On Mon, Jun 9, 2014 at 9:10 AM, Cathal Garvey <cathalgarvey@cathalgarvey.me> wrote:
Also, many (perhaps most) biometrics can be trivially forged. Facial pictures are laughable without depth, but a 3D printed mask can probably fool them even then. DNA is trivial to copy using the same methods forensics depend on to ID it (and there are even companies that will produce artificial DNA fingerprints to-order, now). Fingerprints can be cloned using toner, and even enhancements like temperature/humidity.. observe CCC's defeat of the iPhone fingerprint scanner within days of release.
Biometrics suck for privacy and security because you're often giving them a sample of the raw biodata itself... your picture, palmprint, dna. They have that and can use it against you or lose custody and you yourself have been compromised with no own fault of yours and cannot go back. Now if you give it to your own machine which makes and presents a hash to others, you are safer there. But no more secure than former. Two factors of 'know' and 'have' with threat of sanction usually works fine. ie: HOTP, secureid, key+pin, your own biohash, etc. Be careful what you wish for, some holes have value.