Biometric Fingerprinting - Pag Talk

[oldmanxfella]

But that aside, the claim was that parents should approve these changes, not the board of ed or any other committee, the rant was that every parent should be consulted and give approval.

 

Well legally the kids don't have the capacity to consent to how their data is held so as their legal guardians what is your problem with the parents having to consent?

 

If it was an adult having to sign up and give a thumbprint for a library card that's his choice I have no problems with that. But under 18's cannot give their consent and will do whatever their teacher says so in this case I think its entirely right that the parents make the decision and that the BOE sets a framework to ensure this consent is obtained.

[Cronky]

If it was an adult having to sign up and give a thumbprint for a library card that's his choice I have no problems with that.

 

There would, of course, be a problem if signing up to the thumbprint scanner was a condition of joining the library.

 

Where biometrics are used there has to be an opt out.

[Slim]

Where biometrics are used there has to be an opt out.

 

What's your opt out for your signature to open a bank account Cronky?

 

The opt out for nut jobs should be to join another libray.

[oldmanxfella]

The opt out for nut jobs should be to join another libray.

 

Oh for christs sake the people concerned about this are not nutjobs. They are people who just want to protect their rights to privacy, and to ensure that any data given is handled properly and securely. That's not being nuts that is being entirely rational. If fact those who have this unserving almost religious belief that technology holds the answers to all lifes problems - they're the bloody nutjobs - because they implement this stuff without a second thought to what might happen 20 years down the line.

 

I have in the past been the victim of identity fraud and I don't think that the data that is being created by our surveliance culture is heathy and its too easy for the wrong elements to get their hands on it. Just this evening you have some complete dick in the UK government who lost 20m social security and benefit records including names, addressess, NI numbers, bank details etc. Looking at the data held its entirely possible that it could be used for fraudulent purposes, and add the finger prints into the mix and you have some very potent information that could be widely abused.

[Slim]

Please explain the scenario where a thumbprint scanner in a school library results in identity theft.

[Tweek]

My concerns all revolve around data security. Those fears were reaffirmed today, when the details of all families in the UK with a child under 16 went missing. I think we place too much reliance on technology.

[Albert Tatlock]

My concerns all revolve around data security. Those fears were reaffirmed today, when the details of all families in the UK with a child under 16 went missing. I think we place too much reliance on technology.

The details were of 25 million people in total, including bank details.

[slinkydevil]

I think we place too much reliance on technology.

 

What do you suggest?

 

 

[Tweek]

I think we place too much reliance on technology.

What do you suggest?

I meant in terms of too many people having access to information, poor information management policies and the general government belief that information collection by the government will sort out all of the ills of the country such as terrorism. Regardless of who actually did it, today the government of the UK released the personal details and in many cases the bank details of 25 million people.

 

In the health service for example, 300000 people have access to other peoples health records. Imagine what a criminal could do with the names and bank details of 25 million people. Imagine what a criminal could do with the finger prints or iris scans of 5000 people if he got into the proposed national identity card register.

 

If people don't think this can happen, then I think they are deluding themselves and todays release of information shows what can happen by mistake, never mind through a deliberate act.

[Albert Tatlock]

I think we place too much reliance on technology.

What do you suggest?

I meant in terms of too many people having access to information, poor information management policies and the general government belief that information collection by the government will sort out all of the ills of the country such as terrorism. Regardless of who actually did it, today the government of the UK released the personal details and in many cases the bank details of 25 million people.

 

In the health service for example, 300000 people have access to other peoples health records. Imagine what a criminal could do with the names and bank details of 25 million people. Imagine what a criminal could do with the finger prints or iris scans of 5000 people if he got into the proposed national identity card register.

 

If people don't think this can happen, then I think they are deluding themselves and todays release of information shows what can happen by mistake, never mind through a deliberate act.

Damn right...and this latest fiasco is just what we know about. For every very public cock-up, there has to be tens of hidden/hushed cock-ups.

[ai_Droid]

My concerns all revolve around data security. Those fears were reaffirmed today, when the details of all families in the UK with a child under 16 went missing. I think we place too much reliance on technology.

 

Yes, this is a fuckup, but it underlines the need for stronger data security rather than discarding the use of databases alltogether.

 

As for data security with these thumbprint scanners, there's continuing misunderstandings about this. Here's a quick refresher on hashing...

 

This forum does not know your password.

 

When you created your account on this forum, all your details were stored as you typed them to the database, with the exception of your password. Your password was hashed with a one way encryption. It cannot be decrypted back into your original password, ever. The board administrators cannot see your password. This is because people are a bit daft and use the same password multiple times, so it's protected even from the software that accepts it.

 

How do you log on?

 

When you type your password in, it's hashed again, and compared with the result of the first hash when you created your account. If they match, you get in.

 

Fingerprint scanners use the same technology. A fingerprint can't be recreated from a scanner, the fingerprint is never stored anyway, a description of the fingerprint is stored using some of the data, and then hashed.

 

You couldn't steal the fingerprint from a school library system, because there's no fingerprint there to steal. It's a hash of a description, nothing more.

 

People are scared because of the term 'biometric' which makes them think of all sorts of evil for some reason, and because fingerprinting is connected with criminals, but fingerprinting criminals is a very different process, there the full fingerprint is captured, from every finger and stored for comparrison.

[Dodger]

My concerns all revolve around data security. Those fears were reaffirmed today, when the details of all families in the UK with a child under 16 went missing. I think we place too much reliance on technology.

 

Yes, this is a fuckup, but it underlines the need for stronger data security rather than discarding the use of databases alltogether.

 

As for data security with these thumbprint scanners, there's continuing misunderstandings about this. Here's a quick refresher on hashing...

 

This forum does not know your password.

 

When you created your account on this forum, all your details were stored as you typed them to the database, with the exception of your password. Your password was hashed with a one way encryption. It cannot be decrypted back into your original password, ever. The board administrators cannot see your password. This is because people are a bit daft and use the same password multiple times, so it's protected even from the software that accepts it.

 

How do you log on?

 

When you type your password in, it's hashed again, and compared with the result of the first hash when you created your account. If they match, you get in.

 

Fingerprint scanners use the same technology. A fingerprint can't be recreated from a scanner, the fingerprint is never stored anyway, a description of the fingerprint is stored using some of the data, and then hashed.

 

You couldn't steal the fingerprint from a school library system, because there's no fingerprint there to steal. It's a hash of a description, nothing more.

 

People are scared because of the term 'biometric' which makes them think of all sorts of evil for some reason, and because fingerprinting is connected with criminals, but fingerprinting criminals is a very different process, there the full fingerprint is captured, from every finger and stored for comparrison.

 

It isn't that the thumbprint is stored, it is that the "hash of a description" is stored as a unique number, which would be the same unique number with the same software in another computer. It can be used to check the person's identity by the police or by any other person/department with access to the data on the system. You could have this unique number lost, stolen or duplicated which is linked to other data on the system, like your name and address!

 

The fact that it isn't necessary for primary schools means that it shouldn't be used and therefore potentially abused!

 

In the very near future your full spread of fingerprints will be collected and referenced on your passport! Iris scans will be next! When will DNA collection become the norm? Collected at birth when the baby is being checked for blood group etc.......

[ai_Droid]

It isn't that the thumbprint is stored, it is that the "hash of a description" is stored as a unique number, which would be the same unique number with the same software in another computer. It can be used to check the person's identity by the police or by any other person/department with access to the data on the system. You could have this unique number lost, stolen or duplicated which is linked to other data on the system, like your name and address!

 

No, you couldn't. It's a hash you see, you need the original to re-create it. You can't steal a hash. This is crucial to your misunderstanding.

 

The fact that it isn't necessary for primary schools means that it shouldn't be used and therefore potentially abused!

 

You've yet to give me a valid example of potential abuse. If you're so dim as to think we should only introduce things that are neccessary and ignore things that are simply improvements, then you should really go back and live in your cave.

 

In the very near future your full spread of fingerprints will be collected and referenced on your passport! Iris scans will be next! When will DNA collection become the norm? Collected at birth when the baby is being checked for blood group etc.......

 

Will be? You say it as if it's a certainty, as if these things are connected and assured. This is the crux of your blatent ill-informed fantasy scaremongering, laid out in full.

[Tweek]

My concerns all revolve around data security. Those fears were reaffirmed today, when the details of all families in the UK with a child under 16 went missing. I think we place too much reliance on technology.

 

Yes, this is a fuckup, but it underlines the need for stronger data security rather than discarding the use of databases alltogether.

 

As for data security with these thumbprint scanners, there's continuing misunderstandings about this. Here's a quick refresher on hashing...

 

This forum does not know your password.

 

When you created your account on this forum, all your details were stored as you typed them to the database, with the exception of your password. Your password was hashed with a one way encryption. It cannot be decrypted back into your original password, ever. The board administrators cannot see your password. This is because people are a bit daft and use the same password multiple times, so it's protected even from the software that accepts it.

 

How do you log on?

 

When you type your password in, it's hashed again, and compared with the result of the first hash when you created your account. If they match, you get in.

 

Fingerprint scanners use the same technology. A fingerprint can't be recreated from a scanner, the fingerprint is never stored anyway, a description of the fingerprint is stored using some of the data, and then hashed.

 

You couldn't steal the fingerprint from a school library system, because there's no fingerprint there to steal. It's a hash of a description, nothing more.

 

People are scared because of the term 'biometric' which makes them think of all sorts of evil for some reason, and because fingerprinting is connected with criminals, but fingerprinting criminals is a very different process, there the full fingerprint is captured, from every finger and stored for comparrison.

I know this topic is about biometric fingerprinting, but you have highlighted two major points that are of concern to me, involving stronger data control and what this could mean for a National Identity card system.

 

The first point is that all of the underlying base data for the national biometric ID card system will be stored on a civil service computer database somewhere. In the case of biometric thumbprints these have to be compared to something, and even though that base data itself may eventually get hashed, it has to be collected and go into the system in some raw format, plus at various stages the data has to presented in plain English for analysis by people (otherwise whats the point of the system)? Encryption will only be part of a chain of civil service events. Linked to all sorts of other civil service computers and data the potential for other disasterous downloads (either deliberate or by mistake) remain significant in my mind.

 

The second point is (I understand what you are saying about hashing) you said my password "cannot be decrypted back into your original password, ever". I don't see how this can be the case, because if someone were to get to know or gain access to the mathematical formula involved I can't see why it cannot then be decrypted. I agree the chances of hacking the password by chance would be low, but access to the mathematics would make the chances of decryption high or even a certainty. Everything that is decrypted can be decrypted if you have access to the encryption key.

 

There have been cases where criminals have emulated technologies like chip and pin, where they have been able to scan, read and copy encrypted card details. You only need a couple of insiders in any system to gain knowledge and access to the system to be able to come up with a workaround. Someone working for the civil service with access to raw data, alongside someone working for the civil service with access to the scanning technology could between them produce fake ID cards. When related to other records such as released or stolen bank details etc these ID cards would soon seem legitimate.

 

Considering computers have now been around many years, if they cannot get the storage and control of such basic data as the 25 million records released this month sorted out, do you really have confidence in the UK government to manage a national identity register securely? Put another way, if your bank kept releasing your records accidently and the government said you could not change banks and had to put up with their incompetence or face a fine or imprisonment, would you be so willing to hand over your data to them without a fight?

[Cambon]

Yes, this is a fuckup, but it underlines the need for stronger data security rather than discarding the use of databases alltogether.

 

As for data security with these thumbprint scanners, there's continuing misunderstandings about this. Here's a quick refresher on hashing...

 

This forum does not know your password.

 

When you created your account on this forum, all your details were stored as you typed them to the database, with the exception of your password. Your password was hashed with a one way encryption. It cannot be decrypted back into your original password, ever. The board administrators cannot see your password. This is because people are a bit daft and use the same password multiple times, so it's protected even from the software that accepts it.

 

How do you log on?

 

When you type your password in, it's hashed again, and compared with the result of the first hash when you created your account. If they match, you get in.

 

Fingerprint scanners use the same technology. A fingerprint can't be recreated from a scanner, the fingerprint is never stored anyway, a description of the fingerprint is stored using some of the data, and then hashed.

 

You couldn't steal the fingerprint from a school library system, because there's no fingerprint there to steal. It's a hash of a description, nothing more.

 

People are scared because of the term 'biometric' which makes them think of all sorts of evil for some reason, and because fingerprinting is connected with criminals, but fingerprinting criminals is a very different process, there the full fingerprint is captured, from every finger and stored for comparrison.

 

If something can be encrypted, it can be restored to a good replication of it's original form. In fact you called me a total idiot on the last thread I replied to because I disagreed with that.

 

Make your mind up