I attended a speech given by the previous Privacy Commissioner this week. He's moved into the private sector on has a pragmatic view about technology.

While noting that finger prints can be compromised - and we only have 10 digits - he was more positive about irises. There are unique IDs that can be generated by multiplying two of our iris metrics. But because there are a number of metrics that can be taken from our irises, each institution with which we deal can be presented with a different number. And the compromising of one number need not invalidate our number with a different institution.

Problem I can see with iris scans, is that if you're getting on a bit I do believe that the orbs begin to 'deflate' a little (an muscle tension goes.

Even if that doesn't cause an issue, I'm sure cataracts would. Yet another fine chance to starve and freeze our elderly population.

The idea about multiplying identification factors to get more biometrics misses the point. It's a very good analogue of using hashed passwords. It reduces the impact of compromises of the server, but if you can watch someone type the damn thing in, it's all over.

Similarly here, all the multiplication in the world is irrelevant if the capture/theft happens at the point of the reader, or at the point of a biometric ID which presumably contains all of this information.

"And unlike a PIN, your bank can't issue you a new set of fingerprints or iris patterns if your biometrics are compromised"

Forget everything else. That one thing should torpedo the idea.

"I need a new pair of eyeballs. I've already had my meds for immunosuppression while the new optic nerves knit."

"Okay, would you like blue, brown, green, or the hot new stylings of violet? And have you chosen a steganographic password?"

So the whole thing is actually a scam backed by the body part trade.

These issues worry me, perhaps more than is healthy for me.

-Will ID thieves steal (literally) body parts from their victims?

-Will ID issues lead to an overregimented society where you have to produce all sorts of identification documents/cell samples/tests just to buy chewing gum?

-Will banks finance death squads to track down and eliminate ID thieves? (I figure if the regular police proves inadequate, private enterprise will step in... at a price.)

-A.R.Yngve
http://yngve.bravehost.com

> -Will ID thieves steal (literally) body parts from their victims?

I understand there has already been a case in Malaysia of car thieves chopping off a finger of the owner of a car with a fingerprint lock.

References: Larry Niven's organlegger stories; GATTACA. Or even --

"Ladies and Gentlemen of the Jury, I put it to you that the identity theft alleged could not have taken place, as they used a full DNA scan before handing over the attache case of numismatically unique lunar platinum coins."

"To the contrary, a autophagous short-lived GATTACA virus could have altered the criminal's DNA to pass as the victim's, changed it back, and been metabolized away before the evidence was gathered at the crime scene..."

JvP: something like this has already happened -- Bone marrow donors risk DNA identity mix-up: IT SOUNDS like an open-and-shut case: a clear DNA match is made between semen from a serious sexual assault and a blood sample from a known criminal. Yet in a recent case from Alaska, the criminal in question was in jail when the assault took place. And forensic scientists had already matched the crime sample to the DNA profile of another person who was their prime suspect. It was only after careful detective work that the mystery was solved: the jailed man had received bone marrow from the suspect many years earlier.

Charlie, your latest comments about the big weakness -- the identity the biometrics are attached to -- reminds me of the early books of Frederick Forsyth. In particular, The Day of the Jackal and The Odessa File. One uses the dead baby trick (and it's implied that it was the standard way to get an officially-issued fake passport), while the other uses the subversion of the procedure of issuing the critical document that all others can be derived from.

I was reading in the Guardian *today* about a VAT fraud, where those involved used a circular set of companies and generated identities using the dead baby mechanism...!

I had always assumed that that loop-hole would have been
plugged years ago and left in place as a honey-pot to trap naive fraudsters...which seems unlikely given how much cash these guys generated.

Interesting, in my country dead baby mechanism (or dead soul mechanism) in use in many places. For example in mining.
airlines

You can't plug the dead baby mechanism -- not unless you tag every citizen at birth and every foreigner as soon as they enter, and track them for life. I suspect that's a chunk of the motivation behind the UK government ID card initiative.

Trouble is, you can by-pass it by leaving the country, going somewhere with a more relaxed attitude to documentation, bribing the right official, and re-entering the country, to then establish a new identity as a foreigner. To make it work, you need to enforce such an identity registration on a planet-wide basis, and you need to cross-check a given user's biometrics against the six-billion odd other records in the global database, rather than simply using their biometric signature to authenticate the identity they're currently using.

This is what the techies call a Hard Problem, or alternatively, a Money Hole.

There obviously is not a perfect key or a perfect castle so I really don't think any key method is perfect although I understand biometrics on a global scale would be too much as for the people who are looking for the 'silver bullet.'
Hmmmm, about chopping off hands and such; sounds messy, but crime is crime. Only issue I have with that is forcing people to use a certain key method which in turn I think creates crime. It doesn't fit the profile.
Biometrics is pretty good for ease of use (luxary) so you don't have to carry a password or key around. I essentially don't think any ONE key is completley safe. That would be materialism.

This is also reminding me of cyberspace and how people could alter their DNA but also the DNA database in South Korea. Would DNA be managed so that it couldn't happen? It would be a speed issue though of how fast the crime was committed. Like crimes in cyberspace could be committed almost at the speed of light so no matter how much management even still the speed of light can't be breached so there is always a back door. This is also why organics (biospace or meatspace) is still needed and not just cyberspace because of speed variations.