Brown fingerprints wanted as Phorm bungles again
Read on, dear techie nerds...
Phorm is on its usual form, and this week blithely admitted to editing its own Wikipedia article to remove damaging but factual information. Called out on breaking Wikipedia's policy on conflicts of interest, Phorm said it wasn't aware of the policy. You were cynical, as always:
All this "correcting" of articles has given me an idea for a website.
You control articles written about you.
Tag line: it's a bit like facebook except it pretends to be an encyclopedia.
That's just taking the mickey, Bill.
They are, pretty much, screwed.
They're in the public eye in a bad ligh with a bad product that no one wants apart from the ISPs, though even they are now all backing away nervously.
If they'd been open and honest from the start they might have had some shred of credibility, but they don't. Editing their Wiki article like this was a stupid move in my opinion.
I never, ever, EVER thought I would say this, but, I'm a big man and I can do it, without even wincing.
Well Done Wikipedia - preventing Phorm's attempted manipulation of their entry to cloud the facts and silence their critics is credit to the ideals by which Wikipedia is supposed to work.
I feel dirty, now...
I guess it really just highlights just how technically savvy the Phorm clowns are, that they thought they would be able to get away with this unnoticed.
Will anyone at BT et al now ponder if this glaring lack of technical acumen might perhaps be a sign that the company isn't capable of being trusted with their customers private data after all? Perhaps not.
I know El Reg readers don't have the best opinion of Wikipedia. But I think we can all agree that this wasn't just underhand, it was idiotic. About as subtle as swanning into the Guardian's office and trying to edit a hack's article on your company using their computer. While they're still sitting at it.
You can influence a Wikipedia article one way or the other, especially positively. Rather than one, giant, anonymous whitewash, you do slight, gradual changes, explained in great tedious detail on the talk page, all of it couched in the language and jargon they feel comfortable with, and if you can't out-bore the other editors (admittedly a difficult task) then resort to the myriad Byzantine conflict-resolution processes. All of them, one by one. I won't go into more detail because I'm not doing their PR monkeys' work for free. If Phorm wants a whitewashed article, then they can sack whichever incompetent made the cackhanded first attempt and pay me £6,000 an hour in consultancy fees to get it done (I doubt I'm asking for much more than Citigate and the rest are getting for their conspicuous epic failure.) I'll also need enough crack and hoes during the negotiation process to annihilate my soul, of course, but that won't take long.
Anonymous because I don't want to give the game away to Wikipedians and it's not like BT can't dip into my traffic to find out who I am.
Hot on the heels of a hacker club publishing the German interior minister's fingerprint, No2ID and Privacy International are offering a £1,000 reward for the fingerprints of prime minister Gordon Brown and home secretary Jacqui Smith. The groups plan to make the prints publicly available.
I wonder if it is indeed lawful to do this? I know the american tv shows get around the finger print issue of needing a warrant by just getting the suspect to touch something "public" like a glass or door knob or something else. Anyone care to comment on how UK law treats this?
Well done for coming up with the scheme to get these fingerprints. Infact I think the scheme should be rolled out to the entire government and let "US" - the common people who the government works for - police them for a change.
Thumbs up - because I would really like Smith's and Brown's thumb prints.
Is this another reason why old gordy wouldn't touch that olympic torch yesterday?
Similarly, if we could get a copy of their facial biometric we could demonstrate how we could use the data to fool facial biometric matching systems (such as humans) into thinking either Brown or Smith were present. Or maybe their signature, if we could get a copy of their signature we could pretend to sign cheques, documents etc and fool signature checking systems (such as humans) into thinking they were genuine!
Revocation isn't really the issue with biometrics - it's determining to a reasonable level of probability that the actual source of the biometric data is present when the biometric sample is recorded (using a camera, sensor etc). For example, when you present a photo ID to a person, that person not only checks whether you match the ID but implicitly that you're not wearing a mask, have a photo stuck over your face, and are not a corpse being held up by someone else*. If someone successfully underwent plastic surgery to look like you you would be unlikely to modify your face to revoke the biometric! The key is to develop automated systems that cannot be fooled by masks, photos etc, and this applies to other biometrics such as fingerprints and irises. Unfortunately most fingerprint sensors do not have this capability and rely on human supervision for such checks (e.g. inspecting someone's fingers before putting them on a scanner) - though there are some scanners that do - such as multispectral scanners.
Also, if your biometric is associated with a second factor - and can only be used in conjunction with that second factor (except perhaps for low value transactions) then you can always revoke that factor - just as you would in the past if someone stole your credit card and successfully forged your signature.
In my view if systems are securely implemented and the application of biometric technology done in a way that considers the risks of "spoofing" and includes appropriate countermeasures, there's little to worry about. On the other hand, I guess that's a lot to worry about :). What bothers me is how emotional people are when it comes to their fingerprints being "captured" compared with other biometrics such as face and signature. No doubt it's from long association with law enforcement.
*interestingly research has shown that humans comparing two faces they don't know to determine whether they are the same person perform less well than computer face matching algorithms.
Copyright your fingerprint. It should be unique to you and it does belong to you. You can then sue for unauthorised duplication and reproduction of your copyrighted image.
I have some brown envelopes with lots of MPs fingerprints on them. Any good?
Also, I can't wait til they ask for a DNA sample to prove who you are. I'm up for that anytime :)
There you are at the bank at lunch break, you get to the cashier and then you have to make a withdrawal for your withdrawal. I suppose they could ask for blood....but the bastards already have all of mine....
Everywhere these two politicians go they are surrounded by a phalanx of security people and special protection officers to ensure that that they are not inconvenienced by the attentions of a grateful electorate strewing carpets of rose petals in their path. It's tough at the top and that is why we are only too pleased to supplement their already generous salaries with expense accounts that cover job-related costs such as TV licences, mortgage payments, food, taxis and hi-fi systems. Hey, just kidding, guys.
The problem for NO2ID is that having unleashed the bounty hunters they must now deliver the goods, otherwise B&S will spin their usual load of hypocritical BS about the integrity of government database systems and 'nothing to hide, nothing to fear'.
The Home Secretary is on record as saying that she is afraid to walk the streets of London after dark. Perhaps the lady could wrap herself in one of those frightfully secure distributed databases that she ignorantly prescribes for the rest of us. Come to think of it, Jacqui & Gordon could pre-empt this whole mess by publishing their fingerprints on a public website. That would teach those bolshie bastards over at NO2ID a thing or two.
There is an obvious reason for Fingerprints and DNA biometrics to be more emotive than facial and signature based biometrics. And you almost caught that at the end of your post in mentioning the connection with law enforcement. The problem with both fingerprint and DNA evidence is that they are used for law enforcement. Take the example of the fake fingerprint of the German Interior Minister from last week. Now that is available, how hard would it be for a criminal to plant fake fingerprints at a crime scene. 10 years ago that was unlikely to be a problem if you were a law abiding citizen, since in the absence of a conviction your fingerprints and DNA would never be on a database. Now, the Police can arrest you on a whim and get your fingerprints and DNA on a database, increasing the chance for criminals to get away with biometric evidence planting. If the Government had a full database of all citizens, it would be even easier. As a poster on another article said, what's stopping a criminal from collecting a load of used fag buts from outside a pub and throwing them away at scenes of crimes? Similarly, when the first big theft of data from the government database occurs, what's stopping people making casts of fingerprints and leaving them at crime scenes?
Essentially, a population wide biometric database, especially one that is open enough to allow it to be used for authentication for a wide variety of services (ie currently proposed ID cards), has an obvious law enforcement risk. Firstly, there would be a number of miscarriages of justice as incorrect/planted biometric evidence is used to gain convictions in lots of cases. Then as the miscarriages come to light, suddenly fingerprints and DNA become a whole lot less useful in law enforcement than they were before the scheme.