e-13 Identity 1
If you're worried about privacy and identity theft, imagine this: The scene: Somewhere in Washington. The date: April 3, 2020. You sit steaming while the officer hops off his electric cycle and walks up to the car window. “You realize that you ran that red light again, don't you, Mr. Witherspoon?” It's no surprise that he knows your name; the intersection camera scanned your license plate and your guilty face, and matched both in the DMV data-base. The cop had the full scoop before you rolled to a stop. “I know, I know, but the sun was in my eyes,” you plead as you fumble for your driver's license. “Oh, don't bother with that,” the officer replies, waving off the license while squinting at his hand-held scanner. Of course. Even though the old state licensing system had been revamped back in 2014 into a “secure”national program, the new licenses had been so compromised that the street price of a phony card in Tijuana had plummeted to five euros. In frustration, law enforcement was turning to pure biometrics. “Could you lick this please?” the officer asks, passing you a nanofiber blotter. You comply and then slide the blotter into the palm-sized device he is holding, which reads your DNA and runs a match against a national genomic database maintained by a consortium of drug companies and credit agencies. It also checks half a dozen metabolic fractions looking for everything from drugs and alcohol to lack of sleep. The officer looks at the screen, and frowns, “Okay, I'll let you off with a warning, but you really need more sleep. I also see that your retinal implants are past warranty, and your car tells me that you are six months overdue on its legal inspection. You really need to take care of both or next time it's a ticket.” This creepy scenario is all too plausible. The technologies described are already being developed for industrial and medical applications, and the steadily dropping cost and size of such systems will make them affordable and practical police tools well before 2020. The resulting intrusiveness would make today's system of search warrants and wiretaps quaint anachronisms. Some people find this future alluring and believe that it holds out the promise of using sophisticated ID techniques to catch everyone from careless drivers to bomb-toting terrorists in a biometric dragnet. We have already seen places such as L.A. and Miami ask hundreds or thousands of citizens to submit to DNA mass-testing to catch killers. Biometric devices sensing for SARS symptoms are omnipresent in Asian airports. And the first prototypes of systems that test in real time for SARS, HIV and bird flu have been deployed abroad. The ubiquitous collection and use of biometric information may be inevitable, but the notion that it can deliver reliable, theft-proof evidence of identity is pure science fiction. Consider that oldest of biometric identifiers―fingerprints. Long the exclusive domain of government databases and FBI agents who dust for prints at crime scenes, fingerprints are now being used by electronic print readers on everything from ATMs to laptops. Sticking your finger on a sensor beats having to remember a password or toting an easily lost smart card. But be careful what you touch, because you are leaving your identity behind every time you take a drink. A Japanese cryptographer has demonstrated how, with a bit of gummi bear gelatin, some cyan acrylic glue, a digital camera and a bit of digital fiddling, he can easily capture a print off a glass and confect an artificial finger that foils fingerprint readers with an 80 percent success rate. Frightening as this is, at least the stunt is far less grisly than the tale, perhaps apocryphal, of some South African crooks who snipped the finger off an elderly retiree, rushed her still-warm digit down to a government ATM, stuck it on the print reader and collected the victim's pension payment. (Scanners there now gauge a finger's temperature, too.) Today's biometric advances are the stuff of tomorrow's hackers and clever crooks, and anything that can be detected eventually will be counterfeited. Iris scanners are gaining in popularity in the corporate world, exploiting the fact that human iris patterns are apparently as unique as fingerprints. And unlike prints, iris images aren't left behind every time someone gets a latte at Starbucks. But hide something valuable enough behind a door protected by an iris scanner, and I guarantee that someone will figure out how to capture an iris image and transfer it to a contact lens good enough to fool the readers. And capturing your iris may not even require sticking a digital camera in your face―after all, verification requires that the representation of your iris exist as a cloud of binary bits of data somewhere in cyberspace, open to being hacked, copied, stolen and downloaded. The more complex the system, the greater the likelihood that there are flaws that crooks can exploit.