Get used to biometrics, travelers told

Leaving on a jet plane? Then be prepared to undergo a biometric scan, Homeland Security chief says.
Photos: Biometric systems stand guard

The story "Get used to biometrics, travelers told" published May 26, 2005 at 5:25 AM is no longer available on CNET News.

Content from Reuters expires after 30 days.

[Gleeplewinky]

Silly... again.

Two issues: biometrics scans have a pretty high
false negative rate -- that is to say, they
frequently will return different measures for
the same person. This is fine for authenticating
someone for access whereby their biometric info
is in the database, because a failed match
simply means try again. But when doing the
opposite, trying to make sure that someone ISN'T
in the list, it's almost useless. If the method
averages 2 attempts to yield an imprint that
matches an imprint of record, a screening on
that data will fail 50% of the time. You might
use it to authenticate that an individual
matches their creddentials (passport) which may
contain a biometric imprint, but that simply
screens out those that don't have the resources
for a forgery (and, presumably, those that are a
threat have those resources; after all, the
issuer of the passport has the resources).

Worse: it screens for people and not threats.
That is to say, any individual may be a threat,
and only a fraction of those that are a threat
will be recognized as a threat - until they do
something (by which time it's too late). For
those that might suspect that they are labelled
as threatening, they can take a pleasure trip
somewhere and instantly know if they are being
watched. Assuming a negative on the screening
process, they know with certainty that they are
not being watched.

Where's the security? I understand this sort of
thing is great tool for authoritarian regimes,
but if we assume that we haven't come to that
quite yet, where's the logic?

[Gleeplewinky]

Silly... again.

Two issues: biometrics scans have a pretty high
false negative rate -- that is to say, they
frequently will return different measures for
the same person. This is fine for authenticating
someone for access whereby their biometric info
is in the database, because a failed match
simply means try again. But when doing the
opposite, trying to make sure that someone ISN'T
in the list, it's almost useless. If the method
averages 2 attempts to yield an imprint that
matches an imprint of record, a screening on
that data will fail 50% of the time. You might
use it to authenticate that an individual
matches their creddentials (passport) which may
contain a biometric imprint, but that simply
screens out those that don't have the resources
for a forgery (and, presumably, those that are a
threat have those resources; after all, the
issuer of the passport has the resources).

Worse: it screens for people and not threats.
That is to say, any individual may be a threat,
and only a fraction of those that are a threat
will be recognized as a threat - until they do
something (by which time it's too late). For
those that might suspect that they are labelled
as threatening, they can take a pleasure trip
somewhere and instantly know if they are being
watched. Assuming a negative on the screening
process, they know with certainty that they are
not being watched.

Where's the security? I understand this sort of
thing is great tool for authoritarian regimes,
but if we assume that we haven't come to that
quite yet, where's the logic?