The Family Guide to Digital Freedom

You are a password. Always the same

Originally, biometrics was that branch of science which performed statistical analysis of biological characteristics. Later on, the word started to indicate any technique for identifying people, with a computer, against unique physical characteristics like fingerprints, voice or retina. Sounds cool, uh? Almost too good to be true. In fact, it is too good to be true, unless it's very well thought out and designed, something that could be still impossible to achieve.

Behind all the fancy equipment and the cool living-in-sci-fi feeling, all the biometrics circus is still just about passwords. What happens when you type a password? The computer translates it into a sequence of bits and if that sequence is equal to the one already in the system, you are in. What really happens, instead, when a computer captures your retina or fingerprint scans, DNA sequences or anything else of that kind? The final result is, again, just a reaally long sequence of bits: a password, nothing else. This second sequence of bits is simply supposed to be much better as an identifier than a traditional, typed one because it is:

• unique to you (and cannot be transferred to anybody else)
• so long that is impossible to guess it by pure chance and...
• unlike typed passwords, it is not necessary that you remember, learn or ever see it at any time

This is the real difference, the real advantage: with biometrics, you become the password. This is also the really critical disadvantage: unlike passwords, you cannot be reissued. What if a cracker intercepts and duplicates that bit sequence corresponding to your retina or fingerprints? Traditional passwords can be changed; if you lose your ATM or credit card you can have a new one with a different code. Can you, however, replace your perfectly working retina or finger with new ones? Should you do it just because some company didn't secure its computers? Who is going to pay for surgery?

The reason to bother about this stuff is that we're already past the phase when it only happens in science-fiction or top-secret military facilities. It's already in our normal lives because it already is a billion dollar market.

Shopping with your fingers

In June 2006 a convenience store in Tampa, Florida, announced that it had installed a device that scans fingerprints to process payments through a debit account without cards or PIN numbers to remember.

Many other small and big companies want to do similar things because it is
another, very promising way to reduce jobs, er.. costs. Payments made in this way would be faster and possible without the usual fees even on debit account or electronic checks payments.

The Tampa shop obviously pledges to keep all this personal information strictly private, but biometrics data are much more dangerous to leak than credit card numbers or ATM codes. Anybody willing to use such systems should give much bigger guarantees (that is, spend much more money on computer security) than they did in the past.

Another weakness in the arguments for recording customers' fingerprints is that privacy wouldn't be a concern because the fingerprint images are “not the same” as those collected by central Governments or law enforcement agencies. This is true, but even the fingerprint images collected on an actual crime scene are never exactly the same as those stored in police databases. In spite of this difference, they're still able to match them, just like you can recognize the same person in two different pictures.

How to duplicate fingerprints at home

Wherever huge quantities of money change hand there will be somebody working hard to steal some of that money. We already know about false ATMs and credit cards. Unless biometrics systems are very carefully planned and deployed, false fingerprints could make frauds much easier through biometrics, and it is already possible to make them.

In 2006 a Japanese mathematician and amateur scientist succeeded in fooling fingerprint recognition devices with replicas of human fingers that he had built with dime store modelling compounds or dentist materials. The result was good enough to trigger virtually all of the most sophisticated biometric devices. The same guy also showed how to capture fingerprints from drinking glasses and similar surfaces.

Replaceable biometrics?

How can we protect ourselves? What if, five or ten years from now, all the
stores in our area replace cash, ATM and credit card payments with biometrics?
At the very least, they should assure us that their system is as at least as re-settable as the one they replace, that is that when (not if, when) somebody copies the bits they can be voided and replaced. If it's really going to be biometrics some day, it had better be replaceable.

IBM, for example, is already working on this. In 2005, they announced that they are developing some software that can transform biometric data like fingerprints into distorted models that still preserve enough actual identification markers. These models are still useable but irreversible: it is impossible to recreate the original digitalized fingerprint by looking at them.

If a store, bank or other organization only keeps a copy of the distorted model, it's not a big deal anymore if somebody cracks the computer where it is stored. Even in such a case, no criminal would have your real fingerprint, and another model can be regenerated.

In such a scenario, fraudulent access to biometrics data would become much more similar to stolen or lost credit cards: bad, but not irreparable. As long as you don't need to call the bank with a fingerprint protected cell phone, or drive there in a car that will only start with your retina, that is.

The RFID risks

RFID means Radio Frequency IDentification. It is a technology that makes it
possible to build and use special integrated circuits (tags) which can be detected and read via radio waves when they pass close enough to an antenna of the right kind. The tags are very small (like a grain of rice) and need no batteries or other power source to work.
The radio signal generated by the antenna induces in the tags an electric current which is powerful enough for the tag to send a response.

RFID technology is making possible a huge range of practical applications and useful services. When you lift the last carton of milk from the supermarket shelf, an RFID tag on its bottom can immediately inform the shop manager that it's time to refill that shelf. Anything, from pets to guitars and whole containers can be tracked in this way for inventory purposes or to prevent theft. Giving up RFID would not make sense but, as any other technology, it should be used and regulated with much more awareness than it is currently happening.

One problem is that the cheapest and most common RFID tags don't know that they have left the store: until they break, they will merrily answer to all queries in the same way, sending all their data, no questions asked, without alerts. Once everything is sold with an RFID tag, walking by an hidden RFID reader will tell its owner who you are (as explained in the netxt paragraph), what you are carrying around and, with the right database connections, when and where you bought it. A solution for this could be to use tags that can be turned off when an item is purchased, but there is another category of issues to face.

How many passports of yours exist?

Several countries are issuing RFID-enabled passports, or plan to do so. The
reason is obvious: an RFID tag can contain way more data than could ever be
written on a few sheets of paper, and an airport employee would be able to read and store them all on his or her computer without even asking you to take the passport out of your pocket. The problem, as a BBC reporter found out in December 2006, is that the current RFID passports tags can be read and perfectly cloned in less than five minutes. All it's needed is the right software and two hundred Euros worth of equipment that can be easily purchased online.

No RFID? No job (or assistance), thank you

In 2004 a study was conducted to evaluate the possibility of implanting tags in the arms of US hospital patients to better track them. Other companies suggested that millions of Americans be implanted with an RFID tag for medical purposes. In 2006 a Cincinnati video surveillance company required its employees to carry human implantable tags to be identified. All these are only some of the reasons why RFID have been defined "Big Brother in small packages".

Is technology enough?

Of course not. Choosing the right biometrics or RFID technology and waiting until it's mature enough is only half of the solution. It is equally essential that all the software offering these services is completely open to examination. The same applies to the central organizations which would manage the biometric keys databases and to the procedure which regulates access to those data and related analysis. These, however, are political problems to be solved politically, just like in any other case when personal data, encrypted or not, are involved.