Biometrics exhibit blushes over email snafu An exhibition designed to show off the whizzy high-tech futurescape of biometric identity has succumbed to a bout of very contemporary gremlins, by emailing dozens of fingerprints and iris scans to the wrong people. After being contacted by El Reg the website where the Wellcome Collection's "Medicine Now" show offers visitors …
We're sorry. We seem to have allowed others to duplicate your retinal scan. To change your password, please contact your nearest ophthalmologist for an eye transplant.
Then people wonder why I don't think biometrics are a secure way to authenticate anyone. Once it gets beyond the reader, it's just a long password you can't fucking change if it gets compromised.
Paris, because she's a pro at getting screwed.
Wake me up when those facial biometric machines can tell a man from a woman or an ape from a human.
Jacqui Smith rolled it out in a live test, but that means we would be committing a crime if we showed the false positive problem (sending someone through the barrier whose biometrics matched the passport but was not the passport holder, because it's a live test at an airport we would be committing a crime if we showed the flaw in the face reader).
Give me enough time on their biometric system and I'll send an Ape with the same biometrics as a man through that barrier. Now that would show the false positive problem to even the dumbest voter.
... seems to have been f***d up for a while. Visited in Feb or March this year, tried the quite amusing thing, but it never sent the stuff to my e-mail. Now I wonder who actually got it ...
@ AC (Man or Woman? Ape or Human?), is there any evidence that biometrics can't tell the difference between apes and humans?
It's biometrics, innit? I mean, what did you expect? Security?
Just be thankful the UK Government (Dept of Neo-Fascist Incompetence, Est. 1984) wasn't behind this one.
If they had been, anyone using it would have been emailed copies of the entire population's retinal scans, fingerprints, DNA profiles and ID photos, all cross-referenced to full name, address, date of birth, bank details, national insurance numbers, 'enhanced' criminal records, inside leg and genital measurements and political reliability dossiers, supplied in a handy Excel file...
Not such a larf when you remember that the The Wellcome trust is piviotal in the running of UK Biobank. http://www.ukbiobank.ac.uk/
" UK Biobank is a large cohort study comprising 500,000 men and women aged between 40 and 69, recruited in the UK . It began in 2003 and will run for up to 30 years. The study involves collection of data on health and lifestyle, blood sampling for biochemical and genetic analysis, and long term follow up via NHS medical records to accumulate data on health outcomes. The project is sponsored jointly by the Wellcome Trust, the Medical Research Council, the Department of Health and the Scottish Executive. "
Was asked to join this data scoop-up but declined using "a lack of trust" reason. I think I will print this article out and send a "Told you so" and feel really smug all week.
"@ AC (Man or Woman? Ape or Human?), is there any evidence that biometrics can't tell the difference between apes and humans?"
No, they're no allowing their biometric to be attack tested. (Remember the finger print reader fooled by vaseline... better not to let hostile tests be done until *after* it's sold.). However if you understand what that face recognition machine is doing, you realize that none of those metrics are specific to men vs women or man vs ape.
Certainly not enough to distinguish one person from 6 billion with 10 years old data... something like 1 in 5 million is more plausible, I wouldn't be surprised if it was more like 1 in 200k given they had to recalibrate the biometrics.... i.e. their definition of the face errors is not statistics, it's engineering fudge.
The ultimate goal of a security attack on this system will be to send an ape through with a mans passport. We should have some sort of prize, 2nd place if you get a women through on a mans passport.
These so-called 'security experts' need to get a brain and have it installed.
Sometimes I'm asked to provide my signature on a digital pad for a credit card purchase. Secure? Oh yeah, sure... ...it's not as if the resultant signature data could be simply copied-and-pasted onto someone else's plasma TV purchase or anything like that, eh?.
Stoopid.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
