Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Biotech Privacy

UK To Start Biometric Passport Trials 153

pearljam145 writes that the "UK is planning to test biometric passports that will include face and iris or fingerprint recording and recognition for a 6 month period on 10000 volunteers. Read here for more details. A face recognition chip is going to be the primary biometric and iris or fingerprint scanning will be use as a secondary biometric. However face recognition might not be the perfectly viable solution since it has produced too many false positives in the past. Face recogntion to this date is not robust enough to support real time recognition in a crowd (more failures?). Only with cooperation of the subject does this system produce good results. So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques?"
This discussion has been archived. No new comments can be posted.

UK To Start Biometric Passport Trials

Comments Filter:
  • by tcopeland ( 32225 ) * <tom&thomasleecopeland,com> on Saturday December 13, 2003 @11:51PM (#7714192) Homepage
    ...with their attempts to get J2EE certified [hostingtech.com]. SchlumbergerSema, that is. Cool.
  • Favorite quote... (Score:5, Informative)

    by gloth ( 180149 ) on Saturday December 13, 2003 @11:59PM (#7714225)
    "One of the reasons we are doing this with passports first is because the U.S. government has said it will require biometric passports for people wishing to enter the United States," the government spokesperson says. "At first that was to begin in October 2004, but that has be delayed to an unspecified date in 2005."
    • by Guppy06 ( 410832 )
      "One of the reasons we are doing this with passports first is because the U.S. government has said it will require biometric passports for people wishing to enter the United States,"

      That's rather interesting, considering how much money it would cost to set up such an infrastructure in a country. Looks like if you're not from a first world country, we don't want you here. Mexico who?
      • by zCyl ( 14362 )
        That's rather interesting, considering how much money it would cost to set up such an infrastructure in a country. Looks like if you're not from a first world country, we don't want you here. Mexico who?

        As soon as they're done postponing the date for requiring biometric passports, they'll start reading the biometrics of the countries that have them, and spend more time harassing the people from other countries. This will in turn give us a false sense of security. The worst criminals can spontaneously ap
        • by Guppy06 ( 410832 ) on Sunday December 14, 2003 @01:41AM (#7714587)
          "The only case this will affect positively is that of someone who already has a criminal record which includes biometric data, has the resources to acquire a fake passport, but does not have the resources to fool a biometric sensor."

          Not even. I don't know about other countries, but I know my US passport is good for ten years. So even if the US required biometrics tomorrow, we'd still have to wait until the end of 2013 for the change to have any real effect.

          What would be more productive (and probably cheaper) than requiring biometrics would be better ways of verifying the passport itself. The Bureau of Engraving and Printing is doing all sorts of things to make US paper currency more secure, but even paper currency from the 1980s is more difficult for counterfeiters to reproduce than your typical passport. Heck, driver's licenses and state ID cards are harder to forge. And let's not forget birth certificates while we're at it.

          The only thing requiring biometric information on passports accomplishes is it allows the US government to collect and store the biometric information, from citizens as well as foreign nationals.
    • Question from the UK here to our American colleagues.

      One of the reasons we're being forced into this idea is because of the US insistence on foreign nationals carrying biometric-enabled passports...

      Is the US proposing biometric passports for its own citizens?

      I'd love to know the answer.

      Thanks in advance
      Mike.

  • Limited trials? (Score:5, Interesting)

    by Wingchild ( 212447 ) <brian.kern@gmail.com> on Sunday December 14, 2003 @12:00AM (#7714235)
    The UKPS will carry out the trials at "various locations" throughout the UK, using four fixed, one mobile, and one portable unit, with one of the locations being a passport office.

    It seems like their trial might be a little limited in scope, don't you think? I understand from the article that this trial is being run by the Passport Service, so presumably the various test stations will be deployed for use in areas of entry to and egress from the UK ... but damn, they have a world of international travel going through, and only four permanent stations (!) to test with.

    I wonder why the numbers are so small.

    Other curious questions involve what you'd use a mobile station for -- not portable, but truly mobile, i.e., mounted in a vehicle or similar; stop someone on the street randomly to see if they have a passport and if they're participating in the trial?
    • About 30 years ago, Frederick Forsyth wrote The Day of The Jackal (and it was then made into a superb film - well recommended if you haven't seen it).

      In the book and film, the Jackal (a hired assassin) applies for a copy of the birth certificate of someone who had died as a child. When he gets it, he uses that to apply for a passport in the name of that person.

      A year or so ago, some investigative reporters used a similar method to get hold of Frederick Forsyth's ID and get credit cards, etc, in his name.
      • It will help stop people getting multiple identities. They'll apply for a passport in the name of the dead kid, but then the system will raise a little red flag saying the iris and fingerprints match someone else who already has a passport.
  • by Anonymous Coward on Sunday December 14, 2003 @12:04AM (#7714257)
    Becuase you can change your password a whole lot easier than you can change your DNA.

    The flip side of not being able to lose or forget your biometrics is that you can't change it when it gets stolen. And, yes, people will find ways to spoof biometric authentication schemes into believing that they have your data. Whether it's fake fingerprints, or (more likely) some sort of data hack that sendst the computer the right bitstream for a given person's biometric data, once yours is gone, you're just hosed forever.

    If your password or PIN gets stolen, you can make a new password, or get a new ATM card and a new PIN, and cancel the old ones. Once your biometric info is stolen or spoofed, you have the choice of cancelling it and not being able to authenticate anywhere, or just accpeting that your identity is stolen and will stay stolen.

    Biometrics are great if *combined* with a password. But by themselves, they're foolish for strong authentication. Just because your fingerprints are on your hand doesn't mean that there isn't a pattern there that could be stolen and stored somewhere by bad actors.
    • This is for identifying the owner of a passport. How is it worse or more error-prone or more insecure than eyeballing the passport photo and comparing with the guy in front of you? How many people actually look unmistakably like their passport photos? Are you arguing that if your passport photo is stolen, you'll have to get a new face?
      • How is it worse or more error-prone or more insecure than eyeballing the passport photo and comparing with the guy in front of you? How many people actually look unmistakably like their passport photos?

        The difference is that when they screw up your passport info, nobody's going to believe it. You really will need a new face.

    • But nobody can ever perfectly "steal" any of your biometrics. Sure, they can make gloves that contain fingerprint whorls good enough to fool the scanners of 2005... but the scanners made in 2006 might also feature a chemical sniffer that determines if its real skin or latex.

      And maybe they'll have contact lens in 2007 that will fake out a retinal scan... but the scanners made in 2009 will penetrate at different angles, showing up the lens with no problem.

      And the problem with a data hack is the location

      • But nobody can ever perfectly "steal" any of your biometrics. Sure, they can make gloves that contain fingerprint whorls good enough to fool the scanners of 2005... but the scanners made in 2006 might also feature a chemical sniffer that determines if its real skin or latex.

        Well fine then, I'll just have my gloves made from real skin.
      • The problem with this proposal is that the ID card is not just going to be used for border control or for access to services (where you might expect to find biometric readers).

        Blunkettcards will be used as a form of ID for almost all services (in much the same way as many American businesses rely on a driving licence or social security card for ID).

        In those places, a simple visual inspection will be made of the card - so you could use a fake card safe in the knowledge that the biometrics will never be c

        • In those places, a simple visual inspection will be made of the card - so you could use a fake card safe in the knowledge that the biometrics will never be checked.


          Hmm... I really, really want to disagree with you... but considering how rarely anyone actually checks my credit card signature against the one I put on the paper, I'll have to concede that if the biometric ID system spreads much beyond the airport/border/port area, we are pretty much fucked.

    • by bourne ( 539955 ) on Sunday December 14, 2003 @12:35AM (#7714372)

      Becuase you can change your password a whole lot easier than you can change your DNA.

      That's nice, but it has nothing to do with what they're doing.

      Passwords are authentication. Passports are identification. Identification and authentication are not the same. This use of biometrics would be more analagous to the username than the password.

      Keep in mind, also, that this is being used with passports. Passports, unlike ATM cards, are usually presented manually for verification. When the security guard wipes your fingers with an alcohol wipe and mashes them against the machine, spoofing the machinery (e.g., jelly fingers) is a bit harder.

      This might even fix the achilles heel of identification (licenses, passports, etc) which is that it is too easy to forge or bribe your way to a fake one. If the big ol' biometric databases notes that Mr. Hakim Faisal is registering for a second passport as Mr. Jorge Fuentes, then that should throw up a flag.

      • by JimBobJoe ( 2758 ) <swiftheart@gmail. c o m> on Sunday December 14, 2003 @02:35AM (#7714761)
        Passwords are authentication. Passports are identification.

        That depends on how you define "identification."

        Does a passport need your name on it to fufill its main task? The answer is a resounding no. The main purpose of the passport is to identify you as belonging to the class of citizens from country X. Most "name and face" transactions, wherein the name is significant, is not done with passports (it's done with normal photo ID cards. Now this is partially disingenuous...on your typical international trip, your passport is used for "name and face" on checkin to make sure your name doesn't appear on a list o'terrorists, and then a class transaction with immigration. But, having said that, the main purpose of the passport is still class authentication and not personal identification.)

        Which is why, incidentally, passports are rarely counterfeited just for name and face transactions. They are mostly counterfeited for class transactions.

        • BS.

          What you say might be true if you are IN the US... as there are lots of more common forms of ID that can be used for basically everything... though your passport will work for all of them as well....

          Living abroad, your passpot IS your identification, and trumps anything else you get. Expat living in some other country? You want a bank account? Let's see your passport. Pulled over speeding? Let's see your passport. Need to fill out any kind of local government documentation? Let's see your passport.
      • Actually, you are wrong. Passports are identification, yes, but the biometrics on them is intended to help authenticate you as the rightful owner of the passport.

        The assumption is that they can easily verify the passports validity against a database, so the problem is authenticating that you are who the passport says you are.

        One of the goals is to AVOID having to do manual verification. Frequent travellers to the US has long been able to be fast tracked through immigration if they're willing to register

      • This might even fix the achilles heel of identification (licenses, passports, etc) which is that it is too easy to forge or bribe your way to a fake one. If the big ol' biometric databases notes that Mr. Hakim Faisal is registering for a second passport as Mr. Jorge Fuentes, then that should throw up a flag.

        Unless the people making the programs accessing the information do not check for duplicates. And of course, there will have to be circumstances where it purposely ignores such things, because underc

    • I am curious why they are using facial recognition as the primary, iris and fingerprint are much easier to scan and much more reliable, although not practical at a distance. I've read the reports of fingerprints being spoofed and I suppose the same can be done with a contact lense for the iris. Facial recognition spoofing could be harder just because it relies on size and shape and not just lines, but that's pretty weak. So I'm curious why they would use the least reliable one as the primary . Any views? I
      • Because it's less controversial.

        Facial recognition and hand recognition, which both rely on shapes, is quite unreliable if used for identification, and as such certainly not foolproof to use for authentication as well.

        However it means you won't have to put your fingers on some plate, or step up to a scanner to have your irises scanned, which apparently causes more resistance because it reminds people too much about dystopian sci-fi and makes people think about police (the fingerprints) treatment of susp

        • That is an interesting image and unfortunately, not unexpected, however, I feel a greater unease knowing I can be reliably identified at a distance. I would much prefer the discrete identification that requires me to place my hand on a plate or look into a laser (although I'm not thrilled about the laser.) Your argument is convincing though, that the public prefers that which is least invasive and gives the greatest sense of security. I do need to research how hard it is to spoof facial recognition. Its ea
        • TBH with the eye ones the last thing I want is some damned laser pointing at my retina - If I wanted laser eye surgery I'd damned well pay for it (yes I know they're supposed to be too low power to have a risk, but what if they go wrong or some idiot decides to crank the power up to see what happens?)
    • Not necessarily. You could restrict the biometric identification to just one chromosome or one sequence of DNA. In modrn DNA tests, they only look at certain sequences and those are sufficient to make a positive identification. The same could be applied to this. Thus, if you feel one sequence has been compromised, you can switch your password to a different sequence of DNA in your chromosomes.
    • I remember the last time my face was stolen for my passport picture, I had to get my face changed. Thus they should remove the photos from passports too. Get real.

      Biometrics won't replace password authentication (at least not anytime soon). But there's a lot of places that you DON'T have a registered account that they can just do a password lookup. It's just not practical to have an international database of people and passwords (or a series of individual databases). With all the bureacracy and red ta
  • by diodesign ( 673700 ) on Sunday December 14, 2003 @12:05AM (#7714258) Homepage
    As NTK [ntk.net] pointed out last week, MORI are looking for people [ntk.net] to take part and raises a point on skewed statistics, maybe?..

    "Pollsters MORI will be ensuringthat the Digitised 10K will be a representative sample the UK population: and here's where it gets interesting. MORI are inviting people to apply. Assuming that those most worried about biometrics in society aren't going to leap at the chance to be fingerprinted in advance of the giant Orwellian (etc) database, why not help the sample from getting a bit too skewed? Plus who wouldn't want to mess with cool, hackable, potentially dystopian gadgets?"

    Seems a oppotune time to get my passport renewed, perhaps.

  • I really don't feel comfortable with all of that. Personally I feel that if some one is going to beat the system, they are going to do it no matter how secure it is. With that many people it is impossible to not let some one slip through the cracks. I think a piece of paper, a stamp, and a few good forms of ID is enough.
  • by Anonymous Coward
    Sadly, this doesn't surprise me, being a UK citizen. It's like 1984 over here.
    • by vidarh ( 309115 )
      In some ways perhaps - CCTV cameras are very common here and used in ways that would never have been accepted in Norway for instance where I'm from. As an example, in central London a large part of the major roads are covered by CCTV, while in Norway there was an extended public debate about the installation of CCTV to cover just the area around the main railway station in Oslo.

      In other areas, not. Contrary to many other countries, the UK doesn't have a central database of all citizens for instance. You d

  • Well, heck. There's been 'face recognition' biometric data on most people's passports for over a century already. As long as said 'biometric data collection' methods have existed, there have been people, i.e. the Amish, who've objected to it.

    This isn't really anything more, other than possibly higher resolution recordings.

    • Well, heck. There's been 'face recognition' biometric data on most people's passports for over a century already. As long as said 'biometric data collection' methods have existed, there have been people, i.e. the Amish, who've objected to it.

      This isn't really anything more, other than possibly higher resolution recordings.

      (troll? what a putz some moderator must be)
  • by Eevee ( 535658 ) on Sunday December 14, 2003 @12:13AM (#7714292)

    So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques?

    Passports are inherently obtrusive. You walk up to the person in the uniform behind the desk, hand over your passport, and wait for them to decide if it matches you. Matching a face by camera at this point is no more of a bother. (Well, if you don't pass the scan, it is...but that's a different subject.)

    Plus, the people manning the desk control the lighting and the positioning of your face. If you don't take off your sunglasses and look straight ahead, you don't pass. This will improve the performance of the software far above the 'scan the crowd' attempts. You'll still have some false positives, of course; but all systems dealing with humans do.

    • There is one significant difference: We have a reasonable expectation that in most cases that only limited information is kept about us. If the passport system contains detailed biometrics, there are no more technical barriers (such as lack of data with the current system) stopping the government of whatever country we're entering (including our own) from tracking our movements and in general invading our privacy in any way they see fit.
      • There is one significant difference: We have a reasonable expectation that in most cases that only limited information is kept about us. If the passport system contains detailed biometrics, there are no more technical barriers (such as lack of data with the current system) stopping the government of whatever country we're entering (including our own) from tracking our movements and in general invading our privacy in any way they see fit.

        The UK government has already proposed linking all government data

        • The UK government is so disorganised that if they tried to link up the databases they'd probably screw it up. Even the databases you'd think would naturally be linked (eg. unemployment benefit and housing benefit) are completely separate and largely on paper - requiring you to fill in *more* paper just to tell one department about what the other department is doing.
          • The UK government is so disorganised that if they tried to link up the databases they'd probably screw it up. Even the databases you'd think would naturally be linked (eg. unemployment benefit and housing benefit) are completely separate and largely on paper - requiring you to fill in *more* paper just to tell one department about what the other department is doing.

            Oh I agree it would be a disaster, but the repercussions would be felt by those people who need government services. The recent fiasco with

  • Imagine... (Score:4, Funny)

    by Zapperlink ( 635003 ) on Sunday December 14, 2003 @12:20AM (#7714318) Homepage Journal
    Imagine the privacy invasions with these techniques but imagine also the coolness of the future finally becoming the present.
  • by bmzf ( 731840 ) on Sunday December 14, 2003 @12:22AM (#7714331)
    of people getting their body parts stolen. Ouch.
    • by Anonymous Coward
      now you wont wake up in a bathtub with your kidney stolen, just your index finger. i for one welcome our new orwellian overlords.
  • by richg74 ( 650636 ) on Sunday December 14, 2003 @12:26AM (#7714342) Homepage
    The Economist, in its Technology Quarterly [economist.com] section, has an article on biometrics [economist.com], including face recognition.

    Among other things, the article makes the very good point that there are two ways to use biometrics: for identification (i.e., who is this J. Random Person), and for authentication (i.e., is this really Rich, as he claims to be).

    Tests of face recognition for the first purpose have basically been miserable failures, as far as I can see. (As I'm sure most Slashdotters know, facial recognition is computationally a vey hard problem, even though we clever apes do it all the time.) For the second application, face recognition or fingerprints would seem more promising, since one is comparing them with, in effect, a known right answer.

    The article also points out that all of this is being sold as a way to "increase security" -- but it would have done exactly nothing to prevent 9/11, since the hijackers entered the US and traveled as themselves.

    /Rich

    • it would have done exactly nothing to prevent 9/11, since the hijackers entered the US and traveled as themselves

      Perhaps some did, but not all. Apparently at least 2 of them [bbc.co.uk] were alive a couple weeks after the attacks. One of them, for example, says he "lost his passport while studying in Denver". Presumably the real hijacker used that passport, or one based on it but with a new picture, when he entered the country.

      Whether the owner of the "lost passport" actually helped the hijacker by faking a lost

      • Yeah, I'm sure refugees running from oppressive regimes with strong security force presences in their embassies would see it as an "advantage" if their embassy automatically knew they were in they country. Israel and it's history of assassinations outside their own borders springs to mind (including at least one case where Mossad, the Israeli intelligence agency, murdered the wrong man in Norway because of a mistake).

        Now there would be an incentive for faked passports or human smuggling.

      • I was basing my statement about the hijackers on the Economist article:

        The trouble is, it is not clear that these identity-verification systems are worth the cost and trouble of introducing them. All 19 of the September 11th hijackers entered the United States using valid visas, on their own passports, for example. Verifying their identities using biometric visas would have made no difference.

        In any case, even if we had all the technology you describe, it would not solve the problem, because the probl

  • Earlier this year when homeland security reported a new secure VISA system, this was what I had in mind - iris and fingerprint data along with the usual photo & dental records on one smart card. Then the Bush admin went ahead and put a year (or more) delay into whatever they do think was secure, supposedly so as not to disturb the busy european terro^h^h^h^h, er, tourist season. I guess keeping citizens safe isn't real big on Bush's agenda.

    I think it just makes sense to push for a full biometric smart
    • Earlier this year when homeland security reported a new secure VISA system, this was what I had in mind - iris and fingerprint data along with the usual photo & dental records on one smart card.

      It's good to know that your government takes your personal opinion so seriously.

      Then the Bush admin went ahead and put a year (or more) delay into whatever they do think was secure, supposedly so as not to disturb the busy european terro^h^h^h^h, er, tourist season. I guess keeping citizens safe isn't real big on Bush's agenda.

      Or, just perhaps, given that the US is in effect demanding that all other countries do what it wants, it was giving them a little bit more reasonable an ammount of time to implement a system that has little point beyond jingoistic technobable-like 'look, look, we're doing something, please re-elect us' politico-speak.


      I think it just makes sense to push for a full biometric smart card for an international VISA/passport system.

      Possibly, but if it's too US-led, people will see it (however correctly) as an attempt to erode their sovereignty in favour of America.

      We have the technology, we have the knowledge, we have the money, and every country that participates fully will be a little safer.

      You might have the money, but does, say, Rwanda, or Indonesia? Can there not be made an argument that this is effectively protectionism as to the kind of people economically 'allowed' in to the country to conduct business, &c.?

      Take this along with full background checks and no 'favored' nation nonsense.

      Apart from the obvious cost implications, well, countried get 'favored' status for a reason - they have (what are regarded as) 'sufficiently' thorough security on the other side. Indeed, having seen my fair share of airport security, I'd say that the laxest I ever saw was for a (domestic, but even so) flight from Denver to Washington (pretty much nothing beyond my bag getting spot-checked for explosives' residues), as compared to a flight out of Sri Lanka (including what felt like a highly competent mandatory body pat-down - thrice - and canon emplacements around the airport).

      Limit diplomatic passes to only those people needing them and yank it if the person even gets a jaywalking ticket.

      Yeah, sure, let's dispose of several hundred years of diplomacy because it's a system that can be exploited.


      You either get seriously tough on security, or admit defeat. You can't show you are securing the country if kids can still buy pot, crack and smack.

      Yes, because it's well known that kids who do drugs grow up to die in terrorist-related activitiy. What?


      Back on-topic, I see no reason for people to object to the use of computer-read, rather than human-read, biometric data (height 182 cm, weight 72 kg is biometric data, after all), as long as it is used for a reasonably good, but not necessarily perfect, confirmation of identity - after all, if the data matches, all that means is that the person is who the database says they are claiming to be, but not necessarily who they actually are...

      • Back on-topic, I see no reason for people to object to the use of computer-read, rather than human-read, biometric data (height 182 cm, weight 72 kg is biometric data, after all), as long as it is used for a reasonably good, but not necessarily perfect, confirmation of identity - after all, if the data matches, all that means is that the person is who the database says they are claiming to be, but not necessarily who they actually are...

        I rambled on a bit previously.

        I believe that the US government owes i

        • embassies can issue passports

          Only in very unusual circumstances (such as loosing one's passport). Do you mean, perhaps, visas?

          If you mean that people should only be allowed into the US on pre-accepted visas, well, OK, but I (as a citizen of the European Union) can move freely between 15 (and soon to be 25) countries with ease, and normally without a check of my passport in the first place (unless travel is by air, that is, as there aren't European terminals as well as international ones), and in practice, also into and out of Switzerland - I once went from Austria -> Switzerland -> Italy -> France -> Switzerland -> Germany -> France -> United Kingdom, and only got my passport checked on arrival in the UK.

          It is widely believed that this freedom of movement has benefitted the EU's member states greatly (especially economically), and that security has, if anything, been increase, by concentrating on intelligence rather than rote scanning of all incomers. Why could this system of trusted others be kept in use in the US/.

          • And to add to that, the reason you got checked in the UK is that the UK isn't a member of Schengen, which is the passport cooperation.
            • The UK position on this is that you do NOT need a passport to enter the UK if you are a citizen of the European Union, HOWEVER, you must be able to prove that you are an EU citizen.

              Guess what you need to show to prove that?
          • Only in very unusual circumstances (such as loosing one's passport). Do you mean, perhaps, visas?

            If you mean that people should only be allowed into the US on pre-accepted visas, well, OK

            Yes, that is what I meant.

            People can apply for visas to visit the US and be issued a smart card passport/visa to pass customs/security. The US embassies would do all background work and process the smart card visa/passport. Countries with embassies would not need to purchase anything, only supply whatever information an e

      • You either get seriously tough on security, or admit defeat. You can't show you are securing the country if kids can still buy pot, crack and smack.

        Yes, because it's well known that kids who do drugs grow up to die in terrorist-related activitiy. What?

        If tons of crack can still make it over the border, how can you expect to keep terrorists out? We have drug sniffing dogs and robots, how are those people sniffing dogs coming? And big bags of white stuff tends to stand out more than another normal looking

  • by webwench_72 ( 541358 ) <webwench_72&yahoo,com> on Sunday December 14, 2003 @12:30AM (#7714352) Homepage
    It's a long story, but I don't have stable fingerprints; scarring interferes with them. Any time I've needed a fingerprint check (for example, my concealed-carry permit), it was problematic producing 'acceptable' fingerprints in the first place, and thereafter difficult to match current fingerprints to old ones. Although this could make me a great secret agent or something, I'm going to have trouble if any future employer of mine moves to simple fingerprints biometrics as a means of identification.
  • by Stile 65 ( 722451 ) on Sunday December 14, 2003 @12:34AM (#7714368) Homepage Journal
    I'd be much more comfortable with using a smart card [chaum.com] that stored my biometric info inside itself. It may not fit into the whole "a-passport-is-a-way-to-track-you-and-privacy-gets -in-the-way" mindset, but I definitely wouldn't feel comfortable with the government scanning any kind of biometrics off me just to board a goddamn plane to Canada, whether it's fingerprints or retina scans, or anything else.

    If I make no sense in this post, you'll have to excuse me. I'm a little intoxicated tonight.
  • by Anonymous Coward on Sunday December 14, 2003 @12:40AM (#7714391)
    When will they start examining stool samples as well?

    "Sorry, sir, we have detected couscous and figs in your feces. If you'll kindly step over there towards the gentlemen with the M-16s, they'll escort you to your flight to Guantanamo Bay."
  • At least.. (Score:5, Funny)

    by Exiler ( 589908 ) on Sunday December 14, 2003 @12:48AM (#7714413)
    At least they're not using it for authentication... now, where did I put that key.. *flips through his keychain of severed fingers and eyes*
  • by LordK3nn3th ( 715352 ) on Sunday December 14, 2003 @12:55AM (#7714438)
    How will this effect movie stars and other famous people such as Michael Jackson? People who alter their faces like I change my socks will obviously be having problems.

    On a more serious note, how does this effect people who are the result of severe burns, car accidents, plastic surgergy, radioactive mutations, aging, etc? Obviously if someone's face is altered they will have some problems.
    • by Jon Chatow ( 25684 ) * <slashdot@jdforrester.org> on Sunday December 14, 2003 @01:39AM (#7714581) Homepage
      I believe that, at this point, you get a new passport (under UK law, at least, you are required to update your passport if your appearance changes - biometrics would just be another facet of your 'appearence').
      • It would be quite embarrassing for, say, a burn victim to have to take a picture of themselves like that.

        Although it might be necessary. Still, what if someone was in the healing process or getting their face repaired, which may take multiple operations over a period of time? As I understand it, getting your body/face repaired after a severe accident can take quite a while, I don't think it happens overnight with a single surgery. Although I might be wrong.
        • jesus h christ... why do people come up with the stupidest examples imaginable just to be argumentative?

          I have difficulty imagining there are hordes of people in the middle of massive reconstructive surgery going on holiday and about to bring the passport system crashing down around them.

          even if there were, how does it differ from the current photo only passports? surely having face AND iris AND fingerprints makes the situation a lot better?
          • What if your head and hands gets hacked off?

            Seriously, though... you do need to take into consideration small things like this. Would YOU like to be thrown into a loop because of the current limitations of technology?

            Iris and fingerprints are probably more reliable. I was, however, referring to just the face portion.

            I don't really have any problem with scanning eyes or fingerprints, although I wonder how a severe-burn victim with no eyes and no hands would deal with this... ;)

            We can't automate the pro
        • Another issue is how do you `identify' the person who comes in with a passport where the picture doesn't match, and they claim to have been in an accident? (do you give them a new passport with a new picture?)
    • Does he really have an identity ?
    • On a less serious note, if criminals offer to "rearrange your face", you might actually be interested.
  • They will have to figure out how many fingerprints they will have to store, maybe all, a cut can obscure a finger print.
  • by Net Spinner ( 732666 ) on Sunday December 14, 2003 @01:26AM (#7714546)
    Read an interesting take on biometrics in the last Cryptogram that Schneier puts out. If you think about it, biometrics really have NO positive impact on actual security. They're more of a placebo for the average non-security minded person. This is precisely why you see a great deal of hype around them and very little real security. Government officials, last I checked, aren't the most savvy people in the world. Especially the ones who graduated last in their class...

    Blurb out of the Cryptogram:

    "So it is our opinion, that as long as the manufacturers of fingerprint equipment do not solve the live detection problem (i.e. detect the difference between a live finger and a dummy), biometric fingerprint sensors should not be used in combination with identity cards, or in medium to high security applications. In fact, we even believe that identity cards with fingerprint biometrics are in fact weaker than cards without it. The following two examples may illustrate this statement.
    1. Suppose, because of the fingerprint check, there is no longer visual identification by an official or a controller. When the fingerprint matches with the template in the card then access is granted if it is a valid card (not on the blacklist). In that case someone who's own card is on the blacklist, can buy a valid identity card with matching dummy fingerprint (only 15 minutes work) and still get access without anyone noticing this.
    2. Another example: Suppose there still is visual identification and only in case of doubt--the look-alike problem with identity cards--the fingerprint will be checked. When the photo on the identity card and the person do not really match and the official asks for fingerprint verification, most likely the positive result of the fingerprint scan will prevail. That is, the "OK" from the technical fingerprint system will remove any (legitimate) doubt.
    It is our opinion that especially the combination of identity cards and biometric fingerprint sensors results in risks of which not many people are aware."

    Full article is here:
    http://www.schneier.com/crypto-gram-0311.ht ml
    • He also has an interesting article dealing specifically with biometrics in airports [schneier.com], specifically facial recognition. Without explicitly showing the math, he applies Bayes rule to calculate the false positive rate of a fantastically accurate system. Since the frequency of terrorists is quite small, the rate of false positives is incredibly high and it such a system would simply train the human operators to ignore its positives.
    • You're jumping to conclusions when you say that biometrics are worthless, just because certain devices and applications have problems.

      Many high-security areas use biometric devices in addition to traditional methods such as badges, access codes and guards.

    • Consider, for your second item, what happens for someone right now in the passport system. You end up with basically three possibilites mapping to two results. The end cases are easy--you look like the picture and go through, you don't look like the picture and you're rejected. However, you have a middle ground where you look enough like the picture to exclude you from the third class, but there's enough differences to exclude you from the first class. There is no other help for the passport officer to deci

  • Didn't they see Gattaca? Once we start using biometrics, it will become this all knowing system where once you are biometrically identified, you will be considered the real thing even if it seems like you probably aren't. It will be like that guy from the 80s movie saying "Computers never lie, kid."

    I can just imagine my biometric record getting screwed up because of some random computer bug, and guys with shotguns and big dogs coming out when I show my passport the next time I travel internationally...
  • The horrible state of English dentistry means that each Britian possesses a set of uniquely fucked-up teeth. Simply entering them into a database should be trivial.
    • Making things even simpler is the useful fact that the population of Planet Earth contains precisely zero "Britians", whatever they are.
    • What the fuck would you know? Ever been to the UK? No? Didn't think so.

      For your information, dentistry here is free on the NHS, which means that British kids get a check up every six months and free correction. I'd bet good money that if you took 1,000 British kids and a 1,000 American kids at random then you'd find it was the group from the US that more uncorrected problems than those from the UK.

      This "British people all have bad teeth" joke is so laughable, if only because the opposite is true.
      • Free or at least partially-subsidised at the point of use, via the National Health Service, yeah right. So it is, *if* you can find an NHS dentist taking on new patients. Which you can't!

        The UK bad-teeth thing IS true, at least on people aged over about 40, due to earlier recognition of the importance of dental hygiene in places such as the US.
  • So, corrupt officials get one more thing to sell, and the terrorists need only subvert a database to be whoever they want to be!

    Stupidity really is the most abundant element in the universe. People think it's hydrogen, but they haven't taken the density into account.

    -jcr
  • beard? (Score:2, Interesting)

    by mr100percent ( 57156 ) *
    Wouldn't growing a giant beard throw biometric readings off? Perhaps if I wore my glasses too?

  • Why?
  • by aaaurgh ( 455697 ) on Sunday December 14, 2003 @03:46AM (#7714951)
    <Boris> Igor, fetch my identity. </Boris>

    <Igor> Yeth, mathter. </Igor> (opening suitcase full of body parts)
  • Gattaca (Score:4, Interesting)

    by theolein ( 316044 ) on Sunday December 14, 2003 @03:52AM (#7714968) Journal
    I think the only reliable method of biometric data would be to include a DNA sample in one's passport and then use a device a la the ones in the Gattaca movie to take a small blood/hair/skin sample at the airport or where ever. The others are either too simply faked (fingerprint testing) or open to abuse (face recognition) unless only used as confirming factors in a passport, not as a replacement for the actual passport itself.
    • What if my identical twin brother decides to make terrorism his profession?
    • The whole point of Gattaca was that these systems are not fool-proof. The main character was able to get around these systems with various tricks (urine replacement, blood sample pouches on the finger, etc.).

      -molo
  • Its called passport control,
    What do you think their doing when they look at the photo in the back of your passport and compare it to your face?
    So a computers going to do it instead, What makes the process more obtrusive because its automated?
  • by vidarh ( 309115 ) <vidar@hokstad.com> on Sunday December 14, 2003 @06:23AM (#7715238) Homepage Journal
    The reason the UK, and the rest of Europe, is moving to biometric information is passport is that the US government demands that passports with biometric information start being issued to all citizens of countries that can enter the US without a visa.

    So in the near future it's either biometrics, or having to apply for a visa to get into the US.

  • <blockquote>So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques</blockquote>

    Modern techniques of Iris recognition can obtain ultra-high resolution images of the Iris (used for verification of identity) from video in a matter of seconds from metres away.
  • When Joe Bloggs goes along to have his eyeball digitised, presumably he has to take some supporting identification from an existing system - passport, national security number whatever.

    Now we've been told that the reason for ID cards is that the existing databases are corrupt - full of dead people, fake records and so on.

    Which means that we are putting garbarge into the system. Someone who already possesses a fake ID can simply go along with their false identification, get their eyes scanned and be give

  • John Daugman from Cambridge, UK. Wrote in this weeks New Scientist that, The Ministry Of The Interior in the UAE has been using iris recognition to detect those expelled for Visa violations entering through all 17 air,land and sea ports. The ministry has a database of 293,406 iris' and according to the ministry they have run 1,011,876 searches against the database and the 3684 positive hits have all been confirmed by other means.
  • However face recognition might not be the perfectly viable solution since it has produced too many false positives in the past.

    False positives aren't too much of a problem here. I think face recognition has about a 1/1000 false positive rate, which is a killer for crowd recognition, but would be entirely acceptable for this application (the result would be that 1 time in a thousand somebody tried to use someone else's passport, they wouldn't be caught).

    False negatives are

You know, Callahan's is a peaceable bar, but if you ask that dog what his favorite formatter is, and he says "roff! roff!", well, I'll just have to...

Working...