Source: ThirdFactor

As concerns over identity theft and ATM or other financial transaction fraud continue to rise, some are pushing for biometric authentication technology to be integrated into ATMs and possibly other devices used in financial transactions. In an article from NEXT, a number of flaws in the current system for ATMs as well as a number of examples of how wrongs can be righted are cited.

Among the flaws, the article is quick to point out the ease with which fraudsters can clone cards, or more commonly in developing countries, get vital account information such as PIN numbers from acquaintances working for banks. Additionally, this call for ATMs with biometric authentication capability is not a call for new technology necessarily as banks such as Western Bank in the U.S., Banco Falabella in Chile, Groupo Financiero Banorte in Mexico, Barclays Bank in the UAE and many others around the world are already offering such technology to their customers.

CSI Fraud: researchers craft fake DNA evidence

Ronald Bailey | March 17, 2010

Earlier this week, the New York Times ran a provocative op/ed by Yale law student Michael Seringhaus in which he advocated that the DNA profiles of every American be kept in a central forensic database. The goal of such a database is to help the police fight crime by better enabling them to find perpetrators who leave DNA traces at the scenes of their misdeeds. Current forensic DNA databases generally contain DNA profiles from convicts, but many states and the feds are now also including DNA profiles from arrestees.

Seringhaus thinks the current system is unfair because the databases are racially skewed. He also notes that the practice of familial searches which partial DNA matches can point to family members of people who already have their DNA on file, putting a criminal’s family members under a cloud of suspicion although they have not been arrested nor convicted of any crime. Seringhaus is right when he notes that the DNA profiles can be used only for identification and does not reveal other genetic information provided that the DNA samples are destroyed once the profiles are digitally encoded. So what does he think are the advantages of a universal DNA database?

A much fairer system would be to store DNA profiles for each and every one of us. This would eliminate any racial bias, negate the need for the questionable technique of familial search, and of course be a far stronger tool for law enforcement than even an arrestee database.

This universal database is tenable from a privacy perspective because of the very limited information content of DNA profiles: whereas the genome itself poses a serious privacy risk, Codis-style profiles do not.

A universal record would be a strong deterrent to first-time offenders — after all, any DNA sample left behind would be a smoking gun for the police — and would enable the police to more quickly apprehend repeat criminals. It would also help prevent wrongful convictions.

As a practical matter, universal DNA collection is fairly easy: it could be done alongside blood tests on newborns, or through painless cheek swabs as a prerequisite to obtaining a driver’s license or Social Security card. Once a biological sample was obtained, its use must be limited to generating a DNA profile only, and afterward the sample would be destroyed. Access to the DNA database would remain limited to law enforcement officers investigating serious crimes.

Since every American would have a stake in keeping the data private and ensuring that only the limited content vital to law enforcement was recorded, there would be far less likelihood of government misuse than in the case of a more selective database.

Interestingly, the American Civil Liberties Union is opposed to collecting DNA samples from anyone prior to conviction, specifically citing the problam of increasing racial disparities in the databanks. However, it would seem that Seringhaus’ proposal for a universal DNA databank would obviate the ACLU’s racial disparity argument. The ACLU is also worried that DNA samples might be used in ways that violate individual privacy, but once again, that objection fails if the samples are destroyed after the DNA ID profiles are encoded. The main ACLU objection is:

In America, people are presumed innocent until proven guilty. Thousands of people are arrested or detained every year and never charged with a crime. Housing a person’s DNA in a criminal database renders that person an automatic suspect for any future crime – without warrant, probable cause, or individualized suspicion.

Law enforcement already has ample authority to collect a DNA sample from an arrested individual in those cases where a court-issued warrant supported by probable cause is first obtained.

But is DNA profiling all that legally different from fingerprinting? After all, the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) and the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) already contain the fingerprints of millions of people, both criminal and civil. Back in 2002, I noted:

The legislators and police argue that this expansion of DNA testing simply builds on a century’s experience with ordinary fingerprinting. After all, obtaining a DNA sample with a cheek swab is not much more invasive than staining a suspect’s fingers with ink, and it’s a lot less invasive than alcohol blood testing or semen collection. According to this view, DNA testing is just another, perhaps more effective way to establish a suspect’s identity and presence at a crime scene.

In 2006, in a column on using familial DNA searches, I predicted:

…that since collecting DNA is no more invasive than fingerprinting, it seems very likely that a similarly sized national DNA database will be created in the near future. And who knows—someday your genetic profile may be embedded in your national ID card too. Heck, who needs a national ID card if every cop has a fast DNA reader and wireless electronic link to the comprehensive national DNA database? If we want to avoid becoming a database nation, the time to stop it is now.

One final thought–by the end of this decade nearly everyone’s physician will have a digital record of his or her complete genome on file. Here’s betting that the police will regularly seek and get warrants to access the medical genome files of suspects by 2020.

Disclosure: I am still a member of the ACLU.

The EU’s own working group FIDIS (the “Future of Identity in the Information Society” research network) said safeguards on the biometric ePassports with embedded Chip were too weak.

By: Michael Scott Moore | March 17, 2010 | 05:00 AM (PDT)

One detail from the assassination last month of a Hamas leader in Dubai should, at first glance, ease the minds of privacy experts. None of the hit team — widely suspected to be Israeli Mossad agents traveling under stolen identities — used newfangled biometric passports. The 11 members of the team traveling with falsified European identities, used old-fashioned, unchipped passports, according to Interpol.

Biometric passports were one of the most powerful and unobtrusive changes to international travel that the United States insisted on after Sept. 11, 2001. As a direct result of U.S. pressure, all EU governments introduced more-expensive passports after 2006 that included RFID microchips to broadcast basic personal information, including name and passport number, your photograph, your fingerprints, and (if it’s been collected) a retina scan of your eye.

Washington demanded these passports from friendly countries that maintained visa-free travel agreements with the United States. To stay in the visa-waiver program, Washington said after 2001, friendly nations would have to upgrade their passports to high-tech, microchipped “ePassports” with machine-readable data.

The new documents belonged to what Homeland Security Chief Michael Chertoff once envisioned as “a worldwide system of tripwires,” set off by personal data, “that make it easy for the vast amount of travelers to move along unimpeded but that make it dangerous and difficult for terrorists to do the same thing.”

But they upset privacy experts who argued that RFID chips radiated unsecured personal details to the world, making it easy for criminals with a simple machine to read them. The EU’s own working group FIDIS (the “Future of Identity in the Information Society” research network) said safeguards on the first biometric passports were too weak.

“By failing to implement an appropriate security architecture,” the group wrote in 2006, “European governments have effectively forced their citizens to adopt new international Machine Readable Travel Documents (MRTDs), which dramatically decrease security and privacy, and increase the risk of identity theft.”

After 2006, both America and the EU gave “second-generation” e-passports a measure ofsecurity” though whether they’re really a safe way to carry your data around will be a topic for a future column. The “Crypto Group” at Belgium’s University Catholique de Louvain, says no, and Europol argues that the supposedly secure passports are still vulnerable to counterfeiting by “determined” criminals.

But it’s significant that the team of assassins in Dubai who killed the Hamas commander, Mahmoud al-Mabhouh, used old-fashioned passports. Any group willing to send an international hit team after a man would have to qualify as “determined,” and Mossad, according to Victor Ostrovsky, a former Mossad officer interviewed recently on Australian radio, has a passport “factory” dedicated to making counterfeits. “They create various types of papers, every kind of ink,” he said. “It’s a very, very expensive research department.”

So the new ePassports are possibly too much of a headache ”for now” for such a sophisticated operation. But tests carried out by The Times of London in 2008 suggested that falsifying an ePassport wasn’t complicated at all, so there could be another reason why Mossad might have avoided using biometric documents. Namely: The databases themselves might be vulnerable.

Jerusalem hasn’t started to issue ePassports yet, and one argument used by their opponents in Israel is that an entire national database of personal details could be hacked and revealed wholesale to a government unfriendly to Israel — say, the United Arab Emirates. Then the border guards in that country would have a way of double-checking the identity of, say, a Mossad agent trying to enter. Then “every Israeli agent who gives his fingerprint at a biometric border control station is liable to be in danger of exposure,” according to the Israeli paper Ha’aretz.

“The fear … is not unfounded,” the paper continues. “A similar database, containing the identity details of Israeli citizens, was leaked a few years ago from the Interior Ministry and can be download today, for free.”

But Rafi Eitan, an Israeli politician and former Mossad officer, believes the agency’s intelligence talents will catch up. “By 2015 most countries will have moved over to biometric identification methods,” he told Ha’aretz. But “… this will not affect the various intelligence activities in the future, because I assess that the organizations engaging in this will find suitable ways to overcome the difficulties ”should there be any.”

There may come a time, in other words, when you’ll need the trappings of a government to do something as tricky as counterfeit a passport.

VIDEO: Cloning passport card RFIDs in bulk for under $250

A bill under discussion in the U.S. Senate could force Americans to take sides on two issues that are extremely important to millions of people: illegal immigration versus privacy.

The controversial legislation appears to be a solution to the problem of illegal immigration. It would require the issuance of identification cards for all workers in the United States. Besides the name and photograph, these cards would contain biometric information, such as fingerprints, so they would be extremely difficult to manipulate.

The goal is to tie the worker to his or her card. If the information doesn’t check out, then the person isn’t eligible to work legally in the country.

It’s a bold move, but it is one that should make privacy advocates more than a little nervous.

The cards would be, in effect, a national ID card, a tool supported by some law enforcement officials a few years ago but was shot down by opponents who believe such a card could hamper freedoms. The concern rests with the possibility that if the cards can contain biometric information, then they could one day include tiny components that allow the government to track the movements of citizens.

This bill, which has sponsors from both major political parties, faces a difficult road to becoming a law, but it does draw out an important question: Is freedom more important than solving the immigration issue?

Illegal immigration is a problem. The costs of providing education, providing health care and other services for illegal immigrants are exorbitant. A biometric identification card could be the solution, but it also imposes on legal immigrants and citizens. Such a card could start our nation down the slippery slope of eventually having something in our wallets that allow the government to track our every move.

There are other solutions, such as improving and then enforcing the use of the E-Verify system, in which a person’s legal status is reviewed during the hiring process. The Utah Legislature is considering such a move, albeit without any real penalties for businesses that ignore it.

The point is that although legislation may curb a big problem related to approximately 12 million to 14 million illegal immigrants, it could cause even larger problems for the other 300 million-plus people in the country.

Even the potential for giving up freedom is too high of price to pay.