Get your German interior minister's fingerprint here A hacker club has published what it says is the fingerprint of Wolfgang Schauble, Germany's interior minister and a staunch supporter of the collection of citizens' unique physical characteristics as a means of preventing terrorism. In the most recent issue of Die Datenschleuder, the Chaos Computer Club printed the image on a …
I've read some (but not all) of the comments on here and there is a vein of "don't knock it, they're trying to achieve something". Couple this with the cases of senior police officers calling for universal DNA screening after two high profile murders here in the UK (the politicians pooh-poohed the idea, presumably distancing themselves when the uproar began - but no doubt they'd have been all for it if the public reaction had been favourable).
The upshot is this: anyone arrested on all but the most trivial change is now routinely DNA'd. Various studies report that X% of crime is committed by a low number of career criminals.
If DNA is the answer to all our problems, how come a huge percentage of crime hasn't been cleared up?
And if it hasn't then what is the point of it all?
This story illustrates both the weakness of fingerprints as a method of access control and the naivete of politicians who think biometrics are the sole solution to access control. It's all very well finding a unique biometric but if it is relatively easy to steal and duplicate - as this example demonstrates, then it has NO value in any security situation that MATTERS.
Knowing, for example, what we now know about how easy it is to steal and use your fingerprint, would you be happy to grant access to your house or car based on fingerprint alone? Of course not. So why should we imagine that fingerprints are a remotely sensible way to protect access to aircraft or sensitive databases? (abuse of which could do far more damage to society than having your own house broken into or car stolen)
This is not to say that biometrics are not useful. But the only biometrics, so far, which cannot be trivially stolen and represented on cue are your dna fingerprint (which still takes too long to be used for access control) and your retina print - which can be performed in a couple of seconds. And even then, we can only trust it if the test is performed in our presence with kit we control.
Conclusion, the only safe and practical biometric is the retina print and it is only guaranteed secure when used on trusted kit on trusted premises and supervised by trusted guards. Anything less is "Security Theatre"
On the question of risk of abuse by State and other bullies, I'm slightly attracted to Jerry's idea of defeating exclusive access by publishing our own biometrics. We could then legitimately claim, for example, that if our spoor is ever detected at the scene of a crime, it could have been planted there by a hostile party wishing to frame us. This could, at least, provide Juries with enough doubt to make the prosecutors' task much more difficult.
But we cannot glibly ignore the downside of that breach of our own privacy. It would, for example, make us much easier prey for stalkers, private detectives, government agents and other hostile attackers who may not wish to frame us but do wish to spy on us.
OK not the most original title, but the truth.
The reason I am writing this is because no one seams to have noticed the fact that any system no mater what will be broken.
The past is littered with systems that were unbreakable, but were broken. Often though the information in the system, such as a coded wireless messages had a limited life expectance.
The prize for breaking this system is so grate and the data valid for so long (a life time) that is unlikely that it won’t be broken, and the data corrupted with false information. How long before a new OS is probed for vulnerabilities, and that mainly for the kudos of being the first to beat the OS.
Given that the data in the ID database is used for access to and from a country as well as welfare payment systems and ID generally it is unlikely that criminals will take long in finding ways to add people to the system.
I see ID cards being implemented, at huge cost to the public. There will be some newspaper articles about delays and spiralling costs. I see huge payments to contractors who have long relationships with the government.
I see the whole thing fall flat on its arse a year or so later when even the government is forced to admit that it's not working. CEOs will walk out with golden handshakes, and the ministers involved will have more time to spend with their families.
But it's OK - the taxpayers' money will, by then, be safely stored on foreign soil in a handful of bank accounts.
Just wait for the next Datenschleuder Issue. Then The current one is a backnumber and you can DOWNLOAD the PDF!
Then you just extract the bitmaps and carry on as per instructions.
Rather than a wavelet format, the ICAO requires JPEG or JPEG200 Pictures of fingerprints. ie You crack the RFID protection, download, print to plastic film and carry on.
There is an English translation of the Fingerprint forging Instruction manual on the CCC English servers, which google delivers within a few clicks...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
