[A British Informational Article]
A biometric is a digital record of part of your body which might be unique to you. Examples of biometrics are:
• Facial image
• Finger-prints (hand geometry)
• Eye-scans
In Britain, these biometrics remain your personal property, you decide who has access to them. Your ability to control access to them secures your privacy, anonymity, and identity. Your biometrics remain your personal property until you commit a crime. Then they are recorded and are held by the State (e.g. the Police). You lose your right to privacy and anonymity. Your biometrics are now a matter of public record…
Facial images are the most acceptable form of biometric to the public. The [British] government has already announced that these will be stored on a microchip on all biometric passports. The facial biometric has a high risk of being abused by government and police for mass surveillance of the public without consent.
The facial biometric has a high failure rate of 1 in 10 people.
Finger printing/scanning has a low acceptance… because it is the same process that is applied when someone is arrested… The Police… are interested in having this on the Identity Register so that they can routinely compare finger prints from crime scenes to those of the public. In practice, finger printing for biometric testing is actually a scan of all fingers and sometimes the complete hand.
The finger print biometric has a high failure rate of 1 in 100 people.
Eye scanning comes in two forms: iris photography and retina scanning. Iris photography involves… shining an infra-red laser into your eye to record the pattern of the iris. Retina scanning is more penetrative and records the pattern of the inside of the eye (retina). The technique is controversial because it is possible to determine certain medical conditions from eye scans and whether you are a recreational drug user. The health risks associated with eye scanning are unknown. The [British] identity card will include eye scans (of the iris).
Eye scanning is new technology, government tests show the failure rate is 1 in 100 people.
See “IRIS Scanning Failure Rates at London Heathrow and Gatwick” – Biometric Freedom
It is claimed that existing technology for eye scanning will work at high speed up to 2 feet from the subject and will work through glasses and contact lenses. If the scanning distance from the subject can be increased, this provides the possibility to authenticate people using eye-scans without them being aware.
Finger print patterns are not unique to any one individual. The finger print pattern on your… identity card could easily be the same as that of someone else. Finger prints require a lot of expertise when they are first taken and may require several attempts before a good print is recorded. If you have worn finger prints (such as manual workers), have dirty fingers, or move your fingers, the scan will fail…
Eye scanning requires special cameras and good lighting to work properly. Even so, under these perfect conditions they still have a failure rate of 1 in 100 people. Eye scanning… has limitations… -how many times a day would people be prepared to have their eyes scanned just to get money from the bank or use their credit card?
The proposed [British] identity card and biometric passport will have 2 to 3 biometrics. Under proposed EU regulations, the biometric passport will use face and finger print recognition (the two most unreliable) and the identity card will use all three.
The Home Affairs Select Committee has mentioned that all three biometrics must be taken to reduce the error. Experts suggest this increases the failure rate… [and is] impractical since you will need to provide facial, finger (all fingers), and eye scans (both eyes) under perfect conditions, every time you travel or use the card.
Biometrics are not totally secure. Research in Germany*** showed that biometric scanners could be fooled by fairly simple methods:
• Facial Image: to fool facial recognition you need a good image of the face such as a photograph. More sophisticated systems can be beaten with moving images… [say] someone filming you with a camcorder. They then replay this, perhaps on a laptop screen, back to the scanner and the system will grant access.
• Finger Prints: When you provide a finger scan you leave an imprint on the scanner. This print can… be… ‘lifted’ and re-used later. Some finger scanners can be beaten by breathing over the print that you left behind. Scanners that require pressure and temperature can be fooled by dusting the print with powder, laying adhesive tape onto this, and then pressing with your own finger. You leave copies of your fingerprints on hundreds of items each day at home and at work; these can easily be ‘lifted’ using the powder and tape technique.
• Eye Scans: eye scanners are harder to beat but are not fool proof. These can be beaten by using a good quality print of the eye with a hole in the centre where the pupil is. The image is placed in front of the scanner and your eye against the hole (some systems look for a reflection from the pupil).
All biometrics are at risk from thieves/hackers who can record the information when you submit it to the scanner. They then play back the recorded biometric (and PIN) to the scanner or systems verifying the user. As the link between the identity card, scanners, and Identity Register will use the internet, this kind of attack could become very common.
The biometric identification card are being promoted as the ultimate solution in security, yet their total dependency on biometrics makes them extremely vulnerable. The complexity of providing finger/eye scans whenever they are used and confirming this against the Identity Register (NIR) is impractical in daily life. The high degree of error involved in biometric recognition will result in people being denied access to services. The criteria for biometric testing will have to be relaxed to allow for a larger ‘degree of error’ in the biometrics or requiring just one biometric for authentication. At this point the biometric passport and identity card become redundant and they are of no more value than current forms of identification.
Source: http://www.idcardandyou.co.uk/biometrics.html
See also: What Next, Retinal Scanning?
No comments:
Post a Comment