Security-by-credential or security-by-inspection
Bill Stewart
bill.stewart at pobox.com
Sat Nov 10 00:55:34 PST 2001
At 01:12 PM 11/09/2001 -0800, Greg Broiles wrote:
>At 01:10 AM 11/9/2001 +0100, Nomen Nescio wrote:
>>[...]
>>A few other irrelevant points have been made. Given that ID is not
>>perfectly reliable, do we need to tattoo numbers on people's forearms?
>>This is the fallacy of perfection. ID can be combined with a simple
>>thumbprint for biometric identification (already widely used for cashing
>>checks) and you will raise the cost of forgery considerably.
>
>Bullshit. There's no real-time on-line database of ordinary
>citizen fingerprints available to match versus ID cards,
>even if the cards (which don't exist and haven't been issued) were available.
They require the forger to have access to the format used
by the fingerprint storage system, not that that's _too_ hard.
They also require that a minimum-wage security guard
be able to do fingerprint matching, which says that the
system needs to be automated and somewhat error-tolerant.
Besides, run this sort of scam on the public for very long,
and you *will* have a database of fingerprints -
not hard to put on line.
The main thing it accomplishes is that it somewhat reduces theft
of ID cards, and forces people who lose their Internal Passport
to keep getting new ones with their own fingerprints
or use better fake documentation when they reapply.
>The "ID card" fairy tale still loses.
More information about the cypherpunks-legacy
mailing list