Feeds

Fingerprints as ID - good, bad, ugly?

Well, there's an effectiveness:usability trade-off, for starters

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Why are we just talking about fingerprints, aren't there other kinds of biometrics? I'm glad you asked me that. Iris recognition is potentially a simpler recognition job, and the NPR humorously (?) observes that fraudsters tend to be more reluctant to mess with their eyes than their fingerprints (slightly useless factoid: "over 1 in 1,000 fingers are missing or have no fingerprint", but only 1 in 10,000 lack a usable iris for recognition purposes).

There have been no widespread deployments of iris scanning systems, and there are difficulties associated with broad deployment of enrollment and reading systems. Current systems require careful alignment and good lighting conditions, and enrollment systems will be more costly to operate and will have a poorer throughput than for fingerprints. And we can perhaps entertain unworthy thoughts about how the police might best achieve optimum conditions with mobile iris recognition systems after dark - slam suspect up against wall, shine bright light in their eyes...

Facial recognition meanwhile is rejected entirely by the NPL study. It quotes one study as finding a false match rate of 1 in 1,000 with a false non-match rate of 1 in 10, but points out that a longer time lapse between enrollment and check, and less optimum lighting conditions would produce a false non match rate of 6 in 10 at a false match rate of 1 in 1,000. The best you can say is it's not ready for prime time, but it might have an application as a supporting biometric to reduce false matches from the primary one.

NPL's observations about the lower possibility of people trying to falsify their eyeballs does however raise the possibilitiy of fingerprint falsification. David Westcott reminds us about the use of gummy false prints. The feasibility of these means some degree of observation of the hand will be necessary when it's placed on the reader, and that the use of fingerprint recognition in unattended security scenarios is of dubious value.

What about DNA? Pete Austin rightly corrects me for another unwarranted assumption:

Actually, if my DNA is found at the scene of a crime, it only means that my DNA is there. But DNA is easy to aquire. For example, like most people, I don't guard my wheely bin to stop criminals nicking vacuum cleaner dust, much of it hair and skin cells brimming with my DNA, to scatter at any crime scene of their choice.

Quite right, Pete. But as you, the container of the vast majority of your DNA, are likely to be present at an ID check, we don't necessarily need to be talking forensic worries here. They can just watch you, er, leak into a handy receptacle, or something. Kristoffer Winther Sørensen suggests that it actually is currently possible to do on-site DNA fingerprinting:

In the biomedical industri and academia we use a device called a PCR lightcycler to basically copy/clone DNA. As far as I know this technique was developed by the US military to facilitate the identification of possible biological agents used in biological warfare. The device is small enough to be carried on the back of a soldier and costs around $15.000. So I don't think there is a technical problem to "on-site" DNA fingerprinting.

Is there no end to the US Army's specialist hardware collection? Kristoffer however points out that DNA fingerprinting can give rise to false positives, "even if the material is of superb quality."

From memory, the methods used in Denmark will give a positive in 1 out of 100.000 persons. So if all danes were in a DNA register, on average 52 persons (population of 5.2 million) would match a crime-scene DNA-profile. That's a lot of suspects.

And we've had many more emails on the subject. We've skipped the ones saying what David Blunkett is (true, people, but this is established), and we've skipped the one claiming authorship of a system "paying 2.5 million people a month using fingerprint technology." We couldn't help noticing that in the country in question there seems to have been some debate about the effectiveness of this system, so we'll just have to call it 'jury still out.'

Top three mobile application threats

More from The Register

next story
Och aye! It's the Loch Ness Monster – but only Apple fanbois can see it
Fondleslab-friendly beastie's wake spotted... OR WAS IT?
Japanese boffin EYES up big bucks with strap-on digi-glasses
AgencyGlass saddles user with creepy OLED display
Sleuths find nosy NORKS drones on the Chinternet
UAVs likely to have been made in the Middle Kingdom
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Dorian Nakamoto gets $23,000 payout over Bitcoin invention saga
Maintains he didn't create cryptocurrency, but will join community
Pirate Bay's 10 millionth upload: Colour us shocked, a SMUT FLICK
P2P badboys show online piracy is alive and humping
Teen girl arrested with 70-year-old man's four inch weapon inside her
Charged with introducing .22 snubbie to penile facility. It wasn't firing blanks
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.