MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: Biometrics are bullshit. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Biometrics are bullshit
by Acidus at 11:53 pm EST, Dec 8, 2009

At least in the "this is proof you are who you say you are" way.

A GAO investigator managed to obtain four genuine U.S. passports using fake names and fraudulent documents. In one case, he used the Social Security number of a man who had died in 1965. In another, he used the Social Security number of a fictitious 5-year-old child created for a previous investigation, along with an ID showing that he was 53 years old. The investigator then used one of the fake passports to buy a plane ticket, obtain a boarding pass, and make it through a security checkpoint at a major U.S. airport. (When presented with the results of the GAO investigation, the State Department agreed that there was a "major vulnerability" in the passport issuance process and agreed to study the matter.)

I've said this repeatedly during security presentations before: Biometrics simply tie a distinct physical person to an object. Biometrics say absolutely nothing about the validity of the information on that object.

This is a serious pet peeve of mine and it annoys me to no end that people are constantly confusing this point. Let me repeat: Biometrics use physical characteristics to relate a specific person to a document or object. Other means must be employed to:

1- Verify the information on the document
2- Prevent the document from being altered without detection

This GAO investigation is a perfect example of how a "biometricly secured" document was completely fraudulent. Privilege escalation in the real world baby!

RE: Biometrics are bullshit
by flynn23 at 12:47 pm EST, Dec 9, 2009

Acidus wrote:
At least in the "this is proof you are who you say you are" way.
A GAO investigator managed to obtain four genuine U.S. passports using fake names and fraudulent documents. In one case, he used the Social Security number of a man who had died in 1965. In another, he used the Social Security number of a fictitious 5-year-old child created for a previous investigation, along with an ID showing that he was 53 years old. The investigator then used one of the fake passports to buy a plane ticket, obtain a boarding pass, and make it through a security checkpoint at a major U.S. airport. (When presented with the results of the GAO investigation, the State Department agreed that there was a "major vulnerability" in the passport issuance process and agreed to study the matter.)
I've said this repeatedly during security presentations before: Biometrics simply tie a distinct physical person to an object. Biometrics say absolutely nothing about the validity of the information on that object.
This is a serious pet peeve of mine and it annoys me to no end that people are constantly confusing this point. Let me repeat: Biometrics use physical characteristics to relate a specific person to a document or object. Other means must be employed to:
1- Verify the information on the document
2- Prevent the document from being altered without detection
This GAO investigation is a perfect example of how a "biometricly secured" document was completely fraudulent. Privilege escalation in the real world baby!

Pointing this out is just going to accelerate the inevitable, which is DNA profiling at birth, and everything tying to that. It's just a question of how fast this happens. It'll prolly happen in Western Europe within the next 5-7 years.