Feeds

Brown fingerprints wanted as Phorm bungles again

Read on, dear techie nerds...

  • alert
  • submit to reddit

Security for virtualized datacentres

Phorm is on its usual form, and this week blithely admitted to editing its own Wikipedia article to remove damaging but factual information. Called out on breaking Wikipedia's policy on conflicts of interest, Phorm said it wasn't aware of the policy. You were cynical, as always:

All this "correcting" of articles has given me an idea for a website.

Mikipedia:

You control articles written about you.

Tag line: it's a bit like facebook except it pretends to be an encyclopedia.

Bill Fresher

That's just taking the mickey, Bill.


They are, pretty much, screwed.

They're in the public eye in a bad ligh with a bad product that no one wants apart from the ISPs, though even they are now all backing away nervously.

If they'd been open and honest from the start they might have had some shred of credibility, but they don't. Editing their Wiki article like this was a stupid move in my opinion.

Tim


I never, ever, EVER thought I would say this, but, I'm a big man and I can do it, without even wincing.

****************

Well Done Wikipedia - preventing Phorm's attempted manipulation of their entry to cloud the facts and silence their critics is credit to the ideals by which Wikipedia is supposed to work.

****************

I feel dirty, now...

Mike Crawshaw


I guess it really just highlights just how technically savvy the Phorm clowns are, that they thought they would be able to get away with this unnoticed.

Will anyone at BT et al now ponder if this glaring lack of technical acumen might perhaps be a sign that the company isn't capable of being trusted with their customers private data after all? Perhaps not.

Ivor


I know El Reg readers don't have the best opinion of Wikipedia. But I think we can all agree that this wasn't just underhand, it was idiotic. About as subtle as swanning into the Guardian's office and trying to edit a hack's article on your company using their computer. While they're still sitting at it.

You can influence a Wikipedia article one way or the other, especially positively. Rather than one, giant, anonymous whitewash, you do slight, gradual changes, explained in great tedious detail on the talk page, all of it couched in the language and jargon they feel comfortable with, and if you can't out-bore the other editors (admittedly a difficult task) then resort to the myriad Byzantine conflict-resolution processes. All of them, one by one. I won't go into more detail because I'm not doing their PR monkeys' work for free. If Phorm wants a whitewashed article, then they can sack whichever incompetent made the cackhanded first attempt and pay me £6,000 an hour in consultancy fees to get it done (I doubt I'm asking for much more than Citigate and the rest are getting for their conspicuous epic failure.) I'll also need enough crack and hoes during the negotiation process to annihilate my soul, of course, but that won't take long.

Anonymous because I don't want to give the game away to Wikipedians and it's not like BT can't dip into my traffic to find out who I am.

Anonymous Coward


Hot on the heels of a hacker club publishing the German interior minister's fingerprint, No2ID and Privacy International are offering a £1,000 reward for the fingerprints of prime minister Gordon Brown and home secretary Jacqui Smith. The groups plan to make the prints publicly available.

I wonder if it is indeed lawful to do this? I know the american tv shows get around the finger print issue of needing a warrant by just getting the suspect to touch something "public" like a glass or door knob or something else. Anyone care to comment on how UK law treats this?

Well done for coming up with the scheme to get these fingerprints. Infact I think the scheme should be rolled out to the entire government and let "US" - the common people who the government works for - police them for a change.

Thumbs up - because I would really like Smith's and Brown's thumb prints.

brimful


Is this another reason why old gordy wouldn't touch that olympic torch yesterday?

resigned2myfate


Similarly, if we could get a copy of their facial biometric we could demonstrate how we could use the data to fool facial biometric matching systems (such as humans) into thinking either Brown or Smith were present. Or maybe their signature, if we could get a copy of their signature we could pretend to sign cheques, documents etc and fool signature checking systems (such as humans) into thinking they were genuine!

Er...

Revocation isn't really the issue with biometrics - it's determining to a reasonable level of probability that the actual source of the biometric data is present when the biometric sample is recorded (using a camera, sensor etc). For example, when you present a photo ID to a person, that person not only checks whether you match the ID but implicitly that you're not wearing a mask, have a photo stuck over your face, and are not a corpse being held up by someone else*. If someone successfully underwent plastic surgery to look like you you would be unlikely to modify your face to revoke the biometric! The key is to develop automated systems that cannot be fooled by masks, photos etc, and this applies to other biometrics such as fingerprints and irises. Unfortunately most fingerprint sensors do not have this capability and rely on human supervision for such checks (e.g. inspecting someone's fingers before putting them on a scanner) - though there are some scanners that do - such as multispectral scanners.

Also, if your biometric is associated with a second factor - and can only be used in conjunction with that second factor (except perhaps for low value transactions) then you can always revoke that factor - just as you would in the past if someone stole your credit card and successfully forged your signature.

In my view if systems are securely implemented and the application of biometric technology done in a way that considers the risks of "spoofing" and includes appropriate countermeasures, there's little to worry about. On the other hand, I guess that's a lot to worry about :). What bothers me is how emotional people are when it comes to their fingerprints being "captured" compared with other biometrics such as face and signature. No doubt it's from long association with law enforcement.

*interestingly research has shown that humans comparing two faces they don't know to determine whether they are the same person perform less well than computer face matching algorithms.

Anonymous Coward


Copyright your fingerprint. It should be unique to you and it does belong to you. You can then sue for unauthorised duplication and reproduction of your copyrighted image.

Giles Jones


I have some brown envelopes with lots of MPs fingerprints on them. Any good?

Also, I can't wait til they ask for a DNA sample to prove who you are. I'm up for that anytime :)

There you are at the bank at lunch break, you get to the cashier and then you have to make a withdrawal for your withdrawal. I suppose they could ask for blood....but the bastards already have all of mine....

Doug


Everywhere these two politicians go they are surrounded by a phalanx of security people and special protection officers to ensure that that they are not inconvenienced by the attentions of a grateful electorate strewing carpets of rose petals in their path. It's tough at the top and that is why we are only too pleased to supplement their already generous salaries with expense accounts that cover job-related costs such as TV licences, mortgage payments, food, taxis and hi-fi systems. Hey, just kidding, guys.

The problem for NO2ID is that having unleashed the bounty hunters they must now deliver the goods, otherwise B&S will spin their usual load of hypocritical BS about the integrity of government database systems and 'nothing to hide, nothing to fear'.

The Home Secretary is on record as saying that she is afraid to walk the streets of London after dark. Perhaps the lady could wrap herself in one of those frightfully secure distributed databases that she ignorantly prescribes for the rest of us. Come to think of it, Jacqui & Gordon could pre-empt this whole mess by publishing their fingerprints on a public website. That would teach those bolshie bastards over at NO2ID a thing or two.

Jimmy


There is an obvious reason for Fingerprints and DNA biometrics to be more emotive than facial and signature based biometrics. And you almost caught that at the end of your post in mentioning the connection with law enforcement. The problem with both fingerprint and DNA evidence is that they are used for law enforcement. Take the example of the fake fingerprint of the German Interior Minister from last week. Now that is available, how hard would it be for a criminal to plant fake fingerprints at a crime scene. 10 years ago that was unlikely to be a problem if you were a law abiding citizen, since in the absence of a conviction your fingerprints and DNA would never be on a database. Now, the Police can arrest you on a whim and get your fingerprints and DNA on a database, increasing the chance for criminals to get away with biometric evidence planting. If the Government had a full database of all citizens, it would be even easier. As a poster on another article said, what's stopping a criminal from collecting a load of used fag buts from outside a pub and throwing them away at scenes of crimes? Similarly, when the first big theft of data from the government database occurs, what's stopping people making casts of fingerprints and leaving them at crime scenes?

Essentially, a population wide biometric database, especially one that is open enough to allow it to be used for authentication for a wide variety of services (ie currently proposed ID cards), has an obvious law enforcement risk. Firstly, there would be a number of miscarriages of justice as incorrect/planted biometric evidence is used to gain convictions in lots of cases. Then as the miscarriages come to light, suddenly fingerprints and DNA become a whole lot less useful in law enforcement than they were before the scheme.

Anonymous Coward

Providing a secure and efficient Helpdesk

More from The Register

next story
Are you a fat boy? Get to university NOW, you PENNILESS SLACKER
Rotund types paid nearly 20% less than people who didn't eat all the pies
Emma Watson should SHUT UP, all this abuse is HER OWN FAULT
... said an anon coward who we really wish hadn't posted on our website
Japan develops robot CHEERLEADERS which RIDE on BALLS
'Will put smiles on faces worldwide', predicts corporate PR chief
Bruges Booze tubes to pump LOVELY BEER underneath city
Belgian booze pumped from underground
Let it go, Steve: Ballmer bans iPads from his LA Clippers b-ball team
Can you imagine the scene? 'Hey guys, it's your new owner – WTF is that on your desk?'
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
Amazon: Wish in one hand, Twit in the other – see which one fills first
#AmazonWishList A year's supply of Arran scotch, ta
Oi, London thief. We KNOW what you're doing - our PRECRIME system warned us
Aye, shipmate, it be just like that Minority Report
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.