • Uhmmm... (Score:3, Insightful)

    by ZDRuX ( 1010435 ) * on Monday April 30, 2007 @12:29PM (#18929631)
    Why finger prints?! Why not just use the good `ol numeric 4-digit password? Seems to be working fine for the majority of people who use banking machines every day.
  • Thief-proofing and iPod reduces the chance of a mugging victim needing to go out to buy another iPod.

  • So, a faulty and easy to defeat mechanism will be added to an already paying-for-premium device to raise the cost even further without providing true benefit to the consumer. Lovely. Just lovely.

    The question becomes... will this information(the fingerprint information) be sent back to Apple via an update? Will this be tied into law enforcement systems so that non-criminals are indexed along with criminals? Will this be used to produce defacto arrest warrants for people, based on their music consumption?

    But

  • Wouldn't it be much better to improve the education system and take other measures to actually reduce the level of crime?

    What Mr. Reid proposes is that I should take measures that cost me money to reduce the value of my possessions to criminals. It would make it also harder for me to sell my iPod on eBay if I want to replace it with a better model. It would be much better to give kids a decent education so they can find decent jobs instead of becoming criminals, and/or to make the risk of detection and the
    • Now where is the profit in that idea?

      --jeffk++
    • Re: (Score:3, Insightful)

      by kahei ( 466208 )

      Well yeah. You're the guy who produces, and they (muggers etc) are parasites -- so the burden's always going to be on you, whether it's the burden of paying more for your iPod or the burden of paying tax for a proper legal and penal system, or (if you roll that way) the burden of throwing more money at an education system which focuses entirely on league-tables and 'building self esteem'.

      The UK's like the USA -- it educates *some* of its own people but generally it relies on attracting people who were educ
  • by kahei ( 466208 ) on Monday April 30, 2007 @12:55PM (#18930081) Homepage

    Like the endless parade of anti-IP-infringement measures, like the endless surveillance and mail-sifting programs, this is yet another result of a bunch of people facing (or creating) a social problem, and then trying to convince themselves that a nifty gadget will fix it.

    And it's the latest in a long parade.

    What they've got is a culture that favors the instigator, rather than the victim, in robbery, street violence, and general antisocial behavior. Here are their solutions so far:

    --Cameras
    --Electronic tags
    --New Databases (rather like many large companies, the UK government loves greating A New Database to solve any kind of problem)
    --Magic dream iPods that can't be stolen or some such rubbish

    It's a simple choice -- you can either address a problem, or you can talk about how cool it would be if a gadget would make it go away.

    • by nuzak ( 959558 )
      > you can either address a problem, or you can talk about how cool it would be if a gadget would make it go away.

      We do the same in the USA, it's just that the gadget is a gun. Thus all the states in where the NRA is strong have zero crime, and mass shootings never happen in their HQ state.

      I think making iPods work more like modern car stereos (which aren't theft-immune, but stealing them is much less profitable nowadays) would be a great idea, remove the incentive of the crime rather than posture and pu
  • Only if I can use both of my middle fingers to unlock it.
    I'm ambidexterous, you know.
  • What, you mean my car's head unit's non-changeable bluetooth pin of 1234 isn't secure?
  • lock and that was a high end door lock that the according to the manufacturers, the "liveness-sensing" reader has never failed.
    the ones likely to be in ipods are likely to be a lot less costly and are like a lot easer to beat.
    http://en.wikipedia.org/wiki/MythBusters_(season_4 )#Episode_59_.E2.80.94_.22Crimes_and_Myth-Demeanor s_2.22 [wikipedia.org]
  • by necro2607 ( 771790 ) on Monday April 30, 2007 @01:01PM (#18930199)
    Hmm... I have a strong feeling that, like all other security measures we encounter, they will be far more inconvenient to legitimate users than they will be to "criminals".

    It's such an old story in the tech industry, and probably spans back throughout most of mankind's recent history now that I think about it. Just that little bit of extra hassle to do what you're trying to do, that actually won't do much of anything against your average "criminal". For a quick example, note the fact that effectively all computer games since the late 90s require that you keep the game CD-ROM in the CD drive while you play the game.

    It's not a huge deal, per se, but it's yet another one of those things that we put up with in order to "stop the criminals", or whatever (even though the so-called criminals laugh at the pathetic "security" as they remove it with a couple clicks).
    • Yep, but an alternative to this measure would require Reid to actually think. I'm surprised he went for the sophisticated fingerprint idea. I'd have guessed that he'd suggest that all portable devices come equipped with a 30 kilo weigh and the owner's name branded on the front of it.
  • Normalisation (Score:4, Insightful)

    by Gumshoe ( 191490 ) on Monday April 30, 2007 @01:07PM (#18930309) Journal

    John Reid is really, really keen on keeping Biometric information for all UK citizens as part of a national ID project. Naturally enough, a large proportion of the UK population is uncomfortable with the idea. I suspect that this new idea is an attempt to encourage people into thinking that biometric identification is a part of everyday life.

    As other poster's have pointed out there are other methods of protecting these sorts of devices (think of your car stereo for example) so it's reasonably clear to me at least that Reid has an ulterior motive.

  • by Dachannien ( 617929 ) on Monday April 30, 2007 @01:16PM (#18930507)
    Khan: I'll agree to your terms, if.... if.... in addition to yourself, you turn over to me all recordings and album covers regarding the band called "Genesis".
    Kirk: Genesis? Which one, Peter Gabriel or Phil Collins?
    Khan: Don't insult my intelligence, Kirk!
  • Yes, lets lock down EVERYTHING in the country, and then to improve security even more, give all the keys to the govenment.

    We could not tackle or fix the real problem, no way. The fact we are creating a society where there is NO RIGHT OR WRONG... the only questions one should ask before doing something is "will it benefit me" and "can I get away with it". (the government and big business teach us this lesson every day)

    Lets tackle our problems with lack of morality with technological means. Ya right, that
  • Mr. Reid was then quoted as saying "I don't want none o y'all wankers lookin' at my pr0n!"
  • I know I'm sleeping better at night knowing that Homeland Security is focusing it's attention and resources to the critical matter of protecting the nation's valuable mp3 players. Forget about border security, cargo inspection or tracking illegal immigrants. That stuff is peanuts.
  • Reid is an idiot (Score:3, Informative)

    by geoff lane ( 93738 ) on Monday April 30, 2007 @01:38PM (#18930913)
    Security requires at least two parts. These are commonly described as "something you are" and "something you know". The common username/password pair is an example. For fingerprints, the fingerprint is the "username"; it is not the password. The fact the movies and TV commonly show access control systems that only use the fingerprint doesn't mean that such systems are secure in the real world.

    In the end, iPods and similar items are not sufficently valuable to bother with extensive access controls. It's doubtful that the UK police could even be bothered to investigate the theft of an iPod.

    As for the content, well, that's what backups are for :-)

  • by garyok ( 218493 ) on Monday April 30, 2007 @01:50PM (#18931127)
    Why doesn't Reid try to figure out ways that police officers can be freed from the mountain of paperwork they're forced to create every shift so they can go out on the nosey for scabby crims to smack about/arrest with the minimum necessary force? Then they'd maybe stop some of the muggings where people are getting hurt and killed.
    Even if this fingerprinting scheme were adopted, all it'd do is give fences a reason to give the crim buttons for ipod. It wouldn't stop a thing. It might make the muggers more vicious as they'll have to be more prolific to cover their crack tab for the night and really don't want to spend their time asking nicely.
  • by mikerich ( 120257 ) on Monday April 30, 2007 @02:23PM (#18931677)
    Steve Jobs - easily the most stubborn man in high tech meets our alcoholic, belligerent, bullying Minister of the Interior.

    At last, Dr. (economics (Marxist ones at that)) John Reid will come up against someone every bit as awkward as him - although unlike Reid, Steve Jobs sounds like he knows what he's talking about.

    Apple and Sony will tell Dr. Demento that they don't make their products in the UK, nor do they design their products in the UK and that the UK only represents a tiny part of their market so they see no need to burden themselves with additional costs just so that John Reid can bolster his chances of leading a clapped out Labour Party by looking tough on crime.

    I just hope Steve Jobs is a little more blunt about it and shows Reid just where he can stick a music player in order to deter thieves.

Any sufficiently advanced technology is indistinguishable from magic. -- Arthur C. Clarke

Working...