The News – 07/18/02
“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
Ben Franklin said it, and security guru Bruce Schneier makes it relevant to our times in his recent Crypto-Gram newsletter.
Schneier proposes seven changes our government and our intelligence agencies could make to improve our defenses against terrorism without compromising our freedom. In addition to pointing out that the mission of the FBI (investigate past crimes) is not a good fit for preventing future crimes, Schneier proposes some fundamental changes in how the United States copes with international terrorism:
Much as the Bush Administration would like to ignore the constitutional issues surrounding some of their proposals, those issues are real. Much of what the Israeli government does to combat terrorism in its country, even some of what the British government does, is unconstitutional in the United States. Security is never absolute; it always involved tradeoffs. If we're going to institute domestic passports, arrest people in secret and deny them any rights, place people with Arab last names under continuous harassment, or methodically track everyone's financial dealings, we're going to have to rewrite the Constitution. At the very least, we need to have a frank and candid debate about what we're getting for what we're giving up. People might want to live in a police state, but let them at least decide willingly to live in a police state. My opinion has been that it is largely unnecessary to trade civil liberties for security, and that the best security measures – reinforcing the airplane cockpit door, putting barricades and guards around important buildings, improving authentication for telephone and Internet banking – have no effect on civil liberties. Broad surveillance is a mark of bad security.
I wish all our law enforcement and government officials would live by that last aphorism: Broad surveillance is a mark of bad security. Establishing national biometric databases (fingerprints, retinas, faces) and using them to scan millions of law-abiding citizens will do little to prevent crime and a whole lot to enable a less-than-benevolent government (or businesses) to control the masses. See Minority Report for Steven Spielberg’s take on the dangers of a society that has surrendered its rights for security.
As long as I’m quoting Schneier, let’s see what he said back in 1998 about biometrics:
Biometrics is great because biometric measurements are really hard to forge. It's hard to put a false fingerprint on your finger or make your retina look like someone else's. [Ed. Note: Possibly not so hard. See below.] Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.
But Biometrics is also lousy because biometric measurements are so easy to forge. It's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are some potential attacks here?
Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that Alice was aware that the picture of her face was taken, only that it matches the picture of Alice's face on file, we can fool it.
The key here is that, with any authentication system other than person-to-person, the authentication device transforms the biometric measurement into a digital stream of data. That data stream can be intercepted, replaced, or forged. As Schneier says, you not only need to verify that the biometric measurement is accurate, and that it has been input correctly, but also that the digital “chain of evidence” is unbroken and untampered-with.
Even if you accomplish this, there are even more possibilities for tampering further up in the digital stream. All I need to do is convince whichever computer controls the desired access that a good scan has occurred. Given the security of most computer systems these days – roughly comparable to the systems R2D2 easily hacks in the Star Wars movies – an attack at the server level is very likely a miscreant’s easiest path to intrusion.
And let’s not even get started on the idea that your biometric credential could be stolen! Leaving aside the gruesome possibility of a stolen body part, there is also the potential for someone to steal your digital thumbprint. Now what do you do? You only have two thumbs.
What’s even worse is the incredible ease with which current biometric authentication devices can be fooled. As reported in a previous SNS, the US Department of Defense testing concluded that the best false detection rate (FDR) for facial recognition systems was 33 percent, with a false acceptance rate (FAR) of ten percent. Recently, Japanese security researcher Tsutomu Matsumoto created a fake finger using gelatine and a plastic mold. The bogus digit, imprinted with a fingerprint lifted from a glass, fooled 11 commercially available fingerprint biometric systems fingerprint detectors four times out of five.
So when John Ashcroft comes to the American people and asks us all to sign up for a national biometric database we need to remember Ben Franklin’s quote. Our civil rights are way more important than the small improvement in security such an effort would provide.
*includes operational, licensed/planned networks and MVNOs.
For access to the entire database, email Fritz
If you subscribed to CTOMentor’s Just the Right Stuff™ newsletter, over the past few months, you’d have received news nuggets like the following, along with expanded analysis. Your personalized Information Needs Profile would determine which of these items you’d receive. For more information, check out CTOMentor.
Get this Stuff as it happens, not months later. Subscribe to CTOMentor today. Charter subscription discounts still available.
Return to Mike’s Take
Alert SNS Reader Hall of Fame
About The Author
Announcing CTOMentor, a New Service from StratVantage
Can’t Get Enough of ME?
In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com. This allows you to right click on a Web page and append your pithy thoughts to your Weblog.
I’ve dubbed my Weblog
entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think.
Gerald M. Ellsworth
March 14, 1928 - July 5, 2003
Jane C. Ellsworth
July 20, 1928 - July 20, 2003
Copyright © 2000 - 2007, StratVantage Consulting, LLC. All rights reserved.
Please send all comments to firstname.lastname@example.org.