Sponsor's Message

The US government tells us this, and is demanding that future passports contain computer-readable biometric information, so the rest of the world falls into line and prepares to update their travel documents accordingly.

Closer to home, the police already make significant use of fingerprints in their investigations and as the cornerstone of many legal cases.

But are we being fed a line?

Could it be that biometrics actually make it easier for clever, technically competent people to engage in identity theft?

Let's look at fingerprints for example...

There are already a growing number of security access-control systems that use a print-pad to authenticate identity. To gain access to restricted areas or information, a finger must be placed on the pad and the person's print is compared with one stored on computer record. Only if they match is access granted.

In the movies we see that this type of biometric access can easily be circumvented by simply cutting off the finger of the print's rightful owner and presenting the severed digit when requested.

In real life, the a much simpler and far less gruesome technique can be used, apparently with a high degree of success.

Can you imagine the potential security problems if a large database of fingerprint data were to be stolen by hackers who might then sell them to terrorists or other groups?

Now have your say Got something to say about today's column, or want to see what others think?  Visit The Forums While you're here, why not visit the Aardvark Hall of Shame and perhaps make your own nomination.

Using easily written software and something as simple as a modified ink-jet printer, it would then become a relatively trivial job to produce overlays that would become an exact match for any of those prints. Those overlays could then be used to circumvent any print-based biometric protection if it were being used.

I dare say that the production of an device, perhaps even a suitably printed contact lens, that mimicked retinal patterns could also be produced to match any data stolen from a database of that information as well.

And, as this report shows, there will always be opportunities for hackers to breach the security of supposedly secure databases, just as there are always new Windows security flaws to be discovered.

So, given the ease with which we can now produce artificial fingerprints, retinal-pattern simulators and other faux-body parts, we must consider whether biometric ID systems are actually going to open up gaping new security holes?

When you or I wander up to the immigration counter while visiting a foreign country, the person at the desk carefully compares the photo in our passport with the face we present. If there's too much difference, chances are we'll be taken to one side for questioning and further attempts to verify our ID.

But what happens when we begin to use biometrics?

I bet you any money you like that 99% of those immigration officers will simply defer to the biometric scan rather than closely scrutinise your picture and face.

Even if the person presenting the passport isn't a close match with the picture in their passport, passing the biometric check (possibly using a thin silicone veneer slipped over a finger or a carefully crafted contact lens) will probably be good enough.

Time and time again we've seen people rely too heavily on technology with disastrous results -- could we be headed down the same track with biometrics?

And what do you do when a huge biometric database is stolen?

Unlike credit-cards, you can't simply cancel the data and re-issue new numbers -- biometric information is, by its very nature, unchangeable and bound to an individual for life.

How would you feel if you found out that your fingerprints, face-scans and retinal patterns had fallen into terrorist hands?

Will biometrics give the terrorists an unmatched ability to assume the identity of almost anyone for whom they have the necessary biometric information?

Could you find yourself locked up for a very long time, without charge and with virtually no rights (like Ahmed Zaoui) simply because your prints and/or retinal scan supposedly link you to the scene of a terror attack?

Have your say on today's column

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!