Paul Saffo writes, Today's biometric advances are the stuff of tomorrow's hackers and clever crooks, andanything that can be detected eventually will be counterfeited. Excerpts with edits:
The new technologies of identification and search would result in intrusiveness that would make today's system of search warrants and wiretaps quaint anachronisms. Sophisticated ID techniques may be deployed to catch everyone from careless drivers to bomb-toting terrorists in a biometric dragnet. Biometric devices sensing for SARS symptoms are omnipresent in Asian airports. And the first prototypes of systems that test in real time for SARS, HIV and bird flu have been deployed .The ubiquitous collection and use of biometric information may be inevitable, but the notion that it can deliver reliable, theft-proof evidence of identity is pure science fiction.
- Fingerprints,now being used by electronic print readers on everything from ATMs to laptops beats having to remember a password or toting an easily lost smart card. A Japanese cryptographer has demonstrated how, he can confect an artificial finger that foils fingerprint readers with an 80 percent success rate. Some South African crook snipped the finger off an elderly retiree, rushed her still-warm digit down to a government ATM, stuck it on the print reader and collected the victim's pension payment. (Scanners there now gauge a finger's temperature, too.)
- Iris scanners are gaining in popularity in the corporate world, as human iris patterns are apparently as unique as fingerprints. In future, someone will figure out how to capture an iris image and transfer it to a contact lens good enough to fool the readers. IRIS verification requires that the representation of your iris exist as a cloud of binary bits of data somewhere in cyberspace, open to being hacked, copied, stolen and downloaded.
- The more complex the system, the greater the likelihood that there are flaws that crooks can exploit. DNA is the gold standard of biometrics, but even DNA starts to look like fool's gold under close inspection. One can keep a card safe or a PIN secret, but if your DNA becomes your identity, you are sharing your secret with the world every time you sneeze or touch something. DNA can be easily copied - after all, its architecture is designed for duplication. Unlike a credit card number, DNA can't be retired and swapped for a new sequence if it falls into the hands of crooks or snoops. Once your DNA identity is stolen, you live with the consequences forever. This hasn't stopped innovators from using DNA as an indicator of authenticity. With a stolen security number, at best a stranger can inspect your credit rating. But with stolen DNA, one can discover your innermost genetic secrets - your ancestry, genetic defects and predispositions to certain diseases. Biometric identity systems are inevitable, but they are no silver bullet when it comes to identity protection. The solution to identity protection lies in the hard work of implementing system-wide and implementing technical and policy changes. Without those changes, the deployment of biometric sensors will merely increase the opportunities for snoops and thieves - and escalate the cost to ordinary citizens. Scary indeed.
Category : Identity Theft