General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsBiometric National IDs and Passports: A False Sense of Security
https://www.eff.org/deeplinks/2012/06/biometrics-national-id-passports-false-sense-securityPeople tend to think that digital copies of our biological features, stored in a government-run database, are problems of a dystopian future. But governments around the world are already using such technologies. Several countries are collecting massive amounts of biometric data for their national identity and passport schemesa development that raises significant civil liberties and privacy concerns. Biometric identifiers are inherently sensitive data. As European privacy watchdogs have said, biometrics changes irrevocably the relationship between body and identity, because they make the characteristics of the human body "machine-readable" and subject to further use. This is why such identification schemes become particularly dangerous when used with unreliable biometric technologies that can misidentify individuals.
Regulators in several jurisdictions continue to romanticize the security and accuracy of face, fingerprint, and iris automatic recognition biometric technologies. But the existence of a significant amount of falsified biometric identification documents raises questions as to whether these technologies are too unreliable to prevent fraud, thus providing individuals and governments with a false sense of security.
Automatic Face Recognition in Border Control
Biometric data of individuals faces has been used since 2007 at various European border checks. Eleven airports in the United Kingdom now have e-passport gates that scan EU travelers faces and compare them to measurements of their facial features (i.e. biometrics), stored on a chip in their biometric passports. Although error rates of state-of-the-art facial recognition technologies have been reduced over the past 20 years, these technologies still cannot identify individuals with complete accuracy. In an incident in 2011, the Manchester e-passport gates let through a couple that had mixed up their passports. The UK Border Agency subsequently disabled the Manchester gates and launched an investigation.
Similar e-passport gates have been introduced in Australia and New Zealand. During the early stages of testing in Australia, the technology showed a six to eight percent error rate. Moreover, this technology also misidentified two men who exchanged passports. Nevertheless, the government refused to disclose the final error rates, citing security concerns.
Savannahmann
(3,891 posts)These ID's are so good, they can easily fool the Airport screens. They fool cops all the time. The only way to find out if the ID is a good one is to check the computer to see if a record exists. Yet, if you have an ID in the name of a real person, that may not work either.
I keep waiting for one of the Rethugs to suggest we live in Gattaca, where our DNA is tested to confirm our identity a dozen times a day, or more. Privacy has never been a Rethug concern. Well except the ability to keep the rich and shameless donors to those super PAC's nameless.
DCBob
(24,689 posts)There have been numerous incidents of innocent people being flagged as terrorists just because their names are similar. JMHO.
Savannahmann
(3,891 posts)Yet, giving over control to a computer that is going to create a mathmatical model of our faces isn't the answer either. It is one step closer to the police state that we all fear.
DCBob
(24,689 posts)This just gives the computer more information to make a better judgement.
FarCenter
(19,429 posts)It has to allow for false passports and identities to be created and used for official purposes.
ProgressiveEconomist
(5,818 posts)to thousands, then tens of thousands, and ultimately millions of operators of security checkpoints as society grows more and more security-conscious.
Any system that accessible has to be vulnerable to hacking.. And, once compromised, that central database can become the source of millions of fake IDs that impersonate real people.
IMO, this is the fundamental fallacy of "secure biometric ID".
ljm2002
(10,751 posts)No technological advance can provide 100% security, because somewhere along the line a human is in charge of managing the system -- and human beings can and do circumvent the security that technology provides.
There is the concept of "security", and then there is the concept of "trust". At many points in any security system, the gates are guarded by people in a position of trust. These people are vetted, of course, to a greater or lesser degree based on the importance of the security system and their position within it. But people's loyalties may change, they may be threatened or bribed, or they may simply make mistakes.
Remember when that security firm was hacked by Anonymous, it was fall-down funny but there was a lesson there too. The CEO of the company insisted on using passwords that were not even minimally secure, that were short and easy to guess using automated methods. You would think that a CEO of a security company would be aware of, and would abide by, minimal standards for secure passwords. But this goes on all the time.
The idea of trust is why things like nuclear codes (and the Coca-Cola formula, so I've heard) must be held by more than one person, each of whom only has one part of the code. This way, any bribes or threats would have to work on two or three people, which is a good deal more difficult to pull off.
But never impossible. If there is enough money or power or terroristic intent, these barriers can be overcome regardless of technology.
ProgressiveEconomist
(5,818 posts)But then the data would not be accessible. It would take at least a few minutes to use auxiliary encrypted codes for each of the trusted authorities to access all the biometric data--say, for a traveler at an airport--and assemble it.
Just image how long before your flight you'd have to show up at the airport!
There's a fundamental trade-off between data accessibility and data security that seems impossible to avoid.
ljm2002
(10,751 posts)...those 2- or more -person deals are for the really, really sensitive stuff. I'm all for using biometrics and 2- or 3-person codes when it's a question of launching nuclear weapons. But we can't really expect that level of security in our day-to-day operations, and it would indeed cause even more inconvenience than we have today.
Even when you get to the really, really sensitive stuff, you still have issues of trust -- or of hidden agendas. We already know that the FBI used and continues to use its resources to spy on peace groups, because in their opinion "peace group" == commie-hippie-America-hating group. Showing once again, the technology itself cannot ever protect us all by itself. We need to understand when we implement such systems, that we are entrusting other humans with our security.
Who watches the watchers? It's an age-old question.
FarCenter
(19,429 posts)It is quite practical to make the server for identity verification by the millions of checkpoints to be designed such that its programming and data cannot be changed by communications with the network. Changes to it would be done by taking the copy off-line, refreshing the data to the current date, and putting it back on line. There would be more than one such copy to ensure continuous operation.
The updating of the master copy would be done from many fewer sources using an identity enrollment process (and a death notification process). The design of the enrollment process is indeed a difficult one involving establishment of trust, chains of custody of the biometric samples, etc., but this is similar to what is done for criminal investigations and the handling of evidence today.
The establishment of false identies is an even harder problem, since it can't just be a new false record in the database. It may require establishing a whole past history to give the false identity a proper "legend".
The protection against illegitimate false identies is to have saveguards and an investigatory process to ensure that the false legend could not have been created by a less expensive conspiracy than the risk of improperly accepting a false legend. This is done currently by the "background investigation" process for various levels of security clearances.