Biometrics 101 for Clueless Ministers

[Tannin]

http://www.theage.com.au/federal-politics/political-news/world-first-government-moves-to-radically-overhaul-australias-international-airports-20170116-gtss5w


This is a really, really stupid idea. It could only be supported by a Minister with no clue at all about digital recognition technology and how it works. Let's do a quick Digital Biomentrics 101 refresher

For simplicity, assume that the sensors and scanners and all the associated technology work perfectly every time. (They won't, of course. Just assume this anyway.)

Your biometric data is scanned. (Never mind how, we are assuming the scanners are perfect in every way. Never mind what data - fingerprints,retinal patterns, the shape of your head, whatever else, it doesn't matter.)

The scanned data is turned into a set of numbers.(We don't have to know how. It doesn't matter how.)

Those numbers are stored as a digital record, which can then be used to identify you. (We are still assuming perfection in the process such that there are no mistaken identities, no mixed-up records, no false positives, nothing. OK, that is a completely unrealistic assumption, but let's be crazy-generous and assume it anyway.).

Now no-one can pretend to be you. Right? It's not like guessing or stealing a password, 'coz no-one else can have your biometric signature. Right?

Wrong.

You see, the system doesn't compare biometrics with biometric records. It compares the numbers the scanner makes with the numbers in your digital record.

Now what happens when (not if, it's a when) someone obtains access to your biometric record? They can pretend to be you. They have your numbers and there is nothing, repeat nothing, you can do about it. Ever. For the rest of your entire life, the person who stole your data can pretend to be you. So can anyone they sell it to. Or anyone they give it to. Or anyone who hacks their database.

There is no escape. With a stolen passport, you can have it cancelled and get it replaced. With a stolen PIN you can change it. With a stolen password, you can make a new one.

With stolen biometric data, you are screwed. Buggered every way you turn. Well, maybe you could have skin grafts and get a head transplant.

But wouldn't it be easier to do that head transplant on the Minister? Now? Before he enacts this insane policy? Hell, the new head might even have a brain in it.


http://www.techly.com.au/2017/01/23/biometrics-to-replace-passports-at-aussie-airports-by-2020/

https://www.theguardian.com/technology/2017/jan/24/biometric-recognition-at-airport-border-raises-privacy-concerns-says-expert

[stui magpie]

Ok, I get how the biometric scanner turns whatever (fingerprints, head, iris) into a numeric code for recognition.

How exactly does stealing the code help identity theft?

your head has a different code to mine, how do you get the reader to look at your head and read my code?

[Tannin]

If you are only going through the Customs scanner, and it's only used by Customs, yep, you are right. It's hard. But you won't be.

All sorts of other agencies will wind up doing biometrics. And a zillion other things:including some or all of banks, your mobile telephone, your Google login, your office safe, MyGov.au, Centrelink, the tax office, the door to your secure workplace, your laptop computer, and on and on and on. The bloody things are popping up everywhere. You are quite likely already using your fingerprints to unlock your phone or access your laptop; people are already buying biometric door locks to save carrying a key around. Businesses are "securing" sensitive workplaces with biometrics. There are calls to prevent voter fraud with biometric checks at polling stations.

Now, it's hard to do anything with a customs scanner 'coz there is an Immigration Department officer standing there watching. But the moment that you don't have that human element, or the moment that t here is a distance between the scanner and the database - e.g., you press your thumb against a door lock in Glen Waverley and the biometric database is on a computer in Sydney or Mumbai or Seattle, then all a fraudster has to do if he wants to pretend to be you is send your numbers over the wire in an appropriate format. And if they don't have the technology to do that today, well, ask again next week.

Remember, the only thing proving you are you is a set of numbers. Anyone who learns that set of numbers can impersonate you just by sending the right numbers.

How many passwords and usernames have you got? Social media, work computers, banking PINs, and all the rest of it? If all those logings are biometric, a fraudster can hack into every single account you own, the whole bloody lot, and there is nothing, repeat nothing, you can do to get your identity back. Ever. That's it son. That was your life.

Will it really be as bad as this? No.

Won't organisations figure out security tricks to avoid at least some of the worst idiocies of biometric ID? Yes.

Will those security tricks fix all the potential problems? Not a chance.

Can't you just add a secret password to a biometric login to make it safer? Of course. But in that case, why even bother having the biometric login in the first place?

Many people love the idea of biometrics because it seems to promise easy, trouble-free, safe, forgery-proof identity verification. Fine. The trouble is, it's not going to be easy, it's certainly not trouble-free, it's inherently more dangerous than passwords because a blown password ID can be changed but a blown biometric ID never can be, and it is certainly not forgery-proof. And having a whopping great government biometric database for hackers to crack into is insane.

[Tannin]

Sorry. What am I saying?

It's Australian Government IT, not some cheapskate little private company like Facebook. Of course it's safe. Nothing would go wrong with an Australian Government IT project. I mean, look at all their recent IT successes, such as the Centrelink bogus debt letters disaster. Or #Censusfail. Perfectly safe.

We are from the government and we are here to help.

[stui magpie]

I just skimmed that, read it properly later.

Doesn't your argument assume that all scanners are programmed the same way and will come up with the same set of numbers when digitising your identity?

Surely it's more of a random algorithm?

[HAL]

All?

[Tannin]

[stui magpie]

All good points. i read your posts in detail now and i thought of some of the same issues on the way to work this morning.

You would assume that the government would want to have one standard approach across all agencies. banks would likely have something different, deliberately, so that they could get a new customer to establish identity first. Under the anti terrorism and money laundering laws that would probably not be transferable so each bank would have their own setup.

As would hardware providers. Samsung would have their own, Toshiba, Apple, etc.

However, as you say, assuming they are all starting at the same point, eg finger print of a specific finger or retina, if a hacker could get access to the process and algorithm used to digitise the scan, they could reverse engineer (with a lot of work) to get your bank ID from your government one and vice versa.

Interesting.

There'd still be ways to avoid or recover from identity theft though.

You could prove you didn't do a particular transaction with IP address, you could use a different digit for different services (right thumb for bank, left thumb for government, right ring finger for portable device and so on)

Personally, i think the biometric scans will be the way of the future, at least until all children are implanted with a NFC or equivalent at birth.

[Tannin]

Yep to all of that. I see biometrics applied to ID verification as being a bit like the motor car applied to daily transport to and from the office. Looked at in hindsight - say 50 years after we started doing it as routine - we will say "that was an utterly stupid way to do things; it has wound up costing us way, way more than it should have, and if we'd only had the sense to think a bit harder about the problem in the first place, we could have avoided endless pain, expense and trouble, and everything would work far better now". Moving a ton or two of metal around to transport 100kg of human is daft; having to waste 15% of our entire city landscape on useless, ugly space for these metal boxes is crazy; seeing 1000 people a year die in them is heartbreaking; paying for freeways, traffic lights, highway patrols, breath testing teams, hospitals, surgery, physiotherapy, trauma counseling, roadworthy testing, treating kids with asthma, driver education ..... wouldn't it have been so much easier just to build a public transport system that really and truly worked? Just use cars when you need to cart a toolbox and a few bags of cement? On empty roads 'coz everyone not carting heavy goods around would rather catch the train?

Of course it would have been easier and better and a hell of a lot cheaper. But we would have had to think ahead, we would have had to plan. But we didn't, and now we are stuck with the result.

Similarly with biometrics. It is going to be the way of the next 100 years or so, It's a really, really dumb way to go, and it will create so many problems, each one needing an expensive and difficult fix, that the total cost will be vastly higher than a better thought-out system in the first place ... but we humans are terminally stupid and we will do it anyway.

Welcome to the new fuckup, same as the old fuckup.

[stui magpie]

One of us must be drunk, i don't think we've agreed this much before.

I've often thought about why melbourne doesn't have a ring rail.

Connecting the ring road at greensborough to the Eastern freeway is a necessity, but smart planning would have put a train line down the
middle of it. So instead of just a hub (CBD) and spokes going outward, you also had the rim on the outside connecting the spokes

[Tannin]

Oh, and one more thing: if we assume that your biometric data is pretty much determined by your genetics - your fingerprints, for example, or your retinal patterns - then a sufficiently sophisticated analysis of your DNA should, in theory, be capable of recreating your biometric patterns. Right now, the technology to do that does not exist. But don't count on that for too long. 20 years ago it cost a billion dollars to sequence a human's DNA. Today, you can get a sequence done for a couple of hundred, and the detail of what we can figure out from a DNA sample has increased by a factor of maybe 10,000. (Made-up number. I don't know what the real number is, but it's certainly a bloody big one. If I have over-estimated by a factor of ten, bookmark this post and read it again next year. It will be right then.)

What I'm getting at here is that, given the frantic pace of genetic research, and given the incredible cost reductions happening year-on-year, it seems entirely reasonable to suppose that before too long someone with (for example) a strand of your hair could sequence it and then recreate your fingerprints, retinal patterns, and any other desired biometric measurement target - at which point biometric ID becomes utterly useless.

Right now, that's impossible. Given the pace of change, however, you wouldn't want to count on it staying impossible for more than a decade or two.