cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

US nationwide, privately owned biometrics system

Sorry, but Americans are weird.

 

If the US government were to start to implement a nationwide biometrics system, citizens would be in the streets with torches and pitchforks.

 

But a private company?  Better yet, two private companies?  With no regulations on how they might sell or use this data?  With no regulations about how they might store and protect this data?  (And remember, biometrics are the ultimate static password.)

 

That's just fine ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
6 Replies
CraginS
Defender I

Seems to be another example of tech-focused profit-driven decisions "because we can" without any reasonable consideration of "whether we should."

This sad condition is clearly not limited to Americans. I note recent news items of companies building and selling sex-dolls configured to look like real, live people, without notifying or getting permission of the "models," as well as the skeevier line of such dolls looking like children.  

 

Heck, even the burgeoning range of privacy intrusion evidenced at Facebook fits into the same "because we can" schema.

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
CISOScott
Community Champion

To further add to the problem, wouldn't DNA be the ultimate biometric? Sure it's a bit messy, swab your mouth or deposit a drop of blood from your finger and insert the swab into the slot.....Supposedly no one else in the world has your DNA, well except for the companies that you PAY to send it in to......

CraginS
Defender I

 


@CISOScott wrote:

To further add to the problem, wouldn't DNA be the ultimate biometric? Sure it's a bit messy, swab your mouth or deposit a drop of blood from your finger and insert the swab into the slot.....Supposedly no one else in the world has your DNA, well except for the companies that you PAY to send it in to......


Not really.

DNA identification is a matter of complete laboratory analysis of the DNA. Familial linking, somewhat different from DNA identification, uses selected alleles of the analyzed DNA samples. Biometrics, on the other hand, depend on algorithmic summaries of defined measurements with a specified set and minimum number of data points derived from the biological observation. This is true whether using fingerprints, facial recognition, walking gait analysis, voice analysis, iris or pupil analysis, or any other that may be in use. In all of those cases, the algorithms define what measurements to take, such as pupil-to-pupil distance in facial recognition, how many of the measurements are needed (usually configuration), and range of allowable error in the matching of each measurement. 

 

On a lighter note, consider the image of a user spitting on a computer or lock to obtain access based on a (today non-existent) rapid DNA analysis.

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Shannon
Community Champion


@CraginS wrote:

 

On a lighter note, consider the image of a user spitting on a computer or lock to obtain access based on a (today non-existent) rapid DNA analysis.

 

Man LOL  Man LOL  There's Invasive and Non-invasive, but this would deserve its own category --- Repulsive.   Man Wink

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
DAlexander
Newcomer III

@CraginS, your lighter note invokes memories of a not-to-be-named customer base I used to work IT for who I likened to chimpanzees banging on their keyboards and licking their monitors.

 

I know I'm not alone on this one...

denbesten
Community Champion

I think of biometrics as more of an identifier than an authenticator.