On Fri, May 23, 1997 at 12:27:28AM -0400, Decius 6i5 wrote:
Veridicom, a spinoff of Lucent Technologies, just demoed (at [...]
If I get mugged and the mugger wants access to my bank account all he has to do is chop off the relevant finger. Don't laugh. This *WILL* happen. Biometrics create an general economic incentive for maiming or murdering people.
I'm not so sure that this is realistic. I have heard that earlier fingerprint reading cards were very sensitive to size distortion -- that is, if you swung your arm in a circle to increase the blood pressure in your hand, they would give a false reading, because of the swelling in the fingers would be sufficient to throw off the recognition software -- a smart card isn't *that* smart. A problem of false negatives. If you cut off a finger the blood pressure will go to zero, and the dimensions will change quite a bit, relatively speaking.
I will take you one further... *When you implement a biometric system you are deciding that the value of that which is being protected is greater than the value of the lives of the people who have access to it.*
This is obvious if you look at the trade-offs. You are securing the system such that the easiest way to break it is to kill a person. Obviously this will reduce your instances of fraud, as killing a person is more messy then hacking a pin code. However, because the cost of killing someone is smaller than the value of the object being protected, there are going to be losses. You have to decide that you are capable of swallowing those losses. You have to decide that the value of the decrease in fraud over a non-biometric system is greater than that of the lives of the people who are lost when fraud does occur. This is a despicable situation, but don't think you won't see it. It is probably inevitable now.
You don't have to kill or maim some to induce cooperation, and biometric devices can be designed to pretty much require that the subject be living. Extortion or seduction are both quite viable, and work with any security system. Biometrics don't really add anything. Your point is just as meaningful for cryptography. All strong crypto does is move the weak spot around. Incidentally, I have heard (from a probably reliable source) that the best biometric is a retina scan -- very reliable, hard to spoof, *very* few false negatives. [False positives are real bad for any security system, of course. False negatives are why you want back up modes of access.] -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html