Skip to main content

The Problem with Biometrics


Biometrics is touted as the solution to all identity problems we have. It is like Manna from heaven that would solve all the problems associated with user IDs and passwords and tokens and make everyone so unique because of the fact that they have finger prints, retinas, face geometry, hand geometry, wrinkles on the face and whichever set of controls required to ensure that the person identifying himself is him/her.

However, this identity is under pressure from a set of technologies, that helps in recording it in such minute details that with advances in technology these could be replicated without much ado over time. Lets look at Cameras with super sensitive irises. These Cameras with high resolution sensors to the tune of 50 Mega Pixels announced recently by Canon and other Japanese Camera Leaders, makes you wonder, if your iris is protected at all. Can somebody take a shot of your iris or a shot of your fingers, make a copy of it and run away with your identity. It is a possibility and it is an area of concern to many of the developers as well as those who need to protect devices and physical protection using biometric devices.
The two pictures in this blog is to show the detail that you can expect from a simple camera, would not say who the iris belongs to for obvious reasons (Could be my Cat , Dog or my Hamster) and I also tried the same with the patterns in my fingers.These pictures are to show how much detail could be captured in a photograph.
                  
We are seeing three dimensional photographs, 3d scanners that are available in the open source domain as well
This also leads to the question about using Biometrics by the Government, Is the Government ready to protect this information, Do they need to collect this information at all, Is there not a possibility that your identity may get misused by a rogue government that have an agenda against elimination of dissent. What if they end up raking up evidence against you, the fact being that they have access to your information. This being unique, how can you take a different identity. Are we going to see a new trend of Cosmetic Surgeons, who would for a fee help you change your biometric identities. Liposuction, Tummy Tuck, Breast Augmentation and ofcourse Retina Change, Hand Geometry Swap, Finger Print Change services. We are moving into a new world of uncertainties.


It is of  major concern that you are scanned at entry into the United States, Retina Scan in some of the Gulf Countries and if the other countries start doing the same, For example any American from the USA (To be fair to Canadians and Mexicans and other countries of North America and South America) get scanned on entry into say Russia or China. Is there a guarantee that this information is secure? Would you trust a foreign Government with your only data that is indelible? Would the Chinese, Russians or Indians have trust that the data collected by the US immigration department will not be misused? You never know how this information can be misused? Every Government in this wide world may start scanning International travelers as a retaliatory measure and soon this data would become valuable.


In Information Security we say that the chain is as strong as the weakest link? Imagine a time when Biometrics are the only way to authenticate against systems. A rogue country may use this data to break into the systems of the attacked country. I will use the information I have collected to breach into the systems. It is pretty scary thinking about losing your identity. I have already lost it a few countries that already has my Iris Scans, Full hand geometry and scan of every finger in my body.

If possible under all circumstances, people should resist giving biometrics and biometrics being used as the only way to identify somebody. Would we not be implicated in crimes that we never performed because a mafia gang has a large set of stolen identities to perpetuate their crimes. Well well , Welcome to the new world!!!

Comments

Popular posts from this blog

Malware Damage - It is real and you need to be ready ...

  Malware, short for "malicious software," is any software intentionally designed to cause harm to computer systems, networks, or devices. Malware can take many forms, including viruses, trojan horses, worms, ransomware, spyware, and adware, among others. The dangers of malware are numerous, and it is crucial to protect yourself from malware to avoid serious consequences, such as: Data theft: Malware can be designed to steal personal information, such as bank account details, social security numbers, and login credentials. Once this information is stolen, it can be used for identity theft, financial fraud, and other malicious activities. System damage: Some malware can damage your computer system, causing it to crash or malfunction. This can result in lost data, system downtime, and costly repairs. Financial loss: Malware can also be used to extort money from victims. For example, ransomware can lock down a victim's computer and demand payment in exchange for the decrypti...

HIPAA - What is that we need to know .... Cyberawareness for a Health Care Organization

  Here is a detailed cyber awareness training for HIPAA candidates: Introduction to HIPAA: Provide an overview of the Health Insurance Portability and Accountability Act (HIPAA) and the importance of protecting patient information. Understanding HIPAA regulations: Explain the different regulations under HIPAA, such as the Privacy Rule, Security Rule, and Breach Notification Rule. Identifying and reporting breaches: Teach employees how to identify a potential breach of patient information and the proper procedures for reporting it. Phishing and social engineering: Provide training on how to identify and avoid phishing emails and other social engineering tactics. Passwords and authentication: Teach employees about the importance of strong passwords and multi-factor authentication. Mobile device security: Discuss the risks of using mobile devices to access patient information and the measures employees can take to keep the information secure. Remote access security: Explain the risks ...

Where are you on your Cybersecurity > Part 1 Evaluate your strenghts and weaknesses..

  here's a checklist to identify strengths and weaknesses in cybersecurity in a team. The user can score themselves against each item to identify gaps in their cybersecurity posture: Cybersecurity Policies and Procedures: Does your team have documented cybersecurity policies and procedures? Are they up-to-date and reviewed regularly? Are they communicated effectively to all team members? Access Controls: Do you have strong password policies in place? Do you enforce multi-factor authentication for sensitive accounts? Do you restrict access to sensitive information and systems on a need-to-know basis? Network Security: Do you have a secure network architecture that includes firewalls, intrusion detection and prevention, and security monitoring? Are your network devices, such as routers and switches, configured securely? Do you monitor and log network activity for potential security threats? Endpoint Security: Do you have antivirus and anti-malware software installed on all endpoints?...