Archive for October 2009

Civil Society Declaration Amounts to Abandonment of Human Progress

Oct 29th, 2009 | By Innovya follow-up | Category: Articles, Opinions

Posted By Mark Roberti, 10.28.2009

RFID JOURNAL BLOG

The declaration is signed by 68 organizations from around the world. While I agree with the coalition’s goal to assure individuals’ privacy, I’m amazed that the group has such a shallow understanding of the nature of technology and its role in furthering the welfare of the human race. Perhaps it pines for the days when people lived in caves, and no one worried about privacy.

The problem is that these organizations have a bias that some technologies are good and some are bad. They believe the ones they declare to be good should be funded by the government and promoted, while the ones they think are bad should be halted until they can be studied and sufficient safeguards can be put in place.

Technologies are neither good nor evil, however. They are tools that can be used for good or evil. It might seem to make sense to call for a moratorium on technology, but who chooses which technologies we should hold off using until they are studied? Should we have a moratorium on any technology that removes carbon dioxide from the atmosphere, for example? My guess is that the organizations that signed the civil society declaration would say no, because anything that reduces carbon dioxide would reduce global warming and would, thus, be a “good” technology.

Renowned physicist Freeman Dyson, however, argues that more carbon dioxide and warmer climates are actually healthy for plants, because they grow better in such conditions, and that could lead to greater food production and less hunger in the world. He also points out that forcing a massive reduction in carbon emissions would slow global economic growth and hurt the world’s poor.

Even if you disagree with Dyson, the reality is that we don’t know what the result of carbon-reducing technologies would be, any more than we know precisely what the impact of global warming will be. So perhaps we should put a moratorium on efforts to reduce carbon dioxide in the atmosphere until we can conclusively prove that it would be good for the planet. Ridiculous? Of course it is—but no more ridiculous than banning any other technology until we understand its every ramification.

The fact is, enacting a moratorium on technology means ending technological advancement as we know it, because you can’t know the implications of a technology until you deploy it. If we had put a moratorium on the deployment and use of the Internet, would the people who studied it have envisioned the rise of social networking and come up with ways to protect privacy while allowing them to flourish? No, of course not—no one saw the phenomenon of social networking coming. Governments must allow technologies to be deployed and address problems as they arise. If we had done with the Internet what these groups are suggesting for RFID, there would be no Internet today—we’d still be studying its implications—and while there would have been greater privacy in the world, no one can argue the world would be better off.

The declaration’s description of RFID as a “mass surveillance” technology betrays the signatories’ bias. RFID could potentially be used as a surveillance technology, but that is definitely not how most companies are looking to deploy it (unless you consider asset- and inventory-tracking “surveillance”). Perhaps these groups are ignorant of the way RFID is being utilized, but I think there’s more to it than that: The people behind this civil society declaration just aren’t thinking very deeply about the issues.

These groups think privacy is good, and that any technology that could infringe on privacy is bad—and that’s a very simplistic view. Surveillance cameras are being used increasingly by governments around the world, and by retailers to reduce theft. These can be abused. Governments can, for instance, use cameras to track political enemies. But what if cameras bring down the overall crime rate in a troubled urban area, and enjoy the wholehearted support of those who live in that area? Are the cameras bad? Should they be removed, as the coalition suggests, until every possible implication of their use can be fully studied?

What if, heaven forbid, the daughter of one of the people behind the declaration were kidnapped on a street corner, or in the parking lot of a shopping mall? Would that person argue that the police should not review the tapes to see if the kidnapper could be identified, because other people might be identified as well, and that it would infringe on their privacy? If the tapes did reveal the identity of the kidnapper and the girl was rescued, would the signer still argue that there should be a moratorium on such surveillance technologies?

Technology issues are simple when you view them through the prism of your own biases, but the reality is that these issues are far more complex than opponents imagine, and it’s laughable to think a bunch of people can sit around and determine how or when new technologies should be used for the benefit of all mankind (Prometheus, after all, never anticipated that there would be arsonists). Let’s hope, for the good of humanity, that the calls for a moratorium go unanswered.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, visit the RFID Journal Blog or click here.

Posted in Articles, Opinions |

Civil Society Declaration Amounts to Abandonment of Human Progress

Oct 28th, 2009 | By Innovya follow-up | Category: Opinions

Posted By Mark Roberti, 10.28.2009

RFID JOURNAL BLOG

An international civil society coalition has published a declaration,Global Privacy Standards for a Global World, that—among other things—calls for “a moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate.”
The declaration is signed by 68 organizations from around the world. While I agree with the coalition’s goal to assure individuals’ privacy, I’m amazed that the group has such a shallow understanding of the nature of technology and its role in furthering the welfare of the human race. Perhaps it pines for the days when people lived in caves, and no one worried about privacy.

Mark Roberti is the founder and editor of RFID Journal.

Tags: abuse, biometrics, breach laws, human rights, Privacy, RFID-enabled passports
Posted in Opinions |

Study Finds Privacy of Nation`s School Children at Risk

Oct 28th, 2009 | By Innovya follow-up | Category: News

Rubenstein Associates

Peter Pochna, 212-843-8007

ppochna@rubenstein.com

or Fordham Law School

www.fordham.law.edu

Fordham Law Study Determines that State Educational Databases Violate Privacy Rights

NEW YORK–(Business Wire)–

The Center on Law and Information Privacy (CLIP) at Fordham Law School released a study today that found state educational databases across the country ignore key privacy protections for the nation`s K – 12 children. The findings come as Congress is considering legislation that would expand and integrate the 43 existing state databases without taking into account the critical privacy failures in the states` electronic warehouses of children`s information.

CLIP found that sensitive, personalized information related to matters such as teen pregnancies, mental health, and juvenile crime is stored in a manner that violates federal privacy mandates. CLIP reports that at least 32% of states warehouse children`s social security numbers; at least 22% of states record student pregnancies; and at least 46% of the states track mental health,illness, and jail sentences as part of the children`s educational records. Also,almost all states with known programs collect family wealth indicators.

Some states outsource the data processing without any restrictions on use or confidentiality for K- 12 children`s information. Access to this information and the disclosure of personal data may occur for decades and follow children well into their adult lives.

“If these issues are not addressed, the results could be catastrophic from a privacy perspective,” said Joel Reidenberg, a professor at Fordham Law School and the founding director of CLIP. “We don`t question the legitimacy of collecting data for school accountability, but we urge Congress and state officials to take rapid steps to ensure the data is collected and stored properly and used in compliance with established privacy laws and principles.”

CLIP launched the study in 2008 because state departments of education throughout the country had recently established statewide longitudinal databases to track all K-12 students` progress over time. The trend has been accompanied by a movement to create uniform data collection systems so that each state`s student data systems can be interoperable.

Often the flow of information from the local educational agency to the state department of education was not in compliance with the privacy requirements of the Family Educational Rights and Privacy Act. One state, New Jersey, diverts special education Medicaid funding to pay for an out-of-state contractor to warehouse data, including medical test results. Many states do not have clear access and use rules regarding their longitudinal databases and over 80% of states apparently fail to have data-retention policies and, thus, are likely to hold student information indefinitely. Several states, like Montana, outsource the data warehouse without stipulating privacy protections in the vendor contract. Other states, such as Louisiana and Florida, track a long list of disciplinary matters that could remain on students` records indefinitely.

Even so, House Bill 3221, or the Student Aid and Fiscal Responsibility Act, contains a section that calls for the expansion and further integration of these databases without addressing these privacy concerns. A Senate version of the bill is expected to be released from committee shortly.

“The CLIP study meticulously documents the states` disregard for safeguarding children`s most personal data,” said Barmak Nassirian, Associate Executive Director, American Association of Collegiate Registrars and Admissions Officers. “And yet Congress is poised to fund an ill-thought-through expansion of these systems to include data ranging from pre-birth medical information to education, employment, military, and criminal records.”

The study makes several recommendations for increasing the privacy, transparency and accountability of the databases. These include:

1) Data at the state level should be made anonymous through the use of dual-database architectures.

2) Third party processors of educational records should have comprehensive agreements that explicitly address privacy obligations.

3) The collection of information by the state should be minimized and specifically tied to an articulated audit or evaluation purpose.

4) Clear data-retention policies should be instituted and made mandatory.

5) States should have a Chief Privacy Officer in the department of education who assures that privacy protections are implemented for any educational record database and who publicly reports privacy impact assessments for database programs, proposals, and vendor contracts.

The full report is available at http://law.fordham.edu/childrensprivacy.

ABOUT THE CENTER ON LAW AND INFORMATION POLICY: With the increasing societal reliance on information technology and rapidly outdated laws, Fordham recognized an evolution in the regulatory challenges facing the global information-based economy. In response to these changes, the Center on Law and Information Policy (CLIP) was founded in 2005 to be on the cutting edge of scholarship and legal education in the emerging field of information law. Learn more: http://law.fordham.edu/clip.

ABOUT FORDHAM LAW SCHOOL: Fordham Law is a vibrant academic community dedicated equally to scholarship, the craft of lawyering, and public service. A leader in American legal education, Fordham Law has earned widespread acclaim and is one of the 15 most selective schools in the nation, measured in terms of the LSAT scores of its most recent graduating class. With a virtually unrivaled record of graduate placement, Fordham Law is one of the top seven law schools measured in

terms of graduates working at the top 25 law firms in the country. The

school-located across the street from Lincoln Center in Manhattan-is only blocks away from Central Park, Times Square, and many of New York City`s most interesting neighborhoods. Learn more: law.fordham.edu.

ABOUT FORDHAM UNIVERSITY: Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to approximately 14,700 students in its four undergraduate colleges and its six graduate and professional schools. It has residential campuses in the Bronx and Manhattan, a campus in Westchester, and the Louis Calder Center Biological Field Station in Armonk, N.Y.

Tags: abuse, biometrics, breach laws, human rights, Privacy, technology
Posted in News |

Breaking VISA PIN

Oct 24th, 2009 | By Innovya follow-up | Category: Evidence

by: Luis Padilla Visdómine

Foreword

Have you ever wonder what would happen if you loose your credit or debit card and someone finds it. Would this person be able to withdraw cash from an ATM guessing, somehow, your PIN? Moreover, if you were who finds someone’s card would you try to guess the PIN and take the chance to get some easy money? Of course the answer to both questions should be “no”. This work does not deal with the second question, it is a matter of personal ethics. Herewith I try to answer the first question.

All the information used for this work is public and can be freely found in Internet. The rest is a matter of mathematics and programming, thus we can learn something and have some fun. I reveal no secrets. Furthermore, the aim (and final conclusion) of this work is to demonstrate that PIN algorithms are still strong enough to provide sufficient security. We all know technology is not the weak point.

This work analyzes one of the most common PIN algorithms, VISA PVV, used by many ATM cards (credit and debit cards) and tries to find out how resistant is to PIN guessing attacks. By “guessing” I do not mean choosing a random PIN and trying it in an ATM. It is well known that generally we are given three consecutive trials to enter the right PIN, if we fail ATM keeps the card. As VISA PIN is four digit long it’s easy to deduce that the chance for a random PIN guessing is 3/10000 = 0.0003, it seems low enough to be safe; it means you need to loose your card more than three thousand times (or loosing more than three thousand cards at the same time) until there is a reasonable chance of loosing money.

What I really meant by “guessing” was breaking the PIN algorithm so that given any card you can immediately know the associated PIN. Therefore this document studies that possibility, analyzing the algorithm and proposing a method for the attack. Finally we give a tool which implements the attack and present results about the estimated chance to break the system. Note that as long as other banking security related algorithms (other PIN formats such as IBM PIN or card validation signatures such as CVV or CVC) are similar to VISA PIN, the same analysis can be done yielding nearly the same results and conclusions.

VISA PVV algorithm

One of the most common PIN algorithms is the VISA PIN Verification Value (PVV). The customer is given a PIN and a magnetic stripe card. Encoded in the magnetic stripe is a four digit number, called PVV. This number is a cryptographic signature of the PIN and other data related to the card. When a user enters his/her PIN the ATM reads the magnetic stripe, encrypts and sends all this information to a central computer. There a trial PVV is computed using the customer entered PIN and the card information with a cryptographic algorithm. The trial PVV is compared with the PVV stored in the card, if they match the central computer returns to the ATM authorization for the transaction. See in more detail.

The description of the PVV algorithm can be found in two documents linked in the previous page. In summary it consists in the encryption of a 8 byte (64 bit) string of data, called Transformed Security Parameter (TSP), with DES algorithm (DEA) in Electronic Code Book mode (ECB) using a secret 64 bit key. The PVV is derived from the output of the encryption process, which is a 8 byte string. The four digits of the PVV (from left to right) correspond to the first four decimal digits (from left to right) of the output from DES when considered as a 16 hexadecimal character (16 x 4 bit = 64 bit) string. If there are no four decimal digits among the 16 hexadecimal characters then the PVV is completed taken (from left to right) non decimal characters and decimalizing them by using the conversion A->0, B->1, C->2, D->3, E->4, F->5. Here is an example:

Output from DES: 0FAB9CDEFFE7DCBA

PVV: 0975

The strategy of avoiding decimalization by skipping characters until four decimal digits are found (which happens to be nearly all the times as we will see below) is very clever because it avoids an important bias in the distribution of digits which has been proven to be fatal for other systems, although the impact on this system would be much lower. See also a related problem not applying to VISA PVV.

The TSP, seen as a 16 hexadecimal character (64 bit) string, is formed (from left to right) with the 11 rightmost digits of the PAN (card number) excluding the last digit (check digit), one digit from 1 to 6 which selects the secret encrypting key and finally the four digits of the PIN. Here is an example:

PAN: 1234 5678 9012 3445

Key selector: 1

PIN: 2468

TSP: 5678901234412468

Obviously the problem of breaking VISA PIN consists in finding the secret encrypting key for DES. The method for that is to do a brute force search of the key space. Note that this is not the only method, one could try to find a weakness in DEA, many tried, but this old standard is still in wide use (now been replaced by AES and RSA, though). This demonstrates it is robust enough so that brute force is the only viable method (there are some better attacks but not practical in our case, for a summary see LASEC memo and for the dirty details see Biham & Shamir 1990, Biham & Shamir 1991,Matsui 1993, Biham & Biryukov 1994 and Heys 2001).

The key selector digit was very likely introduced to cover the possibility of a key compromise. In that case they just have to issue new cards using another key selector. Older cards can be substituted with new ones or simply the ATM can transparently write a new PVV (corresponding to the new key and keeping the same PIN) next time the customer uses his/her card. For the shake of security all users should be asked to change their PINs, however it would be embarrassing for the bank to explain the reason, so very likely they would not make such request.

Preparing the attack

A brute force attack consists in encrypting a TSP with known PVV using all possible encrypting keys and compare each obtained PVV with the known PVV. When a match is found we have a candidate key. But how many keys we have to try? As we said above the key is 64 bit long, this would mean we have to try 2^64 keys. However this is not true. Actually only 56 bits are effective in DES keys because one bit (the least significant) out of each octet was historically reserved as a checksum for the others; in practice those 8 bits (one for each of the 8 octets) are ignored.

Therefore the DES key space consists of 2^56 keys. If we try all these keys will we find one and only one match, corresponding to the bank secret key? Certainly not. We will obtain many matching keys. This is because the PVV is only a small part (one fourth) of the DES output. Furthermore the PVV is degenerated because some of the digits (those between 0 and 5 after the last, seen from left to right, digit between 6 and 9) may come from a decimal digit or from a decimalized hexadecimal digit of the DES output. Thus many keys will produce a DES output which yields to the same matching PVV.

Then what can we do to find the real key among those other false positive keys? Simply we have to encrypt a second different TSP, also with known PVV, but using only the candidate keys which gave a positive matching with the first TSP-PVV pair. However there is no guarantee we won’t get again many false positives along with the true key. If so, we will need a third TSP-PVV pair, repeat the process and so on.

Before we start our attack we have to know how many TSP-PVV pairs we will need. For that we have to calculate the probability for a random DES output to yield a matching PVV just by chance. There are several ways to calculate this number and here I will use a simple approach easy to understand but which requires some background in mathematics of probability.

A probability can always be seen as the ratio of favorable cases to possible cases. In our problem the number of possible cases is given by the permutation of 16 elements (the 0 to F hexadecimal digits) in a group of 16 of them (the 16 hexadecimal digits of the DES output). This is given by 16^16 ~ 1.8 * 10^19 which of course coincides with 2^64 (different numbers of 64 bits). This set of numbers can be separated into five categories:

Those with at least four decimal digits (0 to 9) among the 16 hexadecimal digits (0 to F) of the DES output.
Those with exactly only three decimal digits.
Those with exactly only two decimal digits.
Those with exactly only one decimal digit.
Those with no decimal digits (all between A and F).

Let’s calculate how many numbers fall in each category. If we label the 16 hexadecimal digits of the DES output as X₁ to X₁₆ then we can label the first four decimal digits of any given number of the first category as X_i, X_j, X_k and X_l. The number of different combinations with this profile is given by the product 6 ^i-1 * 10 * 6^j-i-1 * 10 * 6^k-j-1 * 10 * 6^l-k-1 * 10 * 16^16-l where the 6′s come from the number of possibilities for an A to F digit, the 10′s come from the possibilities for a 0 to 9 digit, and the 16 comes from the possibilities for a 0 to F digit. Now the total numbers in the first category is simply given by the summation of this product over i, j, k, l from 1 to 16 but with i < j < k < l. If you do some math work you will see this equals to the product of 10⁴/6 with the summation over i from 4 to 16 of (i-1) * (i-2) * (i-3) * 6^i-4 * 16 ^16-i ~ 1.8 * 10¹⁹.

Analogously the number of cases in the second category is given by the summation over i, j, k from 1 to 16 with i < j < k of the product 6^i-1* 10 * 6^j-i-1 * 10 * 6^k-j-1 * 10 * 6^16-kwhich you can work it out to be 16!/(3! * (16-13)!) * 10³ * 6 ¹³ = 16 * 15 * 14/(3 * 2) * 10³ * 6¹³ = 56 * 10⁴ * 6¹³ ~ 7.3 * 10¹⁵. Similarly for the third category we have the summation over i, j from 1 to 16 with i < j of 6^i-1 * 10 * 6^j-i-1 * 10 * 6^16-j which equals to 16!/(2! * (16-14)!) * 10² * 6¹⁴ = 2 * 10³ * 6¹⁵ ~ 9.4 * 10¹⁴. Again, for the fourth category we have the summation over i from 1 to 16 of 6^i-1 * 10 * 6^16-i= 160 * 6¹⁵ ~ 7.5 * 10¹³. And finally the amount of cases in the fifth category is given by the permutation of six elements (A to F digits) in a group of 16, that is, 6¹⁶ ~ 2.8 * 10¹².

I hope you followed the calculations up to this point, the hard part is done. Now as a proof that everything is right you can sum the number of cases in the 5 categories and see it equals the total number of possible cases we calculated before. Do the operations using 64 bit numbers or rounding (for floats) or overflow (for integers) errors won’t let you get the exact result.

Up to now we have calculated the number of possible cases in each of the five categories, but we are interested in obtaining the number of favorable cases instead. It is very easy to derive the latter from the former as this is just fixing the combination of the four decimal digits (or the required hexadecimal digits if there are no four decimal digits) of the PVV instead of letting them free. In practice this means turning the 10′s in the formula above into 1′s and the required amount of 6′s into 1′s if there are no four decimal digits. That is, we have to divide the first result by 10⁴, the second one by 10³ * 6, the third one by 10² * 6², the fourth one by 10 * 6³ and the fifth one by 6⁴. Then the number of favorable cases in the five categories are approximately 1.8 * 10¹⁵, 1.2 * 10¹², 2.6 * 10¹¹, 3.5 * 10¹⁰, 2.2 * 10⁹ respectively.

Now we are able to obtain what is the probability for a DES output to match a PVV by chance. We just have to add the five numbers of favorable cases and divide it by the total number of possible cases. Doing this we obtain that the probability is very approximately 0.0001 or one out of ten thousand. Is it strange this well rounded result? Not at all, just have a look at the numbers we calculated above. The first category dominates by several orders of magnitude the number of favorable and possible cases. This is rather intuitive as it seems clear that it is very unlikely not having four decimal digits (10 chances out of 16 per digit) among 16 hexadecimal digits. We saw previously that the relationship between the number of possible and favorable cases in the first category was a division by 10^4, that’s where our result p = 0.0001 comes from.

Our aim for all these calculations was to find out how many TSP-PVV pairs we need to carry a successful brute force attack. Now we are able to calculate the expected number of false positives in a first search: it will be the number of trials times the probability for a single random false positive, i.e. t * p where t = 2^56, the size of the key space. This amounts to approximately 7.2 * 10^12, a rather big number. The expected number of false positives in the second search (restricted to the positive keys found in the first search) will be (t * p) * p, for a third search will be ((t * p) * p) * p and so on. Thus for n searches the expected number of false positives will be t * p^n.

We can obtain the number of searches required to expect just one false positive by expressing the equation t * p^n = 1 and solving for n. So n equals to the logarithm in base p of 1/t, which by properties of logarithms it yields n = log(1/t)/log(p) ~ 4.2. Since we cannot do a fractional search it is convenient to round up this number. Therefore what is the expected number of false positives if we perform five searches? It is t * p^5 ~ 0.0007 or approximately 1 out of 1400. Thus using five TSP-PVV pairs is safe to obtain the true secret key with no false positives.

The attack

Once we know we need five TSP-PVV pairs, how do we get them? Of course we need at least one card with known PIN, and due to the nature of the PVV algorithm, that’s the only thing we need. With other PIN systems, such as IBM, we would need five cards, however this is not necessary with VISA PVV algorithm. We just have to read the magnetic stripe and then change the PIN four times but reading the card after each change.

It is necessary to read the magnetic stripe of the card to get the PVV and the encrypting key selector. You can buy a commercial magnetic stripe reader or make one yourself following the instructions you can find in the previous page and links therein. Once you have a reader see this description of standard magnetic tracks to find out how to get the PVV from the data read. In that document the PVV field in tracks 1 and 2 is said to be five character long, but actually the true PVV consists of the last four digits. The first of the five digits is the key selector. I have only seen cards with a value of 1 in this digit, which is consistent with the standard and with the secret key never being compromised (and therefore they did not need to move to another key changing the selector).

I did a simple C program, getpvvkey.c, to perform the attack. It consists of a loop to try all possible keys to encrypt the first TSP, if the derived PVV matches the true PVV a new TSP is tried, and so on until there is a mismatch, in which case the key is discarded and a new one is tried, or the five derived PVVs match the corresponding true PVVs, in which case we can assume we got the bank secret key, however the loop goes on until it exhausts the key space. This is done to assure we find the true key because there is a chance (although very low) the first key found is a false positive.

It is expected the program would take a very long time to finish and to minimize the risks of a power cut, computer hang out, etc. it does checkpoints into the file getpvvkey.dat from time to time (the exact time depends on the speed of the computer, it’s around one hour for the fastest computers now in use). For the same reason if a positive key is found it is written on the file getpvvkey.key. The program only displays one message at the beginning, the starting position taken from the checkpoint file if any, after that nothing more is displayed.

The DES algorithm is a key point in the program, it is therefore very important to optimize its speed. I tested several implementations: libdes, SSLeay, openssl, cryptlib, nss, libgcrypt, catacomb,libtomcrypt, cryptopp, ufc-crypt. The DES functions of the first four are based on the same code by Eric Young and is the one which performed best (includes optimized C and x86 assembler code). Thus I chose libdes which was the original implementation and condensed all relevant code in the files encrypt.c (C version) and x86encrypt.s (x86 assembler version). The code is slightly modified to achieve some enhancements in a brute force attack: the initial permutation is a fixed common steep in each TSP encryption and therefore can be made just one time at the beginning. Another improvement is that I wrote a completely new setkey function (I called it nextkey) which is optimum for a brute force loop.

To get the program working you just have to type in the corresponding place five TSPs and their PVVs and then compile it. I have tested it only in UNIX platforms, using the makefile Makegetpvvkeyto compile (use the command “make -f Makegetpvvkey”). It may compile on other systems but you may need to fix some things. Be sure that the definition of the type long64 corresponds to a 64 bit integer. In principle there is no dependence on the endianness of the processor. I have successfully compiled and run it on Pentium-Linux, Alpha-Tru64, Mips-Irix and Sparc-Solaris. If you do not have and do not want to install Linux (you don’t know what you are missing

you still have the choice to run Linux on CD and use my program, see my page running Linux without installing it.

Once you have found the secret bank key if you want to find the PIN of an arbitrary card you just have to write a similar program (sorry I have not written it, I’m too lazy

that would try all 10^4 PINs by generating the corresponding TSP, encrypting it with the (no longer) secret key, deriving the PVV and comparing it with the PVV in the magnetic stripe of the card. You will get one match for the true PIN. Only one match? Remember what we saw above, we have a chance of 0.0001 that a random encryption matches the PVV. We are trying 10000 PINs (and therefore TSPs) thus we expect 10000 * 0.0001 = 1 false positive on average.

This is a very interesting result, it means that, on average, each card has two valid PINs: the customer PIN and the expected false positive. I call it “false” but note that as long as it generates the true PVV it is a PIN as valid as the customer’s one. Furthermore, there is no way to know which is which, even for the ATM; only customer knows. Even if the false positive were not valid as PIN, you still have three trials at the ATM anyway, enough on average. Therefore the probability we calculated at the beginning of this document about random guessing of the PIN has to be corrected. Actually it is twice that value, i.e., it is 0.0006 or one out of more than 1600, still safely low.

Results

It is important to optimize the compilation of the program and to run it in the fastest possible processor due to the long expected run time. I found that the compiler optimization flag -O gets the better performance, thought some improvement is achieved adding the -fomit-frame-pointer flag on Pentium-Linux, the -spike flag on Alpha-Tru64, the -IPA flag on Mips-Irix and the -fast flag on Sparc-Solaris. Special flags (-DDES_PTR -DDES_RISC1 -DDES_RISC2 -DDES_UNROLL -DASM) for the DES code have generally benefits as well. All these flags have already been tested and I chose the best combination for each processor (see makefile) but you can try to fine tune other flags.

According to my tests the best performance is achieved with the AMD Athlon 1600 MHz processor, exceeding 3.4 million keys per second. Interestingly it gets better results than Intel Pentium IV 1800 MHz and 2000 MHz (see figures below, click on them to enlarge). I believe this is due to some I/O saturation, surely cache or memory access, that the AMD processor (which has half the cache of the Pentium) or the motherboard in which it is running, manages to avoid. In the first figure below you can see that the DES breaking speed of all processors has more or less a linear relationship with the processor speed, except for the two Intel Pentium I mentioned before. This is logical, it means that for a double processor speed you’ll get double breaking speed, but watch out for saturation effects, in this case it is better the AMD Athlon 1600 MHz, which will be even cheaper than the Intel Pentium 1800 MHz or 2000 MHz.

In the second figure we can see in more detail what we would call intrinsic DES break power of the processor. I get this value simply dividing the break speed by the processor speed, that is, we get the number of DES keys tried per second and per MHz. This is a measure of the performance of the processor type independently of its speed. The results show that the best processor for this task is the AMD Athlon, then comes the Alpha and very close after it is the Intel Pentium (except for the higher speed ones which perform very poor due to the saturation effect). Next is the Mips processor and in the last place is the Sparc. Some Alpha and Mips processors are located at bottom of scale because they are early releases not including enhancements of late versions. Note that I included the performance of x86 processors for C and assembler code as there is a big difference. It seems that gcc is not a good generator of optimized machine code, but of course we don’t know whether a manual optimization of assembler code for the other processors (Alpha, Mips, Sparc) would boost their results compared to the native C compilers (I did not use gcc for these other platforms) as it happens with the x86 processor.

The top mark I got running my program was approximately 3 423 922 keys/second using the AMD processor. So, how much time would need the AMD to break the VISA PIN? It would simply be the ratio between the size of the key space and the key trying rate, that is, 2^56 keys/3 423 922 keys/second ~ 2.1 * 10^10 seconds ~ 244 thousand days ~ 667 years. This is the time for the program to finish, but on average the true secret key will be found by half that time. Using commercial cryptographic cards (like the IBM PCI Cryptographic Coprocessor or the XL-Crypt Encryption Accelerator) does not help very much, they are, at most, 2 times faster than my top mark, i.e. it would take more than a hundred years to find the key, at best. Some more speed might be achieved (double, at most) by using a dedicated gigabit VPN box or similar hardware in a way surely not foreseen by the manufacturer

Even if you manage to get a hundred newest AMD or Pentium processors working in parallel it would still take more than 3 years to find the key (if they are provided with crypto-cards the time might be reduced to less than two years or to less than one year in case of a hundred gigabit VPN boxes). It is clear that only expensive dedicated hardware (affordable only by big institutions) or a massive Internet cooperative attack would success in a reasonable time (both things were already made). These are the good news. The bad news is that I have deliberately lied a little bit (you may already noticed it): VISA PVV algorithm allows for the use of triple DES (3-DES) encryption using a 128 bit (only 112 effective) encrypting key. If 3-DES is indeed in use by the PVV system you can still use the same attack but you would need four additional TSP-PVV pairs (no problem with that) and it would take more than 3 * 2^56 times more to find the double length key. Forget it.

PVV algorithm with triple DES consists in the encryption of the TSP with the left half of the encrypting key, then it decrypts the result with the right half of the key and encrypts the result again with the left half of the key. Note that if you use a symmetric 128 bit key, that is, the left half equals the right half, you get a single DES encryption with a single 64 bit key. In this case the algorithm degenerates into the one I explained above. That’s why I did this work, because PVV system is old and maybe when it was implanted 3-DES was not viable (due to hardware limitations) or it seemed excessive (by that time) to the people responsible of the implementation, so that it might be possible some banks are using the PVV algorithm with single DES encryption.

Finally we can conclude that the VISA PVV algorithm as in its general form using 3-DES is rather secure. It may only be broken using specially designed hardware (implying an enormous inversion and thus not worth, see Wayner and Wiener) which would exceed the encryption rate of the newest processors by many orders of magnitude. However the apparently endless exponential growing of the computer capacities as well as that of the Internet community makes to think that PVV system might be in real danger within a few years. Of course those banks using PVV with single DES (if any) are already under true risk of an Internet cooperative attack. You might believe that is something very hard to coordinate, I mean convincing people, but think about trojan and virus programs and you will see it is not so difficult to carry on.

padilla@gae.ucm.es (17-Jun-2003) My PGP public key.

This link: http://www.gae.ucm.es/~padilla/extrawork/visapvv.html
Color line
Back Go to the parent page: Magnetic stripe reader/writer.

Posted in Evidence |

Unisys Security Index Reveals High Concern Among Americans About Government and Business Protection of Private Data

Oct 21st, 2009 | By Innovya follow-up | Category: News

By: Business Wire

Only 22 percent of Americans fully trust government agencies to keep personal information secure and private, and the proportion is only slightly better (29 percent) with regard to trust in data protection by financial institutions such as banks, according to research conducted in September by Unisys Corporation (NYSE:UIS).

The findings, part of the latest bi-annual Unisys Security Index, also confirm that most Americans surveyed remain seriously concerned about the security and privacy of their personal information. Nearly two-thirds of Americans are either “extremely” or “very” concerned about identity theft and credit and debit card fraud (65% and 64%, respectively).

Americans who are seriously concerned about the security of their online transactions rose to 42 percent, the highest level since the Unisys Security Index began two years ago.

“Government and business organizations recognize the need to protect the private data citizens entrust to them and to protect themselves from fraud through strong identity management solutions,” said Anthony Valletta, former assistant Secretary of Defense for C31 and a Fellow at the Unisys Center for Innovation in Government. “These risks have been highlighted through a number of incidents in recent months in which private data was put at risk. For example, a recent report by the Government Accountability Office stated that the IRS recorded more than 51,000 cases of apparent taxpayer identity theft and paid out $15 million in fraudulent tax refund claims. This new research from Unisys underlines the need and the public’s readiness for technology such as biometrics to address their concerns.”

As concerns grow over data security and identity theft, the majority of Americans (58%) are willing to provide biometric data to merchants and financial institutions to verify and authenticate their identity. Nearly all of those consumers (93%) would be willing to use fingerprint scans, while 79 percent are willing to use iris recognition – an increase of 20 percent and 17 percent, respectively, since consumers were surveyed in November 2008.

“Interestingly, Americans are willing to provide biometric data for identity verification, but we are not seeing the widespread use of biometrics in daily transactions with governments, financial or retail institutions,” said Mark Cohn, vice president of enterprise security, Unisys. “Adoption of interoperable identity management systems and an investment in shared infrastructure would hasten widespread use of biometrics, taking advantage of the technology that’s available today and the public’s growing acceptance of biometrics.”

Overall Results of Latest Wave of Security Index

The Unisys Security Index surveys consumer opinion on four areas of security: financial, national, Internet and personal safety. More than 1,000 Americans responded to the latest survey conducted from September 11-13, 2009. The results are tallied on a scale of 0-300, with 300 representing the highest level of perceived concern.

The overall score for the current Unisys Security Index for the United States was 147, indicating a moderate level of overall security concern. The overall score came in unchanged from the last survey taken in March 2009.

The generally moderate concern expressed by consumers appears to reflect a dichotomy between the public perception of these threats and the actual rise of incidents in recent years. For example, Javelin Research and Strategy reported in February 2009 that approximately 1.8 million more U.S. adults fell victim to identity fraud in 2008, compared to 2007. And a May 2009 survey by Actimize found that approximately 81% of financial services organizations expect an increase this year in ATM/debit card fraud.

“As financial institutions move to near real time transactions, the existing vulnerabilities are being exploited at an alarming rate,” said Patricia Titus, chief information security officer, Unisys Federal Systems. “Not only are the criminals becoming more sophisticated in how they launch attacks, but the unsuspecting consumers become the weakest link – allowing easy exploitation of their private financial data.”

Financial security was the predominant concern of those surveyed in March 2009, but those worries were displaced in last month’s survey by an increase in national security concerns, as well as fears surrounding national health epidemics such as the H1N1 flu outbreak.

In September, 64% of Americans (up from 58% in March) expressed serious concern about national security threats such as the war on terrorism. In addition, nearly 47% of those surveyed (up from 41% in March) are seriously concerned about the threat of a health epidemic.

“American consumers are not as concerned with financial security as they were months ago and are now more focused on national security,” said Cohn. “As consumers perceive that the economic crisis has leveled off, companies and governments may need to reprioritize accordingly to elevate risk management strategies that address longstanding but shifting concern about war and terrorism as well as growing concern about public health.”

Additional findings from the latest U.S. results of the Unisys Security Index include:

Americans are divided with regard to concern about computer security; 40 percent are seriously concerned about this issue, while 25 percent are not concerned at all.
While most Americans feel comfortable about their personal safety, one-third (32%) are seriously concerned about this threat, which is an increase of five percent since 1H09.
Households earning more than $75,000 in annual income are more willing to provide biometric data than are adults with smaller household incomes.

About the Unisys Security Index

The Unisys Security Index is a bi-annual global study that provides insights into the attitudes of consumers on a wide range of security related issues. Lieberman Research Group conducted the survey in Brazil, Europe and the U.S.; Newspoll conducted the research in Asia-Pacific. The Unisys Security Index surveys more than 8,500 people in nine countries: Australia, Belgium, Brazil, Germany, the Netherlands, New Zealand, Spain, the United Kingdom and the United States. The study measures consumer perceptions on a scale of zero to 300, with 300 representing the highest level of perceived concern. For more information, visit www.unisyssecurityindex.com.

About Unisys

Unisys is a worldwide information technology company. We provide a portfolio of IT services, software, and technology that solves critical problems for clients. We specialize in helping clients secure their operations, increase the efficiency and utilization of their data centers, enhance support to their end users and constituents, and modernize their enterprise applications. To provide these services and solutions, we bring together offerings and capabilities in outsourcing services, systems integration and consulting services, infrastructure services, maintenance services, and high-end server technology. With more than 26,000 employees, Unisys serves commercial organizations and government agencies throughout the world. For more information, visitwww.unisys.com.

Posted in News |

AUSTRALIA: Privacy fears on post office push

Oct 19th, 2009 | By Innovya follow-up | Category: News

George Lekakis | From:Herald Sun | Tue Oct 20 00:00:00 EST 2009 Tue Oct 20 00:00:00 EST 2009

AUSTRALIA Post is introducing new technology that will enable staff at its 4443 retail outlets to take fingerprints, biometric scans and digital signatures from customers applying for bank accounts, passports and other services.

The Government-owned corporation is secretly testing the Big Brother technology at 25 outlets after its directors approved funding for the project at a March board meeting.

Documents seen by the Herald Sun show Australia Post plans to install the data capture equipment at 375 outlets by the end of June followed by another 400 in 2011.

Trials for the “Identification Services Program Project” are being held at 25 Australia Post-owned outlets in NSW and Western Australia, but the corporation is also planning to install the technology at 2000 privately managed post offices nationwide.

Privacy advocates are worried the new system may create fresh opportunities for organised criminals to exploit weaknesses in the network.

If state and federal governments approve the plan, Australia Post would become the first local organisation allowed to take digital fingerprints for commercial purposes. The power is limited to law enforcement agencies, the courts, spy agencies and the defence force.

Even though the project has been under development for more than six months, the corporation has kept a tight lid on it. There was no specific disclosure about it in Australia Post’s annual report tabled in Federal Parliament last week.

Australia Post spokesman Alex Twomey confirmed fingerprinting capabilities would be introduced over the next two years and that staff would be trained in protocols for storing and transmitting customer information.

“Fingerprint information will be stored for six hours at the outlet and then transferred for storage at a central Australia Post database,” he said. “Under agency agreements, we would then be required to wipe the information after it was sent to government departments or other corporate clients.”

Privacy groups said yesterday they were horrified.

The chairman of the Australian Privacy Foundation, Dr. Roger Clarke, said: “I’m appalled by them appearing to get this technology off the ground without any public scrutiny.

“These types of initiatives are just too important to introduce without public discussion.”

Dr Clarke said securing fingerprints and other data across such a large retail network was a major concern.

“When we’re talking about 4000 outlets, many of which are privately owned, it’s difficult to design a system that will protect all information,” he said.

Tags: abuse, Biometric Collection, biometrics, breach laws, human rights, privacy law
Posted in News |

Electronic Spying Operation (How Biometic is going to be leaked)

Oct 18th, 2009 | By Innovya follow-up | Category: Evidence

By Brian Padden – Washington

Computer keyboard

Canadian researchers say they have uncovered a China-based electronic spying operation that infiltrated computers in 103 countries. While they say they have no conclusive evidence of Chinese government involvement, the targets of the computer espionage were political. The cyber spying operation is one of the biggest and most sophisticated ever discovered.

Researchers at the University of Toronto call it Ghostnet – an electronic spying operation that infiltrated more than 1,000 computers around the world. They say it targeted NATO, the Indian Embassy here in Washington and Tibetan exile centers in India, Brussels and London. Researchers say that in addition to stealing computer files, the cyber spies could turn on the internal camera on a remote computer to eavesdrop on live conversations.

Nart Villeneuve is with the University of Toronto’s Munk Center for International Studies. He says that while the operation was sophisticated in its organization and scope, it used readily available Internet viruses called Trojans, attached to email messages to infiltrate computers.

“From a purely technical point of view, no, it was not that sophisticated,” said Nart Villeneuve. “The Trojan, the attacker favors, the ‘ghost rat;’ it’s open sourced. You can go and download it. It’s not like it is some clever special new way of doing it. But the way in which the attacker was able to leverage these tools was sophisticated.”

The Toronto researchers uncovered the cyber spying operating when they were asked by the exiled Tibetan leader, the Dalia Lama to examine his organization’s computers for malware – malicious software that can infiltrate or damage a computer system.

Although the group cannot say whether the Chinese government was involved, they add that Ghostnet’s computers were almost exclusively located in China and that the targets were political. They found infected computers in the Dalai Lama’s organization and were able to trace stolen correspondence back to the spy network’s computer servers in China.

The Chinese government has denied any involvement in the operation.

But James Lewis, a technology expert with the Center for Strategic and International Studies in Washington says cyber spying is nothing new for the Chinese government.

“We know that they are interested as a government,” said Lewis. “We know that they’ve done it in the past as a government. And the things that are being collected are of interest to the Chinese government.”

Lewis notes that many countries, including the United States and Russia, use computer technology to gather intelligence.

The University of Toronto researchers say an international agreement is needed to protect privacy rights and prohibit cyber spy operations like Ghostnet in the future.

Tags: abuse, Biometric Collection, biometrics, breach laws, China, human rights, News, Spy
Posted in Evidence |

Private Eyes Are Watching You

Oct 18th, 2009 | By Innovya follow-up | Category: Articles

United Kingdom is Leading Pack in Face Recognition; Is U.S. Next?

By ASHLEY PHILLIPS – ABC NEWS

A 17-year-old walks into a liquor store, carries a 12-pack of beer up to the counter and hands the clerk a flawless fake ID. Unbeknown to him, the clerk need not even glance at the ID before turning him down. His face gave him away. A facial recognition system placed behind the store counter analyzes the teen’s 17-year-old features and informs the clerk of his illegal age. It’s just one of a litany of uses for the fast-evolving surveillance technology, a field that has security experts salivating and privacy advocates bracing for a battle.

(Getty / ABC News)

Computers that can pick out fugitives in a crowd, video cameras that scold people for littering, eyes in the sky that detect crimes as they’re being committed. While these scenarios may sound straight out of George Orwell’s “1984,” they are becoming reality and could be headed for your corner store sooner than you think.

Although still being researched across the globe, facial recognition technology has already taking hold, particularly in Great Britain.

Last week, Budgens, a U.K. grocery story chain, announced that it would use facial recognition technology to prevent its clerks from selling alcohol and cigarettes to underage customers. The photos of customers who were refused previously will be stored in a database, and then if the offenders come in to buy similar products again, the clerk will be alerted.

Similarly, the British government plans to roll out a facial recognition pilot program in London airports this summer. People who hold biometric U.K. and EU passports can pass through unmanned gates. At the gate, their faces will be scanned to match them to their passport records.

Though the technology has been around for years and the British are embracing it and moving forward, technology experts say facial recognition — and the cameras needed to support it — wouldn’t fly with privacy-obsessed Americans, at least not yet.

“[Facial recognition] really has picked up steam in the last 10 years,” said Vijayakumar Bhagavatula, who teaches electrical and computer engineering at Carnegie Mellon. “The principle has been around for 25 years, but it started getting put into commercial systems five to 10 years ago.”

Bhagavatula describes the technology simply.

“Let’s say a digital camera is taking a picture of someone’s face. So now it gets represented in computers as a bunch of numbers,” he said. “Humans have no problem [saying] that’s someone I know. The computer has to look at those numbers and say, ‘Are these the same set of numbers corresponding to a person I took a photo of a year ago?’”

It’s a complex process, and it is not flawless. For computers, those numbers representing human features can change based on the person’s expression, lighting and overall quality of the image, according to Bhagavatula.

To combat this, researchers are constantly looking for new algorithms to analyze facial features. Currently, many researchers are looking at features that don’t change, such as the distance between the eyes, the angle made by the tip of the nose or the length of an eyebrow, he said.

“Many methods try to capture these kinds of things that are unique to people’s faces,” he said. “You hope that these numbers stay the same when a person smiles or frowns.”

The U.S. Privacy Police

The kind of monitoring that would enable facial recognition to work well has not caught on in the United States, at least not yet, according to Paul Saffo, a technology forecaster in Silicon Valley.

“The English have always had a slightly different attitude toward privacy,” Saffo said. “They’ve never had a strong a privacy culture as America has had. The English do not have a constitution. Their protections are in common law. It is easier for the government to overstep notions of privacy than it would be here, because you have people invoking the Bill of Rights.”

But Saffo believes that given the right crisis, the United States would eventually accept the technology.

“Do not underestimate the psychic shock of the London subway bombings,” he said. “We bleat and cry about privacy, but we happily surrender our privacy for the cheapest of coin.”

So far, most legislative pushes for video monitoring by city governments have been thwarted.

This week in Washington, D.C., a bill pushed by the city’s mayor calling for nearly $1 million in funding for citywide public cameras was voted down by the city council.

“People sometimes talk about video surveillance systems as moving forward inexorably in the United States, but we’ve seen quite a few successful protests,” said Mark Rotenberg, the director of the Electronic Privacy Information Center. “I think there are a lot of questions that need to be asked about video surveillance. The most obvious one is: what is the purpose?”

“[Britains] have embraced a really extraordinary amount of monitoring by the government that I don’t think the U.S. would accept,” he said.

Yeah, but Does It Work?

Some critics also take issue with the accuracy (or lack thereof) of facial recognition technology.

In perfect conditions, facial recognition can be fairly effective, according to experts, but in less than perfect conditions it can be wildly inaccurate. For example, it is difficult for a computer to identify a person who is walking on a city street or in an airport where his face might be blurred, obscured or shadowed.

“We have gotten a long way from where we were 10 years ago,” says Carnegie Mellon’s Bhagavatula. “But good algorithms have an 80 percent accept rate. It’s pretty good, but not perfect.”

Rob Jenkins, a psychology professor at the University of Glasgow in Scotland, may have found at least one way around the technology’s inaccuracies. Jenkins and his colleague Mike Burton published a study in the journal Science in January that outlined a method to get 100 percent accuracy from computers by using what the researchers called an “averaged” face image, made up of 20 photos.

“The great thing about this averaging process is it just washes out all these differences of single photographs. The lighting and the pose all kind of becomes neutralized,” Jenkins told ABCNEWS.com in January. “And what you’re just left with is the core of the face. The aspects of the image are consistent from one photo to the next.”

Since that study, police, governments and companies have shown interest in his research, Jenkins said. And although he is interested more in how the mind recognizes faces than how the technology is used, as a citizen, he finds the ubiquity of CCTV troubling.

“New technologies that are being unveiled as being the solution to problems — often they’re just a better key to locking and unlocking something, but that doesn’t mean that you shouldn’t think about what’s behind the door,” he said. “Because if you put all this trust in a new technology, … you can find yourself in quite a hairy situation.”

Jenkins points out that sometimes even humans can’t recognize familiar faces.

“The human brain is the most sophisticated computer we know of,” he said. “Engineers are setting themselves [up] with a very difficult problem by demanding accurate performance. Even humans can’t do this reliably and should give us pause. … Is the goal a realistic goal? Are we ever going to build a machine that can do that? And maybe we will, but I think it’s a question that’s worth asking.”

Tags: abuse, big brother, Biometric, biometrics, e-passports, Face recognition, fraud, Freedom of Information, human rights, Privacy, technology
Posted in Articles |

A naked assault on our right to privacy

Oct 15th, 2009 | By Innovya follow-up | Category: Evidence, Opinions


Thursday 15 October 2009

Nathalie Rothschild
Airport scanners that will ogle our naked bodies are only a more hi-tech version of everyday state surveillance.

Ever since the 2006 foiled terror plot to use liquid explosives to blow up transatlantic jets departing from Heathrow Airport, going through airport security checks has become an ever-bigger hassle. In light of this, any move to make the process more smooth would seem welcome. But at what price?

Now, as anyone who has taken a flight from the UK in recent years will know, not only do passengers have to empty their pockets of metal objects before going through the security scanners, but they are also required to pour any liquids they wish to carry in their hand luggage into 100ml containers and fit them all into a single, see-through plastic bag. Personally, every time I fly, as I try to squeeze in all those travel-size liquid containers – my preferred brands of toothpaste, deodorant, lip gloss and perfume in full view – while simultaneously yanking my laptop out of my inevitably over-sized hand luggage, removing any coat, scarf, chunky jewellery or belt and fishing loose change out of my pockets, I curse those damn terrorists and the overzealous British security officials.

So perhaps the introduction of the Iris Recognition Immigration System, which allows eligible passengers to use automated barriers at UK terminals, and of the queue-busting facial recognition gates for owners of the new e-passport at London’s Stansted Airport is all good news? Except, of course, that while these things will make going through passport controls quicker and smoother, the trade-off is that our biometric data is being stored on yet more databases. And it also means that the state is using technologically advanced ways to hinder, even more effectively than before, those non-EU nationals without hard-to-come-by visas from crossing British borders.

While Neale Jouques, Stansted Airport’s head of terminal, has said that ‘The new facial recognition gates have been very well received by our passengers, with their feedback overwhelmingly positive’ (1), Manchester Airport’s security checks may just have gone a bit too sci-fi for most people’s comfort. The airport has introduced a full-body, human X-ray scanner which, while saving passengers from the hassle of removing any clothes, shoes or belts, also produces ‘naked’ black-and-white images which are seen by an officer in a remote location before then being deleted.

The scanners, which produce a virtual, three-dimensional image of passengers, will also show up breast enlargements, body piercings and a clear outline of passengers’ genitals. The scanners have already been used in Los Angeles and New York and are being rolled out at airports across the US. The UK Department for Transport will decide whether to install them permanently at British airports in about a year’s time (2).

An example of an image from the new scanner

The scanner provides graphic proof of the extreme lengths to which the authorities are willing to go when it comes to inspecting the public and prying into our private lives (or private parts in this case) in the name of national security. With the expansion of state-sanctioned snooping and surveillance methods – from CCTV to iris scans and ID cards – the state’s ability to record and monitor our everyday lives has grown and grown.

Yet at the same time, our ability to record the actions of the state has diminished. As I reported recently on spiked, ‘no photo zones’ in the UK are expanding and plenty of professional and amateur photographers, as well as tourists, have been prevented from taking pictures by police officers who have invoked Section 44 of the Counter-Terrorism Act 2000; this gives police extended stop and search powers. And since the introduction of Section 76 of the Counter-Terrorism Act 2008, photographing a cop or members of the armed forces or intelligence services can land you a fine or even a 10-year prison sentence (3)

With the state clamping down on our freedom to hold it accountable for its actions, it seems the government’s favourite mantra that ‘if you’ve got nothing to hide, you’ve got nothing to fear’, used to justify growing surveillance, does not apply to the police.

In the case of the new airport X-ray scanner it is perfectly reasonable that people might want to hide their breast implants, beer bellies and genitals from airport officers. And it is also perfectly reasonable that we might want to hide information about our political affiliations, personal relationships or bank account details from the authorities, too, instead of merely blindly trusting the state or accepting that the authorities have the right to know intimate details about our personal lives and habits.

However, while the X-ray scanner allows strangers to view graphic images of our physiques, there are plenty of less explicit or hi-tech forms of monitoring our bodies and habits that have been introduced without much protest. Contemporary British society is infused with impulses and policies to survey, monitor, measure and ogle the public. From the ban on smoking in public spaces, and in some cases even in our own homes, to the expansion of the Independent Safeguarding Authority vetting database and the recent proposal by anti-obesity campaigners that midwives should record the body mass index of newly pregnant women and their partners (4), our liberties are being increasingly infringed upon ‘for our own good’.

While the airport scanner forces us literally to bare all for the authorities, these other measures involve less machinery, but are nonetheless pernicious ways of making us comply with standards, values and behaviours defined by the state and by various health-and-safety campaigners.

Surveillance methods, increased policing and the roll-out of lifestyle correction programmes have been continually expanded in recent years because of a political climate where a cavalier attitude to individual autonomy rules and where the boundaries between the private and public spheres have collapsed. Today, we are told to defer to various authorities on everything from community relations to our body size and consumption choices.

All of this has been met with little resistance. Many people express discomfort with hi-tech forms of monitoring the public while accepting less hi-tech but equally authoritarian surveillance measures. So while many rile against the ‘database state’ and don’t like the idea of being scanned and spied on by an all-seeing machine at an airport, they tend to conform to other forms of third-party intervention in community life, interpersonal relations and lifestyle choices. Yet such interventions, while not as obviously spooky as an X-ray machine that stares at our private parts, also pose a great threat to our liberties and self-determination as well as to solidarity amongst the public.

For many, high-tech machines invoke scary images of a Big Brother, sci-fi state. However, it is not intrusive technology per se that we need to worry about, but the intrusive state which sanctions it.

Nathalie Rothschild is commissioning editor of spiked.

Posted in Evidence, Opinions |

FBI building system that blows away fingerprinting

Oct 15th, 2009 | By Innovya follow-up | Category: News

Big Brother

Ellen Messmer
Computer World
Wed, 23 Sep 2009 16:19 EDT

The FBI plans to migrate from its IAFIS fingerprint database to a new biometrics system that will include DNA records, 3-D facial imaging, palm prints and voice scans.
The Federal Bureau of Investigation is expanding beyond its traditional fingerprint-focused collection practices to develop a new biometrics system that will include DNA records, 3-D facial imaging, palm prints and voice scans, blended to create what’s known as “multi-modal biometrics.”

“The FBI today is announcing a rapid DNA initiative,” said Louis Grever, executive assistant director of the FBI’s science and technology branch, during his keynote presentation at the Biometric Consortium Conference in Tampa.

The FBI plans to begin migrating from its IAFIS database, established in the mid-1990s to hold its vast fingerprint data, to a next-generation system that’s expected to be in prototype early next year. This multi-modal NGI biometrics database system will hold DNA records and more.

Grever said that fingerprints and DNA appear to be the most mature and searchable biometrics possibilities, but the FBI is working to include iris-scan records among newer biometrics technologies to identify criminals and terrorists. The plan is to share this data with authorized U.S. and international investigative partners, as the agency does today.

The FBI’s current IAFIS database remains a workhouse; it processes about 200,000 daily transactions from its 370 million 10-fingerprint records, and it just crossed the 250 million transaction mark.

The next-generation FBI database system is under design by MorphoTrak and is expected to include DNA, iris scans, advanced 3-D facial imaging and voice scans among its multi-modal biometrics. Lower turnaround times for delivering information over wide-area networks are planned. The goal is to drop from a roughly two-hour response time for IAFIS urgent requests to less than 10 minutes.

But FBI officials acknowledged there’s still a lot of research and development that needs to be done to reach its NGI goals. One goal is to develop a rapid DNA analysis method that would provide DNA analysis in less than an hour, as opposed to several hours or even days. The FBI is cosponsoring research with the Department of Defense, which has a similar goal.

Kevin Reid, section chief for the biometrics service section at the FBI, said the FBI also wants to establish a service-oriented architecture for NGI, but it’s not clear when this would be in place to provide services related to biometrics information-sharing.

The FBI is already moving into new areas, including setting up a palm-print repository and searchable databases for scars, marks and tattoos that it will be collecting.

The FBI, under the DNA Fingerprint Act of 2005, is now allowed to collect reference-sample DNA material for biometrics analysis purposes at the time of booking, Grever said. “DNA has become a powerful and timely tool,” said Grever, adding there are no “privacy or civil liberties issues beyond those associated with fingerprints.”

Posted in News |

Archive for October 2009

Civil Society Declaration Amounts to Abandonment of Human Progress

Civil Society Declaration Amounts to Abandonment of Human Progress

Study Finds Privacy of Nation`s School Children at Risk

Breaking VISA PIN

by: Luis Padilla Visdómine

Foreword

VISA PVV algorithm

Preparing the attack

The attack

Results

Unisys Security Index Reveals High Concern Among Americans About Government and Business Protection of Private Data

AUSTRALIA: Privacy fears on post office push

Electronic Spying Operation (How Biometic is going to be leaked)

Private Eyes Are Watching You

United Kingdom is Leading Pack in Face Recognition; Is U.S. Next?

The U.S. Privacy Police

Yeah, but Does It Work?

A naked assault on our right to privacy

Nathalie Rothschild

FBI building system that blows away fingerprinting

Big Brother

Recent Articles

Tags

Recent News

Stay informed