Get Smart about Business Spending
(continued from previous page)
out. What the report doesn't bother to explain is that the DAC uses a one-to-one match system with a locally stored biometric. Every time you scan your finger, the system only tries to match it to the already enrolled fingerprint securely stored on your card.
Such systems can be configured to have negligibly small rates of false positives at the cost of moderately high false negatives. Basically, this means that it's virtually impossible for an unauthorized user to get in, but authorized users will occasionally get their scan rejected.
What do you do if your scan gets rejected? Don't panic! Just swipe your finger again. Even assuming a high false-negative rate of 5 percent, you'll only have to swipe your finger more than twice 0.25 percent of the time.
Unlike with passwords (which may be guessed with repeated attempts), there's usually no reason to prevent multiple attempts. In the movies, one bad scan usually results in machine gun fire or electric shock, but DHS vendor guidelines frown on such implementations.
After muddling through biometric accuracy rates, EPIC brings out another classic quasi-conundrum: If a biometric is stolen (and what does this even mean?), how can you revoke it, since the legitimate user still has the same fingerprint? I've heard this argument many times and it's usually intoned with Zen-like ("What's the sound of one hand clapping?") profundity.
The question has been answered many times: You revoke the card that the fingerprint is associated with. With a revoked card, the fingerprint is useless and can safely be enrolled onto a newly issued card.
The argument is valid against programs that use a biometric not associated with a physical card, but meaningless here.
There's also confusion in the EPIC report about PINs, which are referred to as a dangerous back door instead of just another authentication choice for system implementers. But by this time it's hard to take any of the analysis seriously.
The report's conclusion is worth quoting: "In the fall, hundreds of thousands of personnel will have access cards equipped with personal information, biometric and wireless technologies, and the security risks associated with their use."
Exactly. I bet a serious look at those risks would make for good reading.
Biography
Phil Libin is president of CoreStreet, an ID management and access control company in Cambridge, Mass. His regular thoughts can be found at Vastly Important Notes.
See more CNET content tagged:
RFID, EPIC, biometrics, Bluetooth, ID card
2005/04/security_risks_2.html :
Police in Malaysia are hunting for members of a violent gang who
chopped off a car owner's finger to get round the vehicle's hi-tech
security system.
The car, a Mercedes S-class, was protected by a fingerprint
recognition system.
Of course, some of the sensors out there are smart enough to distinguish a living finger and a dead one, but many criminals are very stupid and uninformed and would try it anyway. Fun, fun.
The problem with technology as it relates to security is always the same - as fast as an organization can discover a way to protect something, five others have found a way to crack the nut.
I'm not an alarmist, I'm a realist. Banks are losing personal data. Phishing steals away the secrets of hapless victims, people devise physical tricks to capture credit card information using ATMs. Is the search for another's ID suddenly going to diminish once there's a new lock on the door? I think not. Phil Libin and his company will have plenty of work in their future, and I'd bet they already know it.
But what kind of protection is that really? If an ID card, or a passport has a contactless chip in it that can be read by a device at a distance, then presumably there will be 10s of thousands, if not more, of these reading devices, each of which can read that very contactless chip, and will be able to do so for lifetime of the chip (maybe 10 years?).
What on earth is going to prevent a reasonably intelligent terrorist from stealing just ONE of those devices, and souping it up so that it can read from a considerable distance?
Or are we only worried about the incompetent terrorists, who won't figure this out?
In at least one of these components the human factor is critical to keep the security system secure. As we well know, humans are inherently insecure "devices" in the secured chain and because we can never cut the human factor away, the build up of a 100% secure system is so futile as the Perpetuum Mobile.
Any secure system should offer levels of broader access for control and administrative purposes. Here is where the human factor becomes critical, as the wrong guy(s) (terrorist, corrupted official) could do harm proportional to the number of users and importance of data depending of such system.
So again security is always going to orbit around user education and the high morale of the key persons involved in the maintenance of such systems.
Everything from impregnable databases, instantly displaying the details of wanted terroists to Homeland Security Officers (who incidentally have been found to be no more effective than the much maligned private security the airlines used to employ, and have also stated that technology will fix everything) to magic ID cards that will prevent 911 from happening again.
The flaws in these proposals are there for everyone to see. First of all there is no such thing as an uncrackable security system, secondly none of the proposed invasions on privacy would have stopped a single terroist from performing the attrocities of 911 (all of which had valid visas, and therefore would have easily obtained one of these new, techo-fix-all id cards). They didn't need to hide who they were, and several being listed in anti-terroism databases, were still able to board planes at will.
The other thing that constantly amazes me is that the US public is happy for their government to start spying on them, Nixon fashion, under the pretext that this will in some way protect them from terroism.
No doubt wiser heads than mine will explain how having national databases full of personal and biometric data will prevent people from other countries blowing up planes.
To be blunt Americans are being told that having their bank accounts monitored, their personal information stored in easily hackable, unencrypted databases, whilst at the same time carrying id cards that DO broadcast their identities well beyond the "several inches" often quoted, is in some way going to stop terroists.
All this is going to do is hand very large government contracts to this administrations friends and families, and while you may be able to prove beyond doubt who you are (yes, ofcourse, because all technology is infallible, and no one could possibly forge the identity of another person armed with a digital photograph on a plastic card, broadcasting it's data to anyone who can hack into the companies that produce said cards), terroists will be using their IT expertise (and you're a fool if you think they don't have any) to mass produce these so-called infallible id cards for their recruits to attack the US.
The worst part is that because everyone will believe these systems to be infallible two things will happen. First, when someone is wrongly listed as a person of interest, it will be impossible to get this corrected - because no one will believe that the system could be wrong, and secondly, when the system does query the id of someone using a forged card to enter the country, the very fact they're carrying one of these terroist-proof id cards will probably mean they get to pass through immigration without any problems.
- EPIC's response
- by June 17, 2005 3:18 AM PDT
- EPIC has responded to this article - http://www.epic.org/privacy/
- Like this Reply to this comment
-
(18 Comments)surveillance/spotlight/0405response.html