From: “Robert A. Costner” <pooh@efga.org>
To: cypherpunks@Algebra.COM
Message Hash: c96a777914fc658f591d15257095b09540b8c4079d463c70c5f18652d03dcc8e
Message ID: <3.0.3.32.19971201170711.03a67820@mail.atl.bellsouth.net>
Reply To: <v03007801b0a877592509@[198.115.179.81]>
UTC Datetime: 1997-12-01 22:28:57 UTC
Raw Date: Tue, 2 Dec 1997 06:28:57 +0800
From: "Robert A. Costner" <pooh@efga.org>
Date: Tue, 2 Dec 1997 06:28:57 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Big Brother Is Watching ATMs
In-Reply-To: <v03007801b0a877592509@[198.115.179.81]>
Message-ID: <3.0.3.32.19971201170711.03a67820@mail.atl.bellsouth.net>
MIME-Version: 1.0
Content-Type: text/plain
At 11:37 AM 12/1/97 -0800, Paul Pomes wrote:
>Thomas J. Drury walks up to the automated-teller machine in his suburban
>office and swipes his bank card. Instead of punching in a secret code,
>however, he stares straight ahead. The machine verifies his identity by
>looking at his eyes.
>
>If Mr. Drury, chief executive officer of Sensar Corp., and his colleagues
>have their way, this eye-scanning technology will become standard equipment
>on ATMs around the world. It is being tested by NCR Corp. and Citicorp,
>among others.
As wonderful as eye scanning technology may sound, it promises to offer
very weak identification and only be reliable in the short run. This is
based on the premise that a reproduction of an eye will work as well. Just
as a reproduction of a driver's license seems to work for check forgery.
PINs offer security based on the fact that they are a secret. Not a shared
secret. For comparison, take a look at the authentication procedure of the
SSA and Wells Fargo bank. Over the internet, both want
Social Security Number
Date of Birth
Mother's Maiden Name
Imagine a bank machine requesting the same info as the only prerequisite
for dispensing cash! This info might have been a method of secure
authentication about the time I was born, but today, such info is almost
common knowledge. This no longer is a secret, too many people have the
info. Widespread use of eye scanners will provide the same results. As
databases are built, and sold, the raw info becomes available and automated
tellers become excellent targets for fake authentications. If you get it
wrong, you just walk away.
Eye scans may help aid authentication, but they should not take the place
of PINs.
-- Robert Costner Phone: (770) 512-8746
Electronic Frontiers Georgia mailto:pooh@efga.org
http://www.efga.org/ run PGP 5.0 for my public key
Return to December 1997
Return to “Vin McLellan <vin@shore.net>”