Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United States

National Biometric IDs 477

Jester998 writes "I just came across this article about how two U.S. congressmen want biometric identification. They're trying to avoid the controversial 'national ID' issue by creating what would be new drivers licenses with biometric information embedded. What does the Slashdot community think about having your retinal pattern embedded on a smart card?"
This discussion has been archived. No new comments can be posted.

National Biometric IDs

Comments Filter:
  • actually, (Score:5, Funny)

    by eric6 ( 126341 ) on Friday May 03, 2002 @03:53PM (#3459609) Journal
    i'd just like my retinas embedded on a smart card. then i could see if i have correct change before pulling out my wallet.
  • by Jerp ( 135831 ) on Friday May 03, 2002 @03:54PM (#3459620)
    I'm just relieved that they no longer want our rectal pattern stamped on the license.
  • Not me (Score:2, Funny)

    by BigGar' ( 411008 )
    I'll gouge my eyes out first.
    That'll teach 'em ......
  • ID. (Score:2, Interesting)

    by saintlupus ( 227599 )
    They're trying to avoid the controversial 'national ID' issue by creating what would be new drivers licenses with biometric information embedded.

    That's a great evasive tactic. After all, when people ask me for identification, they hardly expect to see a driver's license.

    Much like the Social Security Number has become a de facto customer ID number, the driver's license is essentially the official ID card of the nation.

    Try buying a case of beer with a "non-driver identification card" some time. Or god forbid, a passport.

    --saint
    • Re:ID. (Score:3, Funny)

      by (H)elix1 ( 231155 )
      Try buying a case of beer with a "non-driver identification card" some time. Or god forbid, a passport.

      No kidding. Last week I went to Taco Johns, paid with a check, and was asked for some ID. I had my passport, but they would not take it.... had to be a driver's license.

      A week later I go to get a new drivers license -- moved states. The DMV would not take the others state's license since it only had my middle initial, not my full middle name. They did take the passport as ID, however.
  • No, no, no! (Score:3, Insightful)

    by NickRob ( 575331 ) on Friday May 03, 2002 @03:55PM (#3459630)
    A national ID card is a way to restrict freedom. Unlike searches at the airport, you don't gain security for the trade-off. Instead you get to be treated like a criminal when you've done nothing wrong. Would it have stopped any act of terrorism? No. Would it have ever stopped anything? I seriously doubt it. This only oppressed the law abiding citizens.
    • so does a state drivers license.....

      a national id card would ease a lot of the troubles i've had moving a few times between states. i don't mind it.
    • Re:No, no, no! (Score:2, Insightful)

      by j1mmy ( 43634 )
      A national ID card is a way to restrict freedom.

      No joke! My having an American passport has damn-near ruined my life!

      Instead you get to be treated like a criminal when you've done nothing wrong.

      The last time I used my passport, I was not treated like a criminal.

      This only oppressed the law abiding citizens.

      You're absolutely right, sub-genius. Any form of identification is completely uncalled for. I say we all ditch our social security cards, driver's licenses, student id's, employee id's, and any other form of picture id. We should all start wearing bags over our heads to preserve our anonymity, as well as dressing in drab grey robes.

      Who's with me??
    • by ednopantz ( 467288 ) on Friday May 03, 2002 @04:25PM (#3459866)
      A biometric ID won't make us less free. It probably won't make us more secure against terror, although reliable ID might have caught Ahmed Ressam, the guy who plotted to blow up LAX, then panicked at a routine border search. He had come and gone across the US border with different Canadian passports. Sure, half of his names were on watch lists, so he just switched identities. Had he not blown his cool, a lot of people could have died.

      But that isn't what interests me.

      Here is where a biometric ID can help:Identity Theft
      It is trivially easy to impersonate someone and rack up credit card charges, commit crime with their identity, etc. Biometric IDs would put a stop to that.

      A year ago, my wife's wallet was stolen from her gym locker. The usual credit card fraud ensued, which was stopped within a few hours.

      Then the crook took her drivers license, somehow mangled it, and got the her picture on the front and my wife's name. Apparently, the Illinois DMV doesn't compare you to a file picture when you get an ID. This let them write checks on that identity, taking out loans (despite calls to every credit agency to put a watch on that sort of thing), culminating in the purchase (with a stolen check) and financing (naturally) of a used Ford Explorer at a sleazy car dealership too lazy to verify the bank balance or credit info.

      Once the car check bounced, the dealer reported the theft, the cops came to us talking about grand theft auto. After some explaining, the license plate (in my wife's name, of course) was put into the police database. Amazingly, they actually caught this crook when she tried to pass one of the checks for a carton of smokes. The check came up bad (for once!), the store called the cops, who ran the plate of the SUV and got her. She naturally looks nothing like my wife, who is short, skinny, and white, not tall, obese, and black.

      The moral of the story is that it is easy to impersonate someone, causing harm to that person because there is no biometric element at any point in the US ID system.

      It doesn't make us more free because we have unreliable ID. Most of us never have a reason to fake an identity (save trivial stuff like faking your grocery club card). We don't get a privacy benefit from poor ID, we just have the risk of identity theft. How are you less free because your identity may be tied to your physical person? How are you more free because your identity is (at present) not 100% properly verified when you get a passport or drivers license?

      We already leave data trails almost everywhere we go. These can be picked up by commercial concerns interested in selling you the exact type of extreme soda for your demographic. A biometric ID won't change that.

      Your SSN will still be in 1000 poorly secured databases, ripe for the taking. The only thing a biometric ID will do is make it harder to impersonate someone else.

      I say it is high time we get ID that works.

      • Presently: The identity thief (after discovering your name, address, etc.) makes a driver's license but places his/her photo instead of yours on it.

        Biometrics: The identity thief does the same as above but places his/her biometric information on/in the card.

        Results are the same either way. The solution to the above problem is to distribute your biometric information to everyone on the planet who may need to identify you. That's a great idea - not. This biometric solves no old problems but does create many new ones.

        This is either political pork, or a clumsy attempt at doing an "endrun" around the national id issue. I wish I could bitchslap congressmen and senators when they come up with dumb shit like this.

      • DMV security is a joke. I have a friend who is 19. At 17, she went down to the DMV, told them that she was her 23 year-old cousin (Who looks nothing like her), and she got a nice 23-year old's license with her picture on it. The DMV essentially created her bar-hopping fake for her.

        What's scary is how little checking the DMV does on who you really are. Biometrics would definately prevent this kind of thing. What scares me is that anyone could, upon procuring my SSN, walk into the DMV, say they're me, get a license, proceed to get points on said license, and get me arrested next time I get pulled over because according to my record, I have 4 DUIs, a slew of speeding tickets, etc.

        And then there's the issue of using said ID for loans, cars, various purchases, etc. Scary.

        Yeah, it makes you more identifiable. This is a Good Thing (tm) as far as I can see. It's not like the card is transmitting your stats to anyone within 15 feet - it just provides an extra layer of security.
    • It's not the law abiding citizens I
      want to protect: It's the freedom fighters,
      who are actually worthy of the air they breathe,
      unlike said good Germans.
  • by Kphrak ( 230261 ) on Friday May 03, 2002 @03:57PM (#3459641) Homepage
    What does the Slashdot community think about having your retinal pattern embedded on a smart card?"

    The same as ALL THE OTHER attempts to remove our privacy...NO! NO! How often does this need to be repeated before people finally understand that "NO" really does mean "NO"?

    It's not the method of privacy removal that we find disgusting. It's the removal of the privacy in the first place.
    • by jridley ( 9305 ) on Friday May 03, 2002 @04:14PM (#3459792)
      I think you are confusing privacy and anonymity. A nationally unique form of ID doesn't remove privacy. In fact it does not necessarily remove anonymity. If it's abused, it could certainly remove anonymity. However, I'm not sure how an ID card removes your privacy, unless it's got a listening device built in.
    • Are drivers licenses a bad thing? Is allowing easy forging of them a bad thing?

      If you answered no to the first question and yes to the second, I don't see how you can have a problem with a biometric ID system. I accept the fact that for some purposes, it is valuable to be able to validate your identity. If it is valuable to do so, then it is more valuable to be able to do so reliably.

      When the government (or corporations) start asking you to validate your identity unnecessarily, bitch about privacy by all means. But making validation more reliable when it's needed is a good thing.
      • You can't travel without being tracked.
        That's a violation of your privacy,
        all sophistry and gerrymandering aside.
        • you can't travel BY THE GOVERNMENT FUNDED AIRLINE SYSTEM without being tracked.

          go buy a used car from the guy down the street, and fill up at chevron and you're good to go anonymously.
        • All attempts to change the subject aside, making ids more difficult to forge is a good thing. This is a discussion of whether or not biometric information in a national id is a good thing, not a discussion about how ids are used. I explicitely pointed out that we have to be cautious about in what circumstances we allow the government/corps to require id.

          I do very much agree that ids are required far too often, but the solution to that is to fix the problem, not to make it easy to forge ids.
      • Are drivers licenses a bad thing?

        In concept, no. In practice, yes. Current CA driver's licenses encode each piece of data printed on the front into the magnetic stripe on the back. Businesses have begun swiping licenses and ID cards for age verification and capturing the other data for demographic purposes.

        Is it the DMV who's violating my privacy? No. Is it the DMV who's at fault for my privacy being violated? Yes. Do I want the same people who thought it was a good idea to encode my age, address, height and weight on the back of my driver's license to also have access to my retinal scan data? Hell No!

        I can give a police officer my driver's license and he can see a picture of me and read my name. What further identification is necessary?

        Is allowing easy forging of them a bad thing?

        Yes, it is. Is encorporating biometric information into them the best way to make them hard to forge? No. It is expressly the *wrong* way to do it.

        With current technology, forging a retinal scan would probably be quite difficult. But criminals will always be pushing the envelope of technology trying to get ahead of the technology that law enforcement uses. We need to make a system that utilizes the latest technology, but remains as flexible as possible should criminals catch up. By using something like a retinal scan (something that cannot be changed), you limit the system's flexibility 10 and 20 years down the road.
        • The bad thing in my opinion is not that a COP can swipe your id and get your information. This is valuable in that it reduces both work for the cop and errors in validating your identity. What a larger problem in my opinion is that businesses can buy id readers and check your ids. Getting valuable information about you for next to nothing in cost. an example is the story on /. a couple of weeks ago about the bar in Boston (I think) that tracked all of it's customers.

          It's bad enough that Vons, Ralphs, Price Chopper, etc all track our shopping habits, but if they made us swipe our ids then they could track us forever.

          Also I don't think that forging a retinal scan would be difficult at all. Think about it, unless the data on the card is encrypted via some sort of public key system where the private key is in a central DB, anyone who knows how to read/write the data on a card can replace it with bogus information.
  • by Anonymous Crowhead ( 577505 ) on Friday May 03, 2002 @03:57PM (#3459650)

    The do a scan of your hand and match it to info embedded in your passcard. You have to do this at 3 of the 7 security check points to access your servers.
  • $315 Million? (Score:5, Interesting)

    by jweb ( 520801 ) <jweb68@@@hotmail...com> on Friday May 03, 2002 @03:58PM (#3459652)
    Setting aside the privacy issues for a moment, how do these guys figure that $315 million will be enough money to create this system?

    After all, with the current US population somewhere in the neighborhood of 270+ million (I'm too lazy to look up a more accurate estimate) they think they can create and implement this system for just over $1 per citizen?

    Seems a little conservative to me.
    • Re:$315 Million? (Score:4, Insightful)

      by totallygeek ( 263191 ) <sellis@totallygeek.com> on Friday May 03, 2002 @04:28PM (#3459888) Homepage
      they can create and implement this system for just over $1 per citizen?


      No, no. That $315 million was per citizen. The day the government can implement something decent Hell will have a slight chill.

    • I worked in the plastic card industry writing firmware for PVC card printers/encoders. Assume 100 DMVs per state (5000 DMVs total), comes to about $63,000 in equipment (biometrics + printer/encoder), and I think I'm being a little generous with the DMVs, especially with states like Delaware.

      Consumables (cards, color ribbons) are another thing. (Smartcards are pretty cheap at about or less than $1 a card if memory serves me right)
    • Re:$315 Million? (Score:3, Insightful)

      by gambit3 ( 463693 )
      I think that this figure, as most other figures for proposed legislation, are woefully under-estimated, just to give it a chance to pass.
      Once it's approved, well, Budget overruns, here we come!

  • by Wedman ( 58748 ) on Friday May 03, 2002 @03:59PM (#3459656)
    Why not just mark everybody's hand and forehead? If they don't have the mark, don't let them buy and sell. Easy as that.
    • [16] And he shall make all, both little and great, rich and poor, freemen and bondmen, to have a character in their right hand, or on their foreheads.
      [17] And that no man might buy or sell, but he that hath the character, or the name of the beast, or the number of his name.

      Revelation 13:16-17

  • Why? (Score:5, Insightful)

    by wk633 ( 442820 ) on Friday May 03, 2002 @04:00PM (#3459667)
    Nobody is asking what the problem is that this is supposed to address. Step 1) of implementing a security measure is to ask "What is the problem it addresses?"

    So, what is the problem? Terrorism? The 9/11 terrorists HAD legal id. Having their DNS sequence on the card would not have stopped them.
    • Re:Why? (Score:2, Funny)

      by rhost89 ( 522547 )
      Having their DNS sequence??? I think you've been behind a console too long :)
    • The 9/11 terrorists HAD legal id. Having their DNS sequence on the card would not have stopped them.

      Your argument is somewhat flawed.

      What happened on September 11th was a first of its kind. It was the first time a plane had intentionally been flown into a building, and it was the first time that foreign terrorists had been so successful in the US (we were used to it only happening over there).

      Being thinking humans, we can generalize a bit, and see that the US isn't as invulnerable as we thought. This wasn't the only way that terrorists could have attacked us, and in fact, they probably won't attack us in the same way again because they know we'll specifically be looking for those patterns. America was very suprised, and the logical reaction is to protect various avenues that terrorism could be carried out.

      However, we almost certainly are going to overreact and clamp down more than we need to because emotions are high right now. In time, it's possible that more logic and less emotion will be used to make these decisions. On the other hand, these are politicians we're talking about.

      • Re:Why? (Score:2, Interesting)

        by Iguanaphobic ( 31670 )
        In time, it's possible that more logic and less emotion will be used to make these decisions.

        Consider the logic. All 19 terrorists were Saudi. The US attacks Afghanistan.
        Consider economics. The US buys large quantities of oil from Saudi Arabia. The US would like to buy large quantities of oil from Turkmenistan to lessen their dependence on the benevolence of Saudi Arabia. Unfortunately, the Taliban were in control of the country that the needed pipeline would need to cross.

        Solutions: Change the government in Afghanistan to get to the richest oilfields in the world. Don't invade Saudi Arabia to kick the terrorist governments butt and jeoprodize the US oil supply. Once you get by the hypocrisy of it all, it's really quite simple. It's all about maintaining the "American Way Of Life"tm at all costs. Everything else is window dressing.

  • Better than SSN (Score:4, Insightful)

    by loosenut ( 116184 ) on Friday May 03, 2002 @04:00PM (#3459671) Homepage Journal
    I haven't considered all of the ramifications, but I think it's a good idea. There may be privacy issues, but, really, who cares if your retinal pattern is in a database somewhere? It isn't as if your DNA is being sampled[1].

    What makes this a GOOD idea is that identity theft would be much more difficult. Right now, if someone gets a hold of your SSN, they can screw you over. It's much more difficult to recreate a retinal pattern.

    David Brin refers to this distinction in The Transparent Society. Your SSN maybe a good identification number, but in many cases it is also used as a password, which is just foolish, because you can't change it, and it can be stolen. On the other hand, a retinal scan, as I said above, makes an excellent ID/password, because it is so difficult to duplicate.

    I'm still interested to hear other's arguments against this.

    [1] The implication here is that insurance companies may be able to get a hold of your DNA and use the information within against you.
    • Re:Better than SSN (Score:5, Insightful)

      by Hooya ( 518216 ) on Friday May 03, 2002 @04:21PM (#3459835) Homepage
      Your SSN maybe a good identification number, but in many cases it is also used as a password, which is just foolish, because you can't change it, and it can be stolen. On the other hand, a retinal scan, as I said above, makes an excellent ID/password, because it is so difficult to duplicate.

      you contradicted yourself. you said SSN as a password is bad because you can't change it. but in the next sentence you go on to say retina is good? if someone does figure out my retinal patterns in practical resolution. what options do i have? change my eye? and link 'pwd' to extract my eye, extract the eye of a coworker down the hall with a mechanical arm and then interchange 'em?

      i suppose you've been getting retina implants on a daily basis huh? and what happens when you do donate you eye (i have to plead ignorance here as i don't know which eye-part is actually transplantable.)?

      Oh btw, just like 640k was sooo enough for everyone; and the world market only had demand for about a thousand (or a hundred, i forget which) computers (some IBM head-huncho back in the 60s) retinal scans are very difficult to replicate.

      in the process of implementing this type of IDs, we will have figured out a cost effictive way to work with retina-scans. effectively, figuring out reproducing and or manipulating the scans. what seems difficult technologically will become trivially easy tomorrow. so don't bank your entire identity on the fact that today's technology can't crack it. because tomorrow, you may cease to exist.

      • the world market only had demand for about a thousand (or a hundred, i forget which) computers (some IBM head-huncho back in the 60s)

        You're out by several orders of magnitude, and a couple of decades.

        "I think there is a world market for maybe five computers." - Thomas Watson, chairman of IBM, 1943.
    • A retinal scan only makes a good identification when the scanner is secure, which cannot be guaranteed. The danger here is that you can't change your retinas like you can change your password, but if folks assume retinal scans are 100 precent secure, there's a very real security risk. Far better is a combination of a retinal scan (something you are), a password (shared secret), and secure hardware with public key encryption (something you have).
    • It need only be stolen from the vulnerable and highly enticing gov't system that holds it in a database.
    • There are two parts to this problem. The first is somebody else impersonating you, something biometrics can address.

      The second is your right to remain anonymous. Or, at least, to avoid having information from one transaction being brought into an unrelated one. We're seeing this now (e.g., many insurance companies now raise rates for drivers with bad credit ratings, but you can get a "bad" rating if you're a careful shopper and visit many local car dealerships who (technically illegal, but common practice) run a credit check on everyone who seems to be a serious buyer.
    • Why is it that there's such tremendous opposition to standardizing voting methods, which has obvious practical advantages and almost no potential for abuse, and yet there's always another proposal to make my personal identification nationally "transparent", which has few really practical advantages but huge potential for abuse?
  • Um...and what's this supposed to accomplish?

    So the people making fake drivers licenses have to jump through some extra hoops...big deal. What problem is this solving? This smacks of gun control and Windows Product Activation...in that it just makes things more difficult for John Q. Public. Fake IDs will still be easily accessible.

    Besides, don't we pretty much already have a national ID system? As in a Social Security Number?

    • It's still theoretically possible to withhold your SSN from any agency except the SSA. (yeah, right, and income tax was just for a couple of years, until we paid off the world war one debts).

      I'm not sure where the SSN refusal is protected in the law, but I'm assuming it must be pretty deep, since people are talking about building a new ID system rather than trying to change the law so we can use that one.
      • First, while it's entirely within your rights to refuse to disclose your SSN, it's also entirely within the rights of most businesses, credit providers, etc., to simply refuse to offer you services without the information. People "sell" their privacy on a daily basis, and will probably continue to do so as long as credit and convenience are the top priorities of our society.

        Second, Social Security Numbers are not, I repeat, not, a reasonable form of identification. They are a very low-order numeric designator, which is completely useless as proof of identity. Hell, the number is shorter than a phone number with area code, and phone numbers are designed to be easy to remember by the dozens.

        This was really driven home for me recently, when my girlfriend and I were submitted a rental application, and found out that some woman in LA had used my girlfriend's SSN in a bankruptcy hearing two years ago, resulting in a nice, fat warning siren going up every time someone did a credit check on her.

        We really, really need good PKI and trust metric systems, not more "secret" identifiers that can easily be stolen and mis-used. The technology exists, and it certainly can't be any worse than the current state of affairs, which is basically a case of security being totally based on random chance and a poorly-educated public.

  • I *am* an entry (Score:4, Insightful)

    by JabberWokky ( 19442 ) <slashdot.com@timewarp.org> on Friday May 03, 2002 @04:01PM (#3459688) Homepage Journal
    Look, I am a person. I can be identified. I don't care *how* precisely I am recorded - it's *who* gets those records and *what* is done with them.

    The basic question is easily stated: do we apply the privacy desires of the majority, or the privacy desires of the individual? The majority may very well not have a problem with having megabytes of data in every corporate database that leads to loads of junk mail, spam, targeted ads, higher insurance, HMO profiling, your neighbor knowing about how depressed you got when your fiancee left you, if you are a women, the creepy guy down the street finding out when you shop and what tv shows you like so he can always "bump into you"... ad naseum. Once the data is open, it will get used in... creative... ways that we can't predict.

    So... I am a mass of data. I know what I like, what I don't like, my favorite indulgences, my pet peeves, my moral boundaries. I don't want my neighbor knowing.

    Biometric info on my ATM card? Sure! As long as it *remains tied* to that account. If you start cross correlating that with my purchasing and medical data, that starts to worry the hell out of me. Not for what will happen in the next few years - but for how my children's children will live.

    Do we really all want to live on the set of the aptly named "Big Brother" with any corporation or neighbor with a wallet able to predict, profile and peer into our lives?

    I am data, and I want to be able to control who knows me.

    --
    Evan

    • (BTW - before some yutz points out that this is biometric info on a driver's license, not an ATM card, I knew that when I wrote that. This is a general statement on privacy, and I was using an ATM card, as that's a place where biometirc info seems like a Good Thing. I'm not sure why they would need such info on a DL, other than to tie into other databases.)

      --
      Evan

  • That'd be fine, since retina prints change over time and are not a useable form of ID. Perhaps you mean IRIS print, or face or hand profile?
  • What does the Slashdot community
    think about having your retinal pattern embedded on a smart card?


    Better than having rectal patterns on the card

  • Stop thief! (Score:5, Funny)

    by bachelor3 ( 68410 ) on Friday May 03, 2002 @04:08PM (#3459743)
    Using a biometric identifier in an encrypted chip would make it much harder for criminals to steal people's identities, Drummond said.

    Harder?!? Like when Arnie used an employee's dismembered thumb to gain unauthorized access in The Sixth Day [imdb.com], or when Wesley used a employee's eyeball to escape from prison in Demolition Man [imdb.com]??? Oh no, biometric technology will simply cause violent crimes to increase. Identity theft will come to signify the loss of a finger or eyeball! We must rely on movies to provide the rationalization our policy makers lack : )

    • Re:Stop thief! (Score:2, Informative)

      by Fredge ( 186975 )
      Any decent biometric reader out today has the ability to determine if the finger/hand or eyeball being scanned is alive or not.
  • Two Virginia congressmen have proposed a $315 million program that would require biometric markers on all states' driver's licenses within five years, according to federal legislation the pair filed Wednesday.

    ...all this just to curb underage drinking
  • by gillbates ( 106458 ) on Friday May 03, 2002 @04:09PM (#3459752) Homepage Journal
    According to a statement by Moran, at least eight of the 19 September 11 hijackers were able to easily obtain licenses.

    Which had absolutely nothing to do with the fact that they were able to hijack 4 jetliners with nothing more than box knives, and used a rented car to go to the airport. The fact that lawmakers think that the voting public can't tell the difference between giving someone a driver's license and letting them hijack planes scares me.

    What worries me is that they tried to assuage the fears of privacy advocates by saying that this biometric information won't be linked to a federal database. Problem is, however, once everyone is using biometric data on licenses, it will be a very easy step for the U.S. Government to start to track citizens using biometric data. Furthermore, with the biometric infrastructure already in place, it will be that much easier in the future for Congress to pass a law mandating that the state's biometric data collection be turned over to the feds for storage in a federal database. And this, probably without a peep from anyone but the privacy advocates.

  • Stuff like this makes me wonder about another factor. I have minor keratoconus (http://www.nkcf.org), which isn;t bad enough to keep me from driving, etc., but has made it pretty much impossible for any retinal scanner to get a proper image of my retina. Basically, unless EVERY factor is the same when it tries to take the image (and my eye doesn't twitch), no two scans end up looking the same. What would people with problems like this do if they passed crasp like this, instant second class citizen status?

  • Technically, isn't a photograph already a form of biometric data?
  • Its all fun and games until someone loses an eye.

    so what happens when someone loses and eye?
  • by CPIMatt ( 206195 ) on Friday May 03, 2002 @04:12PM (#3459773)
    It wouldn't be so bad if the card could be used for verification, and not identification. If the cards could answer specific questions, yes or no would be sufficient instead of divulging all sorts of other information that I would not necessarily want divulged.

    For example, there are bars now that at the door have a magnetic strip reader which is used for verification purposes. This makes it easy for the bar to make sure a patron is 21 or over by swiping the person's driver's license. It does verify that the person is over 21, but also records their birth date, DL number, address, height, weight, eye color, and driver restrictions which the bar uses for marketing purposes.

    In the same situation I would want a smart card to just answer two simple questions; Does this person belong to this card? (yes/no) and Is this person 21 years of age or over? (yes/no). And nothing else.

    For airline checkpoints, does this person belong with this ticket, yes or no? Does this person belong with this baggage? This way everything is on the card and your personal information is not tracked all over the place. Of course the government doesn't want this because they can't track anyone this way.

    -Matt
  • by btempleton ( 149110 ) on Friday May 03, 2002 @04:12PM (#3459780) Homepage
    In spite of claims, biometric systems are vulnerable to attack. People can find ways to forge biometric information at automatic terminals, even at manned terminals. For example, some iris scanners can be fooled by contact lenses.

    This presents a problem. Right now, if somebody steals my password, I can just cancel the old one and make up a new one.

    However, I think it would be more difficult to get a new retina.
  • by Anonymous Coward
    if your license ever gets stolen and cloned: Once biometric data is compromised, i.e., the digital file titled leaves your immediate control, you can be impersonated for the rest of your life. It's not like a credit card number where they cancel it and issue you a new one. You can't get a new thumb. (cr. B. Schneier) And if technology ever gets to the point that you can clone a new thumb with a new print, or grow a new retinal pattern then biometric ID becomes meaningless.
    I'm not saying that it should never be used, but you have to think long and hard before you start sending biometrics over the airways (e.g., police checks) or the phone lines (e.g., carding someone at the bar to verify their ID), or the internet (e.g., ebay, paypal)
  • by Seth Finkelstein ( 90154 ) on Friday May 03, 2002 @04:14PM (#3459791) Homepage Journal
    In my view, the biometrics-mania is a pure boondoogle, created and driven by the companies which want to sell their particular gizmos as a national standard. Consider, biometrics? You mean such identity information as eye color, gender, weight? But that information can be encoded simply, by any vendor, nothing fancy. Aha, but if we use retinal patterns which require RetinaCorp's patented RetinEncoder, to be read by their RetinReader ... the money rolls in.

    Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

  • Biometrics (Score:5, Insightful)

    by Wise Dragon ( 71071 ) on Friday May 03, 2002 @04:14PM (#3459794) Homepage
    Part of an article by Bruce Schneier:

    Biometrics don't handle failure well. Imagine that Alice is using her thumbprint as a biometric, and someone steals the digital file. Now what? This isn't a digital certificate, where some trusted third party can issue her another one. This is her thumb. She has only two. Once someone steals your biometric, it remains stolen for life; there's no getting back to a secure situation.

    And biometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it's not hard to imagine some very unsecure situations arising.

    Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. They are useful as a replacement for a PIN, or a replacement for a signature (which is also a biometric). They can sometimes be used as passwords: a user can't choose a weak biometric in the same way they choose a weak password.

    Biometrics are useful in situations where the connection from the reader to the verifier is secure: a biometric unlocks a key stored locally on a PCM-CIA card, or unlocks a key used to secure a hard drive. In those cases, all you really need is a unique hard-to-forge identifier. But always keep in mind that biometrics are not secrets.

    http://www.counterpane.com/insiderisks1.html
    • To relate the above to the article: the main difficulty with putting everyone's retinas on their drivers license is that their retinas are no longer a secret. Right now nobody on earth has my retinas scanned. I'd like it to stay that way, but I'm resigned to some loss of personal secrets in this post 9-11 day and age.
  • The one thing I like about this (I likely wont support it, however) is that it may protect against identity theft, specifically the kind where people use the identity to steal from the person whose identity they stole.

    Also, right now the INS, IRS and other gov't organizations don't talk to each other much. A national id card would change that, it might remove some beaurocracy.

    -Sean
  • by aero6dof ( 415422 ) <aero6dof@yahoo.com> on Friday May 03, 2002 @04:17PM (#3459809) Homepage
    According to a statement by Moran, at least eight of the 19 September 11 hijackers were able to easily obtain licenses.
    What the Reps. Moran and Davis don't realize is that if biometric security measures were in place, that would just mean that we would have retinal measurements and fingerprints on eight dead hijackers.
  • Okay, maybe I'm just a paranoid leftist, but I'm deeply suspicious any time the goverment wants more data on me. They've already got my fingerprints and DNA, a catalogue of my scars, photographs, background checks, and "interviews". WTF do they need my retina prints or other biometric data for? Damn.


    I'm worried (like other posters) that all this is going to end up in a massive, clustered relational database. I can see how all someone's habits, financial transactions, phone calls, etc., will be linked together and analyzed for patterns that fit certain "criminal/terrorist profiles".


    Sorry, but last time I checked the United States was a FREE COUNTRY where the 4th Amendment (among others) protects us from heavy-handed government prying like this. I don't think we should allow our government to do this kind of BS. Otherwise, twenty or thirty years from now we may be seeing mind-search warrants.


    A century ago phrenology was all the craze. Seems like things haven't changed all that much.

  • They need a way to identify everyone in the country uniquely, so a retinal scan seems like a fine idea. They already have all sorts of data on you. How will this change things? You're looking at fewer administrative costs due to things like duplicate SSNs (which I've heard of, but I'm not American, so I can't really verify or cite references of where I've heard such things.) Plus, identity theft, which is a big deal, isn't quite so straight forward.

    What I REALLY don't understand is how everyone thinks this removes privacy. First of all: What privacy? Secondly: It's no different now, except maybe you won't have to give out your SSN for things that are ludicrous to give it out for. In Canada, we are within our legal rights to refuse giving out our SIN (the equivalent) to anyone except the government, our employer, and anyone that may have to pay money over to us (like a bank, if I'm making interest on money. It's all for tax purposes.) From what I hear, you basically have to give out your SSNs for EVERY little effing thing. Correct me if I'm wrong.

    So, in short, what's changing? You'd move from a system that assigns a number to you, and is only tenuously unique (ie. it's possible to fabricate a card with the same SSN on it, despite the 'uniqueness' of the number) to a system that doesn't bother with the number business, and uses something that is ACTUALLY unique to you.

    But hey, I'm just a Canuck. I don't really care how much info my government has on me, frankly. Despite my government making moronic decisions now and then about CDR tariffs, I basically trust them.
    • In the U.S. you are not obligated to have an SSN,
      or to give it out to anyone under any circumstances,
      with the exception of a court order,
      if you do have one.

      • You aren't TECHNICALLY required to, but what's the reality? I mean, people give out their SINs here for no reason, too. How many places 'require' you to give over an SSN? When my parents moved to the states, I seem to recall the bank 'requiring' an SSN to open an account.
    • They need a way to identify everyone in the country uniquely, so a retinal scan seems like a fine idea.

      If you already are of this opinion...then I could see why you would say that there is no privacy. There are a lot of people who believe that there is no need to identify everyone uniquely--the only time that is required is when someone is arrested, and when they are, there are systems in place to identify them at that time. Otherwise, as has been established in the common law countries, like the US, NZ and Canada, you are not required to *document* yourself simply by existing.

      Canada does take that a bit more seriously...for instance, photo driver's licenses are much newer there and were fought much harder (and, at least two provinces I can think of, Quebec and New Brunswick, leave the photo as being optional. The yearly report of the Societe de l'assurance from Quebec says that about 11-13% of Quebecois decline to have the photo on their license. Clearly not a majority, but those are people who clearly value the idea that they do not want nor need a photographic identifier.)In fact, no Canadian provincial legislature has ever mandated that a photo be on a license (even in Ontario, it's the minister or transportation that has ordered the photo license, and the minister of health that has ordered the photo health insurance plan card.)

      The SSN and SIN are related...but there are indeed duplicate SIN's as well as duplicate SSNs. And people do get new SSN's occasionally. This proposal is not meant as a replacement for the SSN, or even to augment the SSN...it is actually meant to add security to the driver's license, which may or may not be linked to the SSN in a verifiable way. (While SSN's are commonly collected for driver's licensing, they are not necessarily confirmed--at least, not in all states.)

      Do you give your SSN out for every little thing? That depends...the SSN has, regrettably, become the lookup key to a person's credit history. If the credit history can be looked up by name and address, than the SSN lookup is not necessary.

      Funny, I've always been convinced that retinal/iris scan will be the least likely biometric they would move to. Why? Because the damn retina changes with time. In particular, those with cataracts and macular degeneration also have changing retinal/iris patterns. Furthermore, there are prescription medications, designed to help those suffering from macular degeneration, which cause very quick and complex changes in the retinal structure.

  • All I have to say is "pork project." I only wish I had the free time to find out what company put them up to this so I could put the CEOs email on Slashdot.
  • Well, to have any semblance of control over the process of proving one's identity, I think smart cards are a better than just keeping all the retina patterns, fingerprints, DNA signatures in a database. If no one can positively identify me unless I carry the smart card that correlates the biometric data with all of the other information, then I have control. If the authorities can just transmit the scanned retinal image over the network to some big database to search, then a card is irrelevant.

    You can see that the "card" is pretty much for off-line use.

    Practically, face-recognition software will be used more and more, not just for "anti-terrorist" measures at the airport ticket counter, but for "targeted demographic profiling" at your Costco, Walmart, BestBuy, etc.

    I'm just glad that I have a constitution with some provisions for my protection in it and for my ability to vote to change my government.

    Imagine this technology being applied in Iraq, North Korea and China. Their "problems" of political dissent will be substantially reduced by the introduction of this kind of technology.

  • ...it's time to hunt me some scumbag congressmen.
  • It doesn't bother me: being English but living in America, they've already kindly attached my biometic info to my greencard.

    I guess no one remembered to pay attention when they went for the immigrants as an easy first target. What's that poem about, "When they came for the Jews, I didn't stand up because I wasn't a Jew..... And when they came for me, there was no one left to stand up."?

    On the positive side, it shouldn't bother you either: The INS has spent millions putting funky holographic strips on to greencards, border passes, etc..... and then ran out of money to buy the actual readers. Government spending being as intelligent as it is, you probably don't need to worry about them ever being able to actually use the information they spent so much gaining.
  • Admittedly, I have mixed feelings. On one hand, I don't want people to steal my identity and ruin my life nor do I want the Government to give my personal convictions and actions to anyone with enough influence or money.

    I live in Virginia. We already have a barcode imprinted on the back of our Driver's License. I am only thankful that it doesn't seem to be a system in wide use (as far as I know).

    While I am supportive to find a way to protect our identity and interests, this type of proprosal will ultimately infringe be our doom as it seems of late that we're giving up more and more of our freedoms.

    The Government doesn't seem to be ruled by the people but the Corporations. I am not the first to make this connection, and it isn't an epiphany. This situation just stinks.

    Like others have stated, I don't want my neighbor to know what medications I am on. They don't need to know that me and my husband (if I were married) are in marriage counseling nor what I had for dinner last night. I also don't want anyone to reveal my spiritual beliefs, medical history, or financial status to anyone else.

    I don't think this is an adequate resolution to our crisis with Identity Theft. Unfortunately, I have thought of a solution to counteract ideas like this personally.

    I don't want to see a future like Gattaca nor a world where we are marked like the Jews & other prisoners taken by Nazis in WWII. Perhaps, these are some harsh examples, but I think they are necessary to illustrate the threat to our civil liberty and freedom.

    With this type of marking, it truly voids the statement that Thomas Jefferson made in the Declaration of Independence that "we are all created equal.." We won't be equals anymore but our differences will be heavily prominated in front of face. Is military rule in our future?
  • Lets take an almost totally unique biometric pattern, and put it on a card! Now thieves and terrorists don't have to remove your skull to have access to your identity.

  • What does the Slashdot community think about having your retinal pattern embedded on a smart card?

    And what about people that don't have eyes??
  • How do I change my id number? Do I get new retinas? What about thumbprints? I like my thumbs the way they are. I don't want to have re-burn new prints every time someone hacks the Windows XP++ bio-server...

  • Now, I don't want to get off on a rant here, but...

    I can't help but wonder what exactly you think you're giving up by having a biometric print on your driver's license, instead of a 9-digit number. Do you honestly think that by having the (assumed) Encrypted Permutation of the measurements of the veins in your eye on the DMV computer system, that you'll suddenly be some Arnold Schwarzenegger'd character fleeing the Borg Uberpolice in some post-armageddon techno-dictatorship?

    Lets face it...there are some areas where privacy is important (medical records, for example)...but we already have LAWS against unauthorized access to said materials. Isn't this the whole debate with the SSSCA or whatever it's called now? That we're looking to legislate things that are ALREADY ILLEGAL? If an insurance company can't get your info now, they won't be able to if you're records are locked biometrically! It's a different key for the same lock.

    And, to be honest, there are things that SHOULD NOT BE PRIVATE. Convicted sex offenders should be branded across the forehead -- but we live in a civilized society, where a "DO NOT TRUST WITH YOUR 6-YEAR OLDS!" mark on their record, available to law enforcement and grade school HR departments, would do the trick. Likewise, "Known Terrorist" or "Most Wanted" notices are GOOD THINGS for airport checkin personel to see.

    That you have AIDS, or that you're secretly dressing in women's panties, are secrets best kept to yourself. That you have served twenty years for deflowering an Alterboy or have trained in an Al Qaida camp should be open to the world. And I, for one, don't have a problem with that.
    • Only one problem: it'd only flag what's on the record. The ex-priest who got nailed in San Diego for child abuse back on the East Coast had no record. The guys who flew the planes into the WTC had no records. A national ID card, biometric or otherwise, wouldn't have done a damned thing to identify or stop any of them.

      And their weasel doesn't fly. 50 cross-linked and cross-checkable databases are equivalent to a Federal database, and saying they aren't doesn't make it so. I see no compelling reason to give the government a one-stop record of everyone who isn't a threat but may be inconvenient or "undesirable", when doing so won't serve any of the purposes it's being put forward for.

  • What happens if, after I get my retina-encoded license, I lose both my eyes and my fingertips in an accicent?

    Will I be able to get a new license with something else on it, like my toe prints?
  • Identical twins.

  • What does the Slashdot community think about having your retinal pattern embedded on a smart card?

    Sounds good. Let's have our entire identity based on one card. And while we're at it, let's build in some kind of wireless transmitter into this smart card as well...yea, there we go. But let's not make it encrypted...that would only make it more difficult for people to steal our only form of identity.

    Why not save us all the trouble and just have everyone write their SS# in permanent marker on their foreheads?
  • by mdecerbo ( 9857 ) on Friday May 03, 2002 @05:04PM (#3460111)
    There's a better article from UPI [upi.com] with more juicy tidbits on the new licenses they want to saddle us with.

    Apparently the bill "directs that the chip [on the license] be capable of accepting software for other applications, including those of private companies".

    This isn't about security, it's a taxpayer-funded giveaway of your privacy to big corporations. It'll save them a few bucks lost to fraud and make this even more of an electronic nanny state.

    Luckily the EFF [eff.org] spokesman pointed out that "The real thrust... is so that the ID card or driver's license will be even more useful to commercial entities in terms of tracking consumers, doing consumer profiling, telemarketing -- all those kinds of things that people currently consider to be an invasion of privacy."

    And the Center for Democracy and Technology [cdt.org] calls it a "honeypot".

    This has to be fought on the retail level. Hopefully Joe and Jane Public have enough love of freedom left to be skeptical of the government fingerprinting them at the DMV. If it turns out they don't, I'm ashamed of-- and afraid for-- my country.

    • California already requires a thumbprint when getting a driver's license. Driving is a privilege, not a right, so if you don't want to give them your thumb print, you don't get your driver's license.

      It may be too late in some ways in some places.
  • A rider I want to see on the bill:

    The ID card will carry a check-box and date: "Elegibility to vote in Federal elections demonstrated on [date]." Proving elegibility (i.e. citizenship, non-convicted-felon status where applicable) is not required to obtain the ID, but is required to get the box checked.

    The ID, or its number, WITH the box checked, will be required to vote, or obtain an absentee ballot to vote, in any election where a federal office is on the ballot.

    The ID number will be collected during the registration process. It will be checked for uniqueness of registration and for disqualifications since the certification date. (For states that allow at-poll registration the voter's ballot will be sequestered and not counted until the number has been checked.)

    If implemented this would go a long way toward eliminating certain classes of (rampant!) voter fraud. So putting the rider on the bill will create significant opposition to the bill by politicians who currently benefit from the fraud.

    Thus the rider would make the bill more likely to fail, and if it DOES pass at least it gives us SOME benefit to mitigate the damage to our privacy.

    Just think: If the politicians actually had to get REAL votes from REAL voters, one each, they might be a bit more responsive to those voters' concerns. Like privacy, for instance. B-)

  • Retinal problems... (Score:3, Informative)

    by Kirkoff ( 143587 ) on Friday May 03, 2002 @09:24PM (#3461232)
    Not that this'll really get read (it's too late in the story really), but what about people like me with retinal problems. I can still hold a valid driver's license, and drive safely. As time goes on however, my retina will degrade, and that will change. In the intum, my retinal print will look different all the time. In my case, I have large pigmented areas on my retina. The same will be true of other people with simular diseases.

    The people behind the desks at places like the DMV are rather feckless. They won't understand what that is. I will never scan out to be me, I'll always be an "unknown user." Oh, unknown user would probably be constude as not a citizen or, oh say, enemy of the state.

    Blah!

    --Josh

Kill Ugly Processor Architectures - Karl Lehenbauer

Working...