November 11, 2008 at 3:35 am
Why worry about fingerprints when you can use DNA. Scientists tell us that every person's DNA is unique, so here we have an infallible way of proving identity and family relationships!
Except that the more science knows about this grossly immature disipline of DNA, the more it discovers that infallibility is not guarenteed. There are now witnessed cases of women giving birth to children whose DNA does not match the mother's - a godsend to the mother who was accused of stealing her children from other families. Given another 20 to 50 years for this disipline to mature and I reckon we will know about a whole load of other oddities about DNA that will have to be taken into account by any system that uses DNA to 'prove' identidy.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
November 11, 2008 at 4:35 am
But at least with DNA, because it is relatively immature, an attempt is made to quantify the error rates.
The possibility that more of us are (at least to some extent) Chimeiras than is generally assumed is indeed very interesting. Of course the way to deal with that is also to try to quantify the occurence and deal with it rather than ignore it.
November 11, 2008 at 7:02 am
Another well-documented case is that of Shirley McKie
Not only does this show that things can go wrong, but how hard it can be to prove your side of the story, and of the dangers of indiscriminate recording of bio-metrics.
For those of you who don't know, a quick re-cap:
Shirley was a police officer. Following a drugs-raid, a finger-print was found at the scene. When checked against the Police database, it was stated that this was categoric evidence that she had been in that location. She was asked why, and naturally denied it. Since they had 'proof' that her denial was a lie, she was sacked.
MUCH later on, she was able to prove that the identification process had gone wrong, and there was actually no match, but it is easy to imagine a situation where a single print actually DID match - fingerprints are not unique: it is extremely unlikely that a full set of prints on two people would match, but it is not that uncommon for two single fingers to match.
Of course, the only reason this was a problem, was that Shirley's prints were on file, so that they could be eliminated from situations where she had genuinely, officially participated. Had she been an ordinary member of the public, she would not have been 'fingered'.
Unless we had all had our fingerprints taken for some sort of 'National Entitlement Card' ...
November 11, 2008 at 7:03 am
Several of my previous positions have employed biometric security hardware, and I have always found it to be of questionable value, at least in its current incarnation, largely due to inordinately high failure rate. When I was compelled a few years ago to use a SecuGen thumb-scanning mouse (which apparently at the time only worked under Novell, and thus became an albatross after the agency was switched over to MS, btw) I happily passed this link along to the agency security officer:
http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
November 12, 2008 at 2:28 pm
mike brockington (11/10/2008)
... These will then be published on the Internet, allowing anyone to make their own latex copies, or whatever. Other studies have shown that a simple photo-copy is enough to fool most finger-print scanners.
I didn't hear about this Jacqi Smith case, I'll have to look it up.
On Mythbusters, they did a segment on defeating fingerprint locks. They copied the print, scanned it, and found that a printed copy (scaled properly) didn't work. So they enlarged the print and used a felt tip marker to fill in the voids that the lifting process lost. Scanned it again, printed at proper scale, and the paper copy of the print worked just fine.
Fingerprint matching is an interesting process. The Federal system spits out 6-8 matches and near matches, then a certified fingerprint technician does a match between the crime scene print and the ones provided by the computer, then further identification can be made. So you're not going to be convicted on a computer match, a person must do it and can be cross-examined in court.
It is quite a problem. I saw a piece this morning on Slashdot (IIRC) saying that scents are unique per person and don't change based on diet. I'm not sure I buy that, it'll be interesting to read further on it.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
November 12, 2008 at 3:35 pm
Yikes, a smell sensor?!?!
Not sure I want to handle data quality on that one
November 12, 2008 at 3:45 pm
Steve Jones - Editor (11/12/2008)
Yikes, a smell sensor?!?!Not sure I want to handle data quality on that one
The smell data is coming. Several entertainment companies are jousting patents over home theater options for adding odor (or odour, for those outside the US)... Disney already has several attractions which inflict smells on the visitors. My sons thought the Stitch escapes attraction was funny; I personally didn't enjoy having an animated character pass gas in my ear while strapped into the ride's restraints.
I'm thinking that the smellometrics might be the way to go, but it has the verification problem as any other biometric that has to be digitized, transmitted and compared with the centrally-maintained authorization data store. That said, I know that your dogs know who you are in the dark, regardless of what other smells you've been involved with recently (with a few exceptions: skunks, cayenne powder, gasoline, etc). If the smellometer can "tune out" the distractors of food, alcohol, perfume, etc, and focus on the unique phermonal-type scent we each have...
Amusing science fiction opportunity: "The odor sensors on the security door can't tell whether that guy doused with gasoline is the right guy or not... but he looks like his picture." Heh.
November 12, 2008 at 3:50 pm
Uniqueness of the actual "prints" probably isn't even the main issue (with any biometrics). An imperfect or partial biometric "print" from a crime scene could "match" several originals regardless of whether the originals are unique.
In fact, this was used as an excuse by the FBI experts (after the exposure of their "mistake") for the incorrect match in the Madrid bombing. Of course if they had been competent (or honest?) they would have admitted upfront that a positive match could not be made with certainty because of the (lack of) quality of the print provided.
January 12, 2009 at 3:19 am
what is the legal aspect of a company holding bio-metric data ? In age when the government is debating compulsory ID cards etc (not to mention losing data with frightening regularity ) are there not any rules as to how private companies can handle biometric data ..
.. are there no restrictions as to what biometric data your employer can hold about you .. or indeed can they insist you supply it ?!
January 12, 2009 at 10:26 am
I'm not sure there are great regulations in this area. Legal requirements and limits usually lag far behind the technology.
January 13, 2009 at 3:33 am
At the very least, it must count as 'Personally Identifying Data' so all of the limits of the Data Protection Act would count (in the UK). Note that one of those provisions is a requirement for a reasonable reason to hold the specific data, so I can't see many employers having a legitimate reason to hold any biometric data - anything used for authentication purposes should presumably be limited to a hash?
January 13, 2009 at 4:04 am
but if theres a reasonable business/security case to hold employees handprint data then presumably the employer could enforce the requirement for it ? as long as their storage of the data came within the data protection act ?
January 13, 2009 at 8:53 am
Yes, they could. In fact, there are data centers that require a handprint or retinal scan to access them. They store a biometric representation of you.
May 3, 2013 at 10:28 am
Fascinating topic. Thanks.
It seems to me the ultimate biometric data would be some kind of very rapid DNA fingerprinting. But I agree that the copying issue is paramount. No matter how precisely one can identify a person, there is always a risk that someone else could copy that "fingerprint" and submit it to a sensor.
Perhaps the weak point is in the submission of the "sample," whether it's a retina scan, thumbprint, etc. In the movies, it is already a cliche to see someone hold up a severed hand or (gross) eyeball to get past a biometric scanner. So unless someone can find a way to ensure that the item being submitted for scanning is in fact coming from the original, living person, then there is always a chance at a breach due to impersonation.
- webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
May 3, 2013 at 12:27 pm
See my signature quote. 😀
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
Viewing 15 posts - 16 through 30 (of 32 total)
You must be logged in to reply to this topic. Login to reply