Skip to main content

The Problem with Biometrics


Biometrics is touted as the solution to all identity problems we have. It is like Manna from heaven that would solve all the problems associated with user IDs and passwords and tokens and make everyone so unique because of the fact that they have finger prints, retinas, face geometry, hand geometry, wrinkles on the face and whichever set of controls required to ensure that the person identifying himself is him/her.

However, this identity is under pressure from a set of technologies, that helps in recording it in such minute details that with advances in technology these could be replicated without much ado over time. Lets look at Cameras with super sensitive irises. These Cameras with high resolution sensors to the tune of 50 Mega Pixels announced recently by Canon and other Japanese Camera Leaders, makes you wonder, if your iris is protected at all. Can somebody take a shot of your iris or a shot of your fingers, make a copy of it and run away with your identity. It is a possibility and it is an area of concern to many of the developers as well as those who need to protect devices and physical protection using biometric devices.
The two pictures in this blog is to show the detail that you can expect from a simple camera, would not say who the iris belongs to for obvious reasons (Could be my Cat , Dog or my Hamster) and I also tried the same with the patterns in my fingers.These pictures are to show how much detail could be captured in a photograph.
                  
We are seeing three dimensional photographs, 3d scanners that are available in the open source domain as well
This also leads to the question about using Biometrics by the Government, Is the Government ready to protect this information, Do they need to collect this information at all, Is there not a possibility that your identity may get misused by a rogue government that have an agenda against elimination of dissent. What if they end up raking up evidence against you, the fact being that they have access to your information. This being unique, how can you take a different identity. Are we going to see a new trend of Cosmetic Surgeons, who would for a fee help you change your biometric identities. Liposuction, Tummy Tuck, Breast Augmentation and ofcourse Retina Change, Hand Geometry Swap, Finger Print Change services. We are moving into a new world of uncertainties.


It is of  major concern that you are scanned at entry into the United States, Retina Scan in some of the Gulf Countries and if the other countries start doing the same, For example any American from the USA (To be fair to Canadians and Mexicans and other countries of North America and South America) get scanned on entry into say Russia or China. Is there a guarantee that this information is secure? Would you trust a foreign Government with your only data that is indelible? Would the Chinese, Russians or Indians have trust that the data collected by the US immigration department will not be misused? You never know how this information can be misused? Every Government in this wide world may start scanning International travelers as a retaliatory measure and soon this data would become valuable.


In Information Security we say that the chain is as strong as the weakest link? Imagine a time when Biometrics are the only way to authenticate against systems. A rogue country may use this data to break into the systems of the attacked country. I will use the information I have collected to breach into the systems. It is pretty scary thinking about losing your identity. I have already lost it a few countries that already has my Iris Scans, Full hand geometry and scan of every finger in my body.

If possible under all circumstances, people should resist giving biometrics and biometrics being used as the only way to identify somebody. Would we not be implicated in crimes that we never performed because a mafia gang has a large set of stolen identities to perpetuate their crimes. Well well , Welcome to the new world!!!

Comments

Popular posts from this blog

Malware Damage - It is real and you need to be ready ...

  Malware, short for "malicious software," is any software intentionally designed to cause harm to computer systems, networks, or devices. Malware can take many forms, including viruses, trojan horses, worms, ransomware, spyware, and adware, among others. The dangers of malware are numerous, and it is crucial to protect yourself from malware to avoid serious consequences, such as: Data theft: Malware can be designed to steal personal information, such as bank account details, social security numbers, and login credentials. Once this information is stolen, it can be used for identity theft, financial fraud, and other malicious activities. System damage: Some malware can damage your computer system, causing it to crash or malfunction. This can result in lost data, system downtime, and costly repairs. Financial loss: Malware can also be used to extort money from victims. For example, ransomware can lock down a victim's computer and demand payment in exchange for the decrypti...

HIPAA - What is that we need to know .... Cyberawareness for a Health Care Organization

  Here is a detailed cyber awareness training for HIPAA candidates: Introduction to HIPAA: Provide an overview of the Health Insurance Portability and Accountability Act (HIPAA) and the importance of protecting patient information. Understanding HIPAA regulations: Explain the different regulations under HIPAA, such as the Privacy Rule, Security Rule, and Breach Notification Rule. Identifying and reporting breaches: Teach employees how to identify a potential breach of patient information and the proper procedures for reporting it. Phishing and social engineering: Provide training on how to identify and avoid phishing emails and other social engineering tactics. Passwords and authentication: Teach employees about the importance of strong passwords and multi-factor authentication. Mobile device security: Discuss the risks of using mobile devices to access patient information and the measures employees can take to keep the information secure. Remote access security: Explain the risks ...

AI/ML Open Source Framework for adoption at an organization

  Data Storage : The first step in any ML pipeline is to store the data that will be used for training and testing. AWS offers various data storage options like Amazon S3, Amazon EFS, and Amazon EBS. Choose the one that best suits your requirements. Data Preprocessing : Data preprocessing is an important step in any ML pipeline. This step includes cleaning, normalizing, and transforming the data to make it suitable for training ML models. You can use open-source libraries like Pandas, NumPy, and Scikit-Learn for data preprocessing. Model Training : The next step is to train your ML models. You can use open-source ML frameworks like TensorFlow, PyTorch, or Apache MXNet for this step. AWS also offers its own ML framework called Amazon SageMaker, which provides a managed platform for training and deploying ML models. Model Evaluation : Once the models are trained, they need to be evaluated to ensure that they are accurate and reliable. You can use open-source libraries like scikit-lea...