centre{source}

A news article in Wired Magazine (online) touches on Biometrics as it relates to international security. I’ve been particular fascinated with the shift in security since 9/11 - especially the surge in bio verification.

Michael Chertoff, Homeland Security secretary, states:

“When we screen based on names, we’re screening on the most primitive and least technological basis of identification — it’s the most susceptible to misspelling, or people changing their identity, or fraud.

“Biometrics is the way ahead.”

To this, I agree 100%. Its very easy (and well documented on the Internet) to gain fake identities, forge passports, and use social engineering to ‘beat the system’. Using bio security should increase the difficulty for breaking the system.

However…

The article continues to state:

…allow passengers flying between New York’s John F. Kennedy International Airport and Amsterdam’s Schiphol airport to pass through border controls using a biometric card.

If they can produce the card, travelers will not be subjected to further questioning or screening.

Red Flags Anyone?!?!?

This part caused great concern for me. Allowing a single system to have carte blanche when screening passengers is just asking for abuse. Would it really be hard to do the following:

1) Identify the firm that created the bio-scanning system
2) Hire away a disgruntled worker to learn its inner workings
3) Develop a systematic plan to forge/create a bio card
4) Use this cards as a means to move terrorists through the system without question

Technology is fantastic, but all security systems eventually experience breaches from Hackers, Security Consultants, Internet Worm/Exploits, and even basic social engineering. The scariest part about a bio security system is the possible SCALE OF THE BREACH.

Social engineering can get 1 person past another… And some humans are more suspicious than others. While the system is definitely imperfect, it diminishes scale.

Ubiquitous security systems open the door to large scale breaches on a wide-scale level. If someone learns to exploit the system - that exploit will work

1) In most (if not all) places the security system is present

2) In most (if not all) instances where the breach exploit is executed.
** And will continue to work until the breach is discovered and closed

And for the conspiracy theorists…

The last part of the article made this comment:

He made an analogy with the “video war” of the early 1980s, when VHS and Betamax vied for dominance as the industry standard for video recording systems.

“It would be a very bad thing if we all invested huge amounts of money in biometric systems and they didn’t work with each other,” he said. “Hopefully were not going to do VHS and Betamax with our chips,” he added.

For the loser of the battle… there will be a lot of money lost (both in the present and with future potential earnings). It will be very important for the system that is chosen to work… and devastating to that company if a high profile suspect breaches their system to create havoc.

With so much money at stake, it wouldn’t be too far fetched that the losing firm would take great efforts to show the flaws in the winner… but to what extent we’ll never know.

Full news article:Wired News: For Security, the Eyes Have It