Cry To Beat Iris Scanners 373
Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"
Tech meet Typical (Score:5, Funny)
Re:Tech meet Typical (Score:5, Insightful)
I think if anyone would cry to prevent this thing to work, they'll give him/her a nice chair at the police office and let them try again later.
Re:Tech meet Typical (Score:4, Funny)
Re:Tech meet Typical (Score:3, Funny)
There is now! All the ones that failed their ID check by crying too much.
Re:Tech meet Typical (Score:2, Insightful)
Think I'll win a free trip to Cuba in the X-ray resort.
Re:Tech meet Typical (Score:3, Informative)
Re:...but it's still cold everywhere. (Score:2, Funny)
Re:Tech meet Typical (Score:5, Insightful)
Re:Tech meet Typical (Score:5, Funny)
Re:Tech meet Typical (Score:5, Funny)
Re:Tech meet Typical (Score:3, Funny)
Please.. Mr Blunket/Random authority.. Get a clue! (Score:5, Insightful)
Terrorists: Is any (known) terrorist worth his/her salt going to fly on their own passport. What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
Stopping Criminals: Yes because criminals are moral enough not to have fakes!
The trade off isn't worth it. The only person this effects is you: the law abiding honest citizen. Life is no harder for any of the above groups.
Simon.
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2, Insightful)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:5, Insightful)
Well, in the Bush/Ashcroft 1984 utopia, the biometric identifiers are not only stored on your passport, but also in centralized databases. They aren't only used to tie you to your passport, but they are also used to retrieve possibly matching identities from those centralized databases.
Furthermore, the same centralized databases contain assessments of how much of a threat you likely pose, based on detailed information about where you have traveled, what kinds of political views you have stated in public forums (and maybe in private), the results of surveillance, contacts, purchasing history, insurance history, habits, and interests.
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
That one's even easier. The general idea is that all US citizens would have their biometric identifiers registered in central databases with an indication that they may enter the country. Furthermore, the biometric identifiers of everybody who has ever been denied entry would also be registered. When you appear at the border and your biometric identifiers fall into the first category, you are permitted in. If they fall into the second category, you won't be let in, no matter what your (probably fake) passport says. And if you fall in between--well, prepare for a long wait.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
I'm not saying that any of this will work. I'm just saying that, if you assume that biometric identifiers actually work reliably and/or that you can produce ids that are difficult to fake, you can concoct scenarios in which they would be useful for the intended purpose.
I think those are big "ifs", but if you are going to attack these policies, I think you need to dig a little deeper to do so.
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:5, Interesting)
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
A UK reporter was able to obtain a *real* fake ID for just over a grand. Through a network of bribes.. It's not as hard as you think..
Ask yourself this: How much do you recon they pay their staff at the passport issuing office? Now ask yourself how much that passport could be worth to someone! The math does itself.
ID cards are flawed because you can't secure a system that large. Criminals have cash to 'invest' in perverting your system.
Simon
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:5, Insightful)
Simon.
you still don't get the mindset (Score:3, Insightful)
In Bush's mindset, any staff person that would do such a thing should probably be considered a terrorist and can just be shipped off to Guantanamo without a trial, where they can be raped and tortured courtesy of the US government. Given that downside, faking ids for a few bucks probably seems a lot less appealing to the staf
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:3, Interesting)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
Except (s)he was talking about the UK and not the US approach. If not for getting the country wrong, you'd be correct :-)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:5, Interesting)
-B
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
Just ask our new recruit Johnny here: "I used to just sit at the bus stop, picking my nose and annoying people, but this is much better!"
"Just pass our rigorous qualification test -" *yup, this one's breathing* "-and you're on your way to an exciting career!"
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:3, Insightful)
-B
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2, Interesting)
Also, people will rely on the DNA database as evidence, and not do the proper police/intelligence work. Fakers will escape the net. I always remember a maths teacher telling us to apply "sanity tests". Like roughly do the maths in your head and then check against the detailed calculations. The problem with systems over humans is that this is often not done (A bit like "why didn't Saddam fire those WMDs if he had them?")
Comment removed (Score:5, Insightful)
Fingerprints can be faked. (Score:2)
Not only can you make a mould of a finger from a willing participant (and why not if you want to commit fraud against an employer). You can create fake fingerprints from residual prints that someone has left behind.
http://www.totse.com/en/bad_ideas/locks_and_sec u ri ty/164704.html
So, how easy do you want it to be for someone to steal your luxury car?
Re:From tactical to practical (Score:5, Insightful)
Another reason I don't like biometrics, however, is that you cannot compartmentalise your authentication information any more. If, say, the tax people, phone company, bank and the police all use your biometric information to authenticate you, then that provides for a massive spillover in (authentication) information that you can't control - for the same reason that it is a bad idea to have the same PIN code on your ATM card and your GSM phone PIN, it's a bad idea for everybody using the same info to authenticate you. Nowadays, if somebody can impersonate you to the phone company, all they can do is run up high bills or get you disconnected or something. But if you're a phone company employee with access to someone's biometric info, you're a small step away from being able to impersonate that person to their bank, passport authority, etc., and take over their life.
Even worse, as above, you can't change your info if it's compromised. Remember that biometric info is just a fancy password, with all the password weaknesses, with the advantage that you don't have to remember it, and the disadvantage that you can't change it or get a new one. People can intercept and replay your password (biometric info) to scanners, it's just very simple symmetric and unreliable information in the end, relying on the trustworthiness of biometric scanners to be trustworthy. And of course the path from the scanners to the device interested in your identity..
Biometrics aren't a silver bullet.
Re: (Score:2, Insightful)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
Especially if said terrorist has the resources of a nation state behind him or her. In any such ID system there will be mechanisms for issuing bogus identities with valid biometrics. For such things as undercover cops, spies, "witness protection", etc.
Stopping Criminals: Yes because criminals are moral enough not to ha
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
What possible value is there in making me carry a card around with me that matches my eyes/fingerprints? I ALWAYS carry my eyes and fingeprints with me at all times. Does anyone other than me spot the redundancy here?
The standard reasoning is that the card carrys more than just eye/print data.
Well, if you want to store data that relates to terrorists eyes/fingerprints, isn't it obvious that that data should be held somewhere a bit more secure and tamperproof than in the terroris
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
Quote from Blunkett. (Score:2)
(entitlement card was the proposed name for ID card back then)
Please... mr Ckwop.. get a clue! (Score:4, Insightful)
In practice, this is a nonsense argument. For example, most people here know that WinXP copy protection can be broken with the help of a few google searches that lead to a few russian websites. there are trivial ways to defeat masterlocks and the ordinary sort of locks that 'secure' house doors. modern money *can*, with enough patience and technical skill, be counterfeited.
And yet microsoft continues to have a keycode unlock to winxp, houses continue to have locks, and treasury departments still spend quite a bit per bill to give them 'security features.' why?
Because as anybody who would rather think about this for two seconds (rather than just whoring up for +5 insightful, as you have) could see, protection in a real and complex world is not about *absolute* protection, it's about decreasing the *rate* of violation/infringement.
I know several people who have bought XP where they pirated 95/98/whatever because of their fear of the online activation system. People continue to have locks on their houses because it will make their house less likely to be burgled, and the counterfeit protection on money stops all but the most determined counterfeiters.
Likewise, biometric data will NOT "prevent" or "halt" illegal immgrigration in an absolute sesns and it is unreasonable to claim that's what it's "meant to do." Rather, it will SLOW THE RATE of illegal immigration (if not terrorism--that is obviously less of a statistical process because of the smaller data set). What is stopping them from getting a *real* passport with teh correct biometrics in a different name? have you ever tried getting an illegal passport of the regular kind? it's not easy! now, try finding somebody who provides an illegal passport with an embedded chip in it! not easy at ALL, especially given that for example, you know, when a UK passport is scanned at a US border, the US queries (or can query) the UK systems to vouch for the authenticity of the passport.
To claim that anybody who wants to "immigrate enough" is bullshit. Sure, there will always be the top n% who are determined, clever, and connected enough to beat any system. But with inceased smart security such as biometrics in concert with other ideas, this n% becomes smaller and smaller.
MOD PARENT DOWN as he has provided NO INSIGHT
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:3, Interesting)
Assuming that the "database" is secure against alterations. Any government using such a system will require that falsified and completely bogus identities can be created and that they be indistinguishable from real identities. It wouldn't do for someone's ID to carry metadata which equates to "undercover law enforcement". It would only require one criminal or blackmailable person with the relevent access for this a
uhh.. (Score:4, Funny)
We already have a system like that. It's called Windows.
_
Download AWESOME music here [kicks-ass.net] (lame encoded).
Already do... (Score:4, Funny)
Re:Already do... (Score:2)
Other methods... (Score:4, Funny)
-
"beats the iris scanner" (Score:5, Insightful)
Sure, there's a problem with it correctly identifying the real people. But is this really "beating" the scanner?
Just a thought...
Re:"beats the iris scanner" (Score:2)
Re:"beats the iris scanner" (Score:5, Insightful)
But is this really "beating" the scanner?
If 7% of the time the scanner can't ID you, those people will probbably just routinely be let in. If all you have to do is tear up a little, have long eyelashes, or whatever then anyone that'd be caught be this system will do just that. A system where it's easy to become incorrectly identified is a useless one.
Re:"beats the iris scanner" (Score:3, Insightful)
And for immigration purposes, not showing up on the system IS beating the system. The immigrant can then claim that they have just arrived at port and begin the immigration process again, despite having been in the country for a while and previously had your application rejected.
The application looping is what these systems are supposed to prevent and is much of the basis for the ID card proposals.
This system is worthless.
Re:"beats the iris scanner" (Score:3, Funny)
Re:"beats the iris scanner" (Score:2)
If we all cry when they come to scan us, we can stop this.
What's the big deal... (Score:4, Insightful)
And, IIRC, the UK is just doing a trial run of this biometric ID card thingy, and the purpose of such trial runs are to catch "gotchas" like this.
I'm not going to rant on the "privacy issues"... heck, my country uses an ID card system as well, and as far as I'm concerned, it eases a lot of trivial processes (loan applications, etc. etc.) and in case something happens to me, at least people will know who I am.
Re:What's the big deal... (Score:2, Interesting)
How many government trials with political backing don't get implemented?
If it goes bad, Blunkett will just say that there were issues to iron out. I can't imagine for 1 minute that he'll cancel it.
Re:What's the big deal... (Score:2)
I would say quite a few, if it was proven massively unpopular, especially when the government is democratically elected.
If they push on with it despite massive protests and so on... chances are they will not get re-elected, and the winning party is almost surely campaigning primarily for the axing of said unpopular program.
I too, can't say if the program will get axed... and if it's based on sincere fact finding and R&D, that
Re:What's the big deal... (Score:2, Informative)
If only you were right. The poll tax was unpopular in Scotland and still got implemented.
Also, Blunkett completely ignored the public feedback on ID cards, where something like 80% of respondents were opposed, complaining that that was because of an orchestrated campaign (like people are sheep or something).
What if all parties suppport the introduction? (Score:3, Informative)
We're lucky in that there is one party who are definitely against ID cards, the Liberal Democrats, but realistically, they don't matter. The UK has an election system which favours the largest minority (35%-40% is enough), handing them a disproportionate
Re:What if all parties suppport the introduction? (Score:2)
How to fool an eye scan (Score:4, Funny)
After some standard tests, the doctor spotted that one of my iris's (sp?) was larger than the other, which had something to do with the head trauma.
Basically that means that if you need to pass an eye scan, just drink lots, grab a trolley, fall on your head, and nothing will be able recognise you by your eyes any longer as the features of them will have changed.
(probably talkin s%$t, but i could be right, right??)
Re:How to fool an eye scan (Score:2)
Re:How to fool an eye scan (Score:3, Funny)
Re:How to fool an eye scan (Score:2)
There is no such thing (Score:4, Interesting)
Anyway, when I go get my eyes examined, there's this machine taking a picture of my retina and blowing air into it so as to remove water. Oh and they ask me to remove my lens first, imagine!
Re:There is no such thing (Score:4, Interesting)
True, but there is such a think as a technology that has been proven to be inherently flawed.
Just google for "Bertillonage" for an example of a failed biometrics concept, which no amount of technology could save.
Is iris scanning inherently flawed? I don't know, but if they're just now finding out crying gives a false negative, I don't think anyone has really done any real tests to prove one way or another.
Re:There is no such thing (Score:2, Interesting)
Now if the data acquisition is flawed, there's nothing you can do and there's no algorithm to correct the flaws. Now following my suggestions previously it is not really _hard_. If the algorithms are flawed then its no big problem because 1) You've acquired data through a proper acquisition pr
Re:There is no such thing (Score:2)
My point was here was a system where no matter how accurate your measurements were, it didn't matter since it wasn't unique enough.
It seems to me that no one has done any real tests of iris scanning to show that it isn't easily circumventable. Does lasik surgery affect the scan? What about opaque contacts?
No amount of technology is going to help if iris scanning is inherently flawed... and we're not goi
Long eyelashes (Score:4, Funny)
I've never been game to trim them though
My daughters have inherited the long eyelashes though and they suit them much better.
Interesting Countermeasure (Score:5, Funny)
Re:Interesting Countermeasure (Score:2, Funny)
Reminds me of a quote (Score:3, Insightful)
http://www.wired.com/wired/archive/12.05/poinde
(It was in this past wired, good article)
Re:Reminds me of a quote (Score:2)
so they actually pay some people
Crying doesn't BEAT iris scanners (Score:5, Insightful)
Needless to say, this makes a lot more sense, and is actually more acceptable. After all, (and here's my layman's view coming in) iris scanners are essentially cameras with some pretty cool-dude computer vision algorithms in the back. If your eyes are teary, the CV algorithms get messed up -- it's kind of like having a distortion lens (like an oddly shaped magnifying lens) on the front of the camera.
Re:Crying doesn't BEAT iris scanners (Score:2)
in that sense, you can say "beat".
accuracy (Score:2, Interesting)
Astigmatism (Score:4, Interesting)
Failure rates. (Score:2, Interesting)
If you do a test run with 1000 individuals,and find that 4% of the subjects are identified as someone else, then you really have a problem.
If you then scale up to 1 million people, you will find that a MUCH larger percentage of people will be misidentified: There is a much larger database of people who might have an iris that to the computer looks almost the same. That's when the shit hits the fan.
Re:Failure rates. (Score:2, Insightful)
What specific evidence or even real reasons do you cite that "If you then scale up to 1 million people, you will find that a MUCH larger percentage of people will be misidentified".
Do you have anything real to cite?
Re:Failure rates. (Score:2)
If you pose the "who is this" question to the computer, your scan will be matched against 1000 others. If the per-match chances of going wrong are 0.004 percent, then doing 1000 matches will result in about 4% error rate.
With that error rate, trying 1 million matches will result in a correct iden
Re:Failure rates. (Score:3, Insightful)
That is totally different from saying 4% of the subjects are identified as someone else which your quote does not imply either.
Anyway, surely the system is only for authentification and not identification? I.e. they have your iris on record, you input your name and give them the iris scan. If the two match, you are who you say you are. I seriously doubt they will just scan you
Re:Failure rates. (Score:2)
If my "schiphol pass" says: "this is Roger Wolff" and the system just checks my identity with the Iris scan on file, then a 1% failure rate can be acceptable.
But if it is used to IDENTIFY me as in: "Who is this person in front of the camera?" t
Visene the eye drop of terrorist (Score:2)
Failure rates are the problem (Score:3, Interesting)
If you want to roll out biometrics on a massive scale, an accuracy of 0.1 percent chance for falsely rejecting a person means that at an average large airport, like JFK, Atlanta, Heathrow means that 1 in a thousand scans fails. Now this might not sound as a big chance, but since you need to go through the biometric scanner twice, when you get on or when you get off. So this reduces the amount of people nescessary for failure to 500. Result is that with the hundreds of millions flying on a yearly basis in Europe and the US over 100.000 people might not get on or off a plane.
You might be one of them!
So what? (Score:2)
This thing isnt going to let anyone by who has watery eyes, its just going to give an error and ask them to scan again. Just like a bank card with a weak magnetic strip. They dont just automatically aprove your purchase, it gives an error and asks you to swipe again.
Of course, I'm very skeptical on how biometrics helps ANYTHING..but this is outlined well in a +5 post here..read that.
Am I the only one worried by all this? (Score:5, Insightful)
It really scares me that what was frightening science fiction yesterday, looks like becoming reality tomorrow.
Looks as if one of our most important rights (the right to privacy and anonmymity) is about to be exponged forever -- with narry a whimper from the general population.
When *used* only as promised, modern sophisticated ID and tracking systems may pose no threat to the general public -- but what happens when (and that is *when*, not "if") they are abused?
What protection mechanisms are incorporated to stop some bureaucrat or politician (ab)using such a system to track a foe and use that information for their own means?
Isn't about time we told our politicians to back off and mind their own business?
While I'm most certainly not anti-American, I think the simplest and most effective way that the USA could reduce the risk of terrorist attacks is by getting out of Iraq and stop trying to expand its empire and the reach of its military muscle.
I can imagine how much better life would be for US citizens if the US government spent as much on the health, welfare and education of its own people as it has on war in the past 60 years or so -- and ultimately, what have they got to show for their involvement in Vietnam, Granada, Somalia, Iraq, etc?
Yeah, we all know that Saddam was a despot -- but I'd wager that there are just about as many people who regard Bush as a despot. Surely that gives them no more right to attack the USA than the USA had to attack Iraq. All sides in this battle are completely and utterly mad.
Uh-oh, off topic
Re:Am I the only one worried by all this? (Score:2)
Re:Am I the only one worried by all this? (Score:4, Interesting)
Nervous != guilty - does scanner obey this logic? (Score:5, Interesting)
For example, if you have some nerves or phobia about the screening process (big men with guns, what-ifs about false positives), your physiology changes, and your biometrics no longer match your card. You are therefore taken in for further questioning.
Even if you are cleared, the next time it happens, you are more nervous, and eventually this becomes a common event for you.
In extreme cases, some people's reinforced phobia would then prevent them claiming benefits, travelling, anything that the ID was required for, sine they fear the accusations and questioning.
This is similar to effects seen on the now-discredited polygraph, still in use by agencies worldwide.
For example, I always get tense going through metal detectors. This is partly due to a childhood visit to Washington from the UK, when by accident I triggered the bomb detectors on a visit to the CIA buildings. (I was about 7, and didn't realise my pocket fan would set off the detectors.) I was taken away from my parents, and searched. This is a big thing when you're seven, and now these sorts of checks make me (irrationally, I know) very twitchy.
If failing these tests due to phobia were to become a pattern with me, even if it meant I was often singled out in any sort of official process, I am sure my phobia's symptoms would increase, just driving up the error rate. Positive feedback, you see.
Re:Nervous != guilty - does scanner obey this logi (Score:2)
If you are innocent, you have nothing to fear, citizen.
Wow! I almost managed to type that with a straight face.
The good news... (Score:2)
Secondary tests revealed that he doesn't have glaucoma.
(I hate that damn 100 PSI glaucoma test. You might think your dentist is sadistic. I *know* my opthamologist is a complete psycho.)
Wait until you see... (Score:2)
(and if you see those people without fingers... well, that will mean electronic fingerprint recognition became popular)
I don't understand this (Score:4, Interesting)
Rather gruesomely, the system checked for a pulse in the iris to ensure that you hadn't got a life-size photograph...or cut off the account owner's head.
Re:I don't understand this (Score:4, Interesting)
To register a person you'd want the best pic possible, so you normally want a cooperative subject. But after that the one I tested was pretty OK, even IDs people with scratched eyewear and even some sunglasses.
As for the danger to epileptics claims thats stupid - the stuff can work with IR light. The one I played around with had 3 red LEDs for illumination and was made by LG.
Just buy the right iris scanner for the task and it'll work OK, unless the iris is obscured - I suppose really thick/long eyelashes might cause problems.
Epileptic thing really sounds fishy, perhaps there's a hidden story/agenda somewhere. Now if they had said that fake contact lenses could cause problems I'd believe them - then you need fancy scanners that detect pulses and the usual involuntary iris size changes - I doubt the cheap scanners do that.
Whatever it is, with biometrics for real security you always need a guard there, otherwise you can bring in equipment to fool the sensors. No self respecting guard is going to let you stick some fancy gizmo into/in front of a biometric sensor...
No, the iris scanner fails to identify you. (Score:5, Interesting)
Fingerprint scanners have a failure rate of around 2%.
Facial scanners have a failure rate of 10+%.
tears and fluttering eyelashes.... (Score:3, Funny)
Yeap its called my love life
Jaj
Wonder how it will cope with cataract ops (Score:3, Interesting)
Well no matter, hopefully me and the soon-to-be-missus will have emigrated to somewhere saner by the time the "voluntary" ID cards will have stopped being voluntary.
Since when (Score:2, Funny)
Or does halley-burton own some iris-scanning patents?
In that case, I, for one, welcome our new techno info patent overlords.
"Dread"
Iris scan works flawless (Score:5, Informative)
Not the big issue (Score:3, Funny)
I think the real impediment is going to be the natural trepidation of one who finds himself expected to submit his *eyes* to a machine which will decide whether he's good or evil.
Crying doesn't BEAT it, it makes it fail (Score:3, Informative)
M@
Politicians don't cry! (Score:3, Insightful)
This report is patently false. Why? This news comes from a politician. We all know that they void of human emotion therefore they cannot cry.
Re:Emotions (Score:5, Funny)
First they have sex more often then I do, and now they can enter places I can't? Depressing.
Re:Emotions (Score:3, Funny)
-1, Redundant.
Re:Discrimanatory (Score:5, Funny)
Why, oh why, is there not a "retarded" modifier?!
Re:Discrimanatory (Score:2)
Re:Discrimanatory (Score:4, Funny)
Re:Discrimanatory (Score:4, Funny)
True, but many without a brain.
Back to the Wild West (Score:2)