From: Kent Crispin <kent@songbird.com>
Date: Fri, 23 May 1997 14:36:57 +0800
To: cypherpunks@toad.com
Subject: Re: New Chip Verifies Fingerprints (fwd)
In-Reply-To: <m0wUlwu-00001AC@r42h17.res.gatech.edu>
Message-ID: <19970522230945.17501@bywater.songbird.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, May 23, 1997 at 12:27:28AM -0400, Decius 6i5 wrote:
> > Veridicom, a spinoff of Lucent Technologies, just demoed (at
[...]
> 
> If I get mugged and the mugger wants access to my bank account all he has
> to do is chop off the relevant finger. Don't laugh. This *WILL* happen.
> Biometrics create an general economic incentive for maiming or murdering
> people.

I'm not so sure that this is realistic.  I have heard that earlier
fingerprint reading cards were very sensitive to size distortion --
that is, if you swung your arm in a circle to increase the blood
pressure in your hand, they would give a false reading, because of the
swelling in the fingers would be sufficient to throw off the
recognition software -- a smart card isn't *that* smart.  A problem 
of false negatives.

If you cut off a finger the blood pressure will go to zero, and the 
dimensions will change quite a bit, relatively speaking.

> I will take you one further... *When you implement a biometric system you
> are deciding that the value of that which is being protected is greater
> than the value of the lives of the people who have access to it.*
> 
> This is obvious if you look at the trade-offs. You are securing the system
> such that the easiest way to break it is to kill a person. Obviously this
> will reduce your instances of fraud, as killing a person is more messy
> then hacking a pin code. However, because the cost of killing someone is
> smaller than the value of the object being protected, there are going to
> be losses. You have to decide that you are capable of swallowing those
> losses. You have to decide that the value of the decrease in fraud over
> a non-biometric system is greater than that of the lives of the people who
> are lost when fraud does occur. This is a despicable situation, but don't
> think you won't see it. It is probably inevitable now. 

You don't have to kill or maim some to induce cooperation, and
biometric devices can be designed to pretty much require that the
subject be living.  Extortion or seduction are both quite viable, and 
work with any security system.  Biometrics don't really add 
anything.

Your point is just as meaningful for cryptography.  All strong crypto 
does is move the weak spot around.

Incidentally, I have heard (from a probably reliable source) that the
best biometric is a retina scan -- very reliable, hard to spoof,
*very* few false negatives.  [False positives are real bad for any
security system, of course.  False negatives are why you want back up
modes of access.]

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html