Sunday, October 26, 2003

Biometric Data 

Having watched minority report last night, I started thinking about biometric data again. In the film, one character has his eyes removed, so he can get past eye readers without being detected. At the same time, he keeps his eyes in a bag so he get access when he requires. OK, it is stretching things a little, in that the authorities would have revoked his access. However, it would ruin the film.

Biometric data is a bad idea. Lets take the scenario of fingerprints. It is proposed that in the UK you have to give this to get an ID card. Now, see about this. Hack in and download people's fingerprints, or get them a more traditional way, from a glass. Now print the print on something where you can etch away the material, such as copper. Now just add some rubber and peal off, and you have a fingerprint from someone. Stick it to your finger, and you can authenticate for them.

Identity theft in this way has one feature that is very different from other forms. You can't revoke your personal data, unless you can do something such as Tom Cruise in Minority report and change parts of your body.

Widespread use of fingerprints in this way has one attraction for the authorities. They would have everyone's fingerprints on file, and will suggest that this helps in crime detection. This is a red herring. If their databases were hacked, as the current ones are, you can get people's finger prints. The trick above, and you can leave fingerprints everywhere if you were so inclined. Lots of innocents would be stitched up for crimes, and the effectiveness of fingerprints would be removed. Any defense lawyer worth their salt would be pointing out repeatedly to juries that fingerprints cannot be trusted.