cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Scan everything with no policy

Oh, good.  Orlando International Airport, busiest in Florida, is going to require a face scan of all passengers arriving and departing.

 

And there are no formal rules for how to handle all that data.

 

I am reminded of way back when UPS first added those digitized signature pads to all their deliveries.  Collected all those signatures.  (And, of course, linked them to names, addresses, phone numbers, etc.)  Those few of us in security and privacy at the time raised a bit of a ruckus (well, couldn't be that big, since there were so few of us) about it, and the possibility of UPS deciding to sell that database.  UPS said they would never consider invading privacy by selling that database.

 

I think it was five years later they put the database up for sale.

 

(To this day, nobody with those signature pads has a scan of my actual signature.  They have a grand collection of doodles and scribbles.  One person objected, once, and I told her to print something out if she needed an actual signature.  She didn't bother.  But I digress ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
3 Replies
DAlexander
Newcomer III

That's great to hear others contribute their doodles and scribbles to the repository of "signatures."  I bet there is quite a bit of quality abstract art specimens in that database.  I personally try my best to incorporate some sort of stick figure into every one of my digital signatures. 

Flyslinger2
Community Champion

Signatures:

 

Facial -  the tech is way to slow and faulty.  Only the lemmings will comply.  Lawyers should quickly tear this one apart.  

 

Hand writing - I purposefully have three signatures.  My primary signature for legal documents is designed so that it always goes through text. If it takes making the first character of my first name 4 inches tall I can make that happen.  Try to forge a signature when text is encapsulated in it.

 

My second are my initials in cursive with a circle around it. I use this for all financial transactions-credit card, terminals, iphones with payment dongles, etc.  This is to separate my legal signature from transactional.  It may not stand up in a court of law but it's enough evidence to show in case of fraud.

 

My third is for delivery companies, dry cleaner, etc. where I am receiving merchandise.  I just draw a straight line parallel to the signature line.  The operator only checks to see if the "o.k." button was pressed and that's the end of it.

 

I'm sure there is some crafty lawyer out there that could/would argue that all three are legal because I have used all three in "legal transactions" during the course of commerce.  That's fine. My smart lawyer can also differentiate the purpose and execution of that signature.

Chuxing
Community Champion

For the same reason, I am a 'conscientious objector' for using biometrics as a security measure. I can change 'what I know' and 'what I have', but I cannot change 'who I am'. 

 

I trust the technology, somewhat. But I do not trust a bit the data safe-keeping and data retention policies and procedures. 

 

Once the biometrics data is breached, you are screwed for life, well, unless someday there's a way to remake your finger-prints or iris patterns, or even better, your DNA signatures, ...

 

On that note, cheers, or not...

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP