Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Businesses Security Crime Databases Government

The Case Against Biometric IDs (nakedcapitalism.com) 146

"The White House and Equifax Agree: Social Security Numbers Should Go," reads a headline at Bloomberg. Securities lawyer Jerri-Lynn Scofield tears down one proposed alternative: a universal biometric identity system (possibly using fingerprints and an iris scan) with further numeric verification. Presto Vivace shared the article: Using a biometric system when the basic problem of securing and safeguarding data have yet to be solved will only worsen, not address, the hacking problem. What we're being asked to do is to turn over our biometric information, and then trust those to whom we do so to safeguard that data. Given the current status of database security, corporate and governmental accountability, etc.: How do you think that is going to play out...?

[M]aybe we should rethink the whole impulse to centralize such data collection, for starters. And, after such a thought experiment, then further focus on obvious measures to safeguard such information -- such as installing regular software patches that could have prevented the Equifax hack -- should be the priority. And, how about bringing back a concept in rather short supply in C-suites -- that of accountability? Perhaps measures to increase that might be a better idea than gee whiz misdirected techno-wizardry... The Equifax hack has revealed the sad and sorry state of cybersecurity. But inviting the biometric ID fairy to drop by and replace the existing Social Security number is not the solution.

The article calls biometric identification systems "another source of data to be mined by corporations, and surveilled by those who want to do so. And it would ultimately not foil identity theft." It suggests currently biometric ids are a distraction from the push to change the credit bureau business model -- for example, requiring consumers to opt-in to the collection of their personal data.

The Case Against Biometric IDs

Comments Filter:
  • Or... (Score:5, Insightful)

    by msauve ( 701917 ) on Sunday October 08, 2017 @07:45PM (#55332949)
    Perhaps the proletariat shouldn't have to worry about it at all, and those who rely on identity (banks, mortgage companies, etc.) should be forced to assume all the liability and burden of proof when they get it wrong. And that includes being liable for libel if they incorrectly report against someone's creditworthiness.

    Just as copyright infringement isn't "theft," so too is there no real identity theft - the problem is on the other side, with those who accept numbers as a convenient but unreliable "proof" of identity. Their problem, not ours.
    • by nasch ( 598556 )

      Great idea.

      https://www.youtube.com/watch?... [youtube.com]

    • by Anonymous Coward

      The SSN or other taxpayer id number is basically useless now, thank Equifax. These data brokers should never have been storing it in the first place, but every business that deals with credit stores it, and even brainlessly uses it as an index or as an authentication mechanism (last four digits of your SSN?) Strangely in Canada you never get asked for your SIN (Social Insurance Number) and it's the same length as the US SSN.

      So how do we solve it? First, get rid of the SSN/SIN/TAXPAYERID/etc, Replace that wi

      • That's boring. How about an APP?!
      • I like the idea of a smart card that uses some type of PIN + biometrics, where the biometrics are used to associate a username, or as part of MFA, and a PIN used for unlocking the card. The card would then be a certificate store. Swipe the card at the bar, the pub knows you are over 21, so their butt is covered legally. They don't need your name or anything else. A job requires a degree? They get a cert from the university that is also signed by an accrediting agency showing that there was a B. S. awar

      • Replace that with your Biometric Passport.

        Most Americans don't have a passport, and many can't get one.

    • This exactly. The real problem here isn't identity theft, it is the pathetic level of verification used by the lenders. I agree that putting all liability on the lenders is the right approach (there are already laws on the books to this effect for the most part), but there is virtually no way to totally eliminate the harassment that an ID theft victim gets, because the lenders are still going to pursue collection on the premise that you are just a deadbeat borrower.

      99% of all ID theft would evaporate if f

      • by pnutjam ( 523990 )
        The US screws up any attempts at banking verification. Everyone in the world uses secure PIN debit cards and the US matches the secure chip with a fucking signature, for transactions over $20, who gives a rip about anything under that amount, AMIRITE?
      • So, the bad guy gets a photograph and fingerprints and has a government ID card made that'll look good enough with a mediocre scan. Unless you're saying the applicant should always appear in person for credit decisions, there's no connection between bad guy and recorded data. We could avoid a lot of fraud by requiring people to go places physically, and disrupt a very large amount of business.

        The credit-giving agency then has to call a phone number, and get someone who will say they're the guy being im

        • "Unless you're saying the applicant should always appear in person for credit decisions"

          That is exactly what I am saying, either in person on site or at a local notary public to verify their identity. And when they appear in person, the person who is applying should be required to have a high resolution, full facial photograph with no obstruction (glasses, hats, hoodies, etc.). That photograph and a set of their fingerprints should then be compared with those on file and filed with the application for cre

    • the proletariat , woaw ... personally, call me a lamer of whatever but i don't see the difference between a database full of social security number strings or the key matching someone's biometric ... you can't alter data in the blockchain (or what was that? unless you got 51% or more ... satoshi was a democrat hm ?) but if you got the key to a wallet you can empty it right so call me a lamer or whatever, point out the fact that i have no degrees to stand on, i don't owe a security firm and i didnt do time f
  • by markdavis ( 642305 ) on Sunday October 08, 2017 @07:46PM (#55332953)

    Fingerprints and DNA should not be used for biometrics. Period.

    Using fingerprints or DNA and allowing a third-party to have access to that data is unacceptable. Not only because the government and big business should have no need to track what people are doing but because they should not have fingerprint registration data (which will be horribly abused) .

    Stand up for your rights, people... and the rights of your children. Once you give this data to the government or big business, it will NEVER be erased or restricted, regardless of claims, policies, or laws- it will go into huge databases and shared between agencies and used however they want for as long as they want. Even worse, with every crime investigation, you will be searched without probable cause. It is a genie that can't be put back into the bottle.

    Fingerprints are something you leave all over the place all the time. They are easy to lift, copy, and forge. Easy to fake, easy to use to frame people. Time after time they have been shown to be poor for security and yet very effective at tracking people.

    DNA is even worse. Like fingerprints, you leave it all over the place all the time. Samples can be lifted and planted and analyzed. DNA is more than a means to ID, it contains very sensitive information about you.

    Iris scan is better than DNS or fingerprints- there is no leaving your iris image all over, and it doesn't say that much about you. But your eyes (iris,
    not retinal) could be scanned without your permission by any high resolution camera pointed at your face, even your own.

    There is only one safer and practical biometric I know of- that is deep vein palm scan. That registration data cannot be readily abused. It can't be latently collected like DNA, fingerprints, and face recognition can. You have to know you are registering/enrolling when it happens. You don't leave evidence of it all over the place. When you go to use it, you know you are using it every time. And on top of all that, it is accurate, fast, reliable, unchanging, live-sensing, and cheap. If you must participate in a biometric, this is the one you should insist on using.

    Example: http://www.m2sys.com/palm-vein... [m2sys.com]
    More info: https://en.wikipedia.org/wiki/... [wikipedia.org]

    We also need to realize that IT IS NOT EVERYONE'S BUSINESS WHAT WE ALL DO. The first step in securing freedom is privacy. When you are tracked, you are losing your freedom, whether you realize it or not. You should not have to positively ID yourself for ALL transactions. A good example is age verification. There is an important place for anonymity and semi-anonymity in a free society.

    • by Junta ( 36770 ) on Sunday October 08, 2017 @07:50PM (#55332977)

      Yep nothing like a credential I leave behind on any surface I touch.

      It's funny, there's a room at work that (in part) is secured by a fingerprint reader. it's about 10 feet from a door that you can see the fingerprints clearly left behind as people push the doors open on the way to the fingerprint reader.

    • by Anonymous Coward on Sunday October 08, 2017 @08:10PM (#55333059)

      There is only one safer and practical biometric I know of- that is deep vein palm scan. That registration data cannot be readily abused. It can't be latently collected like DNA, fingerprints, and face recognition can. You have to know you are registering/enrolling when it happens. You don't leave evidence of it all over the place. When you go to use it, you know you are using it every time. And on top of all that, it is accurate, fast, reliable, unchanging, live-sensing, and cheap. If you must participate in a biometric, this is the one you should insist on using.

      Vein matching has been used forensically, most notably to tie Khalid Sheikh Mohammed to the murder of Daniel Pearl [wikipedia.org].

      Forensic identification

      According to a 31,000-word investigative report published in January 2011 by Georgetown University faculty and students,[11][12][13][14][15] U.S. federal investigators used photos from the video recording of the beheading of American journalist Daniel Pearl to match the veins on the visible areas of the perpetrator to that of captured al-Qaeda operative Khalid Sheikh Mohammed, notably a "bulging vein" running across his hand.[4] The FBI and the CIA used the matching technique on Mohammed in 2004 and again in 2007.[3] Officials were concerned that his confession, which had been obtained through torture (namely waterboarding), would not hold up in court and used vein matching evidence to bolster their case.[2]

      Granted, this was using a bulging surface vein rather than a deep vein, but it was done by using images taken from a video. The point is that biometric data leaks and once out can not be retrieved or changed. It makes for a terrible password for that very reason.

      Deep palm vein matching may not presently have a known method for creating dummy fakes, but that does not mean it never will. Best to rule out biometrics for all authentication tasks and leave it solely for use in identification without authentication.

      • >"Deep palm vein matching may not presently have a known method for creating dummy fakes, but that does not mean it never will. Best to rule out biometrics for all authentication tasks and leave it solely for use in identification without authentication."

        What you are saying is very true. That is why I qualified it with "I know of." Probably anything can be defeated, but deep vein currently stands as one of the best, most practical biometric. You can get something very secure, like a retinal scan, but

        • by Anonymous Coward

          You already said it, but in your example, those were surface veins, not deep veins. Deep veins can't be seen from any distance with visible light nor from a distance with any known technology. Further, the palm is a more protected area that is rarely visible casually for more than a brief instant (think about where your hands are most of the time- holding something, in your pockets, on a keyboard, face-down in most cases when not holding something and obscured otherwise).

          If deep palm vein scanning becomes a norm, then so will deep palm vein scanners. Now it doesn't matter how often I put on gloves and then put my gloved hands into my coat, if I'm taking then out and allowing them to be scanned every time I get on the subway, buy a slushee, or purchase movie tickets. The devices themselves become the weak link, and the secret hash that they produce from each scan becomes a known quantity.

          Biometrics, as a class, can not successfully be used to solve authentication problems

          • by dgatwood ( 11270 )

            Biometrics, as a class, can not successfully be used to solve authentication problems because once lost, they can not be changed. They are excellent for identification problems: UUID's, primary keys, usernames. But they make terrible passwords and must not be used for authentication.

            Exactly. It is provably impossible to guarantee a trusted endpoint when under someone else's control, and that's where any sort of identifier breaks down for authentication purposes, no matter how seemingly unique.

            Consider the

            • by nasch ( 598556 )

              It seems to me the problem is single factor authentication. If I have to provide my iris (or whatever) scan and a password, then it becomes much more difficult to impersonate me. Assuming of course the data is stored properly and I don't do anything stupid.

              • And then there's the problem that you have to give out your password everywhere you go, while keeping it secret. Might as well use the Social Security number.

        • So now we have to invent some form of gloves that external parties cannot take off you when you are sleeping (or being sedated).
    • Even worse, with every crime investigation, you will be searched without probable cause. It is a genie that can't be put back into the bottle.

      Oh, for heaven's sake, put your tinfoil hat back on and get back on your meds! I was first fingerprinted when I joined the navy back in '69, and I've been fingerprinted since then by at least one other (county, not federal) agency since then. And, in the 48 years since that fingerprinting, I've never been searched by any investigative agency, with or without prob
      • >"I''ve never been searched by any investigative agency, with or without probable cause, nor been a Person of Interest in an investigation"

        I can almost guarantee that you have. Just because nothing has come from those searches [that you know of] doesn't mean you haven't been searched and there isn't a risk. If your latent print just happens to be on or around something of interest, it will be run and it will connect to you; and there is a small chance it will connect to you even if it isn't you.

        • >"I can almost guarantee that you have" [had searches done on a databases that contain your prints]

          Reply to self- just to clarify (since after I read my reply again, it might not be evident), every time ANY collected print is searched, it is compared to every print to which they have access. If your print is in one of those databases, you are being searched. And since the databases are shared, it is likely that at least high-level-agency searches will search through just about every database out ther

          • If your print is in one of those databases, you are being searched.

            I don't know what you mean by the word "searched," but it's not one I've encountered, and at 68, I've probably run across every meaning for "searched" that there is. Just running a database search looking for a match to a fingerprint is not searching any of the people who's prints are in that search, which is one of the reasons you don't need a warrant do search your own databases. I have never had my home, person, car or workspace sear
    • by rtb61 ( 674572 )

      Let's not worry about the people, let's concern ourselves with the computers. The computer said so, should never ever be enough to identify some one. Just like that person being real and actual, not just virtual so the record of them actual, a real hard copy. To rely on biometric data, relies totally on the record of biometric data being associated with you. Alter that database link, associate someone else's biometric data with your legal identity and they become you.

      This limits prime record data to hard c

    • Stand up for your rights, people

      I would expect neckbeards around here to have learned this lesson from watching the movie Porky's growing up! Never consent to biometric examination.

  • Immutable Data (Score:5, Insightful)

    by Anonymous Coward on Sunday October 08, 2017 @07:50PM (#55332971)

    Any system that relies on immutable data for day-to-day identification is doomed from the start.

    That's the problem with the Equifax breach-- all the data I use to prove who I am-- SSN, driver's license, data of birth-- it's all been leaked. Biometrics doesn't change this-- except now my iris pattern, my thumbprint, my DNA-- they all get leaked-- but they still can't be changed once leaked.

    We need something resembling a distributed PKI setup so that I can carry an "id card" with a private key I can sign transactions with-- but I need to be able to regenerate that key relatively simply at any local government office (and revoke any old keys still floating around). Note this shouldn't be my "show badge to enter" type ID-- this should be used for taxes, voting, credit checks-- things that you might today use an SSN for.

    But this idea that we can have one identification that never changes, and is immune to data breaches, is just not feasible.

    This shouldn't be hard to do.

    • Fixing your credit in the future is easy! Simply rip out both eyes and replace them, use a crispr variant to change enough genetic markers, then cut off all the skin on your fingers and buy new skin. That should hold you for at least a few weeks till they the data gets stolen again.
    • by gl4ss ( 559668 )

      that solution exists, but it has it's problems.

      really credit systems in general are the problem. they don't care if they get the identity wrong because the credit goes against the real person and not the fraudster.

  • somewhere, out there, beneath the pale moonlight. or...And then you'll have to eat your lunch all by yourself 'Cause I'm already gone
  • by MangoCats ( 2757129 ) on Sunday October 08, 2017 @08:03PM (#55333035)

    Who in their right mind would stand up and be accountable for operations that exceed their personal fortune by factors of 1000s? What possible form of compensation could be adequate for such liability?

    Yes, corporate operations transparency and accountability are great measures to improve the current situation. Unfortunately, we're more likely to get gun control and single-payer health care passed first.

    • Who would accept the accountability? Someone who feels they are competent enough not to fuck up the entirety of what they are held liable for. Of course, at some organizations the hiring/promotion process is... Not great. You get people who take high-level salaries with little understanding of the work they are supposed to oversee. Or worse yet, you get people who *think* they are competent (Dunnig-Kreuger effect). The corporate culture at many places has a way of weeding out people who *do* have a firm und
  • By its nature, any national ID system would be the basis for tracking, if that ID is used for commercial as well as governmental purposes. So the question should not be "Would biometrics enable more illicit tracking?" but rather "Would biometrics be less susceptible to misuse than the current SSN?"

  • If Steve Gibson ever gets the coding completed (the spec is already public I believe) this could be a potentially good solution, not perfect but much better than SSNs.

  • I honestly wonder if we should start removing some data and keeping it in offline or non-instantaneous storage. Or maybe some sort of distributed storage. Honestly, there is no reason for some company to have everyone's SSNs and other data readily available 24/7. Certain relevant pieces could be kept online for easy access, but what if any access of the data required accessing it from some sort of offline/nearline storage. Or even just a time delay to retrieve the data from the system (and not just a bu

  • Name vs proof. (Score:4, Insightful)

    by gurps_npc ( 621217 ) on Sunday October 08, 2017 @08:35PM (#55333159) Homepage

    ID has two steps: 1)Username and 2) proof of identity. Biometrics make for a great username/login. You always have them and they take no effort to 'remember'. They make for a horrible proof/password:

    1) They can't be changed if someone gets a hold of yours.

    2) You leave copies all over the place (fingerprints, DNA samples, pictures of your eyes).

    3) It is pretty easy to fake them.

  • Wonderful (Score:2, Funny)

    by burtosis ( 1124179 )
    Fixing your credit in the future sure is easy! Simply rip out both eyes and replace them, use a crispr variant to change enough genetic markers, then cut off all the skin on your fingers and buy new skin. Fill out all 17 forms in triplicate and visit both state and federal offices to recertify. That should hold you for at least a few weeks till they the data gets stolen again.
  • American corporations have had a long and illustrious history of bending over its consumers and fucking them in the ass as hard as they can. And the government's role in this is to codify new and innovative ways of facilitating this collective boning. So when someone points out that a new proposal is wrong, I just want to pet their head gently and say, "oh, aren't you just the most darling idealist ever."

    This has never been about protecting people. It's always been about money, power, control, and findin

  • by Anonymous Coward

    One change to HIPAA law : âoe the ss number, DOB are both PHIâ ( protcted health information). Doctors deal with the draconian HIPAA lase and still survve. Ti e bor banks amd Equifax to followthe same guide.ines

  • The White House and EquiFax have two different reasons for wanting to do away with Social Security numbers. EquiFax wants to diminish the damage done by their handing over of our SSNs to hackers. The White House just wants to do away with Social Security. Oh, and Medicare and Medicaid.
  • What we really need to blow this scheme out of the water is for some really wealthy bad guys to fund a project focused on using CRISPR or similar technology to change the DNA markers that have become standard in the DNA databases. Since they don't have to follow normal research rules, the research could be greatly sped up. As a side benefit, the results would leak into real medical science and speed that up - very much like the way porn has led technical development of the internet many times in the past.

    In

  • Biometric IDs are fine if they are used as a portion of a key to unlock data.

    The best way to assure that hacks like this wonâ(TM)t have an impact is by expecting Equifax is only allowed to store an encrypted version of your data. They can still make encrypted queries against the data and get encrypted results but they donâ(TM)t get the true data. And although homomorphic encryption isnâ(TM)t all that fast yet, for what banks need it for (adding and subtracting numbers) its actually very doabl

  • by Aethedor ( 973725 ) on Monday October 09, 2017 @03:05AM (#55334223) Homepage

    Biometrics are often heard as the alternative for the password. To see if that's a good alternative, let's take a look at the characteristics of both username and password.

    The username

    • - It's not secret. It's often your name, e-mail address, employee number, etc.
    • - It's very common for people to have the same username at different systems. Specially at companies.
    • - Changing your username is not possible in most cases.

    The password

    • - It should be kept secret.
    • - For improved security, you should choose a different password for each system.
    • - Most systems allow you to change your password.

    Now, let's take a look at the characteristics of biometric information:

    • - They are not secret. You leave your fingerprints everywhere and with high resolution camera's it's not difficult to take your iris scan.
    • - Since you have only 10 fingers and two eyes, you will probably have the same biometric ID for many systems.
    • - You are not able to change any of your biometric information.

    Conclusion: biometric information is more like a username than like a password. So, the only way to properly use biometrics is to use it for identification, not for authentication. Giving biometric information to the government for authentication purposes, is dangerous. The government probably doesn't understand this topic very well, so they will probably use it in the wrong way (for authentication). Because they believe it to be more secure (thanks to all the sales talks of companies selling biometric stuff), you end up having an even more bigger problem than now in case of identity theft.

  • by Anonymous Coward

    We tried biometric ID cards the UK more than ten years ago.

    Wikipedia:
    "The register was officially destroyed on Thursday, 10 February [2011] when the final 500 hard drives containing the register were shredded at RDC in Witham, Essex."

    https://en.wikipedia.org/wiki/Identity_Cards_Act_2006

  • The big problem with any form of widely-available and widely-supported identity verification scheme is that government tends to think that they need to run centrally and be centrally controlled - which in turn makes a big target for criminals [and potentially institutional abuse].

    As an alternative, I would offer the model adopted by GNU Privacy Guard, which is entirely federated, but, best of all, under the control of the individual concerned.

    For those not familiar with GPG, here is [in my own words]
    • This requires each individual to have a private key, secret, not given to anyone, and available for use whenever the individual's identity is verified. The private key is impossible to fake (assuming good asymmetric crypto is used), but there's many ways a bad guy could get hold of it. If it's on a card or something, someone could steal your wallet. If it's a number you type into a system, well, keyloggers do exist. If compromised, it would be very difficult to rebuild the trust.

      It works well for the

      • by ytene ( 4376651 )
        I can't deny the valid challenges you raise, but the reason for offering the GPG model as an alternative to the current approach is that it works to hand control back to the User.

        I am sure that we could come up with ways of protecting the private key - but really my focus was on taking back control...
  • There are a lot of governance frameworks thst can be followed for establishing good cyber security policies, such as those from COBIT, NIST, ISO, etc. They donâ(TM)t guarantee that the organization will be risk free (thats impossible), but help to reduce risk to acceptable levels, if they are followed and policies are reviewed and updated frequently. But if authentication procedures are too restrictive or expensive (relative to the value of the assets being protected) the organization can lose custom
  • The article (and much of the subsequent hollering in the comments) conflates two very related items: biometrics in general and a third-party biometric system in which that information is submitted to some centralized place.

    On the latter, I have nothing but agreement for what was said about its stupidity and danger, so there is no need to repeat all that -- I incorporate and agree with it here.

    But on the former, there is still great promise for biometric systems that are designed specifically to avoid ever s

  • Biometrics are fine, as along as people realize exactly what they are. They are one step in a possible identification process.

    Like an SSN, biometrics are unchangeable. However, using them in identity theft is considerably harder. Creating a fake fingerprint is possible, but it's not trivial. It's like putting a better lock on your front door - one you can't open just by jiggling it: it keeps the stupid thieves out, but the slightly less stupid ones will just come in through the window. As such, biometrics a

  • by JohnFen ( 1641097 ) on Monday October 09, 2017 @10:22AM (#55335385)

    The serious problem with biometrics is that if your "id" is stolen, you can't change it. You're simply screwed.

  • Credit reporting agencies make money by sending my information to people that pay for it. If someone was asking questions about a friend of mine, simple politeness would require me to inform my friend that so-and-so was asking about him.

    Me: "Hey, Bill. You're ex was asking about you the other day."
    Bill: "You don't say. What did you tell her?"

    The way to fix this whole credit reporting mess is that if someone makes an inquiry to the reporting agency (i.e., someone asks about me), the reporting agency shoul

  • "The White House and Equifax Agree: Social Security Numbers Should Go,"

    Well then, with two such highly skilled, intelligent entities, with such marvelous track records, sayin' so, gosh, I'm in! Scan me first!

  • So if we stop using numbers, and use fingerprints or retinas instead, that's supposed to be more secure... but how do we communicate the biometric patterns over the wire to prove our identities? We encode the patterns as numbers. And the other party must have a record of those encoded numbers to compare with to see if there's a match.

    We're still using social security numbers, we're just using very pretty numbers. And numbers that can't be revoked when (not if) there's another breach.

  • The federal government already maintains a national ID database for military personnel, civil servants, and government contractors. It consists of a smart card containing a certificate tied to the USG PKI. The card is unlocked with a PIN and can be used for signing documents or signing/encrypting emails. The documentation requirements are almost exactly the same as for getting a passport (e.g. birth certificate + state ID). These cards are already recognized by most federal agencies, and can be soft aut

Science may someday discover what faith has always known.

Working...