Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Hardware Hacking Privacy Build

Hacker Club Publishes German Official's Fingerprint 253

A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.
This discussion has been archived. No new comments can be posted.

Hacker Club Publishes German Official's Fingerprint

Comments Filter:
  • by Anonymous Coward on Saturday March 29, 2008 @02:53PM (#22906604)
    I'd like to see this done to officials in all countries.

    Reminds me of Gone in 60 seconds (the Jolie version) where one of the car-thieves glues on Elvis' fingerprints.
  • gag (Score:2, Funny)

    by Anonymous Coward
    They should do that to the head of the TSA and put him on the no fly list
  • by Shadowruni ( 929010 ) on Saturday March 29, 2008 @02:58PM (#22906636) Journal
    So.... let's see.
    Oh all the people to humiliate... a senior public official who sets policy for something you directly care about.
    This couldn't possibly turn out badly.
    • by Yokaze ( 70883 ) on Saturday March 29, 2008 @03:20PM (#22906774)
      Hardly. The CCC is a highly prolific club and is very likely keen on some legal "retaliation", as it would generate even more public attention on that matter.
      Since the Home Secretary stated, that storing fingerprints is no privacy concern, he would be hard pressed to explain his stance.
    • by Anonymous Coward on Saturday March 29, 2008 @03:22PM (#22906782)
      Since a senior public official still remains a public official, it could probably be defended on the same grounds that allow for political satire. It is expressly allowed in most countries to make fun of political figures, especially if you're doing it from a political standpoint yourself.

      Then again, we also have a new buzzword for crime with ideological motives. It's called terrorism...
    • by dirtsurfer ( 595452 ) on Saturday March 29, 2008 @04:41PM (#22907350) Journal
      >> Oh all the people to humiliate... a senior public official who sets policy for something you directly care about. This couldn't possibly turn out badly.

      I love the idea that the way to make politicians do what you want is to be nice to them.

      so apparently Monica Lewinsky was probably about a week away from getting us all free national healthcare, too. Curse you, mainstream media!
    • This particular public official is a paranoid asshole anyway. Antagonizing him won't make any difference, but publicly embarrassing him will make him less effective.
  • by Spartan Niner ( 1264332 ) on Saturday March 29, 2008 @02:58PM (#22906638)
    We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously
    • by metlin ( 258108 ) on Saturday March 29, 2008 @03:10PM (#22906718) Journal
      One can only hope.

      What better way than a senior official to be convicted of crimes as a result of identity theft because officials such as him decided that privacy didn't really matter anymore?

      Personally, I sincerely wish that this happens in all the countries which have fingerprinting in place. Enough already.
      • actually it would only have to happen once or twice, People would start to realize that biometerics are useless for confirming Identity. DNA now that is good, and it is something difficult to duplicate. Now all we need is field DNA testing and database of DNA to compare to. Of course knowing the government said Database would run windows be comprised, and i get to be Brad Pit, by DNA testing.
        • Re: (Score:3, Insightful)

          by LurkerXXX ( 667952 )
          I'll be by later to snag a few hairs out of your comb. Never mind why I want them...

          I make DNA all day in the lab. It's getting easier and cheaper to make every year.

          DNA isn't going to turn out to be any more of a panacea than fingerprints.
        • by Znork ( 31774 ) on Saturday March 29, 2008 @05:09PM (#22907564)
          DNA now that is good, and it is something difficult to duplicate.

          No need to duplicate it, free samples are falling off you everywhere you go. So no, DNA isn't very good either.

          There is however a very good biometric one can use. A neural imprint of a specific token; it currently can't be read without the cooperation of the person, it leaves no imprint around except as the owner desires and controls.

          It's known as a 'password'. A technology that is, perhaps, new and radical, but far more secure than other biometrics. Which, unfortunately, isn't particularly secure, just less insecure than the crap the scam artists of the biometrics industry are trying to push on the gullible.
          • Re: (Score:3, Insightful)

            by CastrTroy ( 595695 )
            I'll one up you, and promote the use of the pass phrase. Seriously. Sites with 8 character maximums or only alphanumeric passwords annoy me to no end. There's no reason you shouldn't allow people to use 300 character pass phrases if they so wish.
            • Re: (Score:3, Insightful)

              This truthfully makes sense to me. I don't think that there are any real technical limitations to having very long symbolic pass phrases anymore so why are we often limited to 8 or 16 characters? My Windows password is a long sentence with correct grammar, punctuation, and one or two non-dictionary based proper nouns. Much easier to remember than a random string or even, in some cases, a password.
        • Re: (Score:3, Insightful)

          by AJWM ( 19027 )
          DNA now that is good, and it is something difficult to duplicate.

          I dunno, DNA wants to duplicate, although that's not what you meant.

          In terms of different individuals having the same DNA, talk to identical twins. About all DNA tests can really do is disprove that someone with non-matching DNA is guilty. DNA "matches" don't compare 100% of the DNA (even if they did, that doesn't rule out twins), and close relatives may well "match" also (and the fewer comparison points, the less-close the relative that cou
          • You leave your DNA everywhere you go and there's machines which can duplicate it and produce big samples - big enough to create fake DNA mouthwashes or whatever is needed to fool the scanner.

            The only way to be sure you're looking at the right DNA is to stick a needle into a person and take a sample from deep inside them... ...and that's not going to be very popular.

            Most biometric systems are junkware being pushed by people who are after the lucrative government contracts. The bottom line is they don't reall
      • I propose a new line of business for the body mod community: Fingerprint removal.
    • by Naughty Bob ( 1004174 ) * on Saturday March 29, 2008 @03:18PM (#22906760)

      We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously
      17 One-fingered crimes at that...
      • Re: (Score:2, Funny)

        by Anonymous Coward

        17 One-fingered crimes at that...
        Well if he isn't your doctor...
    • by evil_aar0n ( 1001515 ) on Saturday March 29, 2008 @03:47PM (#22906952)
      On the other hand - no pun intended - this might actually work out in his favor, since he _could_ go out and commit a crime, and they'd have to wonder whether the fingerprint evidence was valid or not.
  • Good for them (Score:5, Insightful)

    by Scareduck ( 177470 ) on Saturday March 29, 2008 @03:00PM (#22906648) Homepage Journal
    High officials often seem to think the consequences of privacy-invading legislation will only occur to other (read: little) people. It's good to remind people in those positions that they do not have absolute power, and that they need to think about second order consequences.
    • Re:Good for them (Score:5, Interesting)

      by swright ( 202401 ) on Saturday March 29, 2008 @03:12PM (#22906726) Homepage
      Maybe this is what you meant, but I just think this is the perfect example to illustrate to all how biometrics are just NOT the be-all and end-all. If only for the one simple fact that he cannot change his fingerprint like he could a password that got compromised!
  • I salute you, impressed by your action!

    • by Anonymous Coward on Saturday March 29, 2008 @03:18PM (#22906758)
      At least they get off their asses unlike American's who cry about the Constitution but do fuck all about it.

      Bush was right, it is JUST a piece of PAPER. Why? Because American's do NOTHING about it and do not believe in it.

      This is plain to see by their inactions.
  • by DamnStupidElf ( 649844 ) <Fingolfin@linuxmail.org> on Saturday March 29, 2008 @03:09PM (#22906704)
    At least until extreme body modification is commonplace, biometrics suck for identification. It's the only modern "security" mechanism that lacks revocation. Without revocation, a security model is eternally broken as soon as one chink is found.

    A person only has 20 digits, 2 palms, 2 soles, 2 retinas, and one genome. All of the biometric properties of those can easily be duplicated with noninvasive methods (simply enrolling in a biometric system requires the same access as duplication would). When one of those 27 properties is compromised, how do you revoke its use? I guess start with the fingers and palms and as people get older they have to start using their feet for identification, and at the very last make them get pricked for each identification. When all the biometric identifiers are used up, the now useless (at least in a Secure(TM) society) people can be recycled in the soylent green program or something.
  • T-shirt (Score:2, Insightful)

    by BlueParrot ( 965239 )
    Seriously, maybe a protest with loads of people wearing his fingerprint on a T-shirt would get the message across ...
    • You can already get his picture on T-Shirts [spreadshirt.net] (The protesters call the current political course "Stasi 2.0 [wikipedia.org]")

      But the whole point of this is actually the E-Pass which contains fingerprints and is supposed to be absolutely safe. And the CCC has shown ways to make a fake fingerprint [youtube.com] with some glue in less than an hour.
      • And the mythbusters showed an even quicker method:

        1) print fingerprint on laser printer
        2) hold over sensor.

        Seriously, as sloppy as those guys usually are, after that episode, I don't see why anyone who speaks English or has access to a translation would seriously consider fingerprint-based authentication for anything.
        • Re:T-shirt (Score:5, Interesting)

          by AJWM ( 19027 ) on Saturday March 29, 2008 @05:57PM (#22907856) Homepage
          My kids were watching the Scooby-Doo 2 movie the other day. There's a scene where Daphne activates a fingerprint activated lock by dusting the scanner with blush powder (highlighting the latent fingerprint from its last use) then using a pore-strip over her own finger to provide the right body temperature/capacitance/whatever without her fingerprint confusing the sensor.

          I was amused to see that the technology's weaknesses had made it to the Scooby-Doo level already. I don't know if that exact combination would work, but I've heard of similar successful attacks.
  • by EaglemanBSA ( 950534 ) on Saturday March 29, 2008 @03:10PM (#22906714)
    This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. It's not very easy to hide your fingerprints (or even your DNA, for that matter) from people who really want to find them, and to rely on them for definite identification has the same problems as a social security number. Plus, anyone with a police record would be somewhat compromised from the get go here in the U.S.

    I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?
    • by metlin ( 258108 ) on Saturday March 29, 2008 @03:15PM (#22906746) Journal

      I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?
      What are you talking about?! It's fantastic.

      I mean, since fingerprints cannot be conclusive anymore, I foresee our politicians with moral fibers of steel pushing for more surveillance. I mean, if we cannot really tell whose fingerprints they are, we certainly need video proof! And since we do not know where a crime may happen, the policy makers (who typically have about as much morality as a pea) have decided that the way around this is to have cameras everywhere. Public restrooms and your house included.

      I mean, think of the children! /cynic
      • by rnt ( 31403 ) on Saturday March 29, 2008 @03:31PM (#22906844)

        I mean, since fingerprints cannot be conclusive anymore, I foresee our politicians with moral fibers of steel pushing for more surveillance.
        They will also be pushing for a whole new set of copyright laws, giving governments exclusive copyrights on their citizens' fingerprints. Unauthorized copying or publishing of your own fingerprints will be severely punishable!
  • by this great guy ( 922511 ) on Saturday March 29, 2008 @03:10PM (#22906716)

    This event highlights one of the major flaw of biometrics. This official had his fingerprint copied. There is nothing he can do. He can't change it. He can't prevent people from using it. No fingerprint reader will ever be able to determine with 100% certainty whether a particular fingerprint is real or fake. Bottom line: when one of your biometric traits gets stolen, you get screwed. For life.

    I hope this convinces governments that using biometrics for anything is a bad idea (other than perhaps criminal investigations, although what if this german official's fingerprint was found on a murder scene ?).

    • I disagree. Any security model is susceptible, but people should not be surprised that biometric information is duplicable -- as we are basically just results of DNA-copying ourselves.

      This is like how any lock can be picked, eventually. The value is not in a lock that can't be picked, as that is an impossibility, but one that makes the level of entry significantly high so as to ward off any amateur attempts and possibly raise the suspicions of those watching -- i.e. some guy deciding the lock is too hard
      • by BlackCreek ( 1004083 ) on Saturday March 29, 2008 @04:08PM (#22907062)
        AFAICT the point that the parent poster was making is that unlike other security measures (say ID card, social security number etc) you just can't get a new biometric reading for your fingers (without at least some serious medical intervention), you can't get a new iris scan for your eyes, you can't get a new DNA code etc.

        Biometric data may put some entry barriers higher, so what? The problem is that you just can't get a new iris scan, like you get a new passport once your gets stolen.

        The worst of the situation is that we have all these politicians deciding --without the least form public debate about the real privacy implications-- that biometric data is now to be collected, and used, and kept by the government.

      • by Znork ( 31774 )
        It significantly raises the barrier of entry

        It significantly lowers the barrier of entry. Compared to figuring out someones password or stealing a key duplicating biometric data is trivial.
    • Re: (Score:3, Funny)

      by Basehart ( 633304 )
      That's why they should use another part of the body as an identifier, such as the penis for example?

      Senior public officials could slide their penis into the reader at checkpoints and a reading quickly and easily taken.

      Females could be fitted with a custom made prosthetic of some kind.
    • by twenex ( 139462 )
      The previous comment should have been titled "the major misunderstanding of biometrics". The biometric itself is not required to be kept private. Any biometric system worth anything utilizes a combination of the sample analysis and comparison with various "liveness checks" or other heuristics to determine that the sample given came from the appropriate person. While it is worth having a debate on the relative effectiveness of these techniques, to dismiss biometrics based on the flawed "once you've lost y
      • People always talk about checking that the subject is alive with things like bloodpressure, etc. But, in practice, I have yet to find a single fingerprint reader that does this. It's not even really pointful to check. It's absurdly easy to create a false print that is worn on a living thumb.
      • by BlackCreek ( 1004083 ) on Saturday March 29, 2008 @04:56PM (#22907442)
        The whole point of the parent poster is apparently lost to you.

        The point being that my biometric data is mine. It is private. It is not the government's business to have my blood samples, or DNA, or finger print. I am not a criminal, and therefore I expect to be entitled to some privacy from the BigBrother.

        Once some retarded government bureaucrat decides to leave a laptop inside a taxi or something, my private data is lost, and I can never get a new fingerprint, or iris scan. I can get a new social security number, I can get a new passport, a new bank account number, but I **cannot** get a new DNA.

        • Re: (Score:3, Insightful)

          by twenex ( 139462 )
          Sorry, you miss the point. Biometrics are not private and any biometric system which is built with that assumption is flawed.

          But I suppose you wear a tinfoil mask to guard against those face recognition systems tied to cameras because your face data is yours and only yours.

          You are confusing the ethics, legality and technology behind biometrics in a bad way.

    • What if this german official's fingerprint was found on a murder scene ?

      Well, duh! The police and judicial system would treat him exactly the same as someone without any political clout or friends in high places, because there is no corruption in the ruling class.
    • by pcgabe ( 712924 )

      what if this german official's fingerprint was found on a murder scene ?

      No, no no NO! You guys are looking at this all wrong! Don't you see?

      He can now GET AWAY WITH MURDER. If this fingerprint is found at the scene? So what? It's the perfect alibi. He could commit a crime and INTENTIONALLY leave this fingerprint at the scene.

      In fact, how do we know he didn't arrange for it to be released in the first place? We could be dealing with a truly devious mind here. Does anyone know if he happens to own a w

    • by Deadstick ( 535032 ) on Saturday March 29, 2008 @08:47PM (#22908770)
      although what if this german official's fingerprint was found on a murder scene ?

      He tells the cops to RTFA.

      rj

  • "The" finger print? (Score:2, Interesting)

    by fredrated ( 639554 )
    Were the other 9 digits lost in an accident?
    • Re: (Score:2, Insightful)

      by ilikepi314 ( 1217898 )
      I'm sure there were other prints, but only one was needed to prove the point -- that his fingerprints and therefore biometric security just got PWNED.
  • Legal action? (Score:5, Insightful)

    by HalAtWork ( 926717 ) on Saturday March 29, 2008 @03:12PM (#22906730)
    The article says a ministry spokesman alluded to possible legal action against the club.
     
    To what ends? You can't deter it as it's already happened, and you can't suppress it, as even the method for tricking the security system is widely known. If the security system is broken, you can't legalize it into working again. The security system was built in order to keep things safe, and now we have to keep other things safe from the security system itself.
  • DMCA (Score:2, Interesting)

    With the advent of Biometric Embedded Copyright Token (BECT), If this hack had been done in America, wouldn't this fall under the DMCA?

    It would by interesting to try to tell the cops that they can not have your finger prints because it violates the DMCA.
  • by smolloy ( 1250188 ) on Saturday March 29, 2008 @03:15PM (#22906748)
    This is a perfect way to demonstrate to the perfect person why such invasions of privacy are bad, and of the unintended negative consequences of their plans. Sometimes people in power forget that the "solutions" they develop to certain problems may be worse than the problems themselves. All they see is that a certain issue will be fixed -- not that the fix raises even worse issues.

    Bravo!

  • even worse (Score:4, Informative)

    by ILuvRamen ( 1026668 ) on Saturday March 29, 2008 @03:22PM (#22906788)
    You don't have to go to any special measures really to do this. I mean plastic and all those synthetic rubber moulds and stuff that the average person couldn't do is a bit excessive. Remember on mythbusters when they tried to beat that "unbeatable" fingerprint lock on a door and managed to do it by printing off the fingerprint with a laser printer and licking it? Yeah, biometrics is a joke. And really good biometrics like DNA aren't practical or fast and the retina scan, well you do that every day for a year and see if you don't go partically blind. I can't care hoe safe they think it is. Facial recognition is pretty useless and easy to beat too. Until they find something that's 100% unique and fast and accurate, they should forget about biometics.
  • by rduke15 ( 721841 ) <(rduke15) (at) (gmail.com)> on Saturday March 29, 2008 @03:23PM (#22906794)
    I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

    Do you really get a good enough copy? How hard is it? (After all, any security can be broken somehow. So an essential aspect is the "cost" of breaking the security)

    • Re: (Score:2, Informative)

      by mactard ( 1223412 )
      There was actually a Mythbusters episode that showcased how you could take a fingerprint found on a can and use it on a DoD approved biometric fingerprint scanner. It's really a useless method of security.
    • by rah1420 ( 234198 ) <rah1420@gmail.com> on Saturday March 29, 2008 @03:35PM (#22906876)

      I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

      As a matter of fact, Yes. [slashdot.org]

    • by Flu ( 16236 ) on Saturday March 29, 2008 @03:48PM (#22906962)
      Yes, this was done a couple of years ago in Sweden as a Master Thesis, which was described in Swedish Engineering paper Ny Teknik http://www.nyteknik.se/efter_jobbet/kaianders/article32986.ece [nyteknik.se] (sorry, swedish only). The student Marie Sandström tested a simple yello, which was created using the same method as mentioned in the article above, on three commercial fingerprint-readers on the CeBit fair in 2004.
    • by 88NoSoup4U88 ( 721233 ) on Saturday March 29, 2008 @04:02PM (#22907022)
      It doesn't seem hard at all at a 'normal' reader (see Mythbusters [youtube.com] episode.

      The high-end, ridicilously expensive fingerprint readers are a lot harder to crack though; But I wouldn't say uncrackable.
    • by MikeFM ( 12491 ) on Saturday March 29, 2008 @04:10PM (#22907090) Homepage Journal
      I think the only working model is the concept of security in layers. The more layers an attacker has to dig through to compromise a systems security the more secure that system is. Biometrics alone are pretty weak. Passwords alone are pretty weak. Use them together and they're a little less weak. The biggest obstacle is the user. Will they put up with multiple security checks? Can they remember a good password? Will they notice where they're leaving behind fingerprints or if someone is trying to record their voice?

      In the end you have to be realistic with your expectations for any security system. We lock our front door when we leave our house but we all know that someone that wants to get in can still get in if they want to try hard enough. When you lay in bed at night you have no way to be sure that a stranger hasn't secretly entered your home and is waiting to cut your throat in the dark. Yet we make a bigger deal over how secure access to your bank account and other sensitive information is. At some point you just have to say enough and go on with your life.
    • by Chris Pimlott ( 16212 ) on Saturday March 29, 2008 @04:22PM (#22907194)

      wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

      Do you really get a good enough copy? How hard is it? (After all, any security can be broken somehow. So an essential aspect is the "cost" of breaking the security)
      Already been done. here's a video demonstration [youtube.com], again courtesy of our friends at CCC. Just takes a digital camera, a bit of wood glue, a bottlecap, a transparency and a bit of skin-friendly glue to apply the fake to your finger.
    • by v1 ( 525388 )
      Most systems like this have a very wide berth on the checks because the false negatives are a lot higher profile than the false positives. One higher-up getting locked out of a building because of a bit of dirt on his finger is a stronger motive for change than the possibility that 1 in 100 could get in that should not.

  • like disneyland paris to test this thumb print out...

    I can't recall if disney's biometrics use just the thumb or the whole hand.. but i know people who get the year long pass have to use biometrics to get into disneyland... this is to cut down on fraud of say a person renting or selling the pass to other people, so obviously disneyland was the first place I'd even seen biometrics in public.

    very cool, using this technology people can sell their biometric fake palms along with the pass to use the year round p
  • by sentientbrendan ( 316150 ) on Saturday March 29, 2008 @03:45PM (#22906948)
    Everyone knows that biometric data can be stolen, just like every other means of identifying yourself. I thought the point of biometric data was that it added one *more* piece of data that would have to be stolen before someone could successfully impersonate you.

    So in addition to needing to know a pin or password, someone also needs to have stolen my fingerprint in order to take money out of my bank account. Isn't this what is called two factor authentication? Isn't that a good thing that makes it that much more difficult to steal an identity?

    According to this article Germany's new passports:
    http://www.itsmig.de/best_practices/ePass_en.php [itsmig.de]

    they contain both fingerprint data, and a picture of the person. Thus, to steal your identity, a person would have to steal your passport, look like you, and also steal your fingerprint. This actually seems like a pretty good system that would prevent someone from using a stolen passport to steal the rightful owners identity. Without the fingerprint data, an identity theft doesn't need to do as much work.

    That said, I'm not from germany, so maybe there additional nuances about this thing that I'm missing.
    • Re: (Score:3, Insightful)

      by Todd Knarr ( 15451 )

      Except that with most types of biometric data (eg. fingerprints), they suffer two faults: you leave copies of them everywhere, and once compromised they can't be changed. The first makes it easy for someone to compromise the authentication, as this club demonstrated. I'll bet the minister left his fingerprints on a lot more than just a single plastic cup at a panel, and lifting a fingerprint from a hard surface is relatively easy to do. And the second means that compromises are 100% absolutely fatal for the

    • by ditoa ( 952847 )
      Two problem I have with biometric authentication

      1. You leave it everywhere. You leave your finger prints all over your desk at work. Just look how this guys finger print was stolen from a glass.
      2. You can't change it.

      Two factor auth is about something you know and something you have. I would much rather the later was a usb eToken or similar and not my fingerprint!
    • by David Jao ( 2759 ) <djao@dominia.org> on Saturday March 29, 2008 @06:22PM (#22908048) Homepage

      Everyone knows that biometric data can be stolen, just like every other means of identifying yourself.

      Part of the problem is that you (and many other people) seem to think authentication is the same as identification. It's not. Biometrics are awesome as part of two-factor authentication, but they're horrible as a means of identifying yourself.

      Identification is the problem of determining, on your own, the identity of a given person.

      Authentication is the problem of determining whether or not a given identity corresponds to a given person.

      The difference is that, in authentication, you are given both a single person and a single identity, and your job is to answer true or false as to whether they match. Authentication is a yes/no question: your answer is either yes or no. In identification, you are given only a person, and your job is to produce a matching identity. Identification is not usually a yes/no question, although in some cases it can be disguised as one -- for example: to answer "Is this person a terrorist?" you typically have to determine a person's true identity (which a terrorist is not likely to offer to you) and then check that identity against known terrorist databases.

      National governments are fully aware of this distinction, and they exploit public confusion to further their agenda. Biometrics are being advertised as authentication tools (does this passport accurately identify this person?), for which they work pretty well, but in reality governments are using biometrics for identification (is this person a terrorist?), an approach which has fail written all over it.

      Even for authorization, biometrics are not a panacea, but they are at least a useful tool capable of contributing some benefits when employed properly. For identification, biometrics are an unmitigated disaster, for many reasons, chief among them the base rate fallacy [wikipedia.org], which says that the accuracy of an identity test drops precipitiously when the test is presented with large databases of identities.

  • Perfect alibi (Score:5, Interesting)

    by oever ( 233119 ) on Saturday March 29, 2008 @04:09PM (#22907078) Homepage
    Mister Schauble can enjoy an easy career as burglar when he's out of office. With 4000 copies of your fingerprint circulating, it cannot be used as evidence any more.

    The only thing dumb thing he could get caught with is when he leaves wheelchair tracks [wordpress.com] at the scene of the crime.
  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Saturday March 29, 2008 @05:13PM (#22907586)
    The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state. It has a taste of anarchy to it and on its fringes it has inofficial members with ties to the black-hat community. Yet it is a well organised official registered German association that speaks up on behalf of the people and democracy. With a 27-year tradition of keeping the public political debate alive on IT related rights-issues by perpetually coming up with creative ways of gaining attention. This recent 'Schäuble-Fingerprint' stunt being one of them. I don't know if they've exposed their selves with legal liability by doing this (after all it was officially published in their magazine 'Datenschleuder') but it sure is as funny, hilarious and exposing as ever. Creative non-sense at its best. Go, CCC!
  • I think people would do well to post images of the fingerprint to Flickr, Picasa, etc. so that it is widely archived as well.

Avoid strange women and temporary variables.

Working...