Skip to main content

Imagine the consequences if a terrorist gained access to the control room of a nuclear power plant, an air traffic control center, or an oil refinery.  Actually, you don’t need much imagination; it would look like the disaster at Fukushima Daiichi.

Having once lived in the shadow of Three Mile Island and now living near a Union Carbide plant that is a carbon copy of the one in Bhopal India, I don’t sleep well knowing that access to these facilities is typically controlled by a pass code or ID card with a magnetic strip.  How difficult would it be for a terrorist to learn a worker’s pass code or steal an ID card from their wallet?

Fortunately, there is a better answer.  A biometric scan of a workers iris or other physical feature is virtually impossible to copy.  (Fingerprints can and have been stolen, so they aren’t the best choice.)  Using biometrics is far more secure than pass codes or ID cards and this helps keep everyone safer.... well, almost everyone.

There is a dark side to biometric technology.  If a hacker steals your password, it’s easy to cancel it and create a new one.  But what do you do if a hacker gets into the biometric database at a federal agency?  Eyes cannot be replaced.  Biometrics opens the door to identity theft on a scale that’s almost beyond comprehension.  Also, how would this affect human rights?  

We can have the greater security and use biometrics without these nightmares.  A task force composed of representatives from privacy advocates, unions, employers, and the government recently completed guidelines for the responsible use of biometrics.  It’s imperative that we make certain that employers and the government follow them.  

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Tip Jar (2+ / 0-)
    Recommended by:
    G2geek, Louisiana 1976

    Lewis Maltby President, National Workrights Institute

    by Lewis Maltby on Thu Apr 14, 2011 at 07:52:38 PM PDT

  •  it's all about POLICY. (1+ / 0-)
    Recommended by:
    Zydekos

    Bottom line is, biometric data are like very long userIDs you can't change.  Even when combined with passwords, the result is no better: it still has the risks & vulnerabilities of a large userID you can't change.

    Proposals to "store it in a card, never in a database" are absurd: if it's not stored in a database somewhere, there's no way to verify what's on the card.   And if it's stored in databases anywhere, the sloppy standards of managers and others who have no clue about infosec, will lead to those databases getting compromised.  

    There is no substitute for a changeable userID plus mandatory strong password, for every piece of identification.  And there is no substitute for forbidding the linkage of multiple sets of identity devices to a single unique identifier for each person.  And there is no substitute for forbidding the creation of a single unique identifier for each person.

    Bottom line is, this was not a problem "back in the day" when each of your accounts (bank, employer, social security, local department store credit card, etc.) was separate and distinct, and each of your gov identity documents (driver's license, passport, university ID, military ID) was a separate and distinct document, and the social security number was not a de-facto national ID.  

    The only real thing that's changed since that time has been the linkage of those disparate items into enormous dossiers on each and every person.   That is not an "inevitable" outcome of networked computers any more than poison gas attacks on subways are an "inevitable" outcome of home hobbyist chemistry sets.  

    The linkage of databases is not the result of the existence of technology, it's the result of POLICY.   Deliberate policy on the part of corporate and government entities.  Policy driven by laziness, by stupidity, by unqualified people in positions of authority, and by the overweening greed to squeeze every possible penny out of people.  Policy that, like any other, can be changed.  

    So change the damn policy and let's get on with it.  

    •  If they want my ID (0+ / 0-)

      They'll have to spoof my ID card, passcode, fingerprints, and iris scan.  If they can do all that, they have my blessing to be run down by a 747.

      I've upped my standards. Now up yours.- Pat Paulson -5.13/-3.38

      by Grannus on Fri Apr 15, 2011 at 02:55:26 AM PDT

      [ Parent ]

    •  It's not entirely about policy (0+ / 0-)

      That's true, biometrics is a user ID you can't change.  That creates big risks, including identity theft on a huge scale and some scary privacy issues.

      But the risks are much less if the guidelines are followed.  It
      is possible to avoid using databases.  If the biometric is on a card, the image on the card can be compared to the live image.  If they match, you get in.

      The serous risks arise in situations in which an ID card is impractical.  One can make a good case that in these situations, we just shouldn't use biometrics.

      The other complicating factor is that no other form of ID is as secure as an iris scan or other biometric (not including fingerprints, which can be copied).  If we're talking about the rare situation where the wrong person getting access is a disaster like Fukushima, it's something to think about.

                                    Lew Maltby

      Lewis Maltby President, National Workrights Institute

      by Lewis Maltby on Tue Apr 19, 2011 at 09:23:47 AM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site