An exhibition designed to show off the whizzy high-tech futurescape of biometric identity has succumbed to a bout of very contemporary gremlins, by emailing dozens of fingerprints and iris scans to the wrong people. After being contacted by El Reg the website where the Wellcome Collection's "Medicine Now" show offers visitors …
Please change authentication.
We're sorry. We seem to have allowed others to duplicate your retinal scan. To change your password, please contact your nearest ophthalmologist for an eye transplant.
Then people wonder why I don't think biometrics are a secure way to authenticate anyone. Once it gets beyond the reader, it's just a long password you can't fucking change if it gets compromised.
Paris, because she's a pro at getting screwed.
snafu indeed ...
... but I'd like to congratulate person who made the decision not to display name, email or any such information alongside with the biometric data. Yet another evidence that ordinary reason is quite effective security measure.
Is that like tofu?
Mines the one with the snafu recepie book in.
Not to worry
When the government's biometric fortress is in place it won't be managed by incompetents like Wellcome; it'll be run by organisations such as the Home Office, BT and Capita who have a long, consistent track record of managing personal data,.
Man or Woman? Ape or Human?
Wake me up when those facial biometric machines can tell a man from a woman or an ape from a human.
Jacqui Smith rolled it out in a live test, but that means we would be committing a crime if we showed the false positive problem (sending someone through the barrier whose biometrics matched the passport but was not the passport holder, because it's a live test at an airport we would be committing a crime if we showed the flaw in the face reader).
Give me enough time on their biometric system and I'll send an Ape with the same biometrics as a man through that barrier. Now that would show the false positive problem to even the dumbest voter.
Yes, snafu is like tofu.... snafu is an anagram for Situation Normal: All Fscked Up... which is similar to tofu (although snavu might be more accurate - the v being for vomited)
Now, where's my steak?
Situation Normal All Fucked Up. I think it is yank military radio chat circa WWII .
How come they weren't able to send all the personal info on the victims, the govuk has had the technology for ages.
as a tofu- eating vegan ...
I approve the tofu-snafu joke. (Not all of us are dour and humourless.)
"The email he received today contained working links to 36 individuals' fingerprint, iris scan and special flower."
Well that's a novel biometric identifier, wouldn't want to know how the "special flower" scanning device works :P
... seems to have been f***d up for a while. Visited in Feb or March this year, tried the quite amusing thing, but it never sent the stuff to my e-mail. Now I wonder who actually got it ...
@ AC (Man or Woman? Ape or Human?), is there any evidence that biometrics can't tell the difference between apes and humans?
...but had to offer up Paris, as pictures of her Special Flower have been emailed to just about everybody!
Um, what did you expect?
It's biometrics, innit? I mean, what did you expect? Security?
Just be thankful the UK Government (Dept of Neo-Fascist Incompetence, Est. 1984) wasn't behind this one.
If they had been, anyone using it would have been emailed copies of the entire population's retinal scans, fingerprints, DNA profiles and ID photos, all cross-referenced to full name, address, date of birth, bank details, national insurance numbers, 'enhanced' criminal records, inside leg and genital measurements and political reliability dossiers, supplied in a handy Excel file...
@AC - Um, what did you expect?
"supplied in a handy Excel file"
At least it will be password protected.
Wellcome to *all* your data
Not such a larf when you remember that the The Wellcome trust is piviotal in the running of UK Biobank. http://www.ukbiobank.ac.uk/
" UK Biobank is a large cohort study comprising 500,000 men and women aged between 40 and 69, recruited in the UK . It began in 2003 and will run for up to 30 years. The study involves collection of data on health and lifestyle, blood sampling for biochemical and genetic analysis, and long term follow up via NHS medical records to accumulate data on health outcomes. The project is sponsored jointly by the Wellcome Trust, the Medical Research Council, the Department of Health and the Scottish Executive. "
Was asked to join this data scoop-up but declined using "a lack of trust" reason. I think I will print this article out and send a "Told you so" and feel really smug all week.
"@ AC (Man or Woman? Ape or Human?), is there any evidence that biometrics can't tell the difference between apes and humans?"
No, they're no allowing their biometric to be attack tested. (Remember the finger print reader fooled by vaseline... better not to let hostile tests be done until *after* it's sold.). However if you understand what that face recognition machine is doing, you realize that none of those metrics are specific to men vs women or man vs ape.
Certainly not enough to distinguish one person from 6 billion with 10 years old data... something like 1 in 5 million is more plausible, I wouldn't be surprised if it was more like 1 in 200k given they had to recalibrate the biometrics.... i.e. their definition of the face errors is not statistics, it's engineering fudge.
The ultimate goal of a security attack on this system will be to send an ape through with a mans passport. We should have some sort of prize, 2nd place if you get a women through on a mans passport.
I thought SNAFU was used
to make FUBARs.
not much more to say.
using the highly top secret phrase "password", boy the terrorists will never think of using the obvious!
"We should have some sort of prize, 2nd place if you get a women through on a mans passport."
That would be the XX Prize, I suppose.
These so-called 'security experts' need to get a brain and have it installed.
Sometimes I'm asked to provide my signature on a digital pad for a credit card purchase. Secure? Oh yeah, sure... ...it's not as if the resultant signature data could be simply copied-and-pasted onto someone else's plasma TV purchase or anything like that, eh?.
What did you say that for - are you trying to help the turrrists? Now they'll have to go and change all their passwords to 'drowssap'.
Well, at least if its leaked
it wont be like the prison scene in 'demolition man'
mines the one with IMDB in the pocket :D
Ah, yes, the proof that nature abhors a vegan.
aint that bad
just like putting your own face in a online game. and a pincode will always be better for security then a finger print organized crime can make out of latex or something