Veridicom, a spinoff of Lucent Technologies, just demoed (at CardTech/SecurTech '97) their chip that can perform fingerprint recognition/authorization. They plan on selling them for $300 each (same cost as this face recognition system Gregory's mentioned). The article doesn't say when they will be available.
http://www.sfgate.com/cgi-bin/chronicle/article.cgi?file=BU41045.DTL& directory=/chronicle/archive/1997/05/22
I am mailing this to cypherpunks and BCCing the original list because it is not nearly as open. I am putting on my cypherpunk hat here, and although this is not a general discussion list I think this warrants comment. (I would also like to see what the cypherpunks have to say.) Eric Hughes said that "Cryptography is about economics." When I am designing a system, I weigh the cost of securing the system verses the expected loss that will be incurred if the system is not secure. The cellular phone industry decided that it would cost them more to secure their system than it would to swallow the losses. They were wrong, but I will not digress into that. The point here is clear. Security is an economic choice. It is a business decision. Furthermore, if I decide to secure a system, I need only use enough security such that the cost to break that security is equal to the value of that which is being secured. Any additional security is a waste of money. When I am breaking a system I will always attack the weakest link (unless I am doing this for intellectual challenge but that is not really the point here). This is obvious. Lets take a look at a sample Biometric security system: Fingerprints are used to replace the pin codes on an ATM. I am being very general here, but there are four main peices to this system. The banking network itself, which is DES encrypted, the ATM, the biometric system and the human being. Note the contrast with a non-biometric system, which consists of the network, the ATM, and a pin code. Biometrics pull the human into the equation. Cracking DES would cost more than a million dollars. I can't put a value on cracking the ATM, but they are designed to be difficult to open up and most are in places where they are very visible, so the cost is very high. I have not seen anyone present a method for attacking a biometric security device. If you assume that you will have to develop one you are again talking about millions. How about "cracking" the human... How much does a good sturdy knife cost? Less than $20. If I get mugged and the mugger wants access to my bank account all he has to do is chop off the relevant finger. Don't laugh. This *WILL* happen. Biometrics create an general economic incentive for maiming or murdering people. I will take you one further... *When you implement a biometric system you are deciding that the value of that which is being protected is greater than the value of the lives of the people who have access to it.* This is obvious if you look at the trade-offs. You are securing the system such that the easiest way to break it is to kill a person. Obviously this will reduce your instances of fraud, as killing a person is more messy then hacking a pin code. However, because the cost of killing someone is smaller than the value of the object being protected, there are going to be losses. You have to decide that you are capable of swallowing those losses. You have to decide that the value of the decrease in fraud over a non-biometric system is greater than that of the lives of the people who are lost when fraud does occur. This is a despicable situation, but don't think you won't see it. It is probably inevitable now. One additional point. The possibilities for surveilance inherent in biometrics are fearsome. If I managed to compile a large database of people's names, social security numbers, and face prints; I could set up a closed circuit camera system in my store which would provide me with the name, home address, credit, and other information about every person who enters my business, AUTOMATICALLY, without the customers even being cognisant that this is going on. The marketing people will be going nutz over this possibility. I'm going to the drug store for some Pepto... -- */^\* Tom Cross AKA Decius 615 AKA The White Ninja */^\* Decius@ninja.techwood.org "If the economic, social and political conditions... do not offer a basis for the realization of individuality, while at the same time people have lost those ties which gave them security... powerful tendencies arise to escape from freedom into submission." -- Erich Fromm