1997-12-01 - Re: Big Brother Is Watching ATMs

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: cypherpunks@Algebra.COM
Message Hash: c96a777914fc658f591d15257095b09540b8c4079d463c70c5f18652d03dcc8e
Message ID: <>
Reply To: <v03007801b0a877592509@[]>
UTC Datetime: 1997-12-01 22:28:57 UTC
Raw Date: Tue, 2 Dec 1997 06:28:57 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Tue, 2 Dec 1997 06:28:57 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Big Brother Is Watching ATMs
In-Reply-To: <v03007801b0a877592509@[]>
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain

At 11:37 AM 12/1/97 -0800, Paul Pomes wrote:
>Thomas J. Drury walks up to the automated-teller machine in his suburban
>office and swipes his bank card. Instead of punching in a secret code,
>however, he stares straight ahead. The machine verifies his identity by
>looking at his eyes.
>If Mr. Drury, chief executive officer of Sensar Corp., and his colleagues
>have their way, this eye-scanning technology will become standard equipment
>on ATMs around the world. It is being tested by NCR Corp. and Citicorp,
>among others.

As wonderful as eye scanning technology may sound, it promises to offer
very weak identification and only be reliable in the short run.  This is
based on the premise that a reproduction of an eye will work as well.  Just
as a reproduction of a driver's license seems to work for check forgery.

PINs offer security based on the fact that they are a secret.  Not a shared
secret.  For comparison, take a look at the authentication procedure of the
SSA and Wells Fargo bank.  Over the internet, both want 

  Social Security Number
  Date of Birth
  Mother's Maiden Name

Imagine a bank machine requesting the same info as the only prerequisite
for dispensing cash!  This info might have been a method of secure
authentication about the time I was born, but today, such info is almost
common knowledge.  This no longer is a secret, too many people have the
info.  Widespread use of eye scanners will provide the same results.  As
databases are built, and sold, the raw info becomes available and automated
tellers become excellent targets for fake authentications.  If you get it
wrong, you just walk away.

Eye scans may help aid authentication, but they should not take the place
of PINs.

  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key