Biometrics – fundamentally flawed
As far as biometrics go, they are fundamentally flawed. If that biometric data is compromised or duplicated, you can’t just change it like a password.
At a previous employer of mine, they used a hand scanner to punch in and out. You punched in your employee number (everyone knew everyone else’s employee number) and put your hand in the scanner. The scanner detected the shape of your hand and if your hand was a 70% match or better, you were good to go. Unfortunately this was not a very secure form of biometric use either. I was able to punch in and out for 5 other people and vice versa. This is because hand sizes are not all that different and if you only need to be “fairly close”, as the 70% match factor proved.
Fingerprints aren’t much better either. Recently, the German Secretary of the Interior, Wolfgang Schauble, had has fingerprint published online by the Chaos Computer Club. They lifted it from a glass that Wolfgang drank from during a panel discussion. The CCC also published their magazine that included a plastic foil reproducing Wolfgang’s fingerprint making it easy to glue to someone else’s finger to bypass biometric security measures. You don’t have to go to any special measures really to do fool fingerprint biometrics. Plastic and all those synthetic rubber moulds and stuff that the average person couldn’t do is a bit excessive. Remember on mythbusters when they tried to beat that “unbeatable” fingerprint lock on a door and managed to do it by printing off the fingerprint with a laser printer and licking it?
Some people think “DNA now that is good, and it is something difficult to duplicate.” No need to duplicate it, free samples are falling off you everywhere you go. So no, DNA isn’t a very good form of biometric security either.
There is, however, a very good biometric that one can use. A neural imprint of a specific token; it currently can’t be read without the cooperation of the person, it leaves no imprint around except as the owner desires and controls. It’s known as a “password”. A technology that is, perhaps, new and radical, but far more secure than other biometrics. Which, unfortunately, isn’t particularly secure, just less insecure than the garbage the scam artists of the biometrics industry are trying to push on the gullible.
At least until extreme body modification is commonplace, biometrics are not the way to go for identification. It’s the only modern “security” mechanism that lacks revocation. Without revocation, a security model is eternally broken as soon as one broken link is found.
A person only has 20 digits, 2 palms, 2 soles, 2 retinas, and one genome. All of the biometric properties of those can easily be duplicated with noninvasive methods (simply enrolling in a biometric system requires the same access as duplication would). When one of those 27 properties is compromised, how do you revoke its use? I guess start with the fingers and palms and as people get older they have to start using their feet for identification, and at the very last make them get pricked for each identification. When all the biometric identifiers are used up, the now useless (at least in a secure society) people can be recycled in the soylent green program or something.