Cry To Beat Iris Scanners 373
Ant writes "The Register has an article on how crying beats iris scanners. An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water... The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too... So we're going to have a system that is derailed by a few tears and fluttering eyelashes?"
Please.. Mr Blunket/Random authority.. Get a clue! (Score:5, Insightful)
Terrorists: Is any (known) terrorist worth his/her salt going to fly on their own passport. What's stopping them getting a *real* passport with the correct Biometerics on a different name?
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
Stopping Criminals: Yes because criminals are moral enough not to have fakes!
The trade off isn't worth it. The only person this effects is you: the law abiding honest citizen. Life is no harder for any of the above groups.
Simon.
"beats the iris scanner" (Score:5, Insightful)
Sure, there's a problem with it correctly identifying the real people. But is this really "beating" the scanner?
Just a thought...
Re:Tech meet Typical (Score:5, Insightful)
I think if anyone would cry to prevent this thing to work, they'll give him/her a nice chair at the police office and let them try again later.
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:2, Insightful)
What's the big deal... (Score:4, Insightful)
And, IIRC, the UK is just doing a trial run of this biometric ID card thingy, and the purpose of such trial runs are to catch "gotchas" like this.
I'm not going to rant on the "privacy issues"... heck, my country uses an ID card system as well, and as far as I'm concerned, it eases a lot of trivial processes (loan applications, etc. etc.) and in case something happens to me, at least people will know who I am.
Re:"beats the iris scanner" (Score:5, Insightful)
But is this really "beating" the scanner?
If 7% of the time the scanner can't ID you, those people will probbably just routinely be let in. If all you have to do is tear up a little, have long eyelashes, or whatever then anyone that'd be caught be this system will do just that. A system where it's easy to become incorrectly identified is a useless one.
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:1, Insightful)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:5, Insightful)
Well, in the Bush/Ashcroft 1984 utopia, the biometric identifiers are not only stored on your passport, but also in centralized databases. They aren't only used to tie you to your passport, but they are also used to retrieve possibly matching identities from those centralized databases.
Furthermore, the same centralized databases contain assessments of how much of a threat you likely pose, based on detailed information about where you have traveled, what kinds of political views you have stated in public forums (and maybe in private), the results of surveillance, contacts, purchasing history, insurance history, habits, and interests.
Immigration: Anyone who wants to immigrate enough will get the *real* id in a fake name!
That one's even easier. The general idea is that all US citizens would have their biometric identifiers registered in central databases with an indication that they may enter the country. Furthermore, the biometric identifiers of everybody who has ever been denied entry would also be registered. When you appear at the border and your biometric identifiers fall into the first category, you are permitted in. If they fall into the second category, you won't be let in, no matter what your (probably fake) passport says. And if you fall in between--well, prepare for a long wait.
Furthermore, even if the biometric identifiers are not reliable enough to be able to distinguish between hundreds of millions of people in centralized databases, governments are also assuming that they can make id cards that are sufficiently forgery-proof to make "just getting a *real* id in a fake name" rather difficult.
I'm not saying that any of this will work. I'm just saying that, if you assume that biometric identifiers actually work reliably and/or that you can produce ids that are difficult to fake, you can concoct scenarios in which they would be useful for the intended purpose.
I think those are big "ifs", but if you are going to attack these policies, I think you need to dig a little deeper to do so.
Reminds me of a quote (Score:3, Insightful)
http://www.wired.com/wired/archive/12.05/poinde
(It was in this past wired, good article)
Crying doesn't BEAT iris scanners (Score:5, Insightful)
Needless to say, this makes a lot more sense, and is actually more acceptable. After all, (and here's my layman's view coming in) iris scanners are essentially cameras with some pretty cool-dude computer vision algorithms in the back. If your eyes are teary, the CV algorithms get messed up -- it's kind of like having a distortion lens (like an oddly shaped magnifying lens) on the front of the camera.
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:5, Insightful)
Simon.
Comment removed (Score:5, Insightful)
Re:"beats the iris scanner" (Score:3, Insightful)
And for immigration purposes, not showing up on the system IS beating the system. The immigrant can then claim that they have just arrived at port and begin the immigration process again, despite having been in the country for a while and previously had your application rejected.
The application looping is what these systems are supposed to prevent and is much of the basis for the ID card proposals.
This system is worthless.
Am I the only one worried by all this? (Score:5, Insightful)
It really scares me that what was frightening science fiction yesterday, looks like becoming reality tomorrow.
Looks as if one of our most important rights (the right to privacy and anonmymity) is about to be exponged forever -- with narry a whimper from the general population.
When *used* only as promised, modern sophisticated ID and tracking systems may pose no threat to the general public -- but what happens when (and that is *when*, not "if") they are abused?
What protection mechanisms are incorporated to stop some bureaucrat or politician (ab)using such a system to track a foe and use that information for their own means?
Isn't about time we told our politicians to back off and mind their own business?
While I'm most certainly not anti-American, I think the simplest and most effective way that the USA could reduce the risk of terrorist attacks is by getting out of Iraq and stop trying to expand its empire and the reach of its military muscle.
I can imagine how much better life would be for US citizens if the US government spent as much on the health, welfare and education of its own people as it has on war in the past 60 years or so -- and ultimately, what have they got to show for their involvement in Vietnam, Granada, Somalia, Iraq, etc?
Yeah, we all know that Saddam was a despot -- but I'd wager that there are just about as many people who regard Bush as a despot. Surely that gives them no more right to attack the USA than the USA had to attack Iraq. All sides in this battle are completely and utterly mad.
Uh-oh, off topic
Comment removed (Score:2, Insightful)
Re:Failure rates. (Score:2, Insightful)
What specific evidence or even real reasons do you cite that "If you then scale up to 1 million people, you will find that a MUCH larger percentage of people will be misidentified".
Do you have anything real to cite?
Re:Tech meet Typical (Score:2, Insightful)
Think I'll win a free trip to Cuba in the X-ray resort.
you still don't get the mindset (Score:3, Insightful)
In Bush's mindset, any staff person that would do such a thing should probably be considered a terrorist and can just be shipped off to Guantanamo without a trial, where they can be raped and tortured courtesy of the US government. Given that downside, faking ids for a few bucks probably seems a lot less appealing to the staff.
ID cards are flawed because you can't secure a system that large.
You can't in a freewheeling democracy with normal legal protections. But if you make the state sufficiently totalitarian and the punishments sufficiently severe, as history has shown, that sort of thing does actually work, at least for a while. And that's where Bush and Ashcroft are heading; they just aren't aware of the historical precedents they are following.
Re:From tactical to practical (Score:5, Insightful)
Another reason I don't like biometrics, however, is that you cannot compartmentalise your authentication information any more. If, say, the tax people, phone company, bank and the police all use your biometric information to authenticate you, then that provides for a massive spillover in (authentication) information that you can't control - for the same reason that it is a bad idea to have the same PIN code on your ATM card and your GSM phone PIN, it's a bad idea for everybody using the same info to authenticate you. Nowadays, if somebody can impersonate you to the phone company, all they can do is run up high bills or get you disconnected or something. But if you're a phone company employee with access to someone's biometric info, you're a small step away from being able to impersonate that person to their bank, passport authority, etc., and take over their life.
Even worse, as above, you can't change your info if it's compromised. Remember that biometric info is just a fancy password, with all the password weaknesses, with the advantage that you don't have to remember it, and the disadvantage that you can't change it or get a new one. People can intercept and replay your password (biometric info) to scanners, it's just very simple symmetric and unreliable information in the end, relying on the trustworthiness of biometric scanners to be trustworthy. And of course the path from the scanners to the device interested in your identity..
Biometrics aren't a silver bullet.
Please... mr Ckwop.. get a clue! (Score:4, Insightful)
In practice, this is a nonsense argument. For example, most people here know that WinXP copy protection can be broken with the help of a few google searches that lead to a few russian websites. there are trivial ways to defeat masterlocks and the ordinary sort of locks that 'secure' house doors. modern money *can*, with enough patience and technical skill, be counterfeited.
And yet microsoft continues to have a keycode unlock to winxp, houses continue to have locks, and treasury departments still spend quite a bit per bill to give them 'security features.' why?
Because as anybody who would rather think about this for two seconds (rather than just whoring up for +5 insightful, as you have) could see, protection in a real and complex world is not about *absolute* protection, it's about decreasing the *rate* of violation/infringement.
I know several people who have bought XP where they pirated 95/98/whatever because of their fear of the online activation system. People continue to have locks on their houses because it will make their house less likely to be burgled, and the counterfeit protection on money stops all but the most determined counterfeiters.
Likewise, biometric data will NOT "prevent" or "halt" illegal immgrigration in an absolute sesns and it is unreasonable to claim that's what it's "meant to do." Rather, it will SLOW THE RATE of illegal immigration (if not terrorism--that is obviously less of a statistical process because of the smaller data set). What is stopping them from getting a *real* passport with teh correct biometrics in a different name? have you ever tried getting an illegal passport of the regular kind? it's not easy! now, try finding somebody who provides an illegal passport with an embedded chip in it! not easy at ALL, especially given that for example, you know, when a UK passport is scanned at a US border, the US queries (or can query) the UK systems to vouch for the authenticity of the passport.
To claim that anybody who wants to "immigrate enough" is bullshit. Sure, there will always be the top n% who are determined, clever, and connected enough to beat any system. But with inceased smart security such as biometrics in concert with other ideas, this n% becomes smaller and smaller.
MOD PARENT DOWN as he has provided NO INSIGHT
Re:Failure rates. (Score:3, Insightful)
Anyway, surely the system is only for authentification and not identification? I.e. they have your iris on record, you input your name and give them the iris scan. If the two match, you are who you say you are. I seriously doubt they will just scan your iris and search a database for a match. The only reason they would do this is for identifying criminals, but they would only need to scan the database if they did not have your name on the system already.
This is speculation, but I expect in those 4% of cases, if the people blink a few times and wipe their eyes, it would work a second time.
Re:Please... mr Ckwop.. get a clue! (Score:2, Insightful)
A terrorist is by definition more resourceful then your average crook/partisan. They have sophisticated tools and are knowledgable about any technology they want. Either they enroll in some college/unversity to study the subject or find someone with the right knowledge to join their cause.
Most *real* terrorists are very high skilled and intelligent people with enough resources to do just what you say is near to impossible. It is pretty easy to get any kind of legal document without any data filled in as is proven year after year after year. When cracking down on some sort of terrorist cell they still find those kind of documents. It is very easy for some terrorist organisation to get the monetary means to do this.
The fact still stays that it is impossible to identify a terrorist without infiltrating in their organisations and get all the information you need to create a database of suspects. Most terrorists are unknown to the authorities and can do whatever they want without having to rely on illegal means of entering a country. And if they have to rely on those means they will really make sure that their counterfeited documents are near impossible to detect as such.
Illegal immigrants are btw entirely different. Most try to enter a country by other means then a plane just because it is allready too difficult to enter a country that way. Most illegal immigrants enter the country by crossing a border by night, as a stowaway on a boat or by landing form a boat on some remote part of the coast. The few that try to enter by plane are usually caught anyway.
Authorities know that it is not possible to catch terrorists this way. They only want some means to keep track of EVERYONE instead of terrorists. The terorist angle is just used as a smoke screen to make the people meek and willing to accept any kind of privacy invading technology.
Politicians don't cry! (Score:3, Insightful)
This report is patently false. Why? This news comes from a politician. We all know that they void of human emotion therefore they cannot cry.
Am I missing something? It stopped "working" (Score:2, Insightful)
Both the register and this slashdot article act as if crying or eyelashes will 'authorize you' when in fact, it just ensures that you fail.
Nice reporting.
Re:Tech meet Typical (Score:5, Insightful)
Re:Please.. Mr Blunket/Random authority.. Get a cl (Score:3, Insightful)
-B
Re:Tech meet Typical (Score:1, Insightful)
If you don't like bush but don't think kerry is any better vote for a third party. It isn't wasting your vote nearly as much as voting for a person you dislike. Personally I think the best thing for the presidency is for us to have a series of 1 termers. Then they might realize that they can't just play to special interests.