Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Political/War Lounge > [USA] DHS dishes "indignity of being subjected to biometric capture" to residents

[USA] DHS dishes "indignity of being subjected to biometric capture" to residents
Thread Tools
The Godfather
Addicted to MacNN
Join Date: Dec 1999
Location: Tampa, Florida
Status: Offline
Reply With Quote
Dec 25, 2008, 02:12 PM
 
http://www.nextgov.com/nextgov/ng_20081222_7778.php

Sounds like ACLU whinery to me at first. On one hand, the DHS is doing a thorough job on following the law. On the other hand, the USVISIT law had a big DUH by not requiring biometrics of people who leave the U.S. of A.

If I am not wrong:

US residents are already required to give 10 fingerprints and a picture ONCE. With this new law, they'd be required to give them every time they enter such country.

Obviously, this automatically extends to all non-residents as well. However, Canadians will be exonerated. Is this favoritism (for a good or a bad reason), or are the neighbors from the north in some way less Alqaeda-friendly than other earthlings?
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Dec 25, 2008, 02:14 PM
 
Sounds like a good thing as long as it's not overly burdensome to the staff implementing it. I do, of course, know that the 9/11 terrorists were all here legally, but. . .
( Last edited by Big Mac; Dec 25, 2008 at 02:23 PM. )

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 25, 2008, 02:58 PM
 
I'd have to go the opposite and say this seems like a waste of resources (which I think is what TGF is saying).

Don't you get fingerprinted and photographed when you get a green card?

People have to leave and reenter the country so DHS and the FBI can use information they already have access to?
     
The Godfather  (op)
Addicted to MacNN
Join Date: Dec 1999
Location: Tampa, Florida
Status: Offline
Reply With Quote
Dec 25, 2008, 03:42 PM
 
I am not really accusing the DHS of wasting resources. I am suggesting that they use their budget in more efficient and effective actions. Something like fingerprints on international exit, or fingerprinting citizens as well. All 10 fingerprints has diminished returns, and Canadian exemption is dumb as well.

This is all a result of pussyfooting around the need of international entry security. Why not go all the way and model our system after the Israeli security system?
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 25, 2008, 03:47 PM
 
Different priorities when it comes to security vs. freedom.

Call me a whiner, but I would rather be "unsafe" than have every citizen fingerprinted.

Edit: at least in America. I'm not saying the Israeli system isn't good for their (different than our) situation.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 25, 2008, 07:39 PM
 
Wouldn't it be very helpful to have biometrics on everyone leaving and entering the borders to ensure that the same person is coming back with that green card? Wouldn't it also make it easy to clean up watch lists if you actually saw when the legal resident got flagged? And then you could compare the biometrics from issuing the card and departing with those taken on the person's return and demonstrate that the watch list hit was not only wrong, but probably indicates that the list needs to be edited? That's what I'd think about this...

By the way, the "indignity" of being fingerprinted (electronically, by the way) now and then is not such a big deal... Before I retired, I had to be fingerprinted (the old, messy way) relatively frequently just to maintain my (quite low) security clearance, and they knew where I was almost every second of every day... I think making a big deal about this is just making a big deal.

Glenn -----OTR/L, MOT, Tx
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Dec 25, 2008, 10:26 PM
 
(a) I wish people who said "I wish the US would model security on the Israeli security model" actually knew what the Israelis do for security.

(b) biometrics are useless. They really are. I can copy your fingers and fake out any fingerprint reader given ten minutes with something you've touched. The DHS workers at USCIS barely know how to operate the fingerprint machine for immigrants. You don't want to know how many times the FBI sends back letters to immigrant applicants asking them to make a new appointment with DHS because DHS bungles it. Reliance on biometrics is a false solution. It's also no good for identity and identity theft - you only have ten fingerprints and two retinas. Once your ID has been stolen 12 times what will you use to prove you are who you say you are?

(c) I have never had to have my fingerprints taken as a US citizen. Not when leaving the US. Not when re-entering. Not when applying for a driver's license. Not when applying for a passport.
     
auto_immune
Dedicated MacNNer
Join Date: May 2008
Status: Offline
Reply With Quote
Dec 25, 2008, 11:16 PM
 
To me, it is just one more stupid thing, done for appearance only,
that does not actually do a damn thing to make us safer.









- fist in the air in the land of hypocrisy
     
Wiskedjak
Posting Junkie
Join Date: Jun 2002
Location: Calgary
Status: Offline
Reply With Quote
Dec 26, 2008, 01:52 AM
 
Security theatre
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Dec 26, 2008, 05:21 AM
 
I agree with vmarks. Biometrics is a gimmick, because people at immigration checking passports and all are (i) way too busy and (ii) not really well-educated and well-paid.
When I went to the US last time, they put me in the wrong visa category and didn't enter my return date into the computer. If I hadn't checked (with the great help of some staffers at Berkeley who know what they're doing) I'd have been flagged. (When I went to the embassy to get my visa, there were quite a few people (including Americans living in Germany) that needed to have their status fixed.)
I doubt the guy was even comparing my photos to my face … 

Most importantly, however, what starts with immigrants can and does easily end up with citizens. Soon enough you are required to be fingerprinted for your passport. The state will swear that your data is safe and protected. It's a slippery slope.
I don't suffer from insanity, I enjoy every minute of it.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 26, 2008, 08:03 AM
 
Originally Posted by ghporter View Post
By the way, the "indignity" of being fingerprinted (electronically, by the way) now and then is not such a big deal... Before I retired, I had to be fingerprinted (the old, messy way) relatively frequently just to maintain my (quite low) security clearance, and they knew where I was almost every second of every day... I think making a big deal about this is just making a big deal.

As I don't want or need security clearance, to me it would be a huge freaking deal.

It's also no small difference to have your employer fingerprint you for being an employee vs. having the government fingerprint you for being a citizen. I understand they were one and the same in your situation, but it's an important distinction.



Originally Posted by vmarks View Post
(a) I wish people who said "I wish the US would model security on the Israeli security model" actually knew what the Israelis do for security.

FWIW, my first answer was regarding Israel, my second was regarding America, and my edit attempted to clarify that, but likely made it more confusing.

I'm perfectly willing to admit how ignorant (or at least out of date) I am WRT the specifics of Israeli security. I didn't get fingerprinted in either direction, but I remember the El Al people being extra serious, and I remember a lot of hitchhikers with M-16s.
( Last edited by subego; Dec 26, 2008 at 08:30 AM. )
     
Wiskedjak
Posting Junkie
Join Date: Jun 2002
Location: Calgary
Status: Offline
Reply With Quote
Dec 26, 2008, 10:02 AM
 
Originally Posted by OreoCookie View Post
The state will swear that your data is safe and protected.
And then the following terrorist attack will involve this data somehow.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 26, 2008, 10:50 AM
 
Originally Posted by subego View Post
As I don't want or need security clearance, to me it would be a huge freaking deal.

It's also no small difference to have your employer fingerprint you for being an employee vs. having the government fingerprint you for being a citizen. I understand they were one and the same in your situation, but it's an important distinction.
Actually it was a somewhat different thing than you may imagine. I was being fingerprinted, not because of anything new or different in my clearance, but because it was needed to "fill a box" in a procedure. As I said, the government knew very clearly exactly where I had been and what I'd been up to since the last time I'd been fingerprinted, but I still had to be fingerprinted and have those prints run through the FBI's criminal fingerprint system. The first time I was printed made sense, but after that it was almost insulting. And I was having my clearance renewed for the express purpose of continuing to have the privilege of putting my life on the line to defend my home (and all the people there, whether they liked it or not).

However, my point is moot in light of the fact that both vmarks and Oreo Cookie have pointed out that "biometrics are not terribly good." That raises a much more important point: which biometric sensors will be used. The ones that come on Windows laptops and that you can get to plug into your computer are generally quite poor at differentiating between different individuals. There are, however, very good fingerprint sensors (the Texas Department of Public Safety uses these to ensure that I'm me when I renew my driver's license) that cannot be easily fooled. Further, with ANY oversight by an operator it would be very, very difficult to spoof even the cheap sensors with someone else's "lifted" prints.

I've come and gone across borders a number of times, most recently in January of 2007, and it has been my experience that there are a variety of levels of training of people doing passport control at ports of entry. I've been lucky (or skillful) in my choice of ports and the timing of my entries, because the people doing "returning citizen" passport checks were awake, on top of things, and knew what they were doing. It's also easier when passport control knows how many people will be showing up and when they'll do that; returning from a cruise is much simpler and easier than say coming in on a flight that is somehow off schedule.

Glenn -----OTR/L, MOT, Tx
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Dec 26, 2008, 11:13 AM
 
@ghporter
It's not so much a matter of sensor type, it's a matter of usefulness and necessity.

(i) In what type of situations has this data been helpful? Now, the supposed reason for this is to increase safety, but the 9/11 attackers, for instance, came to the US legally and there was no (good) reason (based on the information available, of course) at the time that they may be dangerous.
(ii) More importantly, what good is additional data if you other, more substantial data is not correct? Sort of like a bucket full of holes that you make even higher to hold more water.

But you have a point: swipe sensors are the safest variety according to what I've read (other sensors can hold a finger print which you can extract and reuse). The sensors that I've had to use (in the US embassy and at customs) was one you place your finger on.

@subego
The problem with that is whether employers can be trusted with that data. Laws are not the only answer, because once your data has been given to someone else (whether willingly or by an employee), the damage is done.

In Germany (similar to the UK), we've had many cases of lost data by phone companies and banks. That includes `secret' phone numbers used by celebrities and politicians. There was nothing they could do but get a new number. In the UK, even the government has lost a few cds and harddrives with sensitive data (regarding taxes, for instance).

I accept that there are some special jobs where fingerprinting may be necessary (e. g. working with classified information or for identification purposes). But on the other hand, I think people have been watching too much CSI where the perp just happens to be in the database for some harmless prior.
I don't suffer from insanity, I enjoy every minute of it.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 26, 2008, 11:30 AM
 
Originally Posted by OreoCookie View Post
@ghporter
(i) In what type of situations has this data been helpful? Now, the supposed reason for this is to increase safety, but the 9/11 attackers, for instance, came to the US legally and there was no (good) reason (based on the information available, of course) at the time that they may be dangerous.
(ii) More importantly, what good is additional data if you other, more substantial data is not correct? Sort of like a bucket full of holes that you make even higher to hold more water.
I think the point is that, after 9/11, the INS had the many shortcomings of its processes (either bureaucratic or staffing) paraded out for the world to see. Having a good idea of who is coming in and going out is a good idea, and should have been started up a long time ago. It's true that the hijackers were mostly in the U.S. "legally" in that they had valid visas, but that's a side issue, really. Take a look at other border security issues, such as the rather serious back-and-forth traffic across the border with Mexico. Thousands of people cross in each direction at every crossing every day; many have green cards, many do not. How do you keep track without having an enormous level of manpower manually looking at each individual?

Glenn -----OTR/L, MOT, Tx
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 26, 2008, 04:30 PM
 
Originally Posted by OreoCookie View Post
The problem with that is whether employers can be trusted with that data. Laws are not the only answer, because once your data has been given to someone else (whether willingly or by an employee), the damage is done.

There's something of a balance going on here.

On one hand you are absolutely right. In most situations I wouldn't trust my employer with any secret information, which I consider my fingerprints to be at least nominally so.

On the other hand, in most situations (certainly with fingerprinting), I would trust the government far less to tell employers what they can and cannot do WRT internal security.

One can (in theory) have much better luck finding a different employer than one would have finding a different government. That's the thrust of my argument. Both are bad, one is worse.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Dec 26, 2008, 05:08 PM
 
@ghporter
You can leave out the quotation marks, the hijackers were legally in the US.

The human trafficking issue between Mexico and the US is nothing new and IMO it is not the principal reason under which these measures have been implemented. Most of them (including the creation of the DHS) came under the tenet of the `war against terror.'

Even if that is one of the reasons, it's mostly a major waste of resources. Israel, for example, have people who determine which people are searched. This is based on statistics. In America, they weed out people with T-Shirts with arabic writing on them and muslim families. It's more about the pretense of safety rather than actual increases in safety. The sad thing is that they are probably not even saving any money with policies that make people `feel safer' rather them actually being safer.
I don't suffer from insanity, I enjoy every minute of it.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Dec 26, 2008, 05:11 PM
 
Originally Posted by subego View Post
On the other hand, in most situations (certainly with fingerprinting), I would trust the government far less to tell employers what they can and cannot do WRT internal security.
At least where I come from, the government has a much, much better track record at keeping private things private than companies. This is because `by design' certain things must not be communicated. For example, when the clinical information system in my mom's hospital was designed, a sizeable part of the planning went into making sure that all transmission between different databases comply with privacy regulations.

Of course, the current trend is going the opposite direction. Also, with the same `felt security' theme as in the US :hmmm:
I don't suffer from insanity, I enjoy every minute of it.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 26, 2008, 05:54 PM
 
Originally Posted by OreoCookie View Post
At least where I come from, the government has a much, much better track record at keeping private things private than companies.



I'm not worried about the government screwing up, I'm worried about them succeeding.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 26, 2008, 07:32 PM
 
Originally Posted by OreoCookie View Post
@ghporter
You can leave out the quotation marks, the hijackers were legally in the US.
Some were on expired visas, either student or tourist, that had run out as much as 6 months before September. That was the reason behind the hedging. If INS had actually had a good handle on who was and was not still in country, they may have at least been able to look into those with the expired visas and what they were up to.

Glenn -----OTR/L, MOT, Tx
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Dec 27, 2008, 07:01 AM
 
You're right, I should have written that they've entered the US legally. Once you're in the US, the state (federal and state level) has very little in the way of tracking people.

Still doesn't change the fact that biometrics wouldn't have helped catching terrorists in time.
I don't suffer from insanity, I enjoy every minute of it.
     
red rocket
Mac Elite
Join Date: Mar 2002
Status: Offline
Reply With Quote
Dec 27, 2008, 09:58 AM
 
The way I see it, the more data gets collected, the more man and machine power will be required to categorise and analyse, maintain the databases and backups, thus the potential for human error and mischief increases, and more and more data will eventually make it into the hands of those who would use it against civilians. I see no indication that the authorities will try to stop collecting data, they will collect more and more.

End result: Comprehensive data on everyone, accessible to unknown persons who cannot be trusted with access. Since the data was supposed to be confidential, everyone with access to the data, i.e. everyone excluding protected politicians and pigs, has been turned into a potential criminal or Stasi operative. Since criminals need to be monitored, more data collecting mechanisms will be created, and more powers will go to the police. Since police by definition cannot be criminals, there are only two categories of permissible people left: pigs with rights and freedom, sheep without.

This obviously has nothing to do with protecting people, and everything with oppression. If we want to regain our liberty, we have to stop the authorities from collecting data on us.
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Dec 29, 2008, 01:14 AM
 
Originally Posted by ghporter View Post
There are, however, very good fingerprint sensors (the Texas Department of Public Safety uses these to ensure that I'm me when I renew my driver's license) that cannot be easily fooled. Further, with ANY oversight by an operator it would be very, very difficult to spoof even the cheap sensors with someone else's "lifted" prints.
Let me try again.

I can fool ANY fingerprint scanner given ten minutes beforehand with something that you've touched.

I can fool heat-sensing, capacitive, and I can do it while being observed by any operator you care to place around me.

The materials cost about 20 bucks. I use the object you handled as my negative, make my positive, mold it around the pad of my finger, wear long sleeves and look inconspicuous, and before you know it, I'm through.

Your fingerprints may be an identifier, but they are not a unique identifier. Anyone can now be you, for as little as 20 dollars.

http://www.lfca.net/Fingerprint-Syst...ity-Issues.pdf may be informative.
( Last edited by vmarks; Dec 29, 2008 at 01:22 AM. )
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 29, 2008, 10:43 AM
 
Originally Posted by vmarks View Post
Let me try again.

I can fool ANY fingerprint scanner given ten minutes beforehand with something that you've touched.

I can fool heat-sensing, capacitive, and I can do it while being observed by any operator you care to place around me.

The materials cost about 20 bucks. I use the object you handled as my negative, make my positive, mold it around the pad of my finger, wear long sleeves and look inconspicuous, and before you know it, I'm through.

Your fingerprints may be an identifier, but they are not a unique identifier. Anyone can now be you, for as little as 20 dollars.

http://www.lfca.net/Fingerprint-Syst...ity-Issues.pdf may be informative.
It strikes me that this is indeed doable, but again I think it would be hard to do "on the fly." It would be more likely to be useful and practical to do as a preset sort of spoof; "John crossed the border at JFK today" even though John was still in Cincinnati... And as a concerted effort to fool tracking of individuals, that's a scary proposition.

Glenn -----OTR/L, MOT, Tx
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 29, 2008, 04:55 PM
 
vmarks...

How is the fingerprint issue not like any other arms race? Right now the defense has the advantage. Won't this change, and then change again?

I admit, I didn't read your link. I will do so if you think it answers these questions.
     
The Godfather  (op)
Addicted to MacNN
Join Date: Dec 1999
Location: Tampa, Florida
Status: Offline
Reply With Quote
Dec 30, 2008, 12:46 AM
 
Sounds like those fake fingers require access to beakers, microwaves and refrigerators.

Can retinal scans be spoofed?

Should the solution include professional, licensed security agents? And if they are so already, why not force them into learning a little optometry?

Or better yet: cage all passengers in their seat rows. Skip all security checks altogether.
     
The Godfather  (op)
Addicted to MacNN
Join Date: Dec 1999
Location: Tampa, Florida
Status: Offline
Reply With Quote
Dec 30, 2008, 12:56 AM
 
Originally Posted by subego View Post
vmarks...

How is the fingerprint issue not like any other arms race? Right now the defense has the advantage. Won't this change, and then change again?

I admit, I didn't read your link. I will do so if you think it answers these questions.
The answer does lie within the PDF. Not as a direct reply to your question, but as a suggestion to biometric system manufacturers. Now go read it.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 30, 2008, 01:42 AM
 
Originally Posted by The Godfather View Post
The answer does lie within the PDF. Not as a direct reply to your question, but as a suggestion to biometric system manufacturers. Now go read it.

I asked how it was not like any other arms race.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Dec 30, 2008, 04:52 AM
 
It's not just a question of effectivity, I find the question of necessity equally unanswered: what is the gain in security that has come from this?
I don't suffer from insanity, I enjoy every minute of it.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 30, 2008, 10:17 AM
 
Originally Posted by The Godfather View Post
Sounds like those fake fingers require access to beakers, microwaves and refrigerators.
Yep. As I pointed out above, faking prints is really only practical with lots of preparation-and perhaps the fake-ee's cooperation.
Originally Posted by The Godfather View Post
Can retinal scans be spoofed?
Retina scans are too invasive. Iris scans are easier to do and until we have some sort of breakthrough in eye surgery, there's no way to spoof them. Contact lenses that "change eye color" are not going to do it, because they are two dimensional; the false-color iris they show is a pattern of dots in one layer of the lens. Iris scans take advantage of the three-dimensional quality of the iris (it's a number of separate layers of specialized muscle, each with the possibility of different colors in each fiber), so they are both unique and hard to spoof.

Glenn -----OTR/L, MOT, Tx
     
The Godfather  (op)
Addicted to MacNN
Join Date: Dec 1999
Location: Tampa, Florida
Status: Offline
Reply With Quote
Dec 30, 2008, 12:35 PM
 
Originally Posted by subego View Post
I asked how it was not like any other arms race.
The paper addresses the issue. Did you read it yet?
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 30, 2008, 02:57 PM
 
Originally Posted by The Godfather View Post
The paper addresses the issue. Did you read it yet?

Yes. Hence the need for me to repeat the question to you.

There is nothing in the paper that states or implies the fingerprint issue is anything other than an arms race.

If you think there's something relevant in the paper, kindly quote it.
( Last edited by subego; Dec 30, 2008 at 03:10 PM. )
     
Wiskedjak
Posting Junkie
Join Date: Jun 2002
Location: Calgary
Status: Offline
Reply With Quote
Dec 30, 2008, 03:59 PM
 
Originally Posted by subego View Post
vmarks...

How is the fingerprint issue not like any other arms race? Right now the defense has the advantage. Won't this change, and then change again?

I admit, I didn't read your link. I will do so if you think it answers these questions.
Reading vmarks' post, I don't think the defense has the advantage at all. I think they're merely put on a show to *delude* those being defended into *believing* that the defense has the advantage.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 30, 2008, 06:25 PM
 
Originally Posted by Wiskedjak View Post
Reading vmarks' post, I don't think the defense has the advantage at all.

In hindsight, it probably would have been better for me to reverse the roles (I had my reasons). However, the point immediately following my dubious casting choice was that the situation will change, and then change again.

Like it does in any arms race.

I'm not understanding how a fact that is guaranteed to change (the current status of the fingerprint arms race) is more relevant than the non-arms race issues advanced so far:

Is it an acceptable invasion of privacy?
Will it be abused... not by those who intentionally mean us harm, but by those entrusted with our welfare?
Even if it worked 100%, would it actually catch anyone?
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 30, 2008, 07:40 PM
 
The point behind using this technology is not to make our borders hermetically sealed. It's to collect data to have a better idea of who has departed or arrived. As I pointed out, there are serious issues that could make the process less than perfect, but at least the immigration folks will have some data to work with.

Combine biometrics with a passport or Resident Alien card that includes electronic data (including biometric reference data), and you have a solid, if basic, method of keeping track of when someone is or is not within our borders. The traveler must match both the picture and the biometric data to be considered the person identified by the travel document. This is spoofable, with lots or preparation, and the cooperation of the person being spoofed, less so without cooperation. But in general, just having automated "John departed through Philladelphia International" and "James arrived through Atlanta" data is a huge step forward.

Glenn -----OTR/L, MOT, Tx
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 30, 2008, 11:38 PM
 
Originally Posted by ghporter View Post
It's to collect data to have a better idea of who has departed or arrived.

I'm arguing (as is the ACLU) this data isn't worth the (not merely financial) expense.

This is why I'm arguing the status of the fingerprint arms race is irrelevant.

If the data is worth the expense, we should collect it regardless of the status of the fingerprint arms race.

If the data isn't worth the expense, we shouldn't collect it regardless of the status of the fingerprint arms race.
     
The Godfather  (op)
Addicted to MacNN
Join Date: Dec 1999
Location: Tampa, Florida
Status: Offline
Reply With Quote
Dec 31, 2008, 12:21 AM
 
The data is worthy because:
* It identifies the traveler, with a reasonable level of certainty, as the guy/girl who actually applied for the visa, and (hopefully) passed a background check.
* It allows for auditing of previous mistakes (or collusions) of port agents, by making it harder to cheat the system with no trace.
* The current "check your face against your passport picture" is many times unsafer than the combination of face and fingerprint checking.

Of course, all that value would be negated if security agents rely on the machine exclusively. Don't hire unionized morons for that job, only contracted, licensed professionals.

If you agree with the above, all that will be left to think about is whether you value your privacy more than your safety. Apples and oranges. You want them both.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Dec 31, 2008, 10:12 AM
 
Originally Posted by The Godfather View Post
Of course, all that value would be negated if security agents rely on the machine exclusively. Don't hire unionized morons for that job, only contracted, licensed professionals.
Careful here. Equating "unionized" workers with morons is not valid, any more than equating "contracted, licensed professionals" with effective workers. If it's ALL about money, then you get what you pay for and to get really good border agents you'll pay out the nose. It should NOT be all about money, it should be all about doing a job well and effectively. A union that makes sure its members are qualified for the job and that they perform appropriately and effectively is far superior to some contracted firm that just puts people in uniforms and says "yeah, we do it right." In other words, you have to have motivated people doing this job, people motivated to do it correctly and for the right reasons. Money ain't one of those "right" reasons.

Glenn -----OTR/L, MOT, Tx
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Dec 31, 2008, 11:37 AM
 
Originally Posted by The Godfather View Post
If you agree with the above, all that will be left to think about is whether you value your privacy more than your safety. Apples and oranges. You want them both.

You mistake me for someone else.

My opinion will vary depending upon whether we're talking about citizens, permanent resident aliens, or a different party, but as a general rule, if given the choice between privacy and safety, safety can suck it.

If it's any consolation, when given the choice between guns and safety, safety can suck it there too.
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Dec 31, 2008, 10:10 PM
 
Originally Posted by ghporter View Post
It strikes me that this is indeed doable, but again I think it would be hard to do "on the fly." It would be more likely to be useful and practical to do as a preset sort of spoof; "John crossed the border at JFK today" even though John was still in Cincinnati... And as a concerted effort to fool tracking of individuals, that's a scary proposition.
The link is old and out of date. There's no longer a need for baking, beakers, making PCBs, or such. Techniques have improved and the readers and administrators or observers haven't.

Seriously. Ten minutes alone with your prints.

I like to think of things from a security mindset - for example, you used to be able to get ant farms shipped by mail simply by placing an order and giving a shipping address, with no verification that the recipient wanted an ant farm. Live Ants. Through the Mail. To an Unsuspecting Person.

Or, at a hotel. They check your ID and CC when you check in. They don't care if you walk up and bashfully say to the night clerk, "I'm in room 208 and I need an extra key. Do you mind?" -- the clerk burns you an extra key and says "Have a good evening, Mr. LASTNAME" -- no verification that you're in 208, or that you're Mr. LASTNAME.

Or at a fast food establishment. Call them up. Tell them they left out POPULAR FOOD ITEM from your order, you were just in a while ago, can you come in and pick it up? It's waiting for you when you walk in. Free food.

Or the electronic boarding cards which can be generated via website so you can clear security and kiss your loved ones good bye at the gate like we used to do- or whatever else you'd like to do with a phony card past security.

There are lots of interesting little loopholes where there's no verification at all.
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Dec 31, 2008, 10:21 PM
 
Originally Posted by The Godfather View Post
Sounds like those fake fingers require access to beakers, microwaves and refrigerators.
not anymore they don't.
Can retinal scans be spoofed?
Scans of the eye are harder. Contact lenses can do it, but they're much more preparation-intensive. I've never done it.
Should the solution include professional, licensed security agents? And if they are so already, why not force them into learning a little optometry?

Or better yet: cage all passengers in their seat rows. Skip all security checks altogether.
Licensing security employees just has the effect of creating an exclusive club. NC requires anyone possessing a lock pick set to be a licensed locksmith under criminal law.

You know, accepting that government cannot, and should not be in the role of attempting to guarantee safety, that individuals are responsible for themselves, might go a long way.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Jan 1, 2009, 04:03 PM
 
Originally Posted by vmarks View Post
You know, accepting that government cannot, and should not be in the role of attempting to guarantee safety, that individuals are responsible for themselves, might go a long way.

Nailed it.

(though I still disagree the arms race part is relevant )
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Jan 2, 2009, 02:42 PM
 
Subego, is it a race if the side with the big-bucks-technology isn't even lining up at the starting gate?

I mean to say, even my 'ten minutes gummy' process has been outdone.

http://gizmodo.com/5122259/million-d...-10+cents-tape

That's right. A woman with cellotape fooled observers and an exorbitantly expensive current-tech machine. She didn't fool them once. She fooled them repeatedly.

The officials are embarrassed to admit that this is just the woman they've caught - they expect many more are using similar exploits.
     
Wiskedjak
Posting Junkie
Join Date: Jun 2002
Location: Calgary
Status: Offline
Reply With Quote
Jan 2, 2009, 03:27 PM
 
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Jan 2, 2009, 05:16 PM
 
Originally Posted by vmarks View Post
Subego, is it a race if the side with the big-bucks-technology isn't even lining up at the starting gate?

Everything seems to indicate the problem centers around the big-bucks people (successfully) running a scam.

I haven't seen anything that's shown there's a genuine technological flaw in the concept, so I'd say yes, it's still a race.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jan 2, 2009, 07:25 PM
 
Considering that the system I spoke so highly of earlier, the Texas driver license system, uses fingerprints as one of a number of identification sources, the person in question still has to look like the valid license being renewed (they do check this), and of course the license office validates the old license itself to ensure that it hasn't been altered (the picture, for example, is encoded in the magnetic stripe on the back), then I still say it's a "good" system. Combining biometric data such as photograph and digital finger print into the passport or resident alien card itself, and then having attentive people comparing what's coded in the document with the person who's standing in front of them is how it should work. Depending on just the fingerprint reader is as silly as saying "are you really a good guy?"

Glenn -----OTR/L, MOT, Tx
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Jan 2, 2009, 10:36 PM
 
But then, you don't need the biometric at all. If you're looking for a measure of trust, running the license is enough.

And if the person is looking to be endowed with trust falsely, they're going to do it with cellotape, gummy fingers, a fake passport as the woman entering Japan did.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jan 2, 2009, 11:18 PM
 
Originally Posted by vmarks View Post
But then, you don't need the biometric at all. If you're looking for a measure of trust, running the license is enough.

And if the person is looking to be endowed with trust falsely, they're going to do it with cellotape, gummy fingers, a fake passport as the woman entering Japan did.
No, the trust is only in the operator. The operator compares the biometric data stored on the license with the individual standing in front of them. Sure, they probably use the computer to compare the prints, but the picture on the screen is the one that's supposed to be on the front of the license, and if it doesn't pretty closely match the person standing there, this is a problem. And for the record, our Department of Public Safety (state police) troopers are renowned for lacking a sense of humor or having any sort of tolerance for modifying drivers licenses...

And it is damn hard to fake a Texas license. Hologram covered, ultraviolet printed, electronically encoded with the correct data that should show on the front, this is a very strong document—frankly quite a bit stronger than military ID. Oh, and the officer that stops you can run your license and get the electronic data on his patrol car's computer so he can see what the license is supposed to look like, including the photograph. Note that a photograph is a form of biometrics...

The point is not that biometrics are or are not useful, though I think they are in this case. The point is that the person evaluating a claim that I am who I say I am has more than just his judgment to go by; he has a wealth of reliable data at hand on which to evaluate my claim. And this should be easy to do with almost any currently produced form of identification, including such things as resident alien cards and passports.

Glenn -----OTR/L, MOT, Tx
     
vmarks
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Jan 4, 2009, 12:22 AM
 
There's nothing special about the hologram or inks or any other material. I can buy and print those. It's a cost, but I can.

The barcode isn't impossible either. The barcodes aren't super-secret and only known to the state. The barcodes are easily decoded by machines that are sold to bartenders so that they don't have to trust their eyes for scanning fake IDs.

ID Reader Vendors*:

TriCom Card Technologies 1-800-830-2225 tricomcard.com
Card Com Technology 1-800-476-7811 cardcom.com
Intelli-check, Inc. 1-800-444-9542 http://www.intellicheck.com/

If they have the ability to read the barcode and decode it, then we also have the knowledge to generate codes.

I grant that we haven't access to the DMV's database for licenses, but that just depends on what you want to use the license for. I'm of the mind that if you aren't driving, present a US Passport when asked for ID. It's valid, and doesn't allow them to check a database, unless it's at a DHS facility. At the DHS facility, they can't check the DMV's database.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 01:03 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,