There have been numerous incidents of innocent people being flagged as terrorists just because their names are similar. JMHO.

Yet, giving over control to a computer that is going to create a mathmatical model of our faces isn't the answer either. It is one step closer to the police state that we all fear.

This just gives the computer more information to make a better judgement.

It has to allow for false passports and identities to be created and used for official purposes.

to thousands, then tens of thousands, and ultimately millions of operators of security checkpoints as society grows more and more security-conscious.

Any system that accessible has to be vulnerable to hacking.. And, once compromised, that central database can become the source of millions of fake IDs that impersonate real people.

IMO, this is the fundamental fallacy of "secure biometric ID".

No technological advance can provide 100% security, because somewhere along the line a human is in charge of managing the system -- and human beings can and do circumvent the security that technology provides.

There is the concept of "security", and then there is the concept of "trust". At many points in any security system, the gates are guarded by people in a position of trust. These people are vetted, of course, to a greater or lesser degree based on the importance of the security system and their position within it. But people's loyalties may change, they may be threatened or bribed, or they may simply make mistakes.

Remember when that security firm was hacked by Anonymous, it was fall-down funny but there was a lesson there too. The CEO of the company insisted on using passwords that were not even minimally secure, that were short and easy to guess using automated methods. You would think that a CEO of a security company would be aware of, and would abide by, minimal standards for secure passwords. But this goes on all the time.

The idea of trust is why things like nuclear codes (and the Coca-Cola formula, so I've heard) must be held by more than one person, each of whom only has one part of the code. This way, any bribes or threats would have to work on two or three people, which is a good deal more difficult to pull off.

But never impossible. If there is enough money or power or terroristic intent, these barriers can be overcome regardless of technology.

But then the data would not be accessible. It would take at least a few minutes to use auxiliary encrypted codes for each of the trusted authorities to access all the biometric data--say, for a traveler at an airport--and assemble it.

Just image how long before your flight you'd have to show up at the airport!

There's a fundamental trade-off between data accessibility and data security that seems impossible to avoid.

...those 2- or more -person deals are for the really, really sensitive stuff. I'm all for using biometrics and 2- or 3-person codes when it's a question of launching nuclear weapons. But we can't really expect that level of security in our day-to-day operations, and it would indeed cause even more inconvenience than we have today.

Even when you get to the really, really sensitive stuff, you still have issues of trust -- or of hidden agendas. We already know that the FBI used and continues to use its resources to spy on peace groups, because in their opinion "peace group" == commie-hippie-America-hating group. Showing once again, the technology itself cannot ever protect us all by itself. We need to understand when we implement such systems, that we are entrusting other humans with our security.

Who watches the watchers? It's an age-old question.

It is quite practical to make the server for identity verification by the millions of checkpoints to be designed such that its programming and data cannot be changed by communications with the network. Changes to it would be done by taking the copy off-line, refreshing the data to the current date, and putting it back on line. There would be more than one such copy to ensure continuous operation.

The updating of the master copy would be done from many fewer sources using an identity enrollment process (and a death notification process). The design of the enrollment process is indeed a difficult one involving establishment of trust, chains of custody of the biometric samples, etc., but this is similar to what is done for criminal investigations and the handling of evidence today.

The establishment of false identies is an even harder problem, since it can't just be a new false record in the database. It may require establishing a whole past history to give the false identity a proper "legend".

The protection against illegitimate false identies is to have saveguards and an investigatory process to ensure that the false legend could not have been created by a less expensive conspiracy than the risk of improperly accepting a false legend. This is done currently by the "background investigation" process for various levels of security clearances.