Tuesday, March 22, 2005

Art imitates Grits on biometrics

Did anybody else see the tail end of the TV show "24" last night?

A terrorist murdered an Air Force pilot after blackmailing him to get onto a secure military base. The terrorist shot the pilot and shoved him in the trunk, but before closing it, first cut off the pilot's finger for use in the base's biometric-keyed entry system!

Either this is a sign that Grits' critique of biometric keys and identity cards is on to something, or that I should give up blogging non-fiction and write screenplays for television. (Given my past efforts at fiction writing, I think the odds for the former are better.) On Saturday I wrote:
So, once fingerprints become a biometric key to your car or password to your computer, how long will it be before thieves steal the data, or worse, chop off somebody's finger to steal their stuff?
How long indeed? It wasn't three days before somebody did it on television.


Pete Guither said...

Amazing how they managed to write and shoot the episode in 3 days!

Gritsforbreakfast said...

Hopefully you jest and my play off the phrase "Art imitates life" was apparent. They're clearly way ahead of me, and I'll wager the actual bad guys out there are too. Best,

Jeb said...

Dan Brown used the severed finger biometric hack in Angels & Demons. So, the idea has been around the block a few times.

But, I understand that most biometeric sensors have security measures for determining whether live tissue is being use.


Gritsforbreakfast said...

It doesn't seem like the swipe on the microsoft keyboards being advertised look at the fingerprint long enough to detect lifesigns, though maybe more sophisticated systems would.

This fellow seems to think one could lift a print off a severed finger and use it. I have no firsthand knowledge, but that article has a decent discussion of some of the other problems from a proponent's perspective, and some interesting comments.

Even if you're right, though, I still oppose using fingerprints for ID systems since somebody can still steal the data electronically. I consider it improperly risky to use an unchangeable identifier as an identity marker, because if it's stolen you can never get it back. E.g., if my password is my fingerprint, and my fingerprint is stolen from DPS along with thousands of others, like in Nevada, I'm basically screwed.