From: "ama-gi ISPI" Subject: IP: ISPI Clips 5.12: New Fingerprint Chip - Protection vs. Privacy Date: Sat, 3 Oct 1998 00:34:02 -0700 To: ISPI Clips 5.12: New Fingerprint Chip - Protection vs. Privacy News & Info from the Institute for the Study of Privacy Issues (ISPI) Saturday October 3, 1998 ISPI4Privacy@ama-gi.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This From: The New York Times, September 28, 1998 http://www.nytimes.com PERSONAL COMPUTING: Tiny New Chip Could Pit Protection of Property Against Right of Privacy http://www.nytimes.com/library/tech/98/09/cyber/compcol/29compcol-fixmer.ht ml By ROB FIXMER, rob@nytimes.com Tom Rowley seems uncomfortable in the role of braggart. A sheepish look comes over his face when he tells you, "We're going to change the way people live." But Rowley's assertion is not to be taken lightly. For one thing, he said those words once before, in the early 1980's, when the innovation he was introducing was a concept he called voice mail. For better or worse, he did change the way we live. The product that inspires his boast today is a humble-looking chip, about the size of a postage stamp and no thicker than a nickel. When attached to a computer, it reads fingerprints with a precision that meets the Federal Bureau of Investigation's standards for personal identification. Beginning early next year, consumers will see the fingerprint chip introduced in notebook computers, then in desktop devices. Every major manufacturer of computer hardware in the United States is believed to be in some stage of testing or developing products using the chip. Eventually, it is all but certain to be embedded in door and car locks, bank cards, cellular telephones, driver's licenses and the sundry other mundane objects that identify us as consumers and citizens and give us access to places and money. Rowley is the chief executive of Veridicom [ http://www.veridicom.com/ ], a tiny start-up company in Santa Clara, Calif. He is backed by venture capital from, among others, the Intel Corporation, which recognizes the chip's potential to open vast markets in consumer electronics, and Lucent Technologies, which owns the patents accrued by Bell Laboratories, where the chip was invented in the early and mid-1980's. Although the product, known as OpenTouch, is cutting-edge technology, it is low-tech by silicon standards, making it inexpensive to manufacture in large numbers. The Korean and Taiwanese companies under contract to produce it see Veridicom's chip as a way to milk a few more years from old fabrication plants that have already been fully depreciated and might otherwise be closed as obsolete. All of which means that the fingerprint chip, is going to be very inexpensive -- probably less than $10 per chip within 18 months of its introduction, and eventually even less, industry experts said. A low price means that it is almost certain to become far more widely used than voice mail, whether as OpenTouch, which Veridicom will introduce in November at the Comdex trade show, or as another company's competing product. Far less certain is the social and political impact of the fingerprint chip. It certainly can greatly enhance personal security. But depending on how it is used, it could have a profound impact on privacy, for better or worse. The paranoid will no doubt see in this chip a conspiracy by the Government or another Orwellian nightmare. The real threat, though, is not from Big Brother but from a legion of what a colleague refers to as "little brothers," business interests like magazine publishers, banks and indemnity companies that want to track our every move, profile our every passion, anticipate our every need either to persuade us to part with our money or to assess us as risks for credit or insurance. Credible identification cuts two ways when it comes to security and privacy. The same fingerprint reader that gives us secure access to our home or car can be used to trace our movements through office buildings, stores, schools and airports. That can be good or bad depending on the circumstances and what we are up to. I may not want anyone to know that I am in Room 1705 of the Acme Professional Building visiting my lawyer or psychiatrist or heart specialist or interviewing for a job -- unless the person tracking me is a fire marshal clearing a burning building. But if I lose my notebook computer on a flight to Seattle, I want to know that no one will be able to rifle through my files, because the manufacturer has frozen the code that reads the fingerprint chip so deeply in my computer's electronics that no amount of tampering will allow another person to boot it or to unscramble the data on my hard drive. On the other hand, without safeguards, the same fingerprint-identified passport that will be useless to a thief will allow governments around the world to track my every move. Perhaps the most ambiguous line between privacy threats and security will be the use of Veridicom's technology on the Internet. In many ways, it will be the ultimate "cookie," those files that Web sites place on our hard drives to identify us, or at least our computers, when we point our browsers in their direction. In some ways, this is beneficial. If the fingerprint reader on my computer serves as a certificate of identification when I buy something on line, the seller does not know my credit card number or whether I am paying with credit or cash. The seller may not even know my identity. Veridicom's chip assures the seller that I am who I claim to be without revealing who I am. Likewise, when used as an encryption key, the chip will guarantee that no one can unscramble and read my e-mail or other documents. But there is a darker side. Companies are already using cookies to create personal profiles of Internet users by aggregating every piece of information we surrender on Web sites. The very kinds of sites we visit reveal a great deal about us to those who want our money, and when we buy products or enter contests or register to use a site, we reveal not only who we are but a great deal about how we live. At the same time, a study released this summer by the Federal Trade Commission revealed that most businesses on the Web did not tell visitors how the information they surrendered would be used. In a few cases, the study found that companies sold information that they had promised users would be kept confidential. The Clinton Administration insists that for now, the infant electronic-commerce industries be allowed to police themselves in matters of privacy. That is frightening enough when our cookies give up information dropped on our treks through cyberspace. When everything we do on line can be tied to our credit and bank cards, driver's licenses and passports, the extra security we have gained might well be outweighed by the privacy we have lost. Not surprisingly, Tom Rowley spends most of his time these days trumpeting the potential benefits of his chip, but he does not deny its potential for mischief. After all, he admits, at times even voice mail "is a real pain." The social stakes this time around are a lot higher. PERSONAL COMPUTING is published weekly, on Tuesdays. Rob Fixmer at rob@nytimes.com welcomes your comments and suggestions. Copyright 1998 The New York Times Company --------------------------------NOTICE:------------------------------ ISPI Clips are news & opinion articles on privacy issues from all points of view; they are clipped from local, national and international newspapers, journals and magazines, etc. Inclusion as an ISPI Clip does not necessarily reflect an endorsement of the content or opinion by ISPI. In compliance with Title 17 U.S.C. section 107, this material is distributed free without profit or payment for non-profit research and educational purposes only. --------------------------------------------------------------------------- ISPI Clips is a FREE e-mail service from the "Institute for the Study of Privacy Issues" (ISPI). To receive "ISPI Clips" on a regular bases (up to 3 - 8 clips per day) send the following message "Please enter [Your Name] into the ISPI Clips list: [Your e-mail address]" to: ISPIClips@ama-gi.com . The Institute for the Study of Privacy Issues (ISPI) is a small contributor-funded organization based in Victoria, British Columbia (Canada). ISPI operates on a not-for-profit basis, accepts no government funding and takes a global perspective. ISPI's mandate is to conduct & promote interdisciplinary research into electronic, personal and financial privacy with a view toward helping ordinary people understand the degree of privacy they have with respect to government, industry and each other and to likewise inform them about techniques to enhance their privacy. But, none of this can be accomplished without your kind and generous financial support. If you value in the ISPI Clips service or if you are concerned about the erosion of your privacy in general, won't you please help us continue this important work by becoming an "ISPI Clips Supporter" or by taking out an institute Membership? We gratefully accept all contributions: Less than $60 ISPI Clips Supporter $60 - $99 Primary ISPI Membership (1 year) $100 - $300 Senior ISPI Membership (2 years) More than $300 Executive Council Membership (life) Your ISPI "membership" contribution entitles you to receive "The ISPI Privacy Reporter" (our bi-monthly 12 page hard-copy newsletter in multi-contributor format) for the duration of your membership. For a contribution form with postal instructions please send the following message "ISPI Contribution Form" to ISPI4Privacy@ama-gi.com . We maintain a strict privacy policy. Any information you divulge to ISPI is kept in strict confidence. It will not be sold, lent or given away to any third party. ********************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: (un)subscribe ignition-point email@address ********************************************** www.telepath.com/believer **********************************************